It would be wrong to assume that any OS is completely immune to malware, viruses and other malicious attacks. Apple, Android and Windows, the leading OS softwares for mobile and desktop, have all experienced their fair share of breaches, though some less than others.
OS software that account for smaller portions of the market such as Linux’s Ubuntu and the new Tails platform have experienced far fewer security issues, though many argue that this has little to do with resistance to attacks and more to do with market share. With malware attacks on the rise, businesses and personal users alike need to ensure that they are using the most secure OS possible.
“Today’s operating systems are more sophisticated and feature-rich than ever before,” says Ravi Patil, Technical Director, MMEA, Trend Micro, “this makes them substantially more useful to the user but also adds security vulnerabilities, unless the operating systems are configured, administered and monitored correctly.” To ascertain which OS is the most secure, first one needs to clarify the question. Security can be seen in two different ways. The first is the OS’ inherent resilience to attack. This comes down to the coding and design of the operating system itself. If there are vulnerabilities in the system, those vulnerabilities are likely to be exploited by malicious actors.
This also includes how quickly a system is patched and updated when a threat is detected. “In this sense,” explains Vanja Svajcer, Principal Researcher, Sophos, “there is very little in terms of security model and features, which distinguishes on OS from another.” In short, with a few differing details, most developers are on the same level when it comes to the physical build out of the security features of their systems.
The second way in which OS security needs to be assessed is market share. This has little to do with the actual structure of the software, and everything to do with the popularity of the OS itself. Hackers are more likely to develop malicious software that targets the most popular operating system simply because the breach will effect more users. The more users affected, the more likely the hackers are to benefit from the attack.
“We all know that Microsoft Windows OS has the lion’s share of the market at almost 90 percent. The idea that the more popular you are the more eyes are on you holds true for the OS industry as well,” explains VS Pradeesh, General Manager, ESET Middle East. As such, operating systems such as Apple’s iOS are more secure, but through no innovative development of their own, simply because they have fewer users.
Guillaume Lovet, Senior Manager, EMEA Threat Response Team, Fortinet, agrees. “A very popular OS is obviously going to be a lot more likely to be targeted by hackers and cybercriminals than those with low market shares,” he explains, “This is because the popular OS will offer a better ROI for them.”
The converse of this market share issue also holds true. As an operating system becomes more popular, it falls under attack. “For example,” says Mohamad Amin Hasbini, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab, “with the increasing numbers of Android based devices, attacks have also increased, accounting for 98 percent of mobile malware in early 2014.”
Still, in spite of the fact that iOS has a smaller market share, it does not mean that the operating system is under the radar when it comes to hackers. “The myth about Mac OS unbeatable security was smashed when the merciless Flashfake Trojan managed to create the biggest Apple botnet, which consisted of one million infected devices all over the world,” Hasbini reminds us.
As we have established, market share aside, there is no such thing as a completely secure operating system. With that in mind, the best way to keep data safe is prevention. Prevention can take a plethora of forms, from behavourial modification to operating system updates. As hackers are beginning to take advantage of human error more and more, it is not only paramount that systems are kept updated, but also that users are kept abreast of new malware and scams. “Attacks these days are becoming socially engineered, meaning they take advantage of your behaviour online,” explains Megha Kumar, Research Manager, Software, IDC, “users need to be cautious.”
The Internet is clearly the largest attack surface for hackers. Connecting on any kind of network give hackers a doorway into a computer’s operating system. As such, users need to be particularly vigilant when browsing. “While browsing users need to avoid suspicious links and websites and be very careful about the sites they are visiting,” says Pradeesh. Users need to educate themselves on how to identify scam emails and false websites as well has how to password protect their sensitive information.
Beyond behaviour, there are, of course, ways to secure the operating system itself. Most operating systems come with some security measures built in, either in the coding itself, or how software is deployed. “On a secure operating system,” says Patil, “the protections are indistinguishable and non-removable from the operating system as a whole; therefore, it is much harder to work around them.”
In addition to any native security measures, users should install and keep updated anti-virus and internet protection software. “Users need to install the latest software updates from their corresponding vendors and choose a decent antivirus and internet protection for all of their devices,” says Hasbini.
The bottom line is that no operating system is without vulnerability and the biggest break in security is often the user. The most secure operating system is one whose resilience is bolstered by regular updates, robust antivirus software and best practices on the part of the user.
“Those people who know better are aware that there is a lot more to security than counting vulnerabilities,” says Patil, “Other, more credible criteria may involve factors such as code quality auditing, default security configuration, patch quality and response time, and privilege separation. Indeed, operating system security is a constantly evolving target. The most secure operating system is that which is operated by a savvy user.