Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Study Recommends Mac OS X as Safest OS

michael posted more than 9 years ago | from the safety-first dept.

Security 370

rocketjam writes "The British security firm mi2g has concluded a comprehensive 12-month study to identify the safest 24/7 computing environment. In the end, the open source BSD and Mac OS X came out on top with the fewest security breaches against permanently connected machines worldwide in homes, small businesses, large enterprises and governments. The study found Linux to be the most breached environment 'in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded'. Windows was the most breached environment in government computing and led Linux, BSD and Mac OS X by far in economic damage caused by breaches." We mentioned their previous study too. As before, the study ignores the thousands of automatically-spreading viruses for Windows.

cancel ×

370 comments

Sorry! There are no comments related to the filter you selected.

Before people go nuts... (5, Informative)

daveschroeder (516195) | more than 9 years ago | (#10701363)

...this study is talking about manual exploits, and says as much [mi2g.com] :

The study also reveals that Linux has become the most breached 24/7 online computing environment in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded, with 154,846 successfully compromised Linux 24/7 online computers of all flavours.

This is likely because of the great number of Linux servers, and the wide variety of network services and ports open to the world on such servers.

And it does, in fact, make distinct reference to Windows malware (self-propagating worms, viruses, etc.):

Malware proliferation

The recent global malware epidemics have primarily targeted the Windows computing environment and have not caused any significant economic damage to environments running Open Source including Linux, BSD and Mac OS X. When taking the economic damage from malware into account over the last twelve months, including the impact of MyDoom, NetSky, SoBig, Klez and Sasser, Windows has become the most breached computing environment in the world accounting for most of the productivity losses associated with malware - virus, worm and trojan - proliferation. This is directly the result of very insignificant quantities of highly damaging mass-spreading malware being written for other computing environments like Linux, BSD and Mac OS X.


Also interesting:

For the record, neither mi2g Ltd nor the mi2g Intelligence Unit have a business relationship with Apple Computers and we do not own any shares in that corporation. Previously, the mi2g data for one month was considered to be too small a sample and not representative of the global environment within which different types of entities - micro, small, medium and large - exist. We have addressed those concerns in the new study. The critics were against the previous study which also came out in favour of Apple and BSD, because the entrenched supporters of Linux and Windows felt that mi2g was guilty of 'computing blasphemy'. In subsequent months, mi2g's reputation was damaged on search engines and bulletin boards. We would urge caution when reading negative commentary against mi2g, which may have been clandestinely funded, aided or abetted by a vendor or a special interest group.

There are a wide variety of reasons to expect that Mac OS X is a significantly more secure computing platform than Windows in a non-server/desktop setting; this study only further confirms that.

Re:Before people go nuts... (4, Insightful)

geoffspear (692508) | more than 9 years ago | (#10701602)

How dare you try to prevent slashdot users from going nuts!?

The problem with this study isn't that it can been seen to say that Windows is more secure than Linux (which it doesn't say, specifically denies it's saying it, but with Linux users will think it's saying and flame away).

The problem is that they claim to be trying to find the "most secure" OS, and then look at the % of total attacks against each type of system instead of the average per installation of each type. If I set up 5 insecure "A" machines and 100 more secure "B" machines, and find that there were 5 attacks against the A machines and 20 against the B machines, I can conclude that the B machines are least secure because they account for 80% of attacks, or that A machines are least secure because they're attacked 100% of the time vs. 20% of the time. The raw numbers are completely meaningless in the context they're presented in, and the "news alert" itself show they're either intentionally misleading people or they're incompetent and need to hire a statistician with a big clue stick.

By the way, I do think the BSDs are probably "more secure", as they claim, but their methodology makes me ashamed to share their opinions.

Re:Before people go nuts... (0)

Anonymous Coward | more than 9 years ago | (#10701608)

"This is likely because of the great number of Linux servers, and the wide variety of network services and ports open to the world on such servers.

And it does, in fact, make distinct reference to Windows malware (self-propagating worms, viruses, etc.)"

Umm.... doesn't MS still have the majority of market share in the server market?

And aren't there a "wide variety of network services and ports open to the world on such servers" on those Windows servers?

Re:Before people go nuts... (2, Informative)

PhotoBoy (684898) | more than 9 years ago | (#10701858)

"Umm.... doesn't MS still have the majority of market share in the server market?"

According to Netcraft [netcraft.com] Apache has the biggest web presence. Admittedly Apache is not Linux, and there are many Windows boxes out there with Apache, but it does give a good idea of the spread of platforms out there.

Primary reason being not many use it? (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10701624)

Especially hackers?

Re:Before people go nuts... (4, Insightful)

mitchus (797970) | more than 9 years ago | (#10701647)

This is likely because of the great number of Linux servers,

Indeed. I wonder about the relevance of absolute figures in such a study. I mean, I can top all these amateurs with my own home-made kernel Skimpy, 0 breaches recorded (fact that I am the sole user intentionally omitted)

Re:Before people go nuts... (0)

Anonymous Coward | more than 9 years ago | (#10701810)

It's still incomplete.

what about OS2? BeOS?

Sorry but OS/2 is still HEAVILY used in the banking industry.

I bet that OS/2 and BeOS as well as other more obscure OS'es are so secure that it makes OSX look as bad as Windows XP.

I am tired of "studies" that do not include all Operating systems in use and are really only a collection of reported information and not real data.

I give this report as much weight as any of the reports in CFO magazine that has the "advertisment" tag at the bottom.

I want to see REAL data. it will take a year or two to collect and test, but it would be real instead of a hot air job like this is.

Meaningless (4, Insightful)

poptones (653660) | more than 9 years ago | (#10701816)

I saw this earlier from a link at osnews (yeah, I know). I was a little surprised it hadn't been mentioned here until I read the article. The site comes across as just another of those l337 haxor orgs trying to "go legit." Lots more disclaimers like that one blaming "people with agendas" writing bad press and even blaming the search engines for linking to it and helping spread the evil word. A "news" page linking to all their press releases where they quote themselves a lot.. oh boy, that's impressive.

Anyway, just in the last fews days I can think of at least one exploit requiring users of real player (on ANY platform) to "update their software" lest they be rooted by a malicious video stream. Previous hacks mentioned in the article were related to both Real and Quicktime being vulnerable to malicious skins.

Since I don't use either of these pieces of crapware I guess I'm 100% safer than everyone else and I don't have to worry about being rooted - because, after all, it's just bad software that makes you vulnerable, not being a warez whore and installing every piece of shit toy on your system that catches your eye.

Re:Before people go nuts... (3, Insightful)

Minwee (522556) | more than 9 years ago | (#10701835)

And even before people go nuts over that, remember that this is mi2g we're talking about. They are to a reputable security firm what two Wisconsin state troopers having a donut are to the Berlin Wall in 1980.

GNAA! (-1, Troll)

kaosjester (823409) | more than 9 years ago | (#10701366)

In a week which shall be recorded in Wikipedia infamy (and then vandalized and redirected to clitoris), the oft persecuted and never defeated internet missionaries of the Gay Nigger Association of America struck yet another powerful and telling blow against the powerful forces of bigotry and racism. Most notably, the growing zionist community on renowned internet pissing yard wikipedia.org. And the records have indeed tumbled, with an unheard of third successful survival from the digital shitheap that is "Votes For Deletion". Coming in spite a heinous act of self promotion and cyber terrorism by Pat Gunn/Improv (formerly known as Aharon Meshenstein prior to his infiltration of the United States), who listed and inspired mob vandalism upon the GNAA's entry. Fresh from his promotion of Wikipedia's $50,000 fundraiser for arms and supplies to the Jewish state of Israel, Improv launched a series of unprovoked and slanderous attacks against the well loved organisations leadership, all the while using foul and unholy necromancies to enlist the dead themselves to vote the entries deletion. Names such as "Wolfman" and "Demonslave" only adding to the damning list of evidence linking Mr Gunn to the occult. Though Improv's actions gained him a small majority, a shock last minute intervention from Pope John Paul II spared the pages untimely fate, although as yet unconfirmed reports have indicated that several hundred 8-year old negro children were driven to the Basilica to secure the pontiffs support. Others point towards the black curse cast upon the deletion campaign by the support of infamous Brawl Hall mouthpiece "Yoyo" as the main driving force behind the salvation of the aforementioned entry. But the details are likely to cause few sleepless nights among the group, only one of whom was willing to speak to the press. Namely GNAA Wikipedia contributor Popeye, who interrupted his drawing of pornography to give a brief dismissal the controversy: "Even with Improv's shady dealings, the sheer size and girth of a swollen GNAA phallus enables it both an identity and a vote of it's own. Making such discussion moot".

Why isn't BSD in the title? (5, Insightful)

Anonymous Coward | more than 9 years ago | (#10701369)

It's ranked as safest, too.

Re:Why isn't BSD in the title? (2, Informative)

dcstimm (556797) | more than 9 years ago | (#10701412)

Because Macosx hits the public better, dont you know anything about making a story sound better and more interesting?

Re:Why isn't BSD in the title? (4, Informative)

Rosyna (80334) | more than 9 years ago | (#10701490)

DUH! Everyone knows that BSD is the safest kind of like how everyone knows the earth isn't a square (however, most of its inhabitants are) yet most people don't realized that OS X can be categorized as a BSD Variant for most intents and purposes. Apple even often makes a point to list what version of BSD any given cat is based on.

Re:Why isn't BSD in the title? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10701522)

because it's dying.

Re:Why isn't BSD in the title? (1)

QuijiboIsAWord (715586) | more than 9 years ago | (#10701543)

Because it's dying.

Ahh! The Flames! They Burn!

Re:Why isn't BSD in the title? (3, Insightful)

slinky259 (827395) | more than 9 years ago | (#10701689)

My guess is A) To keep the title short and sweet B) Giving OS X an edge (conciously or not) because of its "underdog" status C) Poster doesn't like BSD?

Re:Why isn't BSD in the title? (0)

Anonymous Coward | more than 9 years ago | (#10701864)

Simple (though probably inexcusable) misunderstanding, perhaps[??]:

mi2g story: "is proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin."

Note that it uses the singular noun "platform" --- the unitiated read that as one operating system...although the compound predicate nominative actually indicates that they are discussing at least two OS's ... and those of us in the know realize that there are at least 3 BSD's ...

rocketjam's summary: "In the end, the open source BSD and Mac OS X came out on top with the fewest security breaches against permanently connected machines..."

Once again, it's possible that "BSD and Mac OS X" implies to the poster that "OS X was created by BSD and Mac" rather than "the open source operating systems of the BSD family and Apple's Mac OS X came out on top" ... with several top FreeBSD team members now employed by Apple, it's certainly possible that we just missed the English here, methinks ....

mandatory windows poke (0, Troll)

sp00 (639381) | more than 9 years ago | (#10701370)

insert windows jab from overzealous mac user here

Re:mandatory windows poke (0, Flamebait)

mios (715734) | more than 9 years ago | (#10701518)

No, not overzealous ... correct mac users ...

Re:mandatory windows poke (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10701628)

you're not funny, you smug cock.

Isn't it the least used? (1, Interesting)

mesach (191869) | more than 9 years ago | (#10701376)

That would lead me to the assumption that if its the least used then people wont bother writing virii and bother trying to hack it.

Am I wrong to think this?

misread your header... (1)

advocate_one (662832) | more than 9 years ago | (#10701414)

thought you'd said "least sued"...

Re:Isn't it the least used? (0)

Anonymous Coward | more than 9 years ago | (#10701434)

No I think you're 99% right. As OSX gets more popular more and more viruses/trojans will pop up. Look at the recent Opener virus/trojan/malware.

Re:Isn't it the least used? (3, Informative)

JazMuadDib (600258) | more than 9 years ago | (#10701775)

If you read about how Opener is built, it's pretty obvious that it's neither a virus nor a trojan per say, but just a malicious script. No reason to get your britches all in a knot: any decent *nix user should be able to whip up some of these easily.

Re:Isn't it the least used? (5, Insightful)

BlaKnail (545030) | more than 9 years ago | (#10701471)

Yes, you are wrong to think this.

First, the study shows linux subject to the most manual attacks. That doesn't jive with your logic.

Also, see the oft repeated marketshare of webservers. Apache is by far the most used, but subject to far less attacks than IIS.

Re:Isn't it the least used? (4, Insightful)

lukewarmfusion (726141) | more than 9 years ago | (#10701615)

Linux is often quoted as having a larger marketshare than Mac OS.

Regardless, you can certainly look at the users for the source of these numbers. I think it's harder for a Windows XP desktop user to "get hacked" than a Linux user. Why? Because Linux operating systems, with all their power and flexibility, can be compromised because it's easy to make a mistake. I'm sure you know users that run as root and do all kinds of ridiculous things. Does that mean Linux is insecure? No.

Likewise, I'd point at Windows desktop users and ask - "do you know if you've ever been hacked?" Everyone wants to say no, but most people have no idea how to tell. Or what counts as a hack. So how will you measure the number of attacks? If you ask a Linux user, I think you're immediately more likely to get an educated response because the users are generally more attuned to their computers and how they work.

It's hard to take a report like this very seriously because it has to overcome some fundamental issues.

Re:Isn't it the least used? (0)

Anonymous Coward | more than 9 years ago | (#10701627)

Linux is one of the most common server platforms, which explains that stat. You can lie to yourself all you want, but everyone knows macs aren't attacked because they don't account for a big portion of the server market, not because they are more secure. Same with BSD.

Re:Isn't it the least used? (1)

megarich (773968) | more than 9 years ago | (#10701853)

Touche for Apache, but linux is more used than mac so how does that not jive with logic?

Re:Isn't it the least used? (1)

enderai (629814) | more than 9 years ago | (#10701526)

That would lead me to the assumption that if its the least used then people wont bother writing virii and bother trying to hack it.
As far as virii go it makes sense that the low numbers of macs would make it harder for one to spread given that they are overwhelmed by other platforms. Otherwise, this is simply the misconception that obscurity provides security. My feeling would be that Macs are a more enticing target, since they are argued to be more secure.

Re:Isn't it the least used? (2, Funny)

Profane MuthaFucka (574406) | more than 9 years ago | (#10701639)

What is a virii? Do you mean the latin word meaning 'men'?

Re:Isn't it the least used? (2, Informative)

kalidasa (577403) | more than 9 years ago | (#10701851)

Actually, the plural of vir, men, is viri. If virus had a plural in Latin, it, too, would be viri; but no plural of virus is attested.

Re:Isn't it the least used? (2, Insightful)

Fearless Freep (94727) | more than 9 years ago | (#10701533)

Windows and Unix come from completely different histories and completly different design philosophies with different views on multiuser systems, networking, etc..

I don't think it's possibe to really say that Unx (or Linux or OS/X) would be just as vulnerable as Windows if they had more users and were therefore bigger targets.

Re:Isn't it the least used? (2, Interesting)

somethinghollow (530478) | more than 9 years ago | (#10701570)

I think it is partially true. A major web server, for instance, would be under scrutiny. Those would be, most of the time, Linux and Windows. On the desktop front, BSDs/MacOSx don't have alot of public mindshare, so all the exploits being researched are for Windows, since it is pretty ubiquitous on the desktop. But, I think it depends on if the survey is for potentiality-to-be-exploited or history-of-not-getting-exploited. If it is the latter, your observation is true. It's security through obscurity. If the author meant the former, then your observation is wrong. But if it is through obscurity, it seems Palm or Symbian OS, ones that qualify as constant computing operating systems (as most non-geek people I know spend more time on their cell phone than on a computer), would rank pretty high. Just my observations.

Re:Isn't it the least used? (0, Offtopic)

Profane MuthaFucka (574406) | more than 9 years ago | (#10701594)

What's a virii?

Re:Isn't it the least used? (2, Informative)

metachor (634304) | more than 9 years ago | (#10701597)

That would lead me to the assumption that if its the least used then people wont bother writing virii and bother trying to hack it.

Am I wrong to think this?

Yes, one of the first things taught in many network security classes is that security through obscurity is not reliable. The implication here is that Mac OS X is more secure because of the security measures in the OS, not because no one has bothered to look for or exploit flaws.

Re:Isn't it the least used? (0)

Anonymous Coward | more than 9 years ago | (#10701611)

That, however, is the same reasoning that Microsoft used stating that Windows is more vulnerable because it's so popular. The argument may have a point; however, it was discounted by the recent security report of Windows vs. Linux:

"http://www.theregister.co.uk/security/security_ re port_windows_vs_linux"

In essence it cites that since, for example, Apache is the most popular web server (also standard on Mac OS X, I might add), it does not have nearly as many critical security flaws as had Microsoft's IIS.

I believe the same logic can be applied to Mac OS X, since it uses most of the same open source base of software as Linux.

Re:Isn't it the least used? (1)

megarich (773968) | more than 9 years ago | (#10701808)

Nope. I could go on to say I created my own os that only I used and because no one breached it, it's the safest.

I don't mean to knock mac or anything but I just feel since it's the one no one cares about, people dont try as hard to break it.

And to be fair(I didn't read the article so correct me if I'm wrong), they should inculde the other flavors on unix such as solars, hp-us, aix just to see how they stack up...

lol... for homos (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10701382)

LOL (1, Funny)

Mr.Dippy (613292) | more than 9 years ago | (#10701385)

I for one welcome our overpriced, non-gameing computer overload.

Securely delicious (-1)

fiftyfly (516990) | more than 9 years ago | (#10701395)

Plus it's tasty. mmmmm aaappplllleee.

Yes, yes. (-1, Offtopic)

mtrisk (770081) | more than 9 years ago | (#10701410)

We know, we know. *BSD is not dying. Don't let the trolls get to you, m2ig! Those of us who use BSD know of it's goodness. =P

Re:Yes, yes. (0)

Anonymous Coward | more than 9 years ago | (#10701447)

Just as a sidenote, I tried installing FreeBSD 5.2.1 this afternoon. It detected all of my hardware properly, save for the disk geometry of my second hard drive -- I was quite impressed. However, I'm using an optical PS/2 mouse, and I could find no way of configuring it properly! A regular old PS/2 mouse worked in its place, but I'd much prefer the optical.

Which BSD? (3, Insightful)

Benanov (583592) | more than 9 years ago | (#10701415)

The study doesn't specify which BSD distribution they used, besides OS X (Darwin). I guess you could say "all of them" but c'mon, you just can't leave out details like that.

Re:Which BSD? (1)

13Echo (209846) | more than 9 years ago | (#10701588)

Also, when they refer to a "24/7 computing environment", one would assume that they are talking about servers. Seldom are Macs used as servers (though they make good server machines) in comparision to Windows or Linux.

I would equate the percentage of breaches somewhere in-line with the percentage of instances as a server PC. We all know that Apache on Linux makes up a large majority of webservers out there.

What bothers me is that they fail to mention the percentage of exploits on desktop machines as well. The numbers don't provide a truly accurate indication of how often certain operating systems are exploited.

Manual breaches... (4, Insightful)

GreyWolf3000 (468618) | more than 9 years ago | (#10701419)

That's a software issue. Most people manually breaching systems are nmapping, finding services that are vulnerable, and exploiting them.

Furthermore, unlike worms, crackers might not know what operating system the site is running until they attempt to infiltrate it. It's not like people go looking for Linux boxes randomly.

I think that the argument that Linux is installed on more target machines than the other operating systems is acceptible here, even though it is somewhat fallacious when it is used to defend Windows security against automated attacks like viruses and worms.

less users = less exploits (4, Funny)

evilmousse (798341) | more than 9 years ago | (#10701424)

-flamebait-

security through obscurity. Fewer AmigaOS exploits these days too.

-/flamebait-

(i'm joking.. just couldn't resist.)

Logical fallacy (5, Insightful)

daveschroeder (516195) | more than 9 years ago | (#10701525)

I know you're just joking, but for others who actually believe this, it bears repeating:

If that were true, then apache would have the most exploits of any web server, since it has the greatest market share. However, that is not the case: Microsoft IIS is by far the most exploited web server, with only around 20% marketshare.

Additionally, lesser marketshare does not automatically imply anything with regard to security. Sure, it's *targeted* less, and people might spend less time attacking it, but that does not mean it is less secure. In fact, there are numerous technical, design, and architectural reasons that, e.g., Mac OS X is more secure than Windows. A few examples would be: no ports or services open by default, services that are used are likely to be open source services like apache and OpenSSH which receive in intense scrutiny so that theoretical holes are closed before they become practical ones, there are more layers of abstraction between an email attachment and it actually becoming a meaningful exploit, prompting and notification for administrative-level or elevated privileges, less likelihood of standardization on a single email client reducing the exposure of a single point of attack, etc.

And sure, marketshare helps too, in terms of things like the statistical likelihood of the next host encountered/scanned by a piece of Mac OS X malware also being Mac OS X. But that's no where near the whole story.

Re:Logical fallacy (3, Insightful)

evilmousse (798341) | more than 9 years ago | (#10701718)


You're absolutely correct. The joke was exactly that: presuming a 1:n relationship between #ofUsers and #ofExploits. This more truly would be a measure of how appetizing the platform is to black-hats. There are naturally far more variables in that equation, most especially how well the platform has been designed, but we who feel "all bugs are shallow given enough eyes" should be conscious "all platforms have exploits, given enough eyes". ..wow, that was the fastest i've ever been modded down ^_^;;;

Re:Logical fallacy (1)

fitten (521191) | more than 9 years ago | (#10701773)

So, how does something like:

Many people who exploit security holes and/or write virii and worms for Windows are typically anti-Microsoft and are pro-non-Microsoft. They want to cause bad PR for Microsoft but not their own favorite platform, that's why we don't see as many for the other OSs.

Fit into your logic?

Re:Logical fallacy (2, Insightful)

evilmousse (798341) | more than 9 years ago | (#10701869)


I don't see activism as the primary goal of the majority of windows exploits. Most seem to be greed or mischief. Am I wrong?

Re:less users = less exploits (1)

pilgrim23 (716938) | more than 9 years ago | (#10701554)

more flame: AmigaOS? That hack? go for the pure and unpoluted operating system of clean goodness: Apple /// SOS. ... or its great predecessor: Apple DOS 3.3 or its equally secure and goodly childern: ProDOS and GS/OS 6.0.1 Apple II FOREVER!

Re:less users = less exploits (2, Interesting)

bhtooefr (649901) | more than 9 years ago | (#10701587)

Hah... hah hah...

You don't know the lineage of Apple II OSes, do you?

ProDOS is the Apple II port of SOS (essentially - a disk can actually have an SOS.SYSTEM and a PRODOS.SYSTEM, along with A2 AND A3 versions of programs). GS/OS is the 65816 port of ProDOS, with a GUI added.

Think of the prestige! (5, Insightful)

slinky259 (827395) | more than 9 years ago | (#10701766)

It's been widely repeated by many of my compatriots that Macs are simply more secure because they have a tiny user base. However, hacker culture is based on egos, correct? Imagine the fame one could gain by creating a virus that infects Macs too - they'ed be able to smash the "Macs don't get virii(?)" claim and they would get attention - for some people, good or bad doesn't matter.

I'm sure a Mac virus for OS X has at the very least been attempted. Why hasn't it succeeded at spreading all around?

OS X really is more secure

What abour Market Share?? (3, Insightful)

datbox (800756) | more than 9 years ago | (#10701437)

Does this article take into account the market share of all of these platforms? I browsed TFA and it didn't look like it did. Ofcourse if few people use osx as a server, it would result in few hacked boxes.

Oh Dear God (5, Insightful)

Anonymous Coward | more than 9 years ago | (#10701439)

This study is pretty much useless. Essentially what they're reporting is that of all manual hacker attacks that are successful, most of them happen on Linux, and Mac OS has the least of them. This does not mean that Mac OS is more secure. It may simply mean that Mac OS is less often attacked, or the MAc OS is less often used in 24/7 environments.

Show us a report studying attempts/successful attempts ratio, and it might actually mean something.

Re:Oh Dear God (1)

berkleyidiot (762486) | more than 9 years ago | (#10701711)

So when talking about Windows, the fact that there are more Windows machines online is not a mitigating factor - Windows is just less secure.

But when talking about Linux, they're hacked more because there are more of them online? I don't think you can have it both ways.

"safest", not "most secure" (2, Interesting)

mblase (200735) | more than 9 years ago | (#10701732)

of all manual hacker attacks that are successful, most of them happen on Linux, and Mac OS has the least of them. This does not mean that Mac OS is more secure.

They didn't say it was "most secure", they said it was "safest". That adjective takes security-through-obscurity into account.

It's kind of analogous to buying a home in a rural town vs. a downtown metropolitan area -- your neighbors leave their house unlocked all day, but since there's only about zero-point-two reported burglaries in a ten-mile radius every year, who really cares?

Re:Oh Dear God (0)

Anonymous Coward | more than 9 years ago | (#10701734)

Show us a report studying attempts/successful attempts ratio, and it might actually mean something.

Or at least a successful attacks per systems running count...

Just buy a mac :-) (0, Insightful)

Anonymous Coward | more than 9 years ago | (#10701440)

The ease of use of a Windows machine.
Microsoft Office.
Internet Explorer.
Open Source.
The fastest PC.
The first 64 bit PC.
DRM Ipod attachment.

And now, the most secure computer!

'Nuff said.

Just buy a Mac :-)

Does it? (0)

Anonymous Coward | more than 9 years ago | (#10701444)

As before, the study ignores the thousands of automatically-spreading viruses for Windows.

Then what are the "459 malware species" examined in the article?

Sure, but... (-1, Flamebait)

tokenhillbilly (311564) | more than 9 years ago | (#10701448)

Most Mac users are professionals and are reasonably aware of the dangers of downloading and executing evil software. If the Mac had as large a base of clueless users as Windows does there would be a lot more evil stuff targeted towards them. There's just no good reason to spend a lot of effort targeting Macs.

Re:Sure, but... (5, Informative)

friendscallmelenny (746745) | more than 9 years ago | (#10701574)

I couldn't agree LESS.

I think mac users are a very bimodal group. There are lots of pros, comfortable with various OS's. However, there are tons of totally clueless folks.

I cleaned up a lot of macs in the pre-OSX days when a handful of annoyances like macro-viruses were common.

Re:Sure, but... (1)

anothergene (336420) | more than 9 years ago | (#10701874)

I think mac users are a very bimodal group. There are lots of pros, comfortable with various OS's. However, there are tons of totally clueless folks.

Just like Windoze. I'm sure you will run across this in any OS. Linux might be the exception though.

Re:Sure, but... (3, Insightful)

Jucius Maximus (229128) | more than 9 years ago | (#10701696)

"Most Mac users are professionals and are reasonably aware of the dangers of downloading and executing evil software. If the Mac had as large a base of clueless users as Windows does there would be a lot more evil stuff targeted towards them. There's just no good reason to spend a lot of effort targeting Macs."

I think it has to do with the fact that there is much malware written for OS X, and that the OS Security model is better to begin. There is no root account and there are no ports open by default.

EROS is the most safe! (2, Funny)

thomasj (36355) | more than 9 years ago | (#10701456)

If you look for security, have a look at http://eros-os.org [eros-os.org]

It is the most secure because:

  • It is build around a capability system
  • It has no applications
  • The scripty kiddies don't know it is there
I haven't heard of any break-ins in EROS!

Re:EROS is the most safe! (1)

aulendil (243399) | more than 9 years ago | (#10701580)

C:\> = I am happy with my OS

Wrong! You can't be happy running DOS...

Re:EROS is the most safe! (1)

geoffspear (692508) | more than 9 years ago | (#10701662)

I thought it was supposed to be a guy with a tinfoil hat and a big triangular beard. He doesn't look too happy, though.

Fun with percentages (5, Insightful)

rackhamh (217889) | more than 9 years ago | (#10701457)

Wouldn't it be more useful to provide statistics on the percentage of *each environment* that suffered breaches -- e.g., 17% of Linux machines suffered breaches, 28% of Windows machines, 19% of OS X machines?

Unless I've misread the article (which is possible), the numbers they provide don't seem to take into account the *prevalence* of each environment.

Re:Fun with percentages (4, Insightful)

CrankyFool (680025) | more than 9 years ago | (#10701659)

Good idea. This is why plane crashes per airline usually are reported either in relation to passenger miles (X deaths per Y passenger miles) or in relation to takeoff/landings, since they're the least safe (X deaths per Y take-off/landing).

Personally, I'd like hacks to be reported in relation to hours in operation per year -- so if you've got two Linux servers up and one gets hacked once, you get 1:17532. It's probably reasonable, given that we can assume most servers are just going to be up all the time, to simplify this to hacks per operational systems out there.

(I still think it's somewhat bogus to dismiss out of hand the "more virii are created on Windows because it's more popular" approach while using exactly the same approach to explain why people hack Linux systems. If Windows remained the easiest system in the world to compromise but only had a .5% marketshare, I think we'd be seeing far fewer worms and virii developed for it)

Re:Fun with percentages (1)

ShroomSolo (793510) | more than 9 years ago | (#10701763)

"Most percentages are made up on the spot, Kent. 35% of the people know that." -Homer (_8(|)

Interesting corollary... (5, Funny)

Jtheletter (686279) | more than 9 years ago | (#10701470)

"As before, the study ignores the thousands of automatically-spreading viruses for Windows."

Just like the millions of clueless Windows users.

mac os x (-1, Offtopic)

bladx (816461) | more than 9 years ago | (#10701493)

i still like my mac os x

Previous Slashdot article contradicts this one? (1, Interesting)

gotgenes (785704) | more than 9 years ago | (#10701496)

So where does this [slashdot.org] article fit in?

Re:Previous Slashdot article contradicts this one? (2, Informative)

lpangelrob2 (721920) | more than 9 years ago | (#10701564)

I think it can be best summarized by saying that Mac OS X has a less total cost of i0wnership than Wind0ws. The facts are a little fuzzy, though, as the number of iMacs iHacked as compared to the number of iMacs that are 0nline is not discussed in the iArticle.

(disclaimer blah blah I own a mac blah blah)

RTFA (1)

gotgenes (785704) | more than 9 years ago | (#10701825)

To whomever downmoderated my post, RTFA--it is not OT.

numbers without data to back it up (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10701537)

Overall the results may be fair,
but I for one would like to see some details on their methodology...

Which kind of service were exposed?

Which exploits were used, etc...


Leaving telnet enabled with default passwords is just as dumb not filtering ports 445/135/etc.


But as usual with mi2g, big headlines, without anything to back them up!

What about.... (3, Funny)

LordPhantom (763327) | more than 9 years ago | (#10701538)

CP/M? My old Z100 running off two 5 1/4" drives and a 2400 baud com port modem has never been hacked!!! I'll bet that it has less exploits than even mack (for those mods who miss this is humor, consider this notification :-P Mod me down all you want ;-) )

Absolutely worthless "study" (0)

Anonymous Coward | more than 9 years ago | (#10701558)

I'm sure that I could "study" fatalities on US highways and conclude that more people die in autos than on unicycles. Do they even CONSIDER the ratios of Win machines vs Linux vs Mac out there? They pass this shit off as science?!?!

Re:Absolutely worthless "study" (0)

Anonymous Coward | more than 9 years ago | (#10701823)


Awww, her is upset. Her pet OS is more insecure than Windows. Don't cry, crybaby.

The manual Linux breeches are significant though.. (5, Insightful)

StressGuy (472374) | more than 9 years ago | (#10701561)

I've been tinkering off and on with Linux for a while now and I'm by no means an expert. About a year or so ago, I got the Knoppix liveCD and did a hard install with it, making it essentially a mixture of Debian stable/testing/SID. Anyway, one day I fire up Quake and, instead of the normal music, it's playing this "We are the Animals" crap. The startup script even says, "This version of Quake has been hacked". I try to install Bastille but can't quite get it to work on this mixed-Debian install. I also can't un-install it.

So, now I'm using SuSE - mainly because it has built in security functions and is easier to configure. I kinda wish I could just go with something like Slackware and set all of it up myself, but I have limited tinkering time these days.

I suspect that a growing population on non-expert Linux users could be a potential security vulnerability.

Yep (1)

Greyfox (87712) | more than 9 years ago | (#10701745)

It seems like every new Linux admin goes through the "Must do EVERYTHING as root" phase and the "Must give logins on my system to everyone who asks for one" phase. Combine this with distributions that aren't easily updated and you've got a recipe for disaster. Fortunately most people seem to grow out of these two phases after getting rooted a couple of times.

Yeah until... (0, Redundant)

slowtonejoe75 (583355) | more than 9 years ago | (#10701566)

everybody starts to use OS X... Then the all the exploits will be aimed at that platform... Then it won't be the most secure!!!

DUH...

My sig smells bad, here take a wiff...

slowness

Re:Yeah until... (-1, Redundant)

Southpaw018 (793465) | more than 9 years ago | (#10701610)

Right. OS X appears more secure right now because Macs make up a tiny percentage of the market. If you were a hacker trying to steal credit card info, what are you going to go for, 85%+ of all the computers as possible targets or 5%? I'd take the higher number. Thus, it appears sometimes that Windows is less secure than Mac OS X, Linux, and the others, but the key word is "appear". The others don't face near as much scrutiny and far less of their vulnerabilities are discovered.

Linux vs. Windows / Kerry vs. Bush. (0, Offtopic)

missing_boy (627271) | more than 9 years ago | (#10701626)

As before, the study ignores the thousands of automatically-spreading viruses for Windows.
In a world where you would even bother to compare the characters of Bush and Kerry, anything is to be expected.

Security through Obscurity (2, Funny)

goldspider (445116) | more than 9 years ago | (#10701633)

This defies logic. We all know that closed-source, AKA "security through obscurity" software cannot possibly be more secure than open source software like Linux. Please stop tampering with the metaphysical laws of the universe.

Annoying.... (-1, Redundant)

Kazrath (822492) | more than 9 years ago | (#10701638)

This is not a MAC bashing. It's just frustrating when people try to use polls to state an opinion other than a fact. Words like "More" Windows computer have been hacked. Well of course they constitute 90% of the computers (declining now). MAC's are solid computers. But my first "Hacked" computer I've ever known was a MAC. I hit a Javascript website that ran a Applescript on me and caused my font to change to something like 500. Since all I could see was one portion of the "Apple logo" boarder I ended up having to reinstall everything. The point is. If people attempt to crack a system or perform a malicious attack. They will succeed. The less popular/less mainstream environments will be "Safer"

It's "Mac", not "MAC". (1, Informative)

Vandil X (636030) | more than 9 years ago | (#10701839)

This isn't intended to be Offtopic, Flamebait, or Trolling, as it is something to keep in mind in any Macintosh-related discussion:

Please don't use the term "MAC". That's an acronym for Money Access Center.

"Mac" is the correct term and is short for "Macintosh".

Re:Annoying.... (2, Informative)

99BottlesOfBeerInMyF (813746) | more than 9 years ago | (#10701856)

OK, MAC=Mandatory Access Control, Message Authentication Code, or Media Access Control

Mac=abbreviation for Macintosh

Being less popular is a property that may make a system safer. But, less popular systems are not necessarily going to be safer. If windows 95 only has 1% of the market in 20 years, is it going to be safer that Mac OSX? Mac OSX has several security features that make it less exploitable than any current windows offering. It still has a long ways to go, and MS could make windows more secure than it in the future. Personally I'd like to see a system with easily configurable application specific priviledges. Your point about the statistics in this study not being well explained, or even given as raw data is well taken. Without the numbers, their study lacks credibility.

P.S. I'm not sure what you are talking about with the exploit, your description is a little fuzzy. I'm not sure changing your font size is a 'hack' or if that is what you are trying to say.

You have been trolled by Mi2G (5, Informative)

Anonymous Coward | more than 9 years ago | (#10701640)


Mi2G are about as expert in computer security as your local nursery school, they are basically a fraud outfit that decieve companies by using FUD in order to transfer cash from company accounts to the chairmans pocket, and slashdot linked them up
and you wonder why no one subscribes and blocks slashdots adverts

in the security scene they are worthless [attrition.org]

Register article [theregister.co.uk]

Breaches Recorded (5, Interesting)

kevjava (259717) | more than 9 years ago | (#10701682)

As a Mac user and Linux guy, I have to say that this kind of study is a little tilted... how many Mac users and Windows users really know how to record a breach into their machine? Neither ships with process accounting on out of the box, to my knowledge.

I recently had some puke engage in comment spamming my website. Traceback revealed he was using a Windows XP machine infected with the Subseven trojan. I'd be willing to bet that breach was not recorded.

Re:Breaches Recorded (1)

AndroidCat (229562) | more than 9 years ago | (#10701831)

Not recorded? You should have created a guestbook file on his desktop so that people could have kept track for him.

safety by obscurity (1)

demon4 (778594) | more than 9 years ago | (#10701743)

it's so safe cause no one uses it =]//. anyways it's the perfect os for my sister. plus you can get a computer that matches your teeth!

Microsoft Longhorn Declared Saftest OS Ever (3, Funny)

Ingolfke (515826) | more than 9 years ago | (#10701752)

In a recent addendum to the mi2g's analysis, Executive Chairman DK Matai says,

Any thinking computer professional will see that Microsoft's Longhorn Operating System has had 0 malicious security breaches over the past year. It is obscene to think that anyone with half a mind would not switch to such a secure platform. Our masterfully elaborate computer models lead us to undoubtably confirm that Microsoft's Longhorn Operating System will be the most secure Operating System until it is released, sometime in the later part of the great year 2015. At that time we believe it will experience a downward trend and will be replaced by BSD as the most securest of all Operatinginus Systamicuses around. This indisputable change will be due in large part to the unquestionable and horrifying death of the BSD platform. Indubitably.

Re:Microsoft Longhorn Declared Saftest OS Ever (1)

slinky259 (827395) | more than 9 years ago | (#10701804)

What about Tiger? As far as I know, no virii for 10.4 either.

hahaha (0)

Anonymous Coward | more than 9 years ago | (#10701755)


slashdot linked up Mi2g , where is the [its funny laugh] tag

a simple google search will tell you all about them and their scams [google.com] , you seriously have to be a sucker if you believe anything they put out, wannabes would be a complement

more proof that slashdot run by clueless n00bs

Both ways (2, Interesting)

ceswiedler (165311) | more than 9 years ago | (#10701764)

You can't really compare automatic spreading of worms with manual hacking attempts. However, you can compare percentage of manual attacks with percentage of worms written. For example, if we say that "67% of attacks are on Linux servers because most servers are Linux servers", it's valid to say that "95% of worms are written for Windows because 95% of desktops run Windows".

I'm not arguing that a hacking attempt is as bad as a worm. The article does state that the economic impact of worms is much greater. However, worms are written because of known vulnerabilities in systems, which is the same reason for manual security intrusions.

Saw Saw (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10701785)

I saw Saw this weekend and thought that a better movie would have been to lock BSD and Gentoo in a room and see which one dies first. Now that's sadistic.

The price of justification (0)

Anonymous Coward | more than 9 years ago | (#10701818)

I see many people here try to justify the answers one way or another: less Macs, more Linux servers, more Windows viruses, etc. The thing is, problems won't go away by justifying them. If you really are concerned with quality and the improvement of software in general, instead of pointing to the loser and saying "yeah well, we're better than them, nyah nyah," point to the winner and say "what are they doing better than us, and how can we be as good or better than them?"

FOR THE LOVE OF GOD! (0)

Anonymous Coward | more than 9 years ago | (#10701852)

Please stop with this Mac OSX and Apple fanatism. This is the 1 billionth news regarding Apple and Mac OSX this week! It is just an operating system for God's sake. Why are you people so obssesed with your OS, computer, CPU, ..etc!!!

Sources? (3, Interesting)

truthsearch (249536) | more than 9 years ago | (#10701878)

I can't find the source of the reported breaches. How did they determine which breaches to investigate? Were they only breaches reported to them? I can state for a fact that many companies do not report breach attempts to anyone. So this investigation probably isn't of a very accurate sample pool.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>