Weighing up Windows, Linux, and Mac OS X
Let's be clear, no system is immune to virus threats, not least of all because we remain equally capable of being socially engineered, of being duped into running malware. Then again, if you're serious about security, then use a system that's designed around security. In other words that's Linux-based or, to a lesser extent, a Mac. So why?
They benefit from deny-by-default permission models
Linux is open source (OS X is partly)
Note
For the ultimate in security, we'd run a BSD system such as PC-BSD. The downside is reduced usability and a more limited community to help. This book therefore looks at systems requiring less of a brain tease. Then again, decide for yourself:
BSD operating systems – http://www.bsd.org
BSD from A-Z – http://forums.freebsd.org/showthread.php?t=9294
The deny-by-default permission model
Windows has long been a hacker's target of choice due to its popularity. There's another reason too. Up until Vista, Windows systems have been far easier to hack due to the allow-by-default permission model where a standard user—including an interloping hacker using your rights—needs no administrative privileges to execute a script. The script could be a friendly program executable. It could also be a virus.
Compare that to the deny-by-default policies of Macs and Linux: neither we nor anyone else can execute files without first escalating user rights to those of an administrator. When you hear these systems' users saying they don't run anti-malware suites—which is not recommendable by the way—yet have never been hit, this is the main reason why.
Note
There's another reason. Hackers haven't been hitting Linux or Macs. With Windows 7 proving a tougher target, they're now beginning to, particularly against OS X, and the myth that these two systems are "secure" may finally be broken.
Meanwhile, hacked to a pulp, Microsoft eventually wised up with the security U-turn that was Vista which adopts deny-by-default. They dub it User Account Control. Vista, otherwise, was a pig's ear of a pear shape. Windows 7, on the other hand, is a very decent system offering security as well as prettiness. After 20 odd years of Microsoft, well done!
Note
So what about Windows XP? After all, it has almost as many users as all the other operating systems combined. Well, in terms of their scope for exploitation, the malware magnets that are XP and earlier may be reliably compared to Swiss cheese. Chapter 3's solutions will help ... as will trundles of maintenance time.
The open source advantage
Like WordPress or server-side apps such as Apache, MySQL, or PHP, Linux is open as opposed to closed source, so what the bejeebers is that?
Take Windows. This is closed, proprietary software, meaning that only a relatively tiny team of talents can develop it, for instance smoking out bugs before pushing out patches.
Compare that to most Linux systems. Being open, they can be tweaked and tested by anyone working in a strict hierarchy of users and geeks-on-high to ensure quality control.
OS X, meanwhile, has a proprietary user interface and applications, but sits on an open source kernel, the system core which, in this case, is a fork from BSD.
So this is a numbers game. Do the math. Aside from being free, open source software is more thoroughly tested and, finding a bug, the patch rollout is often dramatically faster.
System security summary
At the risk of further fanning the flame wars, of the more user-friendly systems, the open model of Linux gives it the security edge. That said, Macs aren't far behind and Windows 7 is worthy of praise. This is very much IMHO, I hasten to add. The lack of a level playing field, where for instance hackers still mostly target Windows systems which also dominates market share, makes a fully justifiable comparison impossible to achieve.
XP, on the other hand, requires great user discipline to ensure security. That's not to say it can't be used. It can. It would, however, be dim to encourage its use in a security book.
We'll look now at the kind of malwares that can afflict any system. In Chapter 3, we'll apply an extensive anti-malware solution to keep those dangers in check as best we can, primarily nursing the most needy patient overall, Windows.