Operating Systems Security

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
(The Most Secure)
 
(31 intermediate revisions not shown)
Line 1: Line 1:
-
The security of operating systems has always been a concern for users, and especially so with the invention of the Internet.  Operating system developers are constantly creating new ways to protect computers from hackers.  The three most common operating systems are Linux, Mac OS and Windows.  They each have a different set of security features. So the question is, which is the most secure?
+
The security of operating systems has always been a concern for users, and especially so with the invention of the Internet.  Operating system developers are constantly creating new ways to protect computers from hackers.  The three most common operating systems are Linux, Mac OS and Windows, each having a different set of security features. Determining which of these operating systems is the most secure from hackers is not easy as there are many factors that must be taken into consideration. 
==Hacking==
==Hacking==
-
Hacking is the act of manipulating computers to get them to do exactly what you want.  A hacker is the person who does the hacking.  A hacker is generally defined as someone who is very good with computers and programming.  However, in popular culture, a hacker is someone who attempts to break into computer systems.  For the purposes of this article, the latter definition will be used.   
+
Hacking is the act of manipulating computers to get them to do exactly what you want.  A hacker is the person who does the hacking.  A hacker is generally defined as someone who is very good with computers and programming.  However, in popular culture, a hacker is considered someone who attempts to break into computer systems (Scambray et al 2001).   
-
Hacking is done for many reasons, including anything from theft and denial of service to someone hacking because they have a psychological need to do it.  It is therefore vital for an operating system to be as secure as possible to protect against them.   
+
Hacking is done for many reasons, including anything from theft and denial of service to someone hacking because they have a psychological need to do it (Scambray et al 2001).  It is therefore vital for an operating system to be as secure as possible to protect against them.   
===Techniques===
===Techniques===
-
There are many ways a hacker can attack a system.  Some of these include exploits, which take advantage of faulty operating systems coding, or Trojan horses, which are programs that seem to provide one function but actually do something completely different.  To get a better understanding of hacking, visit the hacking wiki at Wikipedia.
+
There are many ways a hacker can attack a system.  Some of these include exploits, which take advantage of faulty operating systems coding, or Trojan horses, which are programs that seem to provide one function but actually do something completely different.  To get a better understanding of hacking, visit the [http://en.wikipedia.org/wiki/Hacker_%28computer_security%29 hacking wiki] at Wikipedia.
 +
 
==Common Operating Systems==
==Common Operating Systems==
===Windows===
===Windows===
[[Image:Vista-first-startup.jpg|right|150px|Example of Windows GUI]]
[[Image:Vista-first-startup.jpg|right|150px|Example of Windows GUI]]
-
There are two releases currently in use today.  Windows XP, released in 2001, is currently on 79.07% of all personal computers in the world.  Windows Vista, released in 2006-2007, has a market share of 7.97%.  Windows provides a fairly straightforward system that is useful to a beginner and a more advanced user.  It is a closed source operating system, so only the developers have access to the source code of Windows.   
+
There are two releases currently in use today.  Windows XP, released in 2001, is currently on 79.07% of all personal computers in the world [http://en.wikipedia.org/wiki/Microsoft_Windows 1].  Windows Vista, released in 2006-2007, has a market share of 7.97%.  Windows provides a fairly straightforward system that is useful to a beginner and a more advanced user.  It is a closed source operating system, so only the developers have access to the source code of Windows.   
===Mac OS===
===Mac OS===
[[Image:Shot_mac_cxsetup_(720_x_450).jpg|Example of Mac OS X GUI|right|150px]]
[[Image:Shot_mac_cxsetup_(720_x_450).jpg|Example of Mac OS X GUI|right|150px]]
-
The most recent release is the Mac OS X.  It is very different from the original Mac OS, having an improved GUI and many more features.  Its market share is estimated to be from 6% to 13% in the personal computing market.  It is also meant to be easy to use and also have advanced features. It is a mainly closed source operating system but some major components are open source.   
+
The most recent release is the Mac OS X.  It is very different from the original Mac OS, having an improved GUI and many more features.  Its market share is estimated to be from 6% to 13% in the personal computing market[[http://arstechnica.com/news.ars/post/20070903-linux-marketshare-set-to-surpass-windows-98.html 2]].  It is also meant to be easy to use and also have advanced features. It is a mainly closed source operating system but some major components are open source.   
===Linux===
===Linux===
-
[[Image:linux.jpg|150px|right|Example of Linux GUI]]
+
[[Image:MandrivaLinux 1 (512 x 384).jpg|150px|right|Example of Linux GUI]]
-
Linux, in general, is a more advanced operating system.  Although it often has a point-and-click interface, some things must be done via a command line, making it slightly harder to use.  For this  and several other reasons, this operating system is better suited for someone more knowledgeable in computers.  It is a completely open-source operating system, meaning anyone can view the source code.  It also has many different distributions.  Each distribution focuses on different features such as speed, ease-of-use or security.  The Linux market share is approximately 1%.
+
Linux, in general, is a more advanced operating system.  Although it often has a point-and-click interface, some things must be done via a command line, making it slightly harder to use.  For this  and several other reasons, this operating system is better suited for someone more knowledgeable in computers.  It is a completely open-source operating system, meaning anyone can view the source code[[http://en.wikipedia.org/wiki/Linux 3]].  It also has many different distributions.  Each distribution focuses on different features such as speed, ease-of-use or security.  The Linux market share is approximately 1% [[http://arstechnica.com/news.ars/post/20070903-linux-marketshare-set-to-surpass-windows-98.html 2]].
 +
 
==Windows Security Features==
==Windows Security Features==
Vista, will be the focus here since it is the newest.  Some of the more major security features include the following:
Vista, will be the focus here since it is the newest.  Some of the more major security features include the following:
-
===User Account Control===
+
*User Account Control[[http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista#User_Account_Control 4]]
[[Image:180px-User_Account_Control_administrator_dialog.png|frame|An example of  User Account Control‎]]
[[Image:180px-User_Account_Control_administrator_dialog.png|frame|An example of  User Account Control‎]]
Each time the something occurs that may affect the systems security, a prompt will appear that asks whether or not it should be allowed.   
Each time the something occurs that may affect the systems security, a prompt will appear that asks whether or not it should be allowed.   
-
===Address Space Randomization===
+
*Address Space Randomization[[http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista#Preventing_exploits 5]]
Many hacker exploits involve overflows into other portions of system memory in order to manipulate certain pieces of code.  Vista has randomized memory in order to prevent this.  By having memory more scattered, overflows often will not modify the correct address in memory, thereby preventing an exploit.  
Many hacker exploits involve overflows into other portions of system memory in order to manipulate certain pieces of code.  Vista has randomized memory in order to prevent this.  By having memory more scattered, overflows often will not modify the correct address in memory, thereby preventing an exploit.  
-
===Integrity-Level Access===
+
*Integrity-Level Access[[http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista#Application_isolation 6]]
Everything that is running in Vista is given a certain trust level.  For example, something with lower trust cannot modify something with a higher trust level, but something with higher trust may be able to modify something with a lower trust level.  
Everything that is running in Vista is given a certain trust level.  For example, something with lower trust cannot modify something with a higher trust level, but something with higher trust may be able to modify something with a lower trust level.  
-
===Improved Firewall and Address Stack===
+
*Improved Firewall and Address Stack [[http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista#Windows_Firewall 7]]
-
Some updates and improvements from the XP firewall and network security.
+
Some updates and improvements from the XP firewall and network security.
 +
 
==Mac OS X Security Features==
==Mac OS X Security Features==
Mac OS X Leopard is the most recent release of Mac OS X.  Some of its major features are:
Mac OS X Leopard is the most recent release of Mac OS X.  Some of its major features are:
-
===Open Source===
+
*Open and Closed Source[[http://www.apple.com/macosx/features/300.html 8]]
-
Since a portion of the operating system is open source, faults in the code can be found by anyone. This means patches can be found much faster than if the developers were the only ones allowed to view the source code.   
+
Since a portion of the operating system is open source, faults in some of the code can be found by anyone. However, most of it is closed source.  This mix of open and closed source aids in security as you get obscurity as well as some freely available code.   
-
===Sandboxing===
+
*Sandboxing[[http://www.apple.com/macosx/features/300.html 8]]
Gives programs as few resources as possible so as to prevent the program from gaining access to vital areas of the system.   
Gives programs as few resources as possible so as to prevent the program from gaining access to vital areas of the system.   
-
===File Tagging and Signed Applications===
+
*File Tagging and Signed Applications [[http://www.apple.com/macosx/features/300.html 8]]
If a program has not been run before, it is tagged.  The first time it is opened, the user is asked if the file is OK to be run.  Signed applications are ones that have a digital signature.  These help identify the integrity and trustworthiness of the program.   
If a program has not been run before, it is tagged.  The first time it is opened, the user is asked if the file is OK to be run.  Signed applications are ones that have a digital signature.  These help identify the integrity and trustworthiness of the program.   
-
===Library Randomization===
+
*Library Randomization [[http://www.apple.com/macosx/features/300.html 8]]
-
Same idea as the Windows address space randomization, this helps protect against exploits.
+
Same idea as the Windows address space randomization, this helps protect against exploits.
 +
 
==Linux Security Features==
==Linux Security Features==
The number of Linux security features differs with each distribution. Some of the most notable general features are:
The number of Linux security features differs with each distribution. Some of the most notable general features are:
-
===SELinux===
+
*SELinux[[http://searchenterpriselinux.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid39_gci1133408,00.html 9]]
Provides mandatory access control and integrity checking of programs and processes.   
Provides mandatory access control and integrity checking of programs and processes.   
-
===Open Source===
+
*Open Source[[http://en.wikipedia.org/wiki/Linux]]
-
Being open source gives Linux a major advantage security-wise.  Instead of just developers fixing bugs, all users are capable of this.  Studies have shown that many more bugs are found and fixed in open source software than in closed source software.
+
Some believe that being open source gives Linux a major advantage security-wise.  Instead of just developers fixing bugs, all users are capable of this.  Although this may not always guarantee security, it has worked fairly well so far.  
-
===Stack Smash Protection, Buffer Overflow Detection, Variable Reordering, Exec-Shield===
+
*Stack Smash Protection, Buffer Overflow Detection, Exec-Shield [[http://fedoraproject.org/wiki/Security/Features#head-00b5d3c07f2721bcde9c126e87c3c0712ef0ba85 11]]
All of these are systems to prevent exploits.  Exec-Shield provides address space randomization, while the others are specific features designed to detect specific exploits.
All of these are systems to prevent exploits.  Exec-Shield provides address space randomization, while the others are specific features designed to detect specific exploits.
 +
 +
==Most Secure==
 +
===Overall Comparison===
 +
[[Image:Vista-90day-vuln-compare.PNG|thumb|350px|right|Security vulnerabilities within 3 months of release]]
 +
A study was done that compared the number of security problems found in each operating system within 3 months of release[[http://exchangepedia.com/blog/2007/06/numbers-talk-vista-most-secure-os-of.html 12]].  Windows Vista had by far the lowest number of bugs, while Linux distributions had the highest.  This data cannot be taken at face value, however, due to the open source nature of Linux.  Clearly many more bugs will be found in an operating system where everyone can view the code.  This may actually be better for security, even though according to the chart it would seem not to be. <br>Comparing Windows Vista and Mac OS X, however, is relevant.  Since Mac OS X is mostly closed source, this study indicates that Windows Vista is more secure than Mac OS X seeing as it had the least number of security problems.  However, since Windows has a history of always having the highest market share, it is most likely that hackers will continue to focus their attacks on Windows.  Even though the current market share of Vista is about 8%, based on previous trends that will most likely rise in the future.
 +
 +
===Open Source vs. Closed Source===
 +
There are two schools of thought with security [[http://www.linux-watch.com/news/NS7350372195.html 13]]. Some believe that open source is more secure because holes can be found by anyone and a patch can be made by anyone.  Others believe in 'security by obscurity' in that, by being closed source, it makes it harder for hackers to exploit.  Supporters of closed source state that exploits are made easier because the source code can be seen.  Supporters of open source state that closed source software is patched less frequently, the patches do not always fix the problem and can actually cause further problems.  Since the patch code cannot be seen, it is never guaranteed to work.  Clearly one is not definitely more secure than the other. 
 +
 +
===The Most Secure===
 +
Each operating system has a comparable set of features.  Therefore, the 'most secure' can be defined here as the one that is safest from hacker attacks.  Since a hacker will tend to focus on the most common or popular operating system, this may be the best measurement of security. 
 +
According to this, Linux is the most secure operating system.  Apart from having the lowest market share, developers clearly have a focus on security, as it has comparable features to the other operating systems. 
 +
<p>Linux is a more advanced operating system, however, and does take some computer knowledge to use it properly.  For a casual or beginner computer user, Mac OS X is the better choice, as it is easier to use.  It is still quite secure, and having a relatively low market share means that there will be fewer attacks. <br>This does not mean that Windows Vista is the most insecure operating system.  The data indicates that, in fact, it is technically better than Mac OS X.  But the Windows market share trends must be taken into account.  Since Windows Vista will most likely be the most commonly used operating system in the future, it will be the focus of attacks.  It is therefore more sensible to pick the Mac OS X instead.
 +
 +
== References==
 +
 +
 +
[http://arstechnica.com/news.ars/post/20070903-linux-marketshare-set-to-surpass-windows-98.html Market Share]<br>
 +
[http://searchenterpriselinux.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid39_gci1133408,00.html SELinux]<br>
 +
[http://www.linux-watch.com/news/NS7350372195.html Open and Closed Source Discussion]<br>
 +
[http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212220,00.html Hacker Definition]<br>
 +
[http://exchangepedia.com/blog/2007/06/numbers-talk-vista-most-secure-os-of.html Security Report]<br>
 +
[http://www.apple.com/macosx/features/300.html Mac OS X Security Features]<br>
 +
[http://fedoraproject.org/wiki/Security/Features#head-00b5d3c07f2721bcde9c126e87c3c0712ef0ba85 Linux Security]<br>
 +
[http://en.wikipedia.org/wiki/Features_new_to_Windows_Vista Windows Vista Features]<br>
 +
Hacking Exposed.  Joel Scambray, Stuart McClure, George Kurtz: 2001 Osborne/McGraw-Hill<br>

Current revision as of 22:50, 6 December 2007

The security of operating systems has always been a concern for users, and especially so with the invention of the Internet. Operating system developers are constantly creating new ways to protect computers from hackers. The three most common operating systems are Linux, Mac OS and Windows, each having a different set of security features. Determining which of these operating systems is the most secure from hackers is not easy as there are many factors that must be taken into consideration.

Contents

Hacking

Hacking is the act of manipulating computers to get them to do exactly what you want. A hacker is the person who does the hacking. A hacker is generally defined as someone who is very good with computers and programming. However, in popular culture, a hacker is considered someone who attempts to break into computer systems (Scambray et al 2001). Hacking is done for many reasons, including anything from theft and denial of service to someone hacking because they have a psychological need to do it (Scambray et al 2001). It is therefore vital for an operating system to be as secure as possible to protect against them.

Techniques

There are many ways a hacker can attack a system. Some of these include exploits, which take advantage of faulty operating systems coding, or Trojan horses, which are programs that seem to provide one function but actually do something completely different. To get a better understanding of hacking, visit the hacking wiki at Wikipedia.

Common Operating Systems

Windows

Example of Windows GUI

There are two releases currently in use today. Windows XP, released in 2001, is currently on 79.07% of all personal computers in the world 1. Windows Vista, released in 2006-2007, has a market share of 7.97%. Windows provides a fairly straightforward system that is useful to a beginner and a more advanced user. It is a closed source operating system, so only the developers have access to the source code of Windows.

Mac OS

Example of Mac OS X GUI

The most recent release is the Mac OS X. It is very different from the original Mac OS, having an improved GUI and many more features. Its market share is estimated to be from 6% to 13% in the personal computing market[2]. It is also meant to be easy to use and also have advanced features. It is a mainly closed source operating system but some major components are open source.

Linux

Example of Linux GUI

Linux, in general, is a more advanced operating system. Although it often has a point-and-click interface, some things must be done via a command line, making it slightly harder to use. For this and several other reasons, this operating system is better suited for someone more knowledgeable in computers. It is a completely open-source operating system, meaning anyone can view the source code[3]. It also has many different distributions. Each distribution focuses on different features such as speed, ease-of-use or security. The Linux market share is approximately 1% [2].

Windows Security Features

Vista, will be the focus here since it is the newest. Some of the more major security features include the following:

  • User Account Control[4]
An example of User Account Control‎

Each time the something occurs that may affect the systems security, a prompt will appear that asks whether or not it should be allowed.

  • Address Space Randomization[5]

Many hacker exploits involve overflows into other portions of system memory in order to manipulate certain pieces of code. Vista has randomized memory in order to prevent this. By having memory more scattered, overflows often will not modify the correct address in memory, thereby preventing an exploit.

  • Integrity-Level Access[6]

Everything that is running in Vista is given a certain trust level. For example, something with lower trust cannot modify something with a higher trust level, but something with higher trust may be able to modify something with a lower trust level.

  • Improved Firewall and Address Stack [7]

Some updates and improvements from the XP firewall and network security.

Mac OS X Security Features

Mac OS X Leopard is the most recent release of Mac OS X. Some of its major features are:

  • Open and Closed Source[8]

Since a portion of the operating system is open source, faults in some of the code can be found by anyone. However, most of it is closed source. This mix of open and closed source aids in security as you get obscurity as well as some freely available code.

  • Sandboxing[8]

Gives programs as few resources as possible so as to prevent the program from gaining access to vital areas of the system.

  • File Tagging and Signed Applications [8]

If a program has not been run before, it is tagged. The first time it is opened, the user is asked if the file is OK to be run. Signed applications are ones that have a digital signature. These help identify the integrity and trustworthiness of the program.

  • Library Randomization [8]

Same idea as the Windows address space randomization, this helps protect against exploits.

Linux Security Features

The number of Linux security features differs with each distribution. Some of the most notable general features are:

  • SELinux[9]

Provides mandatory access control and integrity checking of programs and processes.

  • Open Source[[1]]

Some believe that being open source gives Linux a major advantage security-wise. Instead of just developers fixing bugs, all users are capable of this. Although this may not always guarantee security, it has worked fairly well so far.

  • Stack Smash Protection, Buffer Overflow Detection, Exec-Shield [11]

All of these are systems to prevent exploits. Exec-Shield provides address space randomization, while the others are specific features designed to detect specific exploits.

Most Secure

Overall Comparison

Security vulnerabilities within 3 months of release

A study was done that compared the number of security problems found in each operating system within 3 months of release[12]. Windows Vista had by far the lowest number of bugs, while Linux distributions had the highest. This data cannot be taken at face value, however, due to the open source nature of Linux. Clearly many more bugs will be found in an operating system where everyone can view the code. This may actually be better for security, even though according to the chart it would seem not to be.
Comparing Windows Vista and Mac OS X, however, is relevant. Since Mac OS X is mostly closed source, this study indicates that Windows Vista is more secure than Mac OS X seeing as it had the least number of security problems. However, since Windows has a history of always having the highest market share, it is most likely that hackers will continue to focus their attacks on Windows. Even though the current market share of Vista is about 8%, based on previous trends that will most likely rise in the future.

Open Source vs. Closed Source

There are two schools of thought with security [13]. Some believe that open source is more secure because holes can be found by anyone and a patch can be made by anyone. Others believe in 'security by obscurity' in that, by being closed source, it makes it harder for hackers to exploit. Supporters of closed source state that exploits are made easier because the source code can be seen. Supporters of open source state that closed source software is patched less frequently, the patches do not always fix the problem and can actually cause further problems. Since the patch code cannot be seen, it is never guaranteed to work. Clearly one is not definitely more secure than the other.

The Most Secure

Each operating system has a comparable set of features. Therefore, the 'most secure' can be defined here as the one that is safest from hacker attacks. Since a hacker will tend to focus on the most common or popular operating system, this may be the best measurement of security. According to this, Linux is the most secure operating system. Apart from having the lowest market share, developers clearly have a focus on security, as it has comparable features to the other operating systems.

Linux is a more advanced operating system, however, and does take some computer knowledge to use it properly. For a casual or beginner computer user, Mac OS X is the better choice, as it is easier to use. It is still quite secure, and having a relatively low market share means that there will be fewer attacks.
This does not mean that Windows Vista is the most insecure operating system. The data indicates that, in fact, it is technically better than Mac OS X. But the Windows market share trends must be taken into account. Since Windows Vista will most likely be the most commonly used operating system in the future, it will be the focus of attacks. It is therefore more sensible to pick the Mac OS X instead.

References

Market Share
SELinux
Open and Closed Source Discussion
Hacker Definition
Security Report
Mac OS X Security Features
Linux Security
Windows Vista Features

Hacking Exposed. Joel Scambray, Stuart McClure, George Kurtz: 2001 Osborne/McGraw-Hill

Personal tools