Linux

Linux: The clear choice for security

According to the UK's Communications-Electronics Security Group (CESG), Linux is the clear choice when it comes to security.

 

Linux security
 

Recently, the United Kingdom's Communications-Electronics Security Group (CESG) ran a series of tests to find out which operating system would be the most secure platform for the UK government. The test consisted of the following categories:

  • VPN
  • Disk Encryption
  • Authentication
  • Secure Boot
  • Platform Integrity and Sandboxing
  • Application Whitelisting
  • Malicious Code Detection and Prevention
  • Security Policy Enforcement
  • External Interface Protection
  • Device Update Policy
  • Event Collection for Enterprise Analysis
  • Incident Response

The goal was to see which platform would pass most of the 12 tests. The winner, Ubuntu 12.04 (Figure A), was far ahead of both Windows 8 and Mac OS X. The CESG site contains all of the findings, or you can read the Canonical summarization of the report. From the Canonical summary:

“All in all, Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better.”

Figure A

 

Figure A
 

The Ubuntu 12.04 desktop ready to install.

One interesting statement from the full report is that no operating system that's currently available can meet all of the above tests. Also interesting from the full report is that Samsung devices running Android 4.2 scored as high as Ubuntu 12.04.

Why 12.04? Because it's the most recent Long Term Support (LTS) release. Canonical is confident that 14.04 (the next LTS release) will meet or exceed the tests passed by 12.04. As for the current LTS: Ubuntu 12.04 passed nine of the 12 tests and had zero significant risks. Windows 8 passed seven with 1 significant risk. OS X passed eight tests with zero significant risks.

What does this mean?

One can surmise that the UK government is looking for their platform of the future. With the dramatic rise in cyber-crime, every government agency (business or enterprise) would be remiss in failing to run similar tests or, at the very least, giving the UK report a close read.

People have argued for years about platform security. There have been numerous events held with the sole purpose of determining a clear winner. Unfortunately, many of those tests and research papers cannot be trusted, simply because they were sponsored events (with vested interests in one particular platform performing beyond the others). But for the needs of a government agency (or an enterprise-grade business), the tests run by the CESG are right on the money. These are unbiased, unfiltered tests with end results that aren't concerned with market share, board of directors, or investors.

And in the end... Linux wins. Period.

No, Linux may not hold the coveted spot on top of the business and home desktop food chain, but now that a government entity has singled out Ubuntu 12.04 as the must secure platform available, this could easily change. Why? Businesses can't function without security. If the thought leaders of industries can't wrap their heads around that one fact, they're dooming countless businesses -- and not recommending Linux for desktop use is senseless.

Over the last five years, I've been working as a remote support engineer for hundreds of clients (with thousands of end users). I can say this with complete assurance: Nearly 100% of the problems I've dealt with could have been avoided by simply using Linux. Desktops have lost data and businesses have lost hundreds of thousands (if not millions) of dollars because of Windows. That is not opinion... that is fact. Had those users been using Linux, that would not be the case.

It never ceases to amaze me the amount of reports and claims of Windows superior security, when real-world results point to quite the opposite. And now, thanks to the UK government, there is official proof that Linux (specifically Ubuntu 12.04) is the best choice in a world where security should be priority number one.

The results of this test couldn't have come at a more poignant time. With Windows XP about to be put to rest, there will be a seemingly endless needs for businesses around the globe to replace those aging desktops. With all of the choices available to them, there is now one that stands well above the rest. That choice is Linux.

 Share your thoughts about this report and the future of Linux in the discussion thread below.

 

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

56 comments
dialus
dialus

It is really great one.Thanks

Jaqui
Jaqui

They obviously missed the one os release that beats all others for security in their assessment, openBSD beats every other os option for security. [ it is not a very user friendly system, since they don't sacrifice security for user friendliness. ] but they have a record for fewest exploits that not even freeBSD [ it's origin and still binary compatible ] can come close to matching. [ 4 exploits in default install / config in something like 15 years. ]

atvreddy
atvreddy

very useful information ,thank u............

obunga
obunga

I'm from Kenya and I would say that one of the reasons Windows will keep winning is that i supports a multiplicity of businesses that Linux Distros do not. I know many multi million dollar vendors of Microsoft products, compared to a few others who vend Linux products. It only makes business sense to sell Microsoft products based on the return on investment. Just as someone noted above, users will use an OS based on applications not security. And while at that, what is the business model of Linux?

rentla
rentla

Just in case anyone is interested:

The best store for buying linux computers is : LINUX CITY   ( WWW.LINUCITY.COM)



Steve
mdofperth
mdofperth

No mention of OpenBSD?


Some Linux distros base their security on SElinux, which is creation of the NSA, the same guys that weakened RSA, and infiltrated MS, Google, Apple, ....  Does anyone trust NSA now?
james
james

Mr. Wallen obviously thinks Ubuntu is equivalent to Windows 8RT as that is the OS he compares its 'risks' to.  Windows 7 and 8, as well as OSX all passed in the same 8 categories and only 4 notes.  Ubuntu only appears to be different in the 'Device Update Policy', and this is not explained in any of the reports.


It is a poor excuse of a journalist that must lie and hide data to try and confuse readers.  I suppose your just happy as a paid shill.  Too bad you lack any integrity.

The_Real_BSAFH
The_Real_BSAFH

"The results of this test couldn't have come at a more poignant time. With Windows XP about to be put to rest, there will be a seemingly endless needs for businesses around the globe to replace those aging desktops. With all of the choices available to them, there is now one that stands well above the rest. That choice is Linux."

Jack,

I love your enthusiasm, but that kind of statement just doesn't go along with reality.  For companies with a very entrenched Wintel group, that kind of change is not going to happen in the short amount of time that XP has left.  Look at Munich, it has taken them the better part of 10 years, and even though they declared it complete, to switch to Linux they still have to rely on some Windows stuff (in VMs).

And for you haters out there that like to bring up the fact that it took them 10+ years and whatever arbitrary amount of money figure you want, you seem to miss this very simple fact.  It was a MAJOR under taking to switch.  I wouldn't believe anyone that said they could OR did it in less time.  How long did it take for MS to displace Novell as the file/print server of choice? It took many years.  The only thing that really helped them out was the fact that they already had the end users desktop.

Wake up and stop buying MS's crap. Literally and figuratively...

Cicuta2011
Cicuta2011

Some time back the NY Times published an article about Munich, Germany, government dropping Windows as the OS for them to use and switching over to Ubuntu Linux and their migration was 100% successful. Needless to say that Microsoft sent a CEO to convince Munich government to remain with Windows to no avail. My comment to the article was that all countries should learn from Munich and drop Windows altogether as I have always sustained that Windows is for the home use and not for Enterprise use. Windows has always been notorious for problems such as crashing and infection with viruses which any UNIX platform does not have. Home users should start learning Linux in fact and replace Windows with a Linux platform!


The_Real_BSAFH
The_Real_BSAFH

@Dave Silva: Your wrong as my Fail2Ban log is full of attempts to get on my internet facing Linux servers.

@David Moore: Your just wrong....

Крис Скотт
Крис Скотт

Dave Silva Your information is wrong. Linux dominates the world spectrum of computing without even dabbling into the sheer domination of arm devices the world over including your home routers, TV, Cell Phone, Gaming consoles, Automotive ECU/Computers so on. 98% of servers around the world run the Linux kernel. China has set Linux as the national OS, the 3 million students in Brazil whose school system supplies Linux systems with KDE will also disagree with you. You know nothing of security so stop opening your mouth in the regards of system security. When you understand what hardened tool chains are how aggressive Cflags subject buffer overflows, what a hardened kernel is and start explaining memory hooks rewriting leading bits of the stack to redirect to arbitrary code locations in memory before modules load and how buffer overflows can write arbitrary code into adjacent memory then relate system privileges and groups to windowsS AIO answer of AD and the sad excuse of PWD management SHA-ECB-MD4 passes then come back and discuss security.

gallen
gallen

Jack, I agree, Linux is winning. I know this is "small potatoes", but I know support 14 business with debian servers, and 3 companies running ubuntu desktops (no windows), and loving it!


I really enjoy your articles


Greg

symowallo
symowallo

The article was written for sysadmins, not users. People use a given O/S for the APPLICATIONS, not the security.

jpar1322
jpar1322

Started in UNIX in 1972, have never enjoyed gates ware, but was forced to lived into that enviroment. I think my greatest accomplishment was a member of of the 1M line C+ for the Space Shuttle Drawing System, running on a massive Sun sparc. UNIX is the only answer!!! 

jumbybird
jumbybird

How much were they paid for that ringing endorsement of Ubuntu? I don't trust these security companies as far as I can kick them... 

OOPS. Look at them  try to hack me now.

LukeVizzicks
LukeVizzicks

When Lobbying inside the UK Government by Canonical starts to pay back...

I am not saying Ubuntu did not deserve to come out with a good score but when it comes to GNU/Linux distro security and stability Ubuntu is not near the top. It does not compare against openSUSE, Fedora or Debian. Then you have the enterprise distro's like Suse and RedHat.... (lobbying stinks)

jmward
jmward

This article is both misleading and wrong.  Examination of the references given, including the Canonical summary, shows that the two major desktop systems, Ubuntu 12.04  and Windows 7/8, obtained the same assessment results in all the categories except Device Update Policy, where Windows obtained the level "some risks to be aware of" rather than a satisfactory pass.  There were no categories in which either Windows or Ubuntu obtained assessments of "Significant Risk".

Ubuntu obtained 9 passes and 3 "Risks to be Aware Of".
Windows 7/8 obtained 8 passes and 4 "Risks to be Aware Of", as did Apple OSX.


There were separate (and worse) assessments for Windows 8 RT and Windows Phone, but in the desktop arena, usage of these is insignificant.

"Samsung devices running Android 4.2" did not score as high as Ubuntu 12.04.  They scored a "Significant Risk" in one category.

Ubuntu Linux is not "one [choice] that stands well above the rest".  It and Windows 7/8 are at essentially the same level.  So is Apple OSX.  Ubuntu is certainly not "far ahead" of either.

"And in the end... Linux wins. Period."?   Absolutely not.


"linuxbrandon", below, says that this is "by far the most honest" article he has read all year.  As far as I can see, it is one of the most dishonest pieces of writing I have ever come across.

I have no particular axe to grind as far as either Linux or Windows is concerned; I use both.  The decisions of Munich city authorities and the French Gendarmerie, as well as Italian authorities, to change over to Linux, based on well-thought-out long-term financial and software maintenance policies, seem to me laudable and well-founded.

But this article provides no evidence on security whatever for a corporate policy following either the Windows or the Ubuntu Linux course.  I think it is a disgraceful piece of journalism, and Mr Wallen should be ashamed of it.



Leonel Verdin Rios
Leonel Verdin Rios

That's the reason I'm ALWAYS choice my favorite Linux Distro. (SuSe in this case)

Dave Silva
Dave Silva

secure because no one gives a damn. If it ever gets to the market share windows has, it will not be secure because there would be a reason for evil money grubbing whores to destroy it.

Крис Скотт
Крис Скотт

This isn't even debatable. Linux runs the worlds servers and security.

Matt Kearns
Matt Kearns

Agree, but actually using it with non-technical staff is a major issue.

Gisabun
Gisabun

This coming from ONE organization and reported by someone in the Linux community. If you had [say] 5 organizations saying the same thing, that is one thing. But one? Forget it. That's like believing W3C's statistics and no one elses....

Andrius123
Andrius123

GNU/Linux is certainly the most secure platform but not necessary Ubuntu is the most secure GNU/Linux distribution. I suppose they just didn't test others... Why not Debian, Cent OS ir Gentoo hardened?

This test is probably fine except that Secure boot has nothing to do with a security. It was always about making harder to replace preinstalled Windows.

Knighthawk5193@Yahoo.com
Knighthawk5193@Yahoo.com

Interesting indeed.....but its easy to push a platform that is flawed and full of holes when you have the financial clout of a small country. Had the playing field been level in regards to advertising expenditures, I'm almost certain Linux would have outshone Windows and MAC from it's inception. But it is clearly observable that the future isn't bound to Microsoft Windows anymore, as various flavors of Linux are being deployed as replacement for Windows XP / Windows 7. It will be interesting to see how long it is before corporations such as the J.P. Morgans....the Wells Fargo's.....and other corporate giants adopt and accept that they have to make a monumental change regarding their OS platforms.

marcushh777
marcushh777

Thanks for the article Jack.



Keep up the good work.



Cheers

linuxbrandon
linuxbrandon

This is the best article I've read all year, and by far the most honest.  Thank you for sharing Jack!

VortexCortex
VortexCortex

@Cicuta2011   Have you ever used AutoCAD or Adobe products? These software are commonly used by enterprises and none of them are support Linux so your argument that Windows is not for enterprise use is sheer nonsense. Also, you forget the fact that home users use OS for the software and hardware it runs on, not for the OS itself and as we all know, Linux is notorious for its weak software/hardware ecosystem. It's the biggest reason why Linux on the desktop has never taken off. That said, home users are not going to replace Windows with a Linux platform that doesn't support their favorite Windows applications or hardware (e.g. printer not compatible with Linux).

jdcnservices
jdcnservices

@The_Real_BSAFHInteresting. The article speaks about "desktops" and "Windows XP", and you bring up servers.  Or, are you aware of some Windows XP servers out there on the web of late?  The fact is that a lot of hackers go for the low hanging fruit because they are in it for the money and the popularity of Windows desktop systems makes it a target.  No matter who is on top, that will be the target, and no system is foolproof.

LukeVizzicks
LukeVizzicks

@gallenHow can you say 'Linux is winning' since chromebook (built on top of a GNU/Linux distro with a linux kernel) was also included and scored badly ?

LukeVizzicks
LukeVizzicks

@symowalloI I use it for both applications and security ..also stability, that is why I use Debian GNU/Linux

Cicuta2011
Cicuta2011

@LukeVizzicks I just email the lab which did the test and asked them if they included other UNIX platforms as Linux is a derived UNIX platform. For me Solaris and AIX are the best UNIX platforms and HP comes after those two. I have used RedHat and Fedora and they are pretty good, Susy and Ubantu are in my list for testing later on.

symowallo
symowallo

@jmward not surprising from this author. He is the most biased, anti-Microsoft basher in the industry and nothing he writes can ever be considered to be even-handed.

SalSte
SalSte

@Andrius123Ubuntu has the advantage of offering paid support through Canonical, as well as scaling well to both laptops and desktops (CentOS is a nightmare with the former). The last thing any enterprise class IT would want is to have to rely on community support.

lesterbauman
lesterbauman

@linuxbrandon 

Well, maybe. But until Microsoft ports Excel to Linux, all the pro-Linux essays in the world won't make any difference to corporate users.

VortexCortex
VortexCortex

@LukeVizzicks  


Likewise, I use it for both applications and security ..also stability, that is why I use Windows.

marcushh777
marcushh777

@lesterbauman um, microsoft is irrelevant; they don't need to port anything.


LibreOffice has arguably the *best* spreadsheet hand-down, bar none; it even supports MS formats... so corporate bean counters are covered. 


We have been using LibreOffice for several years now... no problema...


Cheers

linuxbrandon
linuxbrandon

@lesterbauman My workplace is already migrating to Google Docs, which can handle spreadsheets just fine.  As can LibreOffice, which is getting better with every update.  I'd suggest you look into alternatives before completely disregarding options besides Windows!

VortexCortex
VortexCortex

@marcushh777 @lesterbauman  I strongly disagree with you. Only an idiot would say Microsoft is irrelevant. MS Office is superior to Libre Office in every measurable way. For example, Libre Office lacks smart cut and paste which adjusts the spaces between words and punctuation when I move text. Word has that for many years and it is a simple thing I and my co-workers can't live without it. Same goes for spreadsheet. Calc's DataPivot severely lags behind the user-friendliness of Excel's Pivot Tables.

I should also mention that many corporations use more than just MS Office. They use software such as Adobe Photoshop, Sony Vegas Pro, AutoCAD, Offline Explorer Enterprise, etc. None of which are compatible with Linux.

asif
asif

@marcushh777@lesterbauman Um, thousands upon thousands of users, CEO's and director level executives would disagree with you. In an effort to cut our IT expenditures, the CFO pushed me to find an alternative to MS Office. We tried Google docs, Open Office, and LibreOffice...all were overwhelmingly rejected by users and executives. Nothing matches MS Office, Outlook and MS Exchange. Nothing. I don't care how much you claim or scream about it. Our CFO is cheap, and he was willing to stay with MS Office over free, very telling to me. Now I could easily move us to Ubuntu desktop (well, not easily), but without MS Office or a REAL alternative, it aint gonna happen.

BTW, I have been in IT almost 20 years running in both a Windows and Linux environment. I have never had one Windows server compromised, and from my 50 desktop and laptops (Windows 7), I have only had 3 machines compromised by Malware, but they were fixed in a matter of a few hours. The secret? No Windows XP, don't run users as local admin, protect computers with GFI Vipre and Malwarebytes. Those machines were easy to clear because they Malware could only run as the local user, so damage was minimal.

MathUHenry
MathUHenry

@dogknees@marcushh777@lesterbauman  

Pivot tables and protection at sheet and file level are set. And there are some ways in which LibreOffice is ahead of Excel.

ODBC compliance - not yet - I don't know why.

VBA is the real sticker. It likely won't ever get integrated because 1) it's an undocumented language and 2) for office files, it's the primary vector of malware. That makes direct integration with 3rd party addins a real disconnect :(

dogknees
dogknees

@marcushh777 @lesterbauman Is it fully equivalent to Excel? I've heard this so many times over the years, but when I dig into it, there's a whole lot missing. Similarly, does it run ALL functionality for Excel files?


Features that are important to us: VBA, Pivots, ODBC compliance, direct integration with 3rd party addins, protection at the sheet and file level.


I'm at the point that I would be very interested in alternatives as long as they meet our business needs, but I need to be sure I'm not going to go down a path that leads to a dead-end when things get complex.

Editor's Picks