Does Security Matter?

Article:		Why Install Linux on Your Mac?
Subject:		Does Security Matter?
Date:		2004-12-02 09:16:46
From:		Nirsus

Back on Nov 1st. http://www.mi2g.com/ published a report that linux was the most insecure OS and Mac OS X and BSD Unix the most secure. So maybe there is something else to consider when putting linux on your computer?

Showing messages 1 through 3 of 3.

Does Security Matter?
2004-12-02 12:29:51 revdiablo [Reply | View]
I do not know the details of the report you cited, but I have a gut feeling it would probably turn out to be sketchy. I would hesitate to cite any report that states "X is the most Y, QED." That is just not useful. There are so many variables involved, it's nearly impossible to make this determination with any amount of certainty. Anyone that claims to is usually displaying either ignorance, or deceptiveness.

Now, on the issue of security. I have seen these type of reports before. Often, they simply count the number of vulnerabilities reported for each product, and compare the raw numbers. This is an invalid comparison for a number of reasons:
- Some products have more features than others. A standard Linux distro will come with many, many, many more applications than most commercial operating systems. More code means more bugs, means more security problems. That is an undeniable fact, and causes products with more features to have higher bug counts.
- Some security problems are more severe than others. A security bug that compromises one user's files is a big problem, but a security bug that compromises the entire system is something altogether different. Simply counting problems does not take this into account.
- Some products are not as homogeneous as others. A bug in Red Hat Linux may not also be a bug in Debian Linux, but a bug in Windows 2000 is very often also a bug in Windows XP. This problem is compounded by the fact that when there are common problems, they are often reported for more than one Linux distro. Grouping all bugs for any Linux distro into one count does not reflect much about the true security of a specific Linux install.
Now, let's say the report you cited doesn't suffer from these problems. There is still a lot of room for questions. What was done to secure the systems in question? What can be done to secure the systems in question? How competent were the administrators? How competent do the administrators have to be? What is better, a system that is less secure by default and can be made more secure, or a system that is more secure by default and can be made less secure? A simple "Mac OS X is more secure than Linux" does not adequately answer these questions.

So, to cap off a long winded reply, and answer the question you asked, yes. Security does matter. But I am not so sure the issue has been adequately discussed and answered by your post.

Does Security Matter?
2004-12-02 12:57:53 williamverna [Reply | View]

I read this article by the United Kingdom mi2g Intelligence Unit that reveals after a 12 months study the world's safest and most secure 24/7 online computing environment... BSD (Berkley Software Distribution) and the Mac OS X.

"... most breached Operating System for online systems has now become Windows (57.74%) followed by Linux (31.76%)... BSD and Mac OS X together (1.74%)."

http://www.mi2g.com/cgi/mi2g/press/021104.php

Alarming to say the least. No OS is 100% secure, but some are better then others. This is what Mac addicts have then saying for years.

Does Security Matter?
2004-12-02 13:36:29 CrimsonScythe [Reply | View]

"Intelligence Unit" mi2g? Their studies are more like wild guesses, lies and hyping. For more on mi2g:

http://www.attrition.org/errata/charlatan/mi2g-history.html
http://story.news.yahoo.com/news?tmpl=story2&u=/cmp/20041106/tc_cmp/52200183
http://vmyths.com/resource.cfm?id=64&page=1
http://www.theregister.co.uk/2002/11/21/why_is_mi2g_so_unpopular/

Don't believe everything that self-proclaimed experts say, unless they can actually back up their claims. BTW, I use and love both OS X and Linux.