[Infowarrior] - 2006 Operating System Vulnerability Summary

Richard Forno rforno at infowarrior.org
Thu Mar 29 19:18:11 UTC 2007 

2006 Operating System Vulnerability Summary

Overview

     Computer security is a precarious business both from a product
development and administrative standpoint. Operating system vendors are
forced to constantly patch their software to keep consumers protected from
the latest digital threats. But which operating systems are the most secure?
A recent report by Symantec hints that Windows currently presents fewer
security holes than its commercial competitors.1 To that, a typical
consultant would respond "well, that depends," as security auditors
generally take such statements with a grain of salt. It depends on the
configurations of the hosts, the breadth of the included binaries and the
scope of what "commercial competitors" entails. Differing opinions on this
interpretation lead to different conclusions. SecurityFocus, for instance,
shows that various overall vulnerabilities surged in 2006 while ISS
(Internet Security Systems) reports that operating system specific exploits
declined.2,3

     The summarized coverage of 2006 vulnerabilities by SANS showed the most
prevalent attack vectors were not directly against the operating systems
themselves.4 However, this article approaches the operating system as an
entity in and of itself for analysis of only the vulnerabilities of core
features. As such, vulnerability scans were conducted against 2006's
flagship operating systems in various configurations to determine weakness
from the moment of installation throughout the patching procedure. From
Microsoft, testing included Windows XP, Server 2003 and Vista Ultimate.
Examinations against Apple included Mac OS9, OSX Tiger and OSX Tiger
server.5 Augmenting Apple's UNIX representation, security tests were also
performed on FreeBSD 6.2 and Solaris 10. Rounding up the market share, Linux
security testing included Fedora Core 6, Slackware 11, SuSE Enterprise 10
and Ubuntu 6.10. Before delving into the specifics of the vulnerabilities,
it is helpful to understand the security scene of 2006.

< - >

http://www.omninerd.com/2007/03/26/articles/74

More information about the Infowarrior mailing list