[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mac most secure servers?

> I have been told by a "Mac-head" that the Mac is the most secure server and 
> that it is significantly more secure than any unix system, including Linux.

MacOS up through 9.x is arguably more secure *out of the box* for the same
reason that Windows9x is secure *out of the box* -- there's no network
listener running as a matter of course on such a system, and no provision
whatsoever for someone coming in from the outside and executing code. It's
also impossible to get "shell" access by hacking into a MacOS <= 9.x,
because there is no shell!

You can get 99.99% of the way there on any Unixoid platform simply by
deciding there's absolutely nothing in inetd you actually need, and turning
it off. But if we're comparing *out of the box* installations, MacOS wins
because there are *no* default network services, whereas every Unixoid I
know of installs inetd with a whole bunch of 'essential' services (telnet,
rsh, ftp) turned on.

A server is only as insecure as the services you choose to run on it. Every
port some daemon listens to is arguably one more hole, so you have to keep
track of security concerns for the programs you run. But this is true for
any operating system.

I've discovered that I can easily get away without inetd running at all. I
run a Debian server whose only listeners are sshd, apache and sendmail (used
to be exi), and I keep on top of the security updates for all three. Does
this make my machine 'secure'? No; but it's no *less* secure than a MacOS <=
9.x box running a web server and a mail server, assuming the programs
themselves are equally well secured.

MaxOS X, of course, changes everything, because it's Unixoid.


Attachment: pgpnarRwwSWw2.pgp
Description: PGP signature

Reply to: