Most secure OS in 2013

Discussion in 'other security issues & news' started by merisi, Jan 17, 2013.

Thread Status:
Not open for further replies.
  1. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I used to think that Linux and OS X was more secure than Windows but I've found that there are some very powerful security programs that actually make Windows very secure. Meanwhile, Apple have tacitly withdrawn their claim that OS X is rock solid and secure (while I still find certain Mac users have no idea about this and are in complete denial that there could be any problem with Apple). I've also seen discussions on the Ubuntu forums that warn caution if you think that OS and other Linux variants need to be worked on to make them more secure. I personally enjoy using Windows and Linux and I'm of the belief that no OS is inherently secure but that it has to be hardened against potential threats and users need the correct mindset about being careful with what you do on your computer.

    I'm really interested in what everyone else thinks?

    (I'm really sorry I messed this up again. I get bonus stupid points this morning for messing up two polls in the space of 5 minutes. I'm just going to leave this alone now and again my apologies.)
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you want security only, take a look at OpenBSD, Qubes OS, or a hypervisor like KVM.
     
  3. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Where's the poll? :rolleyes: :rolleyes: :rolleyes: :rolleyes:
     
  4. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    Don't know if it's a proper OS but Google Chromebook is very secure.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Whichever one you choose.
    Mrk
     
  6. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I agree with Mrkvonic.

    Just like about any other choices, it all boils down to your preferences. Different folks would argue different things in favor of one over the other but when there's too many variables in consideration, it's hard to have an objective conclusion that fits everyone's bias.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This isn't an issue of preference. How could it be?

    I do agree with safeguy that there are too many variables to give any definitive answer.

    And I agree with DrBenGolfing that ChromeOS is the most secure user-oriented OS out of the box.

    Linux has the most potential to be the most secure OS, given projects like PaX/Grsecurity and LSM, as well as projects like seccomp, which don't exist in other operating systems. Out of the box it's (as in, most common distros) very similar to Windows in terms of its ASLR implementation, security model, etc.
     
  8. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    Qubes OS or chrome OS :rolleyes:

    out of box security :D
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    Windows 8 :p
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    This. If you know what you are doing to can secure any OS for reasonable use. If not you can infect any OS. Most machines are compromised by inexperienced and/or ignorant users so as long as you are willing to learn how to use a computer responsibly, it really does not matter.
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Forgot to mention Live CD's and Windows PE, they're basically read-only. That means nothing changes on them, unless you specifically burn your session.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Read only means no disk modifications, but in memory changes work.
    Plus nothing prevents you from submitting personal info, phishing, etc.
    The OS choice really makes no difference.
    Mrk
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    The answer is unknown if they are implemented in software form.

    Then they can be changed by human hands either by error or for evil.
    Only when operating systems are burned into a chip will they be safer. 99% never 100%. Certainty is a non existant state.:D

    No more patch Tuesday and M$ stock goes to zero!
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Are we pretending that social engineering is the only way attackers get into systems?
     
  15. The most secure desktop out-of-the-box is probably Windows 8. I don't think that's saying much though.
     
  16. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    You've got my curiosity up. Can you give some examples?
     
  17. - GUI isolation. Graphical apps running at different integrity levels can't log each other's input.

    - Policy sandbox for IE, etc.

    - Metro apps (like the built-in PDF reader) have AppContainer, an even stricter policy sandbox.

    - On the pro version you have Applocker, which (barring kernel vulnerabilities) would usually put the kibosh on malware persistence.

    Linux is capable of most of that stuff, but most distros don't ship with such things configured (or even necessarily available). I don't know of any that sandbox their browser by default for instance.

    That said, if you have the time and the know-how, you can probably make any major Linux distro more secure than Windows... I just don't think it's more secure by default in most cases.
     
  18. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    AppLocker is only available on the Enterprise edition of Windows 8.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I wouldn't bother putting applocker on the list. It's not a default configuration and it really on prevents persistence in a specific way. Not really noteworthy for a 'default secure' system. Otherwise it would be worth mentioning Apparmor for Linux browsers, which also isn't default.
     
  20. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I somewhat agree. If anything, I'd add EMET to that list (but then again, it's not a default config)

    In the context of exploits, AppLocker would deal with the payload but EMET starts earlier in the game by making it harder for vulnerabilities to be exploited.

    Where I see a difference though is that AppLocker is useful for restricting access to software to specific users, especially in enterprise and multi-user environments. In a way, it helps to mitigate against some problems resulting from users doing stupid things. I'm pretty sure some system admins (and the self-appointed admins at home) would agree that there's value there.

    Anyway, AppLocker is out of bounds for most home users as it is targeted more towards enterprise and IT enthusiasts. You could use AppLocker under Win7 Ultimate but with Win8, the licensing gets stricter and it's only available under Win8 Enterprise. I personally find that a dumb move but hey, I'm not involved in MS decision making process...
     
  21. What? Grr. Sorry, it was on the downloadable trial version, which I assumed was Pro; my bad.

    *glares off in the vague direction of Redmond, WA*

    True. OTOH it's pretty easy to set up.
     
  22. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi

    Most or best are words for poets or columnists, not for scientists.
    Major OSs are evaluated regularly via commom criteria and standards
    http://en.wikipedia.org/wiki/Evaluation_Assurance_Level
    If we consider this methodology, then RTOS for critical/military embedded systems are the most secure (Integrity and LynuxWorks).

    Regarding desktop and server OSs, an easy way to compare them is a kind of 48h survey test against classical infection vectors, by visiting drive by download infected sites, running email attachment etc...
    As more than 90% of available malwares are designed for Windows platform, then any alternative OS would be considered as secure ( http://www.techradar.com/news/softw.../10-best-alternative-operating-systems-934484 ).

    LiveCDs are not an OS but a method for running and driven a computer.
    Windows 8 is not the most secure OS (who has proved that in an absolute way, after only 4 or 5 month of life?), and Quebes OS has not been certified as i suggested to its dev. on her blog (in this case Polyxene is for my concern more mature http://www.polyxene.fr/ ).
    Statistical security exists, as there is some critical IT based on Debian or RedHat or OpenBSD who have not encounter significant incident since years.
    The most secure OS does not exists, as every system can be hacked and rooted, it is just a question of ressources (skills, time and money).
    Looking for the Graal in every aspect of life is a dead end.

    rgds
     
  23. I thought it was understood that we're talking desktop OSes? An RTOS with a formally verified microkernel is obviously more secure than Windows 8, but nobody runs one of those on a desktop.
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Agreed that this is highly subjective. Some good points made about Windows OS's being potentially more secure than something like Linux, since the latter lacks good security tools and depends more on obscurity and the fact that out of the box it's already much more hardened... and therefore don't need to depend on such tools as much. So which scenario = more secure in the end?... that's in the eye of the beholder.

    To me XP Pro is the most secure Windows OS to date, since it has a much smaller attack surface than the newer OS's. But is recent enough to deploy some technologies & also software that it's predecessors couldn't (because if attack surface was the ONLY consideration, the further you go back the more secure the OS is).

    I like that I only have 9 services running right now, and 15 processes. I like that none of them are notorious for being vulnerable. I like that I don't need to grant any of them internet access for my box to function properly (like svchost.exe, for example). I like that when I type "netstat -an" into my command line when my box is in an idle state, that nothing shows up on the list. To me this is more important than having mitigation techniques and other tools to compensate for this not being the case. And things like SRP, GP edits, D+, SBIE and an image compensate for other would-be shortcomings.

    But this is just 1 subjective opinion.
     
  25. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    luciddream I can't see how XP is more safe than 7 or 8. You have basically butchered the OS to make it more secure, very few will do that & very few should do that.

    Your attack surface may be minimal but it's still vulnerable I feel. I do respect your opinion, I just think as technology advances there is no reason to stick to XP. It's a dead OS, no more development will be put into it which makes it less secure.

    IMHO Qubes is the most secure, followed by ChromeOS & then Windows 8.
     
Loading...
Thread Status:
Not open for further replies.