Solve : Whcih OS has better native security??

1.	Solve : Whcih OS has better native security??
Answer» Is any Operating System more secure? I am not even going to pretend to know the answer. Here is a statement that has been echoed many times: If you were a hacker, and were creating a virus or malware to target as many machines as possible and cause widespread attacks, you would focus your efforts on what will create the greatest return. If you’re looking to cause the most damage, and increase your chances of success, you’re going to target the most common computer system. Essentially, Macs are safer because statistically you’re less likely to be infected due to the lower number of viruses built to infect OS X. Then the same lame dubious logic might given to other lessor Operating SYSTEMS Look at this: Lesser-Known Operating Systems: Important to Enterprises and Your Career (Try and guess before you see the link.) Presently, some in the industry are working on ways to make it much harder to do a HACK on a will-designed system. But it is not yet available in the main stream. Anyway, What do you think? EDIT:The might be relevant. http://www.windowsecurity.com/articles-tutorials/windows_os_security/64-Bit-Windows-More-Secure.html This claims a 64 bit system has better security at the machine code level.How do you define secure? https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=secure+definition Quote protect against threats; make safe. I think threats are dependent on who you are, while an attack method is determined on what you use. At work I had to reset someone's email password after they opened invoice90901.jar in an email titled Missing Invoice from a hotmail address. invoice90901.jar stole the email password (or briefly took control of the mail client), because a bunch of junk emails were sent from that email address. The same message we received was sent to hundreds of emails. That address actually reached the account's mail quota for the hour, and after I reset the password, the mail ceased to be sent. Therefore, because we are part of a small business with our own domain, we are subject to random spam emails. (My work email gets random spam too, but my person email accounts, all 7, do not) I believe the attack method was java because it is a universal executable. I do not want to try, but on macos, linux, bsd, what ever else, I would assume if the jar was RUN by the user, the program would have access to the user's config files. Today I think this definition is more fitting: Code: [Select]feeling safe, stable, and free from fear or anxiety.Anything connected to the internet could be a target; I don't think an EXPENSIVE propriety os is going to make much of a difference if someone wants to attack your systems. I think education of using the computer is more important than what os you make your people use. Knowing to not to click on random attachments from emails, and to not install random things found on the internet is more important than os is being used. Granted last year, I tried installing XP 1a on a computer connected to the internet it had a virus on it before I could download and install SP3 on it. As long as the os gets security patches regularly, the operating system for general users shouldn't matter (Windows, or Windows like for the general population) At this point I'm coming back to the original point of discussion:Quote from: Geek-9pm on November 04, 2016, 11:39:58 AM If you were a hacker, and were creating a virus or malware to target as many machines as possible and cause widespread attacks, you would focus your efforts on what will create the greatest return. If you’re looking to cause the most damage, and increase your chances of success, you’re going to target the most common computer system. Essentially, Macs are safer because statistically you’re less likely to be infected due to the lower number of viruses built to infect OS X. Are traditional computers even the most common devices connected to the internet anymore? Rather if I was a hacker, wouldn't I be better off to attack unsupported devices? Smartphones still on old VERSIONS of Andriod or iOS, smart TV boxes (mine hasn't updated since June 2015), pretty much anything that is connected to the internet that is a computer but not used as a traditional computer would be a better target than a os that has teams dedicated to its security. If there was a good copy, paste, and compile worm for a major os, then that os would be my target. Like TheWaffle says I'm of the mind that Trojans and other infections that rely on the user as the weak point are the primary infection vector for the large majority of malware. This is why I've always felt the emphasis on keeping your system up to date with the latest security patches is somewhat misleading; Joe Average isn't going to have their system exploited because they are missing a patch, they are going to have their system taken over when they download and run "Fun screensaver.exe" or run things like attachments on spam E-mail because they don't know better, and didn't give it a second thought when the install instructions said it would be a "false positive" and to just turn off their AV. This would remain the same regardless of the Operating System in use. it's partly the reason for the push for Limited User Accounts. It's one thing if "fun screensaver.exe" can save files to your user profile. It's quite another if it can install or uninstall services or create scheduled tasks or cron jobs.I agree with Waffle and BC... additionally there should be a push to educate users to make them not so gullible etc. One employer for example put in place a web based training with a test at the end of it that you need to pass in order to have computer access. They gave good examples of ways that hackers try to trick you into running something. It goes into great detail with screenshots and asking is this ok to click on or not ok to click on, is this ok to allow to run or not ok to allow to run. Being overly cautious you fail, so the test forces you to really understand what is a threat from what isnt. Best of all the test is dynamic ( adaptive testing ) so as your taking it it looks for a weakness or it tries to predict a weakness in the user taking the test and it will give you a different test from someone else as for in many questions there are more than 1 correct and more than 1 wrong answer, however the question is covered under say 2 or 3 questions to double / triple check that you didnt get lucky and click on the correct answer by luck and you understand the threat or what is ok or not ok etc, and if answered incorrectly you need to know why your wrong vs just wrong so it describes why your wrong vs just saying wrong. Sure you could have someone lucky able to luck out and select the most correct answer twice or three times to get past this. Many people bombed the test. Most thought they could just whiz through it and get it over with to get their computer access back by being overly cautious. Saying they will never open attachments and such, which they need to be able to open attachments as part of their job for proper communications so they really need to know what is safe from a threat and this test which was almost like a Drivers Test for the corporate computer access did a really good job. I passed first shot although I did get one question wrong for being overly cautious. It was a scenario where the e-mail came from a government identity, yes it looked safe because it was from a .gov but me taking the test, I am not expecting this e-mail from this unknown sender and my job would never have anyone of this position e-mailing me with an attachment, so I would just ignore that e-mail. Well it was wrong because while the test was good it wasnt flawless. The test wasnt different between me in my position and someone else in a position that may get e-mail from a person as given by example on the test, so I chose to be overly cautious and not open something that I dont need to open. I can see the reasoning behind avoiding teaching people from being overly cautious as for it would have severe consequences if everyone all of a sudden in the company refused to open e-mail with attachments, overly cautious and now important information isnt getting communicated. Additionally you dont want users who give answers on the test just to blow through it and get their computer access back and then not abide to the policy in place for communications. Additionally it also talked about phone calls from people trying to trick you into downloading a program etc, so it wasnt just pop ups and attachments to worry about but also the cold call hacker trying to get in as microsoft or pretending to be someone in the company needing you to do something for them or share information with them etc.Yep, I'm of the mind that Common sense is the best AV, and just general security. I myself use it without anything else (except the occasional MBAM) scan but I'd never recommend others to use it on it's own.

Answer» Is any Operating System more secure?
I am not even going to pretend to know the answer.
Here is a statement that has been echoed many times:
If you were a hacker, and were creating a virus or malware to target as many machines as possible and cause widespread attacks, you would focus your efforts on what will create the greatest return. If you’re looking to cause the most damage, and increase your chances of success, you’re going to target the most common computer system. Essentially, Macs are safer because statistically you’re less likely to be infected due to the lower number of viruses built to infect OS X.
Then the same lame dubious logic might given to other lessor Operating SYSTEMS
Look at this:
Lesser-Known Operating Systems: Important to Enterprises and Your Career
(Try and guess before you see the link.)

Presently, some in the industry are working on ways to make it much harder to do a HACK on a will-designed system. But it is not yet available in the main stream.
Anyway, What do you think?

EDIT:The might be relevant.
http://www.windowsecurity.com/articles-tutorials/windows_os_security/64-Bit-Windows-More-Secure.html
This claims a 64 bit system has better security at the machine code level.How do you define secure? https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=secure+definition
Quote

protect against threats; make safe.

I think threats are dependent on who you are, while an attack method is determined on what you use.
At work I had to reset someone's email password after they opened invoice90901.jar in an email titled Missing Invoice from a hotmail address. invoice90901.jar stole the email password (or briefly took control of the mail client), because a bunch of junk emails were sent from that email address. The same message we received was sent to hundreds of emails. That address actually reached the account's mail quota for the hour, and after I reset the password, the mail ceased to be sent.
Therefore, because we are part of a small business with our own domain, we are subject to random spam emails. (My work email gets random spam too, but my person email accounts, all 7, do not) I believe the attack method was java because it is a universal executable. I do not want to try, but on macos, linux, bsd, what ever else, I would assume if the jar was RUN by the user, the program would have access to the user's config files.

Today I think this definition is more fitting:
Code: [Select]feeling safe, stable, and free from fear or anxiety.Anything connected to the internet could be a target; I don't think an EXPENSIVE propriety os is going to make much of a difference if someone wants to attack your systems.

I think education of using the computer is more important than what os you make your people use. Knowing to not to click on random attachments from emails, and to not install random things found on the internet is more important than os is being used.

Granted last year, I tried installing XP 1a on a computer connected to the internet it had a virus on it before I could download and install SP3 on it.

As long as the os gets security patches regularly, the operating system for general users shouldn't matter (Windows, or Windows like for the general population)

At this point I'm coming back to the original point of discussion:Quote from: Geek-9pm on November 04, 2016, 11:39:58 AM

If you were a hacker, and were creating a virus or malware to target as many machines as possible and cause widespread attacks, you would focus your efforts on what will create the greatest return. If you’re looking to cause the most damage, and increase your chances of success, you’re going to target the most common computer system. Essentially, Macs are safer because statistically you’re less likely to be infected due to the lower number of viruses built to infect OS X.

Are traditional computers even the most common devices connected to the internet anymore? Rather if I was a hacker, wouldn't I be better off to attack unsupported devices? Smartphones still on old VERSIONS of Andriod or iOS, smart TV boxes (mine hasn't updated since June 2015), pretty much anything that is connected to the internet that is a computer but not used as a traditional computer would be a better target than a os that has teams dedicated to its security.
If there was a good copy, paste, and compile worm for a major os, then that os would be my target.

Like TheWaffle says I'm of the mind that Trojans and other infections that rely on the user as the weak point are the primary infection vector for the large majority of malware. This is why I've always felt the emphasis on keeping your system up to date with the latest security patches is somewhat misleading; Joe Average isn't going to have their system exploited because they are missing a patch, they are going to have their system taken over when they download and run "Fun screensaver.exe" or run things like attachments on spam E-mail because they don't know better, and didn't give it a second thought when the install instructions said it would be a "false positive" and to just turn off their AV. This would remain the same regardless of the Operating System in use.

it's partly the reason for the push for Limited User Accounts. It's one thing if "fun screensaver.exe" can save files to your user profile. It's quite another if it can install or uninstall services or create scheduled tasks or cron jobs.I agree with Waffle and BC... additionally there should be a push to educate users to make them not so gullible etc. One employer for example put in place a web based training with a test at the end of it that you need to pass in order to have computer access. They gave good examples of ways that hackers try to trick you into running something. It goes into great detail with screenshots and asking is this ok to click on or not ok to click on, is this ok to allow to run or not ok to allow to run. Being overly cautious you fail, so the test forces you to really understand what is a threat from what isnt. Best of all the test is dynamic ( adaptive testing ) so as your taking it it looks for a weakness or it tries to predict a weakness in the user taking the test and it will give you a different test from someone else as for in many questions there are more than 1 correct and more than 1 wrong answer, however the question is covered under say 2 or 3 questions to double / triple check that you didnt get lucky and click on the correct answer by luck and you understand the threat or what is ok or not ok etc, and if answered incorrectly you need to know why your wrong vs just wrong so it describes why your wrong vs just saying wrong. Sure you could have someone lucky able to luck out and select the most correct answer twice or three times to get past this.

Many people bombed the test. Most thought they could just whiz through it and get it over with to get their computer access back by being overly cautious. Saying they will never open attachments and such, which they need to be able to open attachments as part of their job for proper communications so they really need to know what is safe from a threat and this test which was almost like a Drivers Test for the corporate computer access did a really good job.

I passed first shot although I did get one question wrong for being overly cautious. It was a scenario where the e-mail came from a government identity, yes it looked safe because it was from a .gov but me taking the test, I am not expecting this e-mail from this unknown sender and my job would never have anyone of this position e-mailing me with an attachment, so I would just ignore that e-mail. Well it was wrong because while the test was good it wasnt flawless. The test wasnt different between me in my position and someone else in a position that may get e-mail from a person as given by example on the test, so I chose to be overly cautious and not open something that I dont need to open.

I can see the reasoning behind avoiding teaching people from being overly cautious as for it would have severe consequences if everyone all of a sudden in the company refused to open e-mail with attachments, overly cautious and now important information isnt getting communicated. Additionally you dont want users who give answers on the test just to blow through it and get their computer access back and then not abide to the policy in place for communications. Additionally it also talked about phone calls from people trying to trick you into downloading a program etc, so it wasnt just pop ups and attachments to worry about but also the cold call hacker trying to get in as microsoft or pretending to be someone in the company needing you to do something for them or share information with them etc.Yep, I'm of the mind that Common sense is the best AV, and just general security. I myself use it without anything else (except the occasional MBAM) scan but I'd never recommend others to use it on it's own.

Solve : Whcih OS has better native security??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment