The World's Safest Operating System

[bigdave]

Saw this on slashdot thought I'd share since WE ROCK!

UK-based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80 percent of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks."

More here and here

This is why we run FreeBSD!! This might make good marketing material for anyone!

EDIT: This does not take into account the recent windows worm problems, this is merely based on full machine compromise.

[somereseller]

That report has serious flaws and thus shouldn't be used as arguments, but there are better docs out there that tend to prove that BSD is a wise choice.

[admin]

Quote:

Originally Posted by somereseller

That report has serious flaws and thus shouldn't be used as arguments, but there are better docs out there that tend to prove that BSD is a wise choice.

Hmm, so are you sating there is something better then BSD?? Must be something from mars..

[Brangwyn]

Actually I think he said there were better whitepapers out there not that there were neccessarilly better OS's .. though there are better, more secure operating systems out there, they're just beyond the availability of the average joe public.

Ever seen an MVS based web cluster

Are there more secure "Free" OS's probably not.

[admin]

Yea I know just taking a stabe at SomeReseller..

Quote:

Originally Posted by Brangwyn

Ever seen an MVS based web cluster

Ever seen a vortech cluster.. We called it the "Cluster F*ck" J/K LMAO

[bigdave]

Quote:

Originally Posted by Brangwyn

Ever seen an MVS based web cluster

YUP! I have!

[logic404]

How's about OS/400 - never had a successful hack...

[Brangwyn]

Quote:

Originally Posted by bigdave

YUP! I have!

Ahh someone I can relate too I've've been in an MVS/VSE shop for the last 15 years, started off doing lovely things like Assembler coding

[Vantage]

The only way an OS NEVER has a successful crack is to never be deployed in an environment that would promote an agressive attack. OS/400, a truly great OS for security, has had several holes... granted, not as many as Windows or Linux, but a good part of that is the number of OS/400 machines deployed in the wild.. When was the last time you walked into a server room full of OS/400 boxes?

90% of security is POLICY anyway, not OS. NT4 was NSA approved as a tier one OS. It COULD be secured... but no-one ever went through all of the trouble to do it. One of the main reasons OpenBSD can brag about having only one remote root exploit in 7 years is that nothing is running by default. Yes... an insecure OS is a bad thing, but, as with Alex's statistics, one of the biggest reasons for systems to be cracked is insecure policy and inexpirianced or lazy Admins. One of the main reasons you see so many Windows Exploits is that inexpirianced people think they can secure it themselves without time and without good documentation.

James

[Brangwyn]

For sure I totally agree, any OS is only as secure/good as the people administiring it, generally people make mistakes and thats where a lot of the problems start.

[nelsonke]

And of course the ultimate security policy is,
1. Don't connect it to anything,
2. Don't use it for anything, and
3. Never make any changes for any reason.

[Vantage]

A more feasable one is,
Allow no access to resources (i.e. ports, services, etc) not intended for use on the server.
Give access to users based on NEED. Dont give anything not needed and deny all else.
Keep daemons you must run at the highest stable patch level.
Monitor system useage patterns.
Report on all anomalies. Track down the cause of them.

James