March 30, 2007
OS vulnerability “study”
Posted Mar. 30, ’07, 7:35 AM PT by Derik DeLong
Category | Security
Like GI Joe says, when it comes to security, knowing is half the battle. With that said, I read OmniNerd’s 2006 Operating System Vulnerability Summary. The goal is to document the number of remote access vulnerabilities there were in Windows XP, Server 2003, Vista Ultimate, Mac OS 9, OSX Tiger, OSX Tiger server, FreeBSD 6.2, Solaris 10, Fedora Core 6, Slackware 11, SuSE Enterprise 10 and Ubuntu 6.10. The other used Nmap to scan for open services while Nessus provided vulnerability information. It’s a rather long article and well documented, but make several critical mistakes that end in the following conclusion:
As far as “straight-out-of-box” conditions go, both Microsoft’s Windows and Apple’s OS X are ripe with remotely accessible vulnerabilities.
By “straight-out-of-box”, he means “after-I-turned-on-every-service-that-I-could-find”. By ripe, he means 2 supposed vulnerabilities in the client and 7 in server. First of all, any user behind a NAT router is shielded from these attacks. Second, users (that don’t know what they’re doing) don’t generally turn on every service they can find just for kicks. Windows was susceptible, genuinely out of box (using an XP install prior to SP2).
Second, none of these exploits were actually verified. The author took the word of Nessus as gospel. I’m not saying it’s necessarily incorrect, but the fact is, we don’t know. If one is going to make a conclusion about the state of security for things, you best verify the results.
It’s interesting to see the general state of Windows, OS X, and the other various flavors of Unix, but I’m unconvinced this article is an accurate representation of that state.
1 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Lawrence on IE8 Beta 2 hits the Internets, but do we really care?
- Mark Eagleton on Some major bands shun iTunes
- spiderbat on Original Mac designer dishes on development
- Dave-O on Rumors of Steve's demise are greatly exaggerated
- alterbentzion on IE8 Beta 2 hits the Internets, but do we really care?
- hardonyou on Some major bands shun iTunes
Categories
- Apple (211)
- Advertising (148)
- Events (219)
- Huh? (170)
- Humor (251)
- News (144)
- People (240)
- Rivals (379)
- Speculation (154)
- Steve Jobs (157)
- Stores (196)
- Apple TV (56)
- Business (424)
- Games (137)
- Geekery (449)
- Hardware (885)
- Accessories (69)
- Intel Macs (161)
- Ihnatko (18)
- Internet (438)
- Legal (216)
- MacUser (91)
- Money (162)
- Music (328)
- Podcasting (98)
- Photography (70)
- Security (235)
- Software (1470)
- Updates (504)
- Tips (347)
- Troubleshooting (182)
- Video (380)
- Windows (205)
- iPhone (192)
- iPod (574)
- iPod Accessories (92)
- iPod Software (58)
- iTunes (110)
- iTunes Store (415)
Archives
- August 2008 (169)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
I find this article to be full of FUD! OSX straight out of the box is more secure than any Windows box could ever be. It has been proven time and time again. How many real life viruses are on OSX. Let us count them. 0,nada,zip,zilch,none.
How many real world real breakins to an OSX machine have there ever been in it's six year history? Let us count them. 0,nada,zip,zilch,none.
Malware/spyware?
0,nada,zip,zilch,none.
So now tell me how secure or equal is Windows of any kind? FUD! Pure and simple.