Christian wrote:
Amen to that too.You know, I've always stayed out of these stupid OT OS bashing threads since I joined this list 4 years ago. For some dumb reason I feel like getting involved.
Antonio, what's the alternative? Unix? I've been a Unix (Solaris/Linux) sys-admin for 6 years. Have I spent hours of aggravation patching common OS-related security problems? You bet. Did I shake my head in disbelief when OpenSSL and SSH were exploited last fall? SSL and SSH for crap sake. Is Sendmail "secure"? not without having educated people running it. Out of the box, Linux and Solaris have so much crap running (like Windows) that unless you are smart and turn off unused services, you are going to get compromised. Granted, Unices are less likely to be compromised by "standard" e-mail worms that are targeted at Outlook/Outlook Express.
Mac? I have 0 experience with Macs. The newer OS X is based on Berkley Unix and will suffer from common Unix problems (see above).
Is Windows "substandard"? Ask the people that run it in an enterprise environment.
I said education goes a long way to prevent problems. Case in point: My last company ran Windows 2000 desktops with MS Office including Outlook as the only office suite/e-mail app. MS Exchange was our mail server with Postfix running our relay on Solaris and Linux (we had two relays for redundancy). There were about 30 employees that were educated by our company in best practices for use of their computers. We had no (0, ZERO) compromises from e-mail or other viruses in the 3 years I worked there. On top of that, we were a managed services (hosting) company with several hundred servers running W2K, Solaris and Linux hosted in a data center built on a security foundation. We built all of our systems using best practices for security. Not once, never, 0, not ever, was one of our customers compromised. Current employer has 500 people working here and lets the employees do whatever they want. We get viruses all over the place. Yeah, education and knowing the products you use can prevent problems.
To close, I'd like to let you in on a little secret I've learned in my 6 years of Unix and Windows administration:
ALL OPERATING SYSTEMS SUCK
Christian
I usually just say, an operating system is as secure as the user makes it.
You need a be educated to drive a car, about certain security matters, nobody complains about that.
But when someone says that you should have some skills in securing a operating system they say that it's not their problem.
Blame the OS.
Ofcourse, it's nothing but stupidness (IMO) to make an OS that is targeted for a Workstation enviroment and then make it run a crapload of services in the background as default.
If say Linux or Solaris does that, it's not that bad since you need some general computer knowhow even to install the OS. And then, it's usually not used on the desktop.
If you ask me as to why Windows is more targeted than other operating systems, I would say it's because they are an easy target.
Windows dominates the workstation market, hence there are billions of computer running 24/7 in offices with a no-clue-person behind the keyboard.
Windows is far from perfect, but you can't just blame everything on the product. It has holes, but hell, so does almost every OS out there.
If OS X runs OpenSSH and they find an exploit for it, OS X will have the hole too. But Apple realized that this OS will not be used on the server market as much, and doesn't run a lot of services in the background. That's where the two differ.
/Henri
