Security: Mac OS X Good, Linux Bad
By Jeremy C. Wright, Staff Writer
Tuesday, 2 November 2004 11:42 EST
UK-based security firm mi2g has declared Mac OS X, and other BSD-based operating systems, the "world's safest and most secure 24/7 online computing environments." The surprise? Linux is rated as the least safe and secure.
Mi2g analyzed more than 235,000 security breaches of continuously connected servers worldwide. Of these, only 4.82% were carried out against OS X and BSD-based systems. In government offices this was even lower, a mere 1.74%. In contrast, Linux accounted for 65.64% (or more than 154,000) successful attacks. Windows-based computers have maintained a steady 25% of attacks over recent years.
"More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004," said DK Matai, Executive Chairman of mi2g.
Microsoft's various Operating Systems have long been the target of ridicule and public slander for weak security, an excess of patches and for being the darling of hackers worldwide. Security firms have been watching this change over time, though, as Linux becomes the de facto gatekeeper and therefore the target of choice for large and desirable targets.
The report does not include the number of failed attacks versus successful attacks, so we don't really know how secure or insecure the OS's are on their own. It also doesn't include any details on what types of organizations the penetrations happened in or how experienced the server administrators are. As a result, Linux advocates around the world will likely denounce this report without really seeing what it means: it isn't good enough to be better than Microsoft, if Linux's security can be considered better in light of this report, in order to be secure you have to be perfect. Until we have a perfect Operating System, we'll continue to deal with penetrations and the effect of poor decision making for years to come.
At the end of the day this isn't about which OS is best. And it isn't about security through obscurity. OS makers need to continue to strive for perfection, for multiple layers of protection, to block hackers from gaining the ultimate prize of full control of resources and to include alerting and management tools which make monitoring penetrations easier and which make dealing with them less of a chore.
Taken in perspective, these results may be surprising and even encouraging for Apple and BSD fans, but at the granular level, 10,000 successful attacks is still 10,000 successful attacks.
|
|
|
Latest News
eEye released integer overflow auditing tool
16.02.07 Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.
AES Password Manager 2.3 released
16.02.07 AES software has announced the availability of AES Password Manager 2,3, the latest version of their password management application that allows users automatically access password-protected web sites and email accounts.
IBM safeguards against Microsoft vulnerabilities
16.02.07 IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft.
Firefox cookie-stealing vulnerability
15.02.07 A new zero-day vulnerability in Mozilla Firefox allows malicious web sites to forge authentication cookies for certain web sites.
Valentine’s Day: a powerful lure for spreading malware
09.02.07 As Valentine´s Day approaches, users should keep a wary eye on any romantic messages received by email, as many of them could contain malicious code.
Skype reads out your BIOS data
09.02.07 The Windows version of the Voice-over-IP software Skype reads and stores the BIOS and motherboard serial number of a user’s computer.
Utimaco SafeGuard Enterprise supports BitLocker
09.02.07 Utimaco has announced that its SafeGuard Enterprise now supports Windows Vista BitLocker drive encryption.
|
|
