[Dshield] OS Comparisions

jayjwa jayjwa at atr2.ath.cx
Tue Nov 15 20:09:52 GMT 2005



Several lists back, someone was wondering if there was ever a test done of the 
security of various different operating systems in their default setups. Today 
while I was searching for something else, I came upon this link:


http://www.geocities.com/mvea/exploit_in_box.htm


The idea of the test was to take various operating systems, set them up as 
they'd be "out of the box", and then run some security scanners (Nessus, Nmap, 
etc) on them to see what shows up. It's pretty interesting, but one thing I 
noticed about the systems is that some of them seem to be more heavily 
disadvantaged in the tests, namely the Mac OSX and Linux systems. For example, 
the Windows systems all got their SP's and had the privilege of hitting 
Windowsupdate before the tests (not really what I'd call "out-of-the-box", 
then). After their OS versions are listed you can see "SP1", "SP2" for 
example, and the author's written "WinUpdate" after that. The linux names show 
up like this example, "Slackware 10", with no mention of other modifications.

With the Linux and Mac, he's gone into inetd.conf and enabled stuff which 
would normally be disabled (for example, Slackware 10 does not come with Bind9 
running or enabled) like smtp servers, RPC's (!), and even time servers for 
good measure. The reasoning he gives for this is to simulate what services 
would normally be running. IMO, if a system ships without certain services 
running, then that IS the default, but I can understand his choice for doing 
this.

OK, so maybe it's not an entirely leveled playing-field. Still, you might like 
to see how the various systems compared against each other.



-- 
    / /     __  __  __  __  __ __  __  mail me for my *
   / /__   / / /  \/ / / /_/ / \ \/ /  * email address.
  /_____/ /_/ /_/\__/ /_____/  /_/\_\ ::[ATr2 RG 2005]::
============================================================
IF you have to request that people contact you via a WEBFORM
because you've blocked off virtually all smtp-sent email from
your own MTA  ...You just might be guilty of DNS-RBL abuse.


More information about the list mailing list