Which is More Secure, Leopard or Vista?: Page 2


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 2 of 2)

Separation of data and executables. Previously, I’d said, “In my familiar UNIX land, all programs are stored in areas of the file system that were outside of the control of users. Specifically, directories including /bin, /usr/bin, /usr/sbin, /usr/local/bin, and so on are where programs go. Users, on the other hand, login to their own directories, such as /home. Among other things, this has made various administrative tasks like backing up user data, system data, etc., well organized and easy to manage on UNIX systems.”

Here too, the comparison hasn’t substantially changed with Vista and Leopard.

Qualitative score: OS X gets a B+ while Windows gets a D-.

Privilege management. Now things start to get murkier—and for both operating systems. In comparing Tiger and XP, I wrote, “Pretty much from the start, UNIX has been a multi user system, whereas multi user functionality has been a retrofitted feature in the Windows family. OS X has a root user while modern Windows versions have an Administrator user for doing administrative tasks.”

Now, I’m confident Microsoft and Apple will both claim that their newer privilege models are improvements in usability over previous versions, but I remain unconvinced. I find them to be pretty sloppy and no substitute for proper system administration—which, some will argue, died some 10+ years ago.

I give Leopard an only slightly less bad score than Vista because its application firewalling doesn’t annoy me as much.

Qualitative score: OS X gets a D+ while Windows gets a D-.

Program management. Previously, I wrote, “Here’s where OS X really shines. Apple has improved on UNIX in this area. Although the standard UNIX utilities are still in /bin, /usr/bin, and such, Apple apps and most third party apps install in /Applications.

This hasn’t changed much with Leopard and Vista. I still don’t feel I can remove a major application from a Windows system without leaving behind significant residue, be it directly in the file system in the form of remnant DLLs or in a registry hive somewhere that the uninstaller didn’t clean up.

Qualitative score: OS X gets an A while Windows gets a C.

Access controls. On the topic of access controls and, in particular, default configurations, I previously said, “OS X installs the default desktop user with administrative privileges. This bothered me to my kernel when I first set up my Mac, so I went out of my way to turn that off.” Regarding Windows, I said, “Windows, once again, shows its security-retrofitted roots here. Normal desktop users generally have far too much write-enabled access to a Windows installation, even if they do not have administrative privileges.”

Unfortunately, I don’t see any improvements being made here. If anything, by my score, we’ve stepped backwards due to the new action-focused security desktop mechanisms I described above.

Still, though, I was able to tweak my Leopard installation so that my desktop user is unprivileged and my administrative user has read/write control over applications. But I still find myself sweeping through the system periodically to clean up the default access controls left behind by various application installers that leave /Applications and /Library/Application Support open to world read/write.

This is sloppy at best, and it enables malware to infect and spread with relative impunity. So, I’m downgrading my score for both operating systems.

Qualitative score: OS X gets a C- while Windows gets a D-.

So, all this doesn’t paint a very pretty picture for either operating system, does it?

The only thing that kept Leopard from failing me in several areas is that I’m still able to invoke the UNIX-like attributes of the underlying operating system to enable security the way I want it to be. I’ve not been so fortunate on the Windows systems I’ve used over the years, as I find the privilege and access control mechanisms to be far murkier.

As a result, I remain steadfast in saying that I’m more secure on Apple’s Leopard than I would be on Microsoft’s Vista. But it does seem to me that, with each subsequent release of OS X, I have to spend more and more time tweaking the operating system’s features before I really feel at $HOME.

Page 2 of 2

Previous Page
1 2

Tags: Linux, Microsoft, Vista, OS X, Leopard

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.