> I have been told by a "Mac-head" that the Mac is the most secure server and > that it is significantly more secure than any unix system, including Linux. MacOS up through 9.x is arguably more secure *out of the box* for the same reason that Windows9x is secure *out of the box* -- there's no network listener running as a matter of course on such a system, and no provision whatsoever for someone coming in from the outside and executing code. It's also impossible to get "shell" access by hacking into a MacOS <= 9.x, because there is no shell! You can get 99.99% of the way there on any Unixoid platform simply by deciding there's absolutely nothing in inetd you actually need, and turning it off. But if we're comparing *out of the box* installations, MacOS wins because there are *no* default network services, whereas every Unixoid I know of installs inetd with a whole bunch of 'essential' services (telnet, rsh, ftp) turned on. A server is only as insecure as the services you choose to run on it. Every port some daemon listens to is arguably one more hole, so you have to keep track of security concerns for the programs you run. But this is true for any operating system. I've discovered that I can easily get away without inetd running at all. I run a Debian server whose only listeners are sshd, apache and sendmail (used to be exi), and I keep on top of the security updates for all three. Does this make my machine 'secure'? No; but it's no *less* secure than a MacOS <= 9.x box running a web server and a mail server, assuming the programs themselves are equally well secured. MaxOS X, of course, changes everything, because it's Unixoid. /m
Attachment:
pgpnarRwwSWw2.pgp
Description: PGP signature