Subscribe

Apple OS X Server is most secure system

Surprise over Linux vulnerabilities, Windows improves

Johannesburg, 09 Mar 2004

An independent study by British cyber security firm, mi2g, has found Apple`s OS X Server and the Berkely Software Distribution (BSD) open source systems on which it is based, to be the most secure online server operating systems in the world, according to a recent report published at www.maccentral.com.

In what may come as a surprise to many, the study also found that open source operating system, Linux, is now the "most-breached" server operating system and that Microsoft`s server solution had improved substantially.

The study, which was conducted by mi2g`s Intelligence Unit, was based on the number of successful attacks against UK government and private server systems in January this year. Together, OS X Server and BSD represented only 3%, Windows 12%, while Linux was most prone to attack at 80%.

Looking at government security breaches in isolation, it was found that no Apple OS X or BSD-based systems were compromised, 35% of breaches were attributed to Windows and 57% to Linux. Only six months ago, mi2g found that Windows suffered from 51% of security breaches, while Linux was far less at 14%.

This year`s study contrasts with a similar report released by the same security firm in October 2002. The 2002 report, which included vulnerabilities associated with worms and viruses, also identified Apple`s OS X operating system as being among the most secure in the world. This older study identified the number of software vulnerabilities discovered during the first 10 months of 2002. Of the 1 162 vulnerabilities which were identified, Microsoft stood out with over 500 while Linux was seen as more secure with 200. Fewer than 25 were attributed to Apple.

In the most recent report, MacCentral quotes mi2g`s DK Matai as saying that "the swift adoption of Linux last year within the online government and non-government server community, coupled with inadequate training and knowledge of how to keep that environment secure when running vulnerable third-party applications, has contributed to a consistently higher proportion of compromised Linux servers".

Continuing, Matai said: "Migration to open source can be fool`s gold without adequate training and understanding of the impact that third-party applications can have on overall safety and security. Windows administrators deserve some credit for having consistently reduced the proportion of successful hacker attacks, but the real credit has to go to the developers and administrators of BSD and Mac OS X for maintaining such an excellent track record."

"While it`s great to see that Apple`s OS X is in the spotlight for its inherent stability and security once again, the report is not clear in establishing exactly how their statistics have been presented," says the Core Group`s Greg Hill.

"Reading the MacCentral report, one assumes, but it is not stipulated, that the results of the study are proportional to the number of servers which are running the various operating systems. That said, it`s not the first time that independent security professionals have identified OS X Server, which is shipped as standard on all our 64-bit Xserve units, as the most secure and stable system available," he says. "Interest from system administrators is steadily increasing in our server products, but it`s not just stability and security which is driving acquisition," he says.

"Matai`s comments hint at the importance of ease-of-use and default security settings. Out the box, an Xserve unit already has advanced security settings as a default. Perhaps more importantly, it`s easy to increase security levels on a single Xserve unit or a whole cluster - you don`t necessarily need to be a Unix fundi to run a more secure environment," says Hill.

"In theory, Linux should also gain solid and secure benefits offered by Unix. However, Matai`s comments indicate that either the default security settings offered by various compilations of Linux are inadequate or that additional security measures are not easily configurable. It could be a combination of both," he says.

"It`s just too easy to blame the user - and in this case the user is a system administrator. With all their time taken up by `soft` support, it`s small wonder that most system administrators lack sufficient training in securing complicated systems. They simply don`t have the many hours needed to fiddle around researching and configuring mission critical systems," says Hill. "Furthermore, guess whose job is on the line if they make a mistake while trying to run some complicated patch or altering an advanced security setting and bring down the whole company network?"

"With Xserve, single click security and version updates are offered as standard - so system administrators can get on with what they really need to do, not spend sleepless nights wondering whether their servers and jobs, are secure," Hill concludes.

Share

Editorial contacts

Alistair Cotton
Global Latitude
(011) 326 4264