Most secure OS in 2013

I used to think that Linux and OS X was more secure than Windows but I've found that there are some very powerful security programs that actually make Windows very secure. Meanwhile, Apple have tacitly withdrawn their claim that OS X is rock solid and secure (while I still find certain Mac users have no idea about this and are in complete denial that there could be any problem with Apple). I've also seen discussions on the Ubuntu forums that warn caution if you think that OS and other Linux variants need to be worked on to make them more secure. I personally enjoy using Windows and Linux and I'm of the belief that no OS is inherently secure but that it has to be hardened against potential threats and users need the correct mindset about being careful with what you do on your computer.

I'm really interested in what everyone else thinks?

(I'm really sorry I messed this up again. I get bonus stupid points this morning for messing up two polls in the space of 5 minutes. I'm just going to leave this alone now and again my apologies.)

 

If you want security only, take a look at OpenBSD, Qubes OS, or a hypervisor like KVM.

 

Where's the poll?

 

Don't know if it's a proper OS but Google Chromebook is very secure.

 

Whichever one you choose.
Mrk

 

I agree with Mrkvonic.

Just like about any other choices, it all boils down to your preferences. Different folks would argue different things in favor of one over the other but when there's too many variables in consideration, it's hard to have an objective conclusion that fits everyone's bias.

 

This isn't an issue of preference. How could it be?

I do agree with safeguy that there are too many variables to give any definitive answer.

And I agree with DrBenGolfing that ChromeOS is the most secure user-oriented OS out of the box.

Linux has the most potential to be the most secure OS, given projects like PaX/Grsecurity and LSM, as well as projects like seccomp, which don't exist in other operating systems. Out of the box it's (as in, most common distros) very similar to Windows in terms of its ASLR implementation, security model, etc.

 

Qubes OS or chrome OS

out of box security

 

Windows 8

 

This. If you know what you are doing to can secure any OS for reasonable use. If not you can infect any OS. Most machines are compromised by inexperienced and/or ignorant users so as long as you are willing to learn how to use a computer responsibly, it really does not matter.

 

Forgot to mention Live CD's and Windows PE, they're basically read-only. That means nothing changes on them, unless you specifically burn your session.

 

Read only means no disk modifications, but in memory changes work.
Plus nothing prevents you from submitting personal info, phishing, etc.
The OS choice really makes no difference.
Mrk

 

The answer is unknown if they are implemented in software form.

Then they can be changed by human hands either by error or for evil.
Only when operating systems are burned into a chip will they be safer. 99% never 100%. Certainty is a non existant state.

No more patch Tuesday and M$ stock goes to zero!

 

Are we pretending that social engineering is the only way attackers get into systems?

 

The most secure desktop out-of-the-box is probably Windows 8. I don't think that's saying much though.

 

You've got my curiosity up. Can you give some examples?

 

- GUI isolation. Graphical apps running at different integrity levels can't log each other's input.

- Policy sandbox for IE, etc.

- Metro apps (like the built-in PDF reader) have AppContainer, an even stricter policy sandbox.

- On the pro version you have Applocker, which (barring kernel vulnerabilities) would usually put the kibosh on malware persistence.

Linux is capable of most of that stuff, but most distros don't ship with such things configured (or even necessarily available). I don't know of any that sandbox their browser by default for instance.

That said, if you have the time and the know-how, you can probably make any major Linux distro more secure than Windows... I just don't think it's more secure by default in most cases.

 

AppLocker is only available on the Enterprise edition of Windows 8.

 

I wouldn't bother putting applocker on the list. It's not a default configuration and it really on prevents persistence in a specific way. Not really noteworthy for a 'default secure' system. Otherwise it would be worth mentioning Apparmor for Linux browsers, which also isn't default.

 

I somewhat agree. If anything, I'd add EMET to that list (but then again, it's not a default config)

In the context of exploits, AppLocker would deal with the payload but EMET starts earlier in the game by making it harder for vulnerabilities to be exploited.

Where I see a difference though is that AppLocker is useful for restricting access to software to specific users, especially in enterprise and multi-user environments. In a way, it helps to mitigate against some problems resulting from users doing stupid things. I'm pretty sure some system admins (and the self-appointed admins at home) would agree that there's value there.

Anyway, AppLocker is out of bounds for most home users as it is targeted more towards enterprise and IT enthusiasts. You could use AppLocker under Win7 Ultimate but with Win8, the licensing gets stricter and it's only available under Win8 Enterprise. I personally find that a dumb move but hey, I'm not involved in MS decision making process...

 

What? Grr. Sorry, it was on the downloadable trial version, which I assumed was Pro; my bad.

*glares off in the vague direction of Redmond, WA*

True. OTOH it's pretty easy to set up.

 

Hi

Most or best are words for poets or columnists, not for scientists.
Major OSs are evaluated regularly via commom criteria and standards
http://en.wikipedia.org/wiki/Evaluation_Assurance_Level
If we consider this methodology, then RTOS for critical/military embedded systems are the most secure (Integrity and LynuxWorks).

Regarding desktop and server OSs, an easy way to compare them is a kind of 48h survey test against classical infection vectors, by visiting drive by download infected sites, running email attachment etc...
As more than 90% of available malwares are designed for Windows platform, then any alternative OS would be considered as secure ( http://www.techradar.com/news/softw.../10-best-alternative-operating-systems-934484 ).

LiveCDs are not an OS but a method for running and driven a computer.
Windows 8 is not the most secure OS (who has proved that in an absolute way, after only 4 or 5 month of life?), and Quebes OS has not been certified as i suggested to its dev. on her blog (in this case Polyxene is for my concern more mature http://www.polyxene.fr/ ).
Statistical security exists, as there is some critical IT based on Debian or RedHat or OpenBSD who have not encounter significant incident since years.
The most secure OS does not exists, as every system can be hacked and rooted, it is just a question of ressources (skills, time and money).
Looking for the Graal in every aspect of life is a dead end.

rgds

 

I thought it was understood that we're talking desktop OSes? An RTOS with a formally verified microkernel is obviously more secure than Windows 8, but nobody runs one of those on a desktop.

 

Agreed that this is highly subjective. Some good points made about Windows OS's being potentially more secure than something like Linux, since the latter lacks good security tools and depends more on obscurity and the fact that out of the box it's already much more hardened... and therefore don't need to depend on such tools as much. So which scenario = more secure in the end?... that's in the eye of the beholder.

To me XP Pro is the most secure Windows OS to date, since it has a much smaller attack surface than the newer OS's. But is recent enough to deploy some technologies & also software that it's predecessors couldn't (because if attack surface was the ONLY consideration, the further you go back the more secure the OS is).

I like that I only have 9 services running right now, and 15 processes. I like that none of them are notorious for being vulnerable. I like that I don't need to grant any of them internet access for my box to function properly (like svchost.exe, for example). I like that when I type "netstat -an" into my command line when my box is in an idle state, that nothing shows up on the list. To me this is more important than having mitigation techniques and other tools to compensate for this not being the case. And things like SRP, GP edits, D+, SBIE and an image compensate for other would-be shortcomings.

But this is just 1 subjective opinion.

 

luciddream I can't see how XP is more safe than 7 or 8. You have basically butchered the OS to make it more secure, very few will do that & very few should do that.

Your attack surface may be minimal but it's still vulnerable I feel. I do respect your opinion, I just think as technology advances there is no reason to stick to XP. It's a dead OS, no more development will be put into it which makes it less secure.

IMHO Qubes is the most secure, followed by ChromeOS & then Windows 8.