Linked by Thom Holwerda on Fri 30th Mar 2007 20:41 UTC, submitted by Robert Escue
Privacy, Security, Encryption In this article, Matthew uses nmap and nessus against actual installs of various operating systems as part of his research. A variety of operating sytems were tested including Windows XP, Server 2003, Vista Ultimate, MacOS, FreeBSD, Solaris, Fedora Core, and Slackware. "As far as 'straight-out-of-box' conditions go, both Windows and OS X are ripe with remotely accessible vulnerabilities. Even before enabling the servers, Windows based machines contain numerous exploitable holes allowing attackers to not only access the system but also execute arbitrary code. Both OS X and Windows were susceptible to additional vulnerabilities after enabling the built-in services. Once patched, however, both companies support a product that is secure, at least from the outside. The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each system generally maintained its integrity against remote attacks."
Permalink for comment 226066
To read all comments associated with this story, please click here.
Fedora
by siti on Fri 30th Mar 2007 21:48 UTC
siti
Member since:
2005-07-06

Fedora done very well in this test because they have implemented active protection. E.g. exec-shield, pie executables and selinux. I really hope that most linux distros implement similar functionality because it's been available since about 2004.

Windows XP SP2 added NX support. Windows Vista added address space layout randomization (although this probably only works with built in apps because the code needs to be PIC). So why don't all the linux distros at least use exec-shield for the sake of the users and linux 's reputation of being reasonbly secure.

Reply Score: 5