Feeds

back to article What's the most secure desktop operating system?

The debates about whether Macs are actually more secure than PCs, and whether Linux really is the daddy when it comes to bullet-proof desktop computing, have played out in articles and comments right here on this site on many occasions. But is inherent security a meaningful concept? Perhaps a better question is how easily " …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Coat

Designing a perfectly safe computer

The most secure computer is one that doesn't power up and lacks a keyboard, mouse and touchscreen. The hard drive is housed in a cpu tower made of heavily padlocked concrete and it has absolutely no ports anywhere on it. No, not even that one.

15
1
Anonymous Coward

Re: Designing a perfectly safe computer

Sounds like a failed government IT procurement project.

6
0
FAIL

Re: Designing a perfectly safe computer

One first needs to define what is meant by "safe". Is a computer that is not connected to any network but has no security software except that native to the OS "safer" than a computer with all sorts of "security" software running but is directly connected to the internet? It all depends on the definition of "safe", as well as what functions the computer needs to perform.

So let's first define what functions the computer needs to be capable of performing, and then define what is meant by "safe". Only then is there any chance of a meaningful discussion.

6
0

Re: Designing a perfectly safe computer

"Safe" is probably the wrong word. However, you make exactly the right point.

You have to define the risks before proposing the appropriate measures to secure something. Once you have declared what those are, you then have to decide how likely those issues are and if it is worth protecting against the specific threats.

I would say that the biggest single threat over the next few years would be the stability of the electrical supply. It doesn't matter what OS you have, no electric means no computer.

Power cut reduces

Your expensive computer

To a simple stone

0
0

This post has been deleted by its author

Bronze badge

Re: Designing a perfectly safe computer

Wouldn't that cause severe injury if you dropped it on your foot?

Surely the only secure computer is the one that hasn't been made yet.

0
0

Re: Designing a perfectly safe computer

I believe the US Army have given these to their tropps to stop them reading the Guardian online

2
0
Black Helicopters

Re: Designing a perfectly safe computer

Nah, they use this:

http://spi.dod.mil/lipose.htm

Don't worry though, the NSA keeps watch over it to make sure no bad guys can get you! Promise. ...

0
0
Silver badge
Devil

Re: Designing a perfectly safe computer

Needless obfuscation. The only safe computer is one that has no power.

0
0
Coat

Secure OS

I once run a perfectly secure OS.... on an Atari... It was in ROM.

2
2
Bronze badge

Re: Secure OS

Doesn't really make it secure, it could still be affected by malware injected into the portion that runs in RAM. Some of it has to after all, you can't run an interactive OS purely from ROM.

1
1
Silver badge

Re: Secure OS

"I once run (sic) a perfectly secure OS.... on an Atari... It was in ROM.

Yes, I did too , but I got the Ghost virus off an infected disc from a magazine and it was an awful job to get rid of.

Most secure O/S. One that's not switched on, I reckon.

Other than that FreeBSD has a good track record.

2
0
Bronze badge

Re: Secure OS

Oh yeah? I remember my first encounter with a computer virus was on the Atari ST. The virus was called ghost and it would invert the vertical coordinate of the mouse pointer. It stayed resident in memory through reboots (you could power down for around a minute without guaranteeing RAM was cleared) and spread across loads of my disks. It wasn't catastrophic, as no data was lost, but it got quite annoying until I trained myself to use an inverted mouse almost as comfortably as one that worked normally.

I later went on to get a job at a game development studio, where I found out my boss was the twerp that had created said virus.

3
0
Anonymous Coward

Re: Secure OS

Indeed. And having the OS in ROM means that if there is a security problem it can't be patched.

0
0
Bronze badge
Happy

Re: Secure OS

Most secure OS I ever ran was Windows 2000 with Outpost firewall.

3
0
WTF?

Re: Secure OS

On Atari machines, the OS don't stay in memory when an application is launched.

That's why "quitting" an app on an Atari means reboot, not going back to the desktop. It have to be reloaded entirely.

So if something bad happen - because of a program, like a virus or else - the OS is not at fault.

But hey, it's El Reg, you're not supposed to actually know what you post about.

Cheers.

0
0

Re: Secure OS

Apart from "there's no such thing", the safest OS is one that

a) is scarce enough that it isn't worth while anyone bothering to attack it;

b) is owned by someone who isn't important/rich enough to attack regardless;

c) lets you know exactly what it's running;

d) has an email client that displays messages in plain text and shows links clearly;

e) has a web browser that displays link URLs clearly and doesn't run any active code;

f) doesn't allow automatic remote installation or updating of software;

and probably a few other things I haven't thought of.

1
0
Silver badge
Meh

The one built by a competent admin

Perhaps stupidly, the easiest OS to secure is probably Windows 8 because it has built in on-by-default AV and firewall.

That doesn't mean its the most secure. I could build you debian server than would give anyone pause - in fact, that's probably the most secure OS build that I personally could produce. However, just because it runs on debian or a fork thereof doesn't mean it's secure - Exhibit A being Eadon's blog.

3
4
Silver badge

Re: The one built by a competent admin

>Windows 8 because it has built in on-by-default AV and firewall.

And it has free automatic cloud backup of all your emails/website visits and IMs

2
1

Re: The one built by a competent admin

<<<And it has free automatic cloud backup of all your emails/website visits and IMs>>>

So does the NSA.

2
0
Silver badge

Re: The one built by a competent admin

They do regardless of your choice of OS, sadly.

0
0
Pint

Re: The one built by a competent admin

What happened to that Eadon dude? I notice all of his posts have been deleted by the admin!

0
0
Anonymous Coward

Re: The one built by a competent admin

>Windows 8 because it has built in on-by-default AV and firewall.

Server 2012 because it has no GUI and a smaller attack surface.

Or Hyper-V server 2012 - which has an even smaller attack surface...

0
0
Meh

Re: The one built by a competent admin

That's a shame, he was a bit of an over the top, one viewpoint, one-topic poster, but surely there's space for people like that? (It's also comforting to have some small certainties.)

There are a few users on this site I find a lot more offensive than Eadon but I wouldn't want them banned for just that.

0
0
Silver badge

Re: The one built by a competent admin

Or Hyper-V server 2012 - which has an even smaller attack surface..

True but as it's quite hard to use Hyper-V server as a desktop OS, it's out of score (per original question).

1
0
Bronze badge

Number of users is a factor

I still use AmigaOS (and variant MorphOS) online from time to time and have done for about 20 years. To my knowledge, none of the various machines have ever been infected with anything malicious. This has nothing to do with the inherent security of the system; as far as I can tell, these systems are almost entirely devoid of security. Rather, the tiny community of users just isn't substantial enough to attract the nasty buggers.

Same goes for my now-defunct PPC Linux install.

I also use Macs as my main machines, have done for about a decade. In that time I'm only aware of one bit of malware that infected an iBook about five years back. It was simple browser redirect and easily removed.

My Windows machines, which have always been the least used of the lot, have been struck down with numerous ailments over the years, despite these being the only ones I ever bothered to attempt to protect.

Does this mean Windows is inherently less secure than the others? Does it bollox. It simply has a far greater user base and is therefore more enticing to malware authors.

1
1
Silver badge
Joke

CP/M. Very few viruses, rarely targeted by botnets. Currently has no Flash or Java clients available :)

6
0
Silver badge

That's no joke

CP/M. Very few viruses, rarely targeted by botnets. Currently has no Flash or Java clients available.

In addition to my desktop OS, I currently run a pure DOS machine for certain tasks. Despite it having network clients, I'm not expecting that machine to be compromised any time soon.

0
0
Bronze badge

Definitions

It all really depends on what your definition of security is.

I define it as the state where only those authorised in and out may do so.

A well-configured UNIX box is not very secure if those not authorised have physical access to it.

A well-configured UNIX box might be very secure, but if its users spend their time spewing their private lives across the internet (as many of us do), then one might wonder what the point of security is? Loss of privacy just without the hassle?

A box running Windows 98 with one user and no internet (or other network access) is pretty much very secure although it seems to be the very antithesis.

In the end, I think that it makes little difference which system is the most secure as long as one doesn't feel threatened. Few of us have enough knowledge to properly secure our systems and most people seem to actively not want to know about it. Why else would Facebook, Google et al. be so popular if people were concerned about security?

1
0
MJI
Silver badge

Secure I have used

Vic 20, Concurrent CPM, Netware 3.x 4.x 5.x

Surprised but it caught one.

Real 32, managed to get a virus on it, but a reboot killed it, we could tell it was infected as the screen went funny, whereas on MSDOS it did not.

Spread on a floppy.

0
0

Well...

If its connected to a network its not secure... AT ALL...

1
0
Silver badge

Re: Well...

If its connected to a network its not secure... AT ALL...

As it stands, that statement is incorrect, unless you're talking about specific situations. Perhaps you're confusing server and client software. I can run a single user OS, connect to the net, and not have any possibility of outside control of the machine - you could too.

0
1

VMS?

I heard that one is hard to crack.

2
0
Silver badge

Re: VMS?

Not especially. I once got hired to firefight a VAX where the admin had changed all the passwords and then had a nervous breakdown and run off to Laos.

It wasn't that much tougher than cracking NT. Irritating more than hard.

1
1
Anonymous Coward

Re: VMS?

If you have physical access to a VMS system, then getting privileged access is easy (and documented in the vendor's manuals), much as it is easy on many other systems where you have physical access.

If you don't have physical access to the system and just have access to a non-privileged (aka non-root) login, then best of luck to you. In some cases it may be occasionally possible to do unauthorised stuff depending on OS version and patch level. In most cases, VMS security is close to unbreakable. Certainly much closer than its alleged successor, WNT (and derivatives thereof).

4
0
Silver badge

Re: VMS?

Digital were sadly unforthcoming in supplying replacement manuals, even to the state owned electricity company of a (at the time) booming EU nation.

Without those, privileges were seriously annoying to achieve.

0
1
Holmes

Re: VMS?

If you have physical access to the system console, all bets are off. Same goes for any system, really.

And you can still turn VMS into a security Swiss cheese if the system manager is incompetent or malicious. My last employer hired in security consultants from DEC to audit a VMS machine, after the previous system manager had let his mates play "Admin Wars" in SYSTEM. That box was such a mess, they ended up retiring it a year early and they transferred all the users to a new Alpha, auditing every utility and command procedure before installing it on the new system.

If that wasn't enough to contend with, some bright spark had the idea of letting IT students have root access to a Red Hat machine with internet access. You can probably guess how badly THAT went.

1
0

Re: VMS?

You're trolling.

Any competent VMS sysadmin knows how to do a "conversational boot" to break into a system, given physical access, and they don't need a docset (on paper or on CD or on the web) to do so.

It's *very* disruptive ("boot" is a hint).

"privileges were seriously annoying to achieve."

Exactly. It's secure. Not perfectly secure, but better than its alleged successors.

1
0
h3
Bronze badge

Re: VMS?

It has CDE and Firefox so it should probably be enough.

0
0
Devil

Re: VMS?

My VMS hack was something like this: the VMS equivalent of the "wall" command (i.e. "write all terminals", I forget its name - it was a long time ago) was available to all users, and did not filter escape sequences. Everyone had a VT-100 or similar.

My broadcast contained a sequence that caused the terminal to send a line as if the user had typed it, to copy a modified executable of my own in place of a system one. Then the line on screen was erased and the cursor put back where it had been. It was fast enough not to be noticed in most cases.

The command failed (silently) for every session except that of the actual system manager, of course.

On 1st April, I was able to impersonate a system manager and announce an emergency shutdown, causing panic among those who didn't save work frequently. I got a talking-to in the boss's office for that.

1
0
Anonymous Coward

Re: VMS?

Well done Steve.

You knew about the autoanswerback fun. Good start.

You used the operator broadcast mechanism (which needs OPER privilege, which by the sound of things somebody shouldn't have given you?) to send the VT100 (or any other terminal with programmable answerback) the escape sequence to program the answerback, and put something destructive in the answerback.

You then used the same mechanism to send all the lines the command string which causes the terminal to send its autoanswerback (was it Control-E, I forget?).

If a hardware-vulnerable terminal is not logged in, nothing much happens.

If a hardware-vulnerable terminal is in an application, the application sees some unexpected input.

If a hardware-vulnerable terminal is at the VMS command prompt logged in to a non-privileged account, the "shell" sees your command string and says "can't do that, you don't have the necessary privilege" (as you already described).

If a hardware-vulnerable terminal is at the VMS command prompt logged in to a privileged account, you may see something interesting happen, again as per your description.

Lots of luck in that, apparently including having an incompetent manager, and definitely no guarantees of success.

The same scenario potentially also applies to a UNIX/Linux session on a serial terminal (or emulator). It was a known area of concern at least as far back as 1999 e.g. ftp://ftp.cs.utk.edu/pub/shuford/terminal/answerback_news.txt says "If the terminal [emulation] allows the host to program the Answerback string, it can become a security hole."

This is really a vulnerability in the terminal not the OS, and iirc from DEC's VT200 series on (other terminals and emulators are available), autoanswerback was disabled by default.

Now compare with the popular desktop OS and its vulnerabilities: frequently no luck needed, excellent chance of success (if you pick the right security hole).

0
0
Silver badge

Probably the least used

Windows has fairly reasonable access controls and privilege elevation is required for certain tasks, but it's as vulnerable as the person using it. If it's *their* desktop and *they* have admin rights then no amount of security will protect them from even a crude attack. With so many people using Windows, it's like shooting at a barn door. If Windows only had 1% of the market then simply by virtue of this most of the trojans wouldn't exist.

So while I think OS X and Linux have a far better security model (based off sudo) for privilege escalation, and Windows has historically had awful security I also believe that if OS X or Linux were as popular as Windows that they'd be the main target of attacks.

13
0
Anonymous Coward

Re: Probably the least used

"With so many people using Windows, it's like shooting at a barn door. If Windows only had 1% of the market then simply by virtue of this most of the trojans wouldn't exist."

Widely repeated, not really true.

Windows itself wouldn't be any more secure if it had only 1% of the market.

In fact if the other 99% were more secure than Windows, then Windows would still be the popular attack target, because it'd be more vulnerable than the others. A Window box would be the "low hanging fruit".

6
8
Anonymous Coward

Re: Probably the least used

It's right that a little-used OS is no more secure if its only present in low numbers. But it probably would be less vulnerable to attack.

Its no good targeting low hanging fruit, if there's only two apples you can pick.

How many computers can you take over if

1) you have a 95% chance on 5 computers

2) you have a 20% chance on 500 computers

3) you have a 5% chance on 50,000 computers

also obscure OSs are probably not used for something that can readily be turned into profit for the hacker. or have unusual software used for facebook, email, online banking.

3
0
Silver badge

Re: Probably the least used

It's quite obviously true. The bigger the target, the more likely you are to score a hit. If 90+% of people were using Ubuntu then doubtless we'd see spams from "Ubuntu Security Centre" urging people to download a security "patch" etc.

5
0
Anonymous Coward

Re: Probably the least used

DrXym, you're mixing up spam and security.

General comment: If Windows were to magically go overnight from market dominance to market insignificance, the OS itself would be no more (or no less) secure. It might (or might not) be less attractive as a target - so what?

Ditto if by some miracle desktop Linux would go from insignificant to significant.

In both cases, the same OS vulnerabilities as existed yesterday would still exist tomorrow. The OS would be as secure as it was the day before. How could it not be?

2
1
Bronze badge

Re: Probably the least used

Case in point: My dad clicks 'OK' to everything. EVERYTHING. He asked me to look at his laptop to see why it was running so slowly, and I found 3 competing AV products, countless toolbars, and God knows what else. And this was with vista! Yes even Vista with it's over-bearing UAC couldn't stop a man who clicks 'OK' without reading the dialogue. UAC couldn't save him, and neither would any version of any OS on the planet. He won't listen either, so I officially gave up looking at any computer he owns (and gave up using them either..)

2
0
Bronze badge

Re: Probably the least used

You're forgetting the script kiddies. That's why OS/2 is "secure" in a practical sense, regardless of its intrinsic security virtues.

1
0
Silver badge

Re: Probably the least used

"In both cases, the same OS vulnerabilities as existed yesterday would still exist tomorrow. The OS would be as secure as it was the day before. How could it not be?"

It's not all a case of what vulns exist but the threat of exploitation.

Think how most desktop (as opposed to workstation / server) PCs are compromised - drive by sites, phishing attacks, trojans, malware. They social engineer a user to visit a site or click through some dialogs to the point that software is installed. Then it doesn't matter a damn what security the OS had because it's been bypassed. Every desktop OS allows users to do this and most desktop users are going to be their own admins so there is nothing to stop them doing it.

But these attackers are going after the biggest user base, so just using a more obscure OS lowers the threat. Not necessarily because the OS has less vulns (though that's not a bad reason to choose an OS) but because it's less likely to be the target in the first place. For example I expect that AROS users suffer zero pwnage not because AROS is a secure OS but because the threat is virtually non existent.

1
0
FAIL

sudo is not a security model

sudo is a kludge, developed because of a lacking underlying model where privileges cannot be properly delegated. It is not part of a "model" - indeed the sudoers exists in parallel with and competing with the real (but inadequate) file system permissions.

sudo breaks one of the most important security principles: the principle of least privilege. sudo is a SUID root utility and will run *as root* with *unlimited* access.

Some Linux distros now use Linux Capabilities (although these have not been standardized). Had capabilities existed when Unix was created, we never would have had the abomination that is sudo.

Many vulnerabilities in utilities that must be started with sudo have lead to system compromises *because* of the violation of least privilege. Sendmail allows you to send a mail. But it requires you to run it as root. So you run it with sudo, allowing users to sudo sendmail. But a simple integer underflow (like this one: http://www.securiteam.com/exploits/6F00R006AQ.html) can now lead to total system compromise!

The security problems with sudo and other SUID root utilities are well-known so please do not try to pass it off as a superior "model". It was always and remains a kludge that is used to drill holes in a too simplistic, file-system oriented security model of the 1970ies.

How is a security auditor supposed to audit the capabilities of users? Once a user is allowed to execute binaries with root privileges through sudo or other SUID root's the security auditor have no way of knowing what can be done through those utilities, short of overseeing the process by which they were compiled and distributed. The operating system cannot guarantee that the file system privileges are restricting the users as they can be bypassed by sudo/SUIDs. Compare that to operating systems with security models where the permissions are actually guaranteed to restrict the account.

SELinux has a security model. Sudo is not a security model, it a drill that destroys security models.

9
1

Page:

This topic is closed for new posts.