UK-based security firm mi2g has declared Mac OS X, and other BSD-based operating systems, the “world´s safest and most secure 24/7 online computing environments.” The surprise? Linux is rated as the least safe and secure.
Mi2g analyzed more than 235,000 security breaches of continuously connected servers worldwide. Of these, only 4.82% were carried out against OS X and BSD-based systems. In government offices this was even lower, a mere 1.74%. In contrast, Linux accounted for 65.64% (or more than 154,000) successful attacks. Windows-based computers have maintained a steady 25% of attacks over recent years.
“More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004,” said DK Matai, Executive Chairman of mi2g.
Microsoft´s various Operating Systems have long been the target of ridicule and public slander for weak security, an excess of patches and for being the darling of hackers worldwide. Security firms have been watching this change over time, though, as Linux becomes the de facto gatekeeper and therefore the target of choice for large and desirable targets.
The report does not include the number of failed attacks versus successful attacks, so we don´t really know how secure or insecure the OS´s are on their own. It also doesn´t include any details on what types of organizations the penetrations happened in or how experienced the server administrators are. As a result, Linux advocates around the world will likely denounce this report without really seeing what it means: it isn´t good enough to be better than Microsoft, if Linux´s security can be considered better in light of this report, in order to be secure you have to be perfect. Until we have a perfect Operating System, we´ll continue to deal with penetrations and the effect of poor decision making for years to come.
At the end of the day this isn´t about which OS is best. And it isn´t about security through obscurity. OS makers need to continue to strive for perfection, for multiple layers of protection, to block hackers from gaining the ultimate prize of full control of resources and to include alerting and management tools which make monitoring penetrations easier and which make dealing with them less of a chore.
Taken in perspective, these results may be surprising and even encouraging for Apple and BSD fans, but at the granular level, 10,000 successful attacks is still 10,000 successful attacks.