Windows 7 Will Be More Secure than linux and leopard?

black0ut said:

IIRC, the exploit/cracker contest winner said MacOSX was the most vulnerable OS, even though it's built on top of UNIX.

A hardened UNIX is the most secure, followed by Linux, then MacOSX. This is simply by virtue of the idea that the more things you install, the more possible exploits/holes you expose yourself to. Unix tends to be barebones installation, linux slightly more so, and mac osx has a lot of extra glittery stuff unix and linux don't have.

No idea where Windows 7 would fit into that.

However, the above argument can't really be applied to desktops, as the user is always the weakest link. Someone using linux can go be an idiot and get owned faster than someone who knows what they're doing using win98.

[ot rant]just to throw this out there.. i hate when people make a reference to the fact that OSX is built on top of UNIX. so effing what? i could develop an OS built on UNIX and it would only work on my hardware, and it would be the most useless unsecure peice of crap. the fact an OS is built on UNIX means absolutely nothing. buzz words ftl.[/ot rant]

back on topic... i agree that an OS is only as secure as the one using it but a lot can be said for "out of the box" security controls/configuration.

This again seems to be a case of a jounalist who should know better. This guy obviously has two orifices as a-sho--s.

Most people wouldn't even be able to boot up a linux system never mind about trying to hack into one.

As people said -- your computer is as secure as YOU make it. You can take precautions of course but nothing is ever 100% secure -- it's the responsibility of the USER to ensure that the system is secure.

Microsoft and others can make it as secure as is reasonable so that the OS is fit for purpose but can't ever make it 100% secure.

Linux is only secure in that not so many systems run it and organised crime which wants to get hold of Bank cards and peoples identities find it far more profitable to engage often very very skilled people in devising schemes for attacking Windows to retrieve this type of information.

If Linux had anything like the same amount of Desktop (not Server) users then you'd be seeing a whole lot more discussions over Linux security as well.

Once you use ANY browser whatsoever and open up your computer to the Internet there's ALWAYS a risk of "unofficial" code being loaded and executed -- not always a VIRUS BTW. Can be clean code but just running "unofficial" stuff like finding out passwords / user data etc etc.

Just regularly check your machine and ALWAYS LOOK AT YOUR ROUTER LOGS whatever AV software you use.

The best "Viruses" are those which run these sort of programs in such a way that the user thinks that the machine is running normally.

People have got a lot more sophisticated in devising "Viruses" -- simple malicious code (to mess up your OS) or institure a DoS ("Denial of Service") are really old hat now. Organised crime has muscled in on this area and is much more sophisticated than merely creating "overgrown Teenagers Pranks".

Router logs are often a great way of seeing if anybody has attempted to connect with your machine from the Outside -- or also to see if your machine is "Phoning Home" without your knowlege. This type of info won't always be available in Windows BTW.

Cheers
jimbo

itznfb said:

[ot rant]just to throw this out there.. i hate when people make a reference to the fact that OSX is built on top of UNIX. so effing what? i could develop an OS built on UNIX and it would only work on my hardware, and it would be the most useless unsecure peice of crap. the fact an OS is built on UNIX means absolutely nothing. buzz words ftl.[/ot rant]

back on topic... i agree that an OS is only as secure as the one using it but a lot can be said for "out of the box" security controls/configuration.

Well, then I'll rephrase and say that Mac OSX kept a lot of UNIX architecture. It isn't like Windows, with half-assed permissions, but has a full set of UNIX tools (does windows have a command line? cmd doesn't count). There's a whole bunch more UNIXy things Mac OSX does, features that make UNIX as secure as it is.

Of course, they just had to ruin by adding their shiny crap over the top and make it bloated like no other, but at least they started with something good. The Windows kernel is like shining a piece of poo... even if you shine it, it'll still be just a shiny piece of poo.

jimbo45 said:

If Linux had anything like the same amount of Desktop (not Server) users then you'd be seeing a whole lot more discussions over Linux security as well.

Gonna have kind of disagree. The reason that Linux isn't widely adopted is because you actually have to know what's going on behind the scenes (Ubuntu doesn't count). Therefore, if there a whole bunch of Linux desktop users, the entire user-base would be more knowledgeable about computers in general, and hacking would become a TON harder. Honestly, I'd say 99% viruses/worms/trojans perform a social engineering attack, not a sophisticated buffer overflow.

Of course, that's not gonna happen because people are too lazy to learn what their computer is actually doing, but we can dream :P

black0ut said:

Well, then I'll rephrase and say that Mac OSX kept a lot of UNIX architecture. It isn't like Windows, with half-assed permissions, but has a full set of UNIX tools (does windows have a command line? cmd doesn't count). There's a whole bunch more UNIXy things Mac OSX does, features that make UNIX as secure as it is.

Of course, they just had to ruin by adding their shiny crap over the top and make it bloated like no other, but at least they started with something good. The Windows kernel is like shining a piece of poo... even if you shine it, it'll still be just a shiny piece of poo.

Prove it. Point out where the windows kernel is less secure than Unix. Also, what are these "half-assed" permissions you speak of? Have you looked at Server 2008? It has an option to run GUI-less, i.e. commend line. Windows 7 comes natively with powershell, a command line set of tools.

PhreePhly

black0ut said:

.....(does windows have a command line? cmd doesn't count).

What do you mean by a Command Line -- I assume here you mean running some type of Shell such as BASH, C-shell etc etc.

Windows has scripting functionality as well.

using any of these tools such as this can give you just as much flexibility as BASH (or nearly).

Scripting Guide for Windows

Whilst I like Linux -- don't knock windows for not having features you think it doesn't have when in fact it actually does have them. Being a single user system essentially of course windows will implement the functionality in a different manner -- it's there but you have to look for it.

Cheers
jimbo

PhreePhly said:

Prove it. Point out where the windows kernel is less secure than Unix. Also, what are these "half-assed" permissions you speak of? Have you looked at Server 2008? It has an option to run GUI-less, i.e. commend line. Windows 7 comes natively with powershell, a command line set of tools.

PhreePhly

I'd like to point that my statement was obviously a gross over exaggeration (a joke). Also, Server 2008 is obviously not meant for desktop use, which is what I was referring to with Mac OSX. On the desktop build for Mac OSX, you can pull up and terminal and sh away.

In terms of kernel security, Windows uses shared libraries while UNIX doesn't, which introduces another vector of instability (applications taking down the whole OS).

I retract the permissions statement: Windows has better ACL support than UNIX.

I'm obviously not talking about Windows 7 because it isn't even retail yet.

jimbo45 said:

What do you mean by a Command Line -- I assume here you mean running some type of Shell such as BASH, C-shell etc etc.

Windows has scripting functionality as well.

using any of these tools such as this can give you just as much flexibility as BASH (or nearly).

Scripting Guide for Windows

Whilst I like Linux -- don't knock windows for not having features you think it doesn't have when in fact it actually does have them. Being a single user system essentially of course windows will implement the functionality in a different manner -- it's there but you have to look for it.

Cheers
jimbo

Apologize for double posting, but you posted while I was replying to the other guy.

Yea, I forgot about VBscripting, but if you've ever had to actual write in that, it is not fun. Shell-scripting in UNIX is much more established, and most distros come with other languages (like perl, php, python, which of course can all be installed in windows as well).

I'll concede the point that Windows doesn't scripting functionality though.

(Man I've been wrong a lot lately... faulty memory? )

black0ut said:

I'd like to point that my statement was obviously a gross over exaggeration (a joke). Also, Server 2008 is obviously not meant for desktop use, which is what I was referring to with Mac OSX. On the desktop build for Mac OSX, you can pull up and terminal and sh away.

In terms of kernel security, Windows uses shared libraries while UNIX doesn't, which introduces another vector of instability (applications taking down the whole OS).

I retract the permissions statement: Windows has better ACL support than UNIX.

I'm obviously not talking about Windows 7 because it isn't even retail yet.

I'm not sure the use of shared libraries matter. NT kernel operates in a least privileged mode, separating user mode from kernel mode processes. The kernel is quite robust.

Powershell was available on XP. I just mentioned that it is now native to Win 7.

Does it matter that you can go into terminal and shell away? How does that make it more secure? I don't see the connection? If you are in a shell and you eleavate privilege and run a trojan, you bring the system down.

PhreePhly

black0ut,

First of all, I don't want to sound like I'm being a dick to you. Sorry if it's coming out that way (I'm at work and trying to do two things at once). The point I'm trying to make that any statement about one OS being more secure than another without taking into account the user is missing the point.

Point of fact is that SELinux is probably one of the most secure OS's out there, followed closely by NetBSD. But inorder to achieve that security, these OS's include restrictions that make them unsuitable for general desktop use. If Vista got hammered for UAC being intrusive, try running anything foreign on SELinux.

I think that the gentleman at MS who made that statement regarding Win 7 vs. Linux may be eating crow soon. Notice I didn't include OSX in that, because as far as I can tell, Apple does not take desktop security as seriously as MS. I believe it is far more exploitable than Vista or even XP SP3, but for it's low market share, not worth the coding effort for malware writers.

PhreePhly