everybody says that Macs are secure, but then Macs run a variant of Linux. Is that variant especially secure? Or is it just as secure as all other Linux variants - that is, a lot more so than Windows but nothing special among Linux?
Are some Linux variants thought to be significantly more secure against worms and/or downloadable trojans/malware than others? E.g. would it make sense to select a “super secure” Linux variant for use for an internet facing computer while using a more convenient OS on another, “work” computer that is either not connected to a network at all or else is connected to an intranet with the highly secure one?
Couple points. First, although Unix and Linux do have different letters before the “x”, “*nix” is the preferred way of referring to Unix and all its descendants (including the various BSDs, I might add).
Secondly, yep, there are *nices that are more well-regarded security-wise than others. OpenBSD probably has the best reputation in that field. Of the more desktop-y Linuxes, Fedora has a better reputation for security than others. It comes with SELinux enabled by default, for instance, which your Ubuntus and such forth do not.
OS X is about the same as your typical desktop Linuxes like Ubuntu. It’s also about the same as Windows, which despite its reputation, doesn’t have a surfeit of design flaws that make it susceptible to security breaches—just a huge userbase of people with vastly varying levels of knowledge about computers and information security, most of whom run as administrator all the time (a practice which UAT mitigates, especially when judgment is actually used when a privilege escalation dialog pops up). The weak link in security is almost always the user, when you’re dealing with actively maintained and patched software.
Some Linux distributions are certainly less secure than others - for example, Puppy Linux, which I happen to like a lot because it will run on really old hardware, is a single-user configuration that boots straight into a desktop environment running everything as root - that isn’t any worse than, say, Windows 98 or a vanilla install of pre-SP1 Windows XP, but it isn’t any better either.
In practice, vulnerability to trojans and viruses affects different systems differently anyway, just because the majority of them target Windows platforms - so even if they were all equally vulnerable (which I’m sure they’re not), the effect of leaving them open would not necessarily be the same in all cases.
Yes, in fact, it does. That’s why Windows machines are so often compromised, despite the fact the important computers on the Internet don’t run Windows. Really, this is equivalent to saying the only reason Brinks trucks aren’t carjacked as often as Fords is because so few people drive Brinks trucks.
The primary Windows security flaw is the fact people are pretty much forced to run as Administrator to do anything. This means that any applications they’re running can do anything the machine can do, as opposed to the usual *nix security model, where most people running software on the system are running as limited user accounts, so their software is constrained from doing things like corrupting the operating system to turn the machine into a spam zombie.
A strong secondary flaw is that Windows applications love to run scripting language programs embedded in what should be simple data files. This infects the design of Outlook and Word at least, and possibly other programs. This means that it’s very hard to predict what files are safe and what files can possibly ruin your whole damn system. The *nix world hasn’t had anything similar to this for the past few decades.
I used gksudo a lot more often on my Ubuntu box than I used my administrator account on Windows XP. The number of times I ran into not being able to do what I wanted on the Macs at school due to not being an administrator was much higher than on the Windows boxes.
And I hear that, in later versions of Windows, it’s actually even better. you accelerate to install (just like on Linux) and then drop back to run anything.
Anyways, both of these “flaws” are not flaws in the OS, but in the applications designed for the OS. People liked having the ability to add scripts to certain files, so that’s why that happened. When it was shown to be a vulnerability, the programs added ways to keep them from executing, to the point where every place I’ve been has them flat out disabled as policy.
Plenty of important servers do run Windows and IIS, though sure, a far lower percentage than your typical beige box. My point is, if you want it to be and expend effort in that direction, a Windows machine is just as secure as a *nix one. There is nothing inherent to the design of the operating system that makes Windows less safe than Unix-like OSs.
Was Windows XP the last version of Windows you ever used? It sure sounds like it, because UAC mitigates this entire line of reasoning except in the case of idiotic users. And I agree that idiotic users represent a major, major problem in information security—but it’s ridiculously disingenuous to blame Microsoft for this.
As BigT pointed out, you can’t really blame Microsoft for third party devs requiring admin access to run banal apps either. That’s laziness on the part of the devs.
This only means you didn’t use a lot of applications, and you didn’t use some very popular applications.
… yeah. That’s the point. That means the security model is working.
MS needs to break those applications for security reasons, or give people a way to run them sandboxed so they think they’re running as Administrator but they’re not, but they won’t. Microsoft has the developers it’s always been willing to tolerate.
Google is run on Linux. Wikipedia is run on Linux. Why aren’t they running Windows if it’s really just as secure?
Tell this to Google and Wikipedia.
And people hate UAC. And people do their best to get around UAC. That is, despite MS’s claims, a technical problem, because the Mac OS X world, for example, does not have similar problems.
MS encourages this idiocy, because it refuses to make old applications run within their security framework as a condition for them running at all. MS bends so far in the direction of backwards-compatibility it breaks security.
Why aren’t lazy devs that much of a problem on Mac OS X? Why aren’t they as much of a problem on Linux?
Because you shouldn’t use a remote control to brush your teeth. I never claimed Windows was ideal as a server OS.
I think the problem is more that Microsoft, in a very un-Microsoft-like manner, actually gave users the option to turn an essential security feature off at will, and very easily. I’ve no experience personally with OS X, but UAC isn’t any more onerous to a user than, say, gksudo prompts in Ubuntu.
In short, once again, users being stupid isn’t Microsoft’s fault.
Well, backwards compatibility is a big reason why they’re in the position they are today. It might be better from a security perspective to do all sorts of different things, but that doesn’t mean it makes business sense, usability sense, or any other kind of sense.
Who said they weren’t? I certainly was cursing inadequate testing when a kernel upgrade broke networking on the box before this one. I had to recompile the kernel with some code commented out and run that before the kernel devs patched that particular bug.
I think one of the reasons Google and Wikipedia et al use Linux is because Windows Server costs $1500 a pop. Google has what, hundreds of thousands of servers?
If you’re a student or kid interested in tinkering with servers, what are you going to do, ask Dad or the university to buy you a copy of Windows Server, or download Linux for nothing? When those kids become professional IT people, they tend to take their fondness for *nix along with them.
If you could (easily, legally) get Windows Server for free, I’m sure the picture would be different.
And I would disagree with the idea that Windows cannot be made secure and isn’t a decent server OS. I do actually tend to prefer administering *nix server software because I find it easier than Windows. In *nix, almost everything is configured by text files, and you can just Google for the millions of other people who have had the same issues as you, and you can use the same text-wrangling tools for lots of admin tasks. In Windows, half the server applications come with their own special config tool with an interface nothing like any of the other ones. And they might store the settings in a binary file or a weird XML file. It’s not so easy to get under the hood, so to speak. But, once you get to grips with all that, Windows makes a perfectly decent server OS if you know what you’re doing.
Does security really matter to the home user who does no online financial transactions?
Assuming you don’t have careless browsing habits, what are the actual chances of any user being system-damagingly hacked, trojanned or virus-diseased? I realise Windows users are more susceptible, because there is more of them, but still, what are the real, not the projected dangers?
It depends on the user and the precautions they take - for someone who has AV and antispyware solutions in place, and who applies updates from MS on a regular basis, and has the sense not to open executable email attachments, install software from questionable sources, doesn’t click on pop-ups, avoids certain kinds of websites, doesn’t move removable writable media between their machine and others, etc. the risks are moderate to low.
For someone who does the opposite of those things, in any way, the risks are present.
I have to wipe and reinstall my sister’s family PC (running XP) about once every six months - two adult and two juvenile users - the software they need to run on it won’t work with limited accounts, and despite the AV and antispyware software I put on there, someone will download some pack of smileys infected with trojans, or click on some banner that clams “Your PC has 969 viruses on it! click here to remove them…”
If the pown to own hacking contests are any indication, both Mac OSx and windows 7 are about as susceptible in a purely technical sense. With windows 7 having the edge technically in terms of found security flaws.
Essentially you’re extremely safe running windows 7 and using internet explorer 8 or Mac OSx using safari. As long as you don’t have flash installed that is.
Because *nix avoided the culture of using root for day-to-day activities. Somehow, running as Administrator became the norm in the Windows world, so developers didn’t bother to make their apps run under appropriate priveleges, and then users learned that you needed to be admin to avoid hassle when running applications. It just became a self-reinforcing thing, but the problem is not a technical one.
The apps that Mangetout mentions, for example, that need admin privileges-- I wouldn’t be surpised if they are trying to write to /Program Files/<app name>, in which case you can fix it by loosening the permissions on the directory in question. or they are trying to modify some privileged registry key, again fixable with judicous use of permissions. But the applications really shouldn’t be designed that way. Microsoft have clear guidleines about that sort of thing. But software compaines big and small have historically ignored the guidelines and just told people to run as Admin. Sometimes Microsoft’s own application team have been guilty of this.
Things are improving now that UAC has come along. The vast majority of users will never work out how to disable UAC, so third-party devs are now forced to finally address the appropriate-privilege issue.
That’s a pretty accurate analysis of the problem, I think - it’s not that Windows is inherently less secure than anything else, it’s that it has become common practice to use it in a less secure way - and the Windows world has therefore (until recently) become a place where blanket rights were available, whittled back to something reasonable by some policy or some bit of security software, whereas in the *nix and Mac world, you start with few privileges and only get more granted if you need them, and know how to ask for them.
So in practice, whereas Linux/Unix/etc are like locked strongrooms supervised by a paranoid freak holding the keys, Windows was like an open-fronted candy store which you could protect by adding lots of armed guards, if you chose to.
I’ve got to learn about Windows security for my new job, so please help an old Unix weenie out. Am I out of date with the following issues?
Does Windows still have IE tightly integrated with the OS? That marketing-based decision by Redmond made each IE vulnerability a potential OS vulnerability.
Does Windows still have a registry? As I understood it, pretty much every Windows program can (and must?) edit the registry, but if it’s damaged you may need to reinstall the OS.
Do ActiveX components still have complete freedom on Windows systems?
Does Windows still average one official vulnerability a day each year? Or am I confusing this with all MS products - including office, which can be uninstalled from servers.
I know there are procedures to secure any current OS to standards, so there must be a way around these issues, if they still apply. None the less, my heart goes out to sys admins for Windows-based servers, who I fear have to patch their systems at least monthly.