Author Topic: Most secure operating system?  (Read 12460 times)

0 Members and 1 Guest are viewing this topic.

Online coppercone2Topic starter

  • Super Contributor
  • ***
  • Posts: 9246
  • Country: us
  • $
Most secure operating system?
« on: May 30, 2019, 10:31:41 pm »
I think this thread might fill itself. I am out dated at the moment with thoughts of OpenBSD
 

Online David Hess

  • Super Contributor
  • ***
  • Posts: 16548
  • Country: us
  • DavidH
Re: Most secure operating system?
« Reply #1 on: May 31, 2019, 02:51:50 pm »
OpenBSD is at the top of the list.  Next might be FreeBSD and then Linux.  There are specialized distributions of all of them for maximum security.

Forget anything which is closed source.
 
The following users thanked this post: Karel

Offline techman-001

  • Frequent Contributor
  • **
  • !
  • Posts: 748
  • Country: au
  • Electronics technician for the last 50 years
    • Mecrisp Stellaris Unofficial UserDoc
Re: Most secure operating system?
« Reply #2 on: June 01, 2019, 03:14:17 am »
OpenBSD is at the top of the list.  Next might be FreeBSD and then Linux.  There are specialized distributions of all of them for maximum security.

Forget anything which is closed source.

Agreed. I'm a FreeBSD user myself however I admire OpenBSD a lot, it's clean, functional, expertly designed with a focus on security and very easy to use. Sadly I'd miss ZFS and some other FreeBSD features too much if I switched.
 

Online wilfred

  • Super Contributor
  • ***
  • Posts: 1248
  • Country: au
Re: Most secure operating system?
« Reply #3 on: June 01, 2019, 03:21:11 am »
Forget anything which is closed source.

Why?

Z/OS on a Z-series server hardware has much to offer in the way of security. It's not open source by any means. Being closed or open isn't a reliable guide to security.
 
The following users thanked this post: newbrain

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Most secure operating system?
« Reply #4 on: June 01, 2019, 04:07:04 am »
It's a bit like asking "What's the best car?". The answer is, it depends.

Windows is quite often said to be "insecure" or "less secure than Unix/Linux/BSD" but nothing could be further from the truth. It all depends on how it's configured and deployed. The same applies to every operating system. Using Windows as an example, it's still used in Government organisations up to and including "Top Secret" classification.

Just about every operating system can be made to be insecure or vulnerable. It will also depend on the application; the more services you install and run, the more chances of an increased security risk. Then there is security of the hardware itself, for example: Who has access to the physical ports on the device?

There is no magic pill when it comes to cyber security. It's a multi-layered approach. I've spent many years studying and working in this industry and even my knowledge only scratches the surface.
 
The following users thanked this post: Electro Detective, Chris_Walch, kf4hzu

Online David Hess

  • Super Contributor
  • ***
  • Posts: 16548
  • Country: us
  • DavidH
Re: Most secure operating system?
« Reply #5 on: June 01, 2019, 04:07:16 am »
Forget anything which is closed source.

Why?

Z/OS on a Z-series server hardware has much to offer in the way of security. It's not open source by any means. Being closed or open isn't a reliable guide to security.

Forget anything closed source because there is no possibility of verifying it or patching it and knowing it was verified or patched.  (1)

That does not help with binary blobs and compromised hardware but it is a start.

Do you believe all of these various exploits in closed source products are accidents? I do not.  And even if they are, you still have organizations like the NSA compromising things and then preventing patches so they can take advantage of the security exploits and then allowing these exploits into the wild as Baltimore has found out.

(1) You must also be able to compile it yourself which is not difficult with BSD or Linux.
 
The following users thanked this post: Doctorandus_P, Electro Detective

Offline hamster_nz

  • Super Contributor
  • ***
  • Posts: 2803
  • Country: nz
Re: Most secure operating system?
« Reply #6 on: June 01, 2019, 04:19:59 am »
Are you also prepared to forget superscalar CPUs and turn of hyperthreading due to cache timing attacks, and stop processes from rowhammering memory?
Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.
 

Online David Hess

  • Super Contributor
  • ***
  • Posts: 16548
  • Country: us
  • DavidH
Re: Most secure operating system?
« Reply #7 on: June 01, 2019, 04:26:18 am »
Are you also prepared to forget superscalar CPUs and turn of hyperthreading due to cache timing attacks, and stop processes from rowhammering memory?

Some things we have little control over.

I already end up disabling hyperthreading on Intel CPUs because of poor reliability.  That took weeks to track down.

I built my systems with ECC and used higher than necessary refresh and scrub rates even before rowhammer was reported.
 

Offline techman-001

  • Frequent Contributor
  • **
  • !
  • Posts: 748
  • Country: au
  • Electronics technician for the last 50 years
    • Mecrisp Stellaris Unofficial UserDoc
Re: Most secure operating system?
« Reply #8 on: June 01, 2019, 05:31:39 am »
Quote
It's a bit like asking "What's the best car?". The answer is, it depends.
I think that's a very poor example. The OP asked "Most secure operating system?" not "Best operating system" so if we asked "Whats the safest car" instead, we could use crash tests as a guide instead of personal opinion.

Code: [Select]
Windows is quite often said to be "insecure" or "less secure than Unix/Linux/BSD" but nothing could be further from the truth. The only thing furthermost from the truth is your assertion above. It's well known that a new Windows XP install only took on average 10 minutes before it was 'owned' by crackers after being connected to the internet.

Quote
It all depends on how it's configured and deployed.
That applies to everything. For instance I hear the most secure operating system in existence is a Windows 10 PC, unpowered, no internet connection and sealed in concrete 100 feet below the surface.

Most Windows installs are not so secure however, most are used by Ma and Pa Sixpack and have never been properly administered because they are users only with zero skill apart from browsing and email.

Quote
The same applies to every operating system. Using Windows as an example, it's still used in Government organisations up to and including "Top Secret" classification.
So what ? Australia is well known to be a "Microsoft Shop", the govt gave us the NBN, Tony Abbot and Windows everywhere in government. The Aust government was so besotted by Bill Gates that they actually recalled parliament once so they could hear him speak.

Quote
Just about every operating system can be made to be insecure or vulnerable. It will also depend on the application; the more services you install and run, the more chances of an increased security risk. Then there is security of the hardware itself, for example: Who has access to the physical ports on the device?

You're talking standard security practices which apply to all OS's and adds nothing here.

Quote
There is no magic pill when it comes to cyber security. It's a multi-layered approach.

No but one can get off to a good start with a OS *engineered* for security, versus a white goods OS for the masses such as Windows.

Quote
I've spent many years studying and working in this industry and even my knowledge only scratches the surface.
Security is a part of every Unix admins study and daily practice. As we Unix users say "security is a process, not a product".
 
The following users thanked this post: GregDunn

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Most secure operating system?
« Reply #9 on: June 01, 2019, 06:01:41 am »
I'm not sure what taking my post completely out of context achieved but that's fine. I was summarising and not writing an essay on the security of multiple operating systems.
I spent decades securing Windows. Believe it or not, there are people out there that can do that (which doesn't involve a lack of connectivity and being buried in concrete).

Also, for full disclosure, I run Fedora as my full-time operating system on multiple machines and servers at home, just before I'm accused of being a Windows fan boy. I was merely citing one example out of many. ;-)
 
The following users thanked this post: Electro Detective

Offline MyEEVBlogAccount

  • Contributor
  • Posts: 11
  • Country: us
Re: Most secure operating system?
« Reply #10 on: June 04, 2019, 05:04:29 am »
I find these responses interesting.  The question is what the most secure operating system is.  To me, the answer to that would be the operating system that goes without incident for the longest period of time with an average person doing average things.  Sure, a computer you never turn on is the most secure but then it isn't really a computer at that point.  And yes, Unix and Linux tend to have better track records in general, but they usually have trained people setting them up and knowing how to lock them down.  Plus, the threat model of a server is much different than the one for a desktop.  In addition, Grandma's threat model is much different than that of a corporate drone.  If you don't keep all the variables in mind, then you aren't really comparing the same things.  It is like asking what car is safer, but then using SUV front-crash results vs. sub-compact car side-impact results.

For example, someone brought up the story (which went viral 14.5 years ago) about how Windows XP took an average of 20 minutes to be exploited after being put on the Internet.  However, that was a fresh-install machine connected directly to the Internet (no router, NAT, or firewall), without a host-based firewall enabled, and everything at default settings, including wide-open and world-accessible SMB ports.  It was probably even worse with Grandma behind the mouse clicking whatever tickled her fancy.  That is nowhere close to comparable to a professionally-administered machine behind the layers of corporate security and "sufficiently" secured (for various definitions of sufficient) before being allowed through the firewall.  Until you take those things into account, you aren't really comparing operating systems, you are instead comparing the technical prowess of their users.
« Last Edit: June 04, 2019, 05:07:20 am by MyEEVBlogAccount »
 

Online David Hess

  • Super Contributor
  • ***
  • Posts: 16548
  • Country: us
  • DavidH
Re: Most secure operating system?
« Reply #11 on: June 04, 2019, 02:48:25 pm »
If I include reliability then Windows of any version is not even close.  My Windows 10 system regularly "fails" with updates.  My main XP system can run about 2 weeks before resource leaks require a reboot.  My backup XP system can go at least a month.  My FreeBSD box lasts until power is lost unlike my cable modem.
 

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 725
  • Country: us
Re: Most secure operating system?
« Reply #12 on: June 04, 2019, 03:15:18 pm »
I find these responses interesting.  The question is what the most secure operating system is.  To me, the answer to that would be the operating system that goes without incident for the longest period of time with an average person doing average things.  Sure, a computer you never turn on is the most secure but then it isn't really a computer at that point.  And yes, Unix and Linux tend to have better track records in general, but they usually have trained people setting them up and knowing how to lock them down.  Plus, the threat model of a server is much different than the one for a desktop.  In addition, Grandma's threat model is much different than that of a corporate drone.  If you don't keep all the variables in mind, then you aren't really comparing the same things.  It is like asking what car is safer, but then using SUV front-crash results vs. sub-compact car side-impact results.

I think the point is that most default installations of *nix-based systems minimize permissions/security issues and need to be "opened up" for many applications, whereas default installations of (say) Windows are by default very iffy and exploit-prone.  It's pretty hard to make a modern *nix susceptible to hacking without knowing a little about the structure and configuration of the OS.  I have set up countless different computers, and with similar firewall protection, the difference between number of *nix / Mac and Windows systems incidents is pretty sizeable unless you install a constantly updated spyware/virus suite.
 

Offline ruffy91

  • Regular Contributor
  • *
  • Posts: 240
  • Country: ch
Re: Most secure operating system?
« Reply #13 on: June 04, 2019, 04:02:26 pm »
I use HardenedBSD for systems where I need low attack surface and high attack resilience.

Gesendet von meinem MI 9 mit Tapatalk

 

Online mleyden

  • Contributor
  • Posts: 20
  • Country: ie
Re: Most secure operating system?
« Reply #14 on: June 04, 2019, 04:20:42 pm »
I think you might find QubeOS interesting...
 

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: Most secure operating system?
« Reply #15 on: June 04, 2019, 05:12:01 pm »
For a long time Microsoft even had it as their official policy to not have any security features on by default (like a firewall, multiple users, password login) because they said their studies showed that end users found it annoying.

Quote
Jeff Jones, Microsoft's senior director for "trustworthy computing," said the company was heeding user requests when XP was designed: "What customers were demanding was network compatibility, application compatibility."
https://www.washingtonpost.com/archive/business/2003/08/24/microsoft-windows-insecure-by-design/57eeb240-bc22-4c89-b195-0946d8a27281/?utm_term=.e0ace1eed7f4
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6173
  • Country: fi
    • My home page and email address
Re: Most secure operating system?
« Reply #16 on: June 04, 2019, 09:53:23 pm »
Most secure from what?  Remote access attacks?  Nefarious local users?  Unprivileged hardware access?  Breaking out of user restrictions?  Bugs?  Data collection by organisations that sell your information?  Data collection by government(s)?  Data collection in general?

If you know what the machine is used for, you can always harden it; how much, varies from OS to OS.  On some, you need additional proprietary/commercial software.  On some, the needed tools are baked-in to the OS.  In my opinion, OpenBSD has the most emphasis on security of the open-source operating systems.

I don't know about Windows or Mac OS, because I don't use either, and have no idea on their developers' emphasis.  As I've used and hardened Linux systems for over two decades, I find that one easy to secure (to my own definition of "secure").  :-//
 
The following users thanked this post: newbrain, Electro Detective, 0culus

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Most secure operating system?
« Reply #17 on: June 04, 2019, 11:39:21 pm »
... Windows 10 system regularly "fails" ...

There's your first problem... Windows 10 ;-)
 
The following users thanked this post: Electro Detective

Offline techman-001

  • Frequent Contributor
  • **
  • !
  • Posts: 748
  • Country: au
  • Electronics technician for the last 50 years
    • Mecrisp Stellaris Unofficial UserDoc
Re: Most secure operating system?
« Reply #18 on: June 05, 2019, 04:31:07 am »
For a long time Microsoft even had it as their official policy to not have any security features on by default (like a firewall, multiple users, password login) because they said their studies showed that end users found it annoying.

Quote
Jeff Jones, Microsoft's senior director for "trustworthy computing," said the company was heeding user requests when XP was designed: "What customers were demanding was network compatibility, application compatibility."
https://www.washingtonpost.com/archive/business/2003/08/24/microsoft-windows-insecure-by-design/57eeb240-bc22-4c89-b195-0946d8a27281/?utm_term=.e0ace1eed7f4

Exactly right. Microsoft Windows is "White Goods" for the masses, 'ease of use' trumped security every time with Windows because this is a COMMERCIAL OS, it only exists for ONE REASON ... $$$$. Windows users who thought they were smart would use 'password' as the password, others used their name. What scant security Windows actually was capable off was soon nullified by its users.

Ease of use V/S security is always the compromise.
 

Offline 0culus

  • Super Contributor
  • ***
  • Posts: 3032
  • Country: us
  • Electronics, RF, and TEA Hobbyist
Re: Most secure operating system?
« Reply #19 on: June 23, 2019, 03:55:30 pm »
Most secure from what?  *snip*

Ding ding ding, we have a winner. You can't say anything meaningful about security until you state precisely what you are defending against. Until you do that, you're just tossing shit against a wall and seeing what sticks.
 
The following users thanked this post: Electro Detective

Offline bsdphk

  • Regular Contributor
  • *
  • Posts: 198
  • Country: dk
Re: Most secure operating system?
« Reply #20 on: June 23, 2019, 04:31:42 pm »
The only correct answer is: The operating system you know well enough to secure and monitor properly.

In competent hands, most operating systems[1] can be made secure.

In incompetent hands, *any* and *all* operating system will become insecure.

In theory, Open Source is better than Closed Source, but in practice only if somebody actually reads the source code.

Finally you also have to consider "secure against what and whom?"

No operating system is secure against state level actors like NSA[2].

So pick an OS that does what you need it to do[3].

Spend the time (years!) it takes to learn that none of it is "black magic".

Only if you are willing to do that, then your OS will be as secure as you can hope for.

/sign Your Friendly Kernel Hacker[4]

[1] The exceptions are "walled gardens" like OS/X and Android, and old insecure-by-design OS's like Win95...XP.

[2] See also:

[3] As part of that selection, you will also want to look at the organization and people behind the OS, because you are going to live with them and their antics.

[4] Yes, I wrote a lot of FreeBSD, but that doesn't mean it is right for you.
 
The following users thanked this post: JJalling, orin, Electro Detective, kf4hzu

Offline LiftedTrace

  • Regular Contributor
  • *
  • Posts: 91
  • Country: us
Re: Most secure operating system?
« Reply #21 on: January 04, 2020, 07:29:56 pm »
Remember the movie "war games". How easy things were to hack back in the day before security started to get implemented?
Well its now 2020.....who possibly remembers all them exploits from back in the day?
Its because of this I say the most secure operating system are the old ones  :-DD.
 

Offline firewalker

  • Super Contributor
  • ***
  • Posts: 2450
  • Country: gr
Re: Most secure operating system?
« Reply #22 on: January 04, 2020, 07:44:51 pm »
Define secure OS. Secure against what?

Alexander.
Become a realist, stay a dreamer.

 
The following users thanked this post: Electro Detective

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14309
  • Country: fr
Re: Most secure operating system?
« Reply #23 on: February 23, 2020, 01:30:01 am »
For a long time Microsoft even had it as their official policy to not have any security features on by default (like a firewall, multiple users, password login) because they said their studies showed that end users found it annoying.

Yep. I remember when they finally enforced UAC in Windows Vista. Many, if not most users found that infuriatingly annoying at the time. It took a lot of time and a lot of pedagogy so that people would eventually get used to it - let alone see the benefits.

 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14309
  • Country: fr
Re: Most secure operating system?
« Reply #24 on: February 23, 2020, 01:35:30 am »
Define secure OS. Secure against what?

Yep. Obviously heavily depends on use cases.

An OS for desktop use? For server use? In what kind of hands? Etc.

These days, for desktop/workstation use, you'll still have far less potential security issues using a Linux distribution than using Windows or MacOS. OTOH, a number of things other than security can be annoying for the average user.

For servers directly exposed to outside connections, it's more involved.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf