"Windows is currently the most secure mainstream OS. I mean, we can’t stand _using_ it, but that doesn’t change the facts." --the grucq (exploits merchant, opsec expert).

_________________
Occupy Babel!

Secure as in you cannot escape from it once it has you in its clutches.

_________________
Still officially AGA 5d but I play so irregularly these days that I am probably only 3d or 4d over the board (but hopefully still 5d in terms of knowledge, theory and the ability to contribute).

Windows and Linux can be configured the most securely. The degree of security depends on the Windows version. Windows 10 creates the subproblem to consider privacy violations by Windows itself. For out-of-the-box use, iOS might be the most secure in practice for careless users, however, other attack vectors, such as social engineering or state hackers breaking encryption thanks to too short pass codes, remain. The best security combines remote backups with separation from the internet.

Most secure mainstream OS? This could be argued (Windows 10 is certainly the most secure *Windows* OS) though I'd like to see the rationale for it being strongest overall as it's weaker in many aspects such as privacy (thanks Cortana!).

Most secure non-mainstream OS? Nope. Not by a long way.

I love Big Brother.

_________________
The Adkins Principle:
At some point, doesn't thinking have to go on?
— Winona Adkins

Visualize whirled peas.

Everything with love. Stay safe.

There is no such thing as an OS always having the same security. It always depends on how it is configured and used.

Get yourself a Smartphone or just move to the UK then

Some OSes come in different flavours. For e.g. Debian doesn't come very secure out of the box as it's general purpose (and some of its defaults are odd -- no firewall rules, all home directories readable by every user, sub-optimal config of for things like ssh etc.). Tails however, is a security-focused version of Debian. All of this is agreeing with what you wrote above. It's just the distro maintainer is doing the configuring for you. You can still come along and wreak it (install Flash, Java, change good defaults to bad ones..) but you have to be determined. Whereas with non-secure defaults you have to harden -- which people generally don't know how to do or know that they even need to do.

OpenBSD is an OS that is designed from the ground up with security in mind first. One remote exploit in ten years? Windows 10 might well be the most secure mainstream OS, but let's see how the CVEs tally at the end of 2016.. I know which one I want controlling my lift

As I get older, my sense of what's "now" spreads out. This talk was from 2012, so it's Windows 7, maybe 8 days. Pre-cortana and all that. And he mentions Linux critically before mentioning Windows but never mentions any of the BSD families.

Anyway, here's the presentation (http://www.slideshare.net/grugq/opsec-for-hackers). It just jumped out at me because I remember people being incredulous that Robert is very concerned about security, but used Windows.

_________________
Occupy Babel!

I think that "security" is a very wide subject, and we need to specify what exactly it means in this context. Below are a few examples of what I am talking about:

- prevention of targeted hacking
- prevention of adware, malware, and viruses
- data safety and persistence
- overall system stability
- etc.

In each of the cases "security" means something slightly different, and the system might have to be configured differently depending on what we mean. Some configurations which might help one issue, might damage another one, so it is important we know what we want. For example, data persistence can be helped by off-site storage (cloud?) but this might lower the hacking resilience.

Generally, I would not trust Windows very much, Win10 or any other flavor. Not because it is so bad necessarily (I think Win10 is OK for a Win OS) - but because it is by far the most popular platform, and so most hacking, addware, malware, and viruses will be targeted at it, and the most effort will be done to circumvent any security on it. Its just common sense - the most bang for the buck! Why target a 2% system if you can target a 90% system? Win10 is still relatively new, so it might be secure now, but just give it some time...

So, which kind of security do we mean? Or all of it?

_________________
- Bantari
______________________________________________
WARNING: This post might contain Opinions!!

Heh... There is more truth to that than most people think.

As a gamer, I desperately tried to avoid Windows for years.
But finally, I had to give in and buy me a Win laptop. <head hanging in shame>

_________________
- Bantari
______________________________________________
WARNING: This post might contain Opinions!!

Bantari, percentage of tried attacks means very little. What matters is frequency of successful attacks for a given OS, configuration and use. E.g., a very frequent kind of attack is email attachments. By, e.g., never automatically or manually opening any attachment, zero such attacks are successful.

Humans are still the biggest risk factor.

You misunderstood. I was not talking about percentages of attack, although this is certainly part of it as a logical consequence.

My point was this:
Windows users are the biggest target. Therefore, the most time and the most resources are invested in breaching Windows security. Therefore, its security is breached the most. Therefore, it is by definition a less secure system - even if in feature-by-feature comparison it might hold its own. This is all I am saying.

Or, in other words, there are not as many viruses written for Ubuntu as there are for Windows. And this will hold in the future indefinitely, I think.


This is a trivial example, not sure what you wish to illustrate.
By the same token you can say that you can avoid absolutely all attacks if you never turn your computer on.

_________________
- Bantari
______________________________________________
WARNING: This post might contain Opinions!!

(They should, of course, just guess "correcthorsebatterystaple" for his password.)

I think Android is more common than Windows.

_________________
Occupy Babel!

With respect to their individual spaces, I am not sure what you say is true.
Windows has over 90% of desktop/laptop use, while Android only has around 60% of mobile use, according to my very fast and dirty looksee.
If these numbers are true, then I also doubt that Android is more common than Windows in absolute sense. It is true that mobile is more used than desktops these days, but the mobile numbers are not yet higher enough to overcome the 30% gap, I think. Although, I might well be wrong, so if you have better numbers, let me know.

Anyway, in this context, regardless of total numbers, the effort at hacking Windows should be much more consolidated than that at hacking Android.

__________

Mobile devices are a different animal altogether, so I am not really sure if this applies. Have not thought about it much, so maybe it does. But my understanding was that mobiles have addiltional layers of hardware and software security built in by default, which are not (and probably can not) be present on desktops. For multiple reasons. This makes them much safer out of the box, but also more limited.

_________________
- Bantari
______________________________________________
WARNING: This post might contain Opinions!!

Android has the highest shipments of any OS by far: https://en.wikipedia.org/wiki/Usage_sha ... ng_systems, but I can't quite find anything that indicates installed base on that page.

Android security has been ...criticized...: https://news.ycombinator.com/item?id=10474660
including in the presentation I linked to.

_________________
Occupy Babel!

About that! It turns out that my attempt to link to the slides was not successful. The actual talk was "COMSEC, Beyond Encryption" from 2015 (so more recent) and even more vulgar than the one that I actually linked to (NSFW). Feel free to look it up.

_________________
Occupy Babel!

Interesting.
I wonder if it would also hold if they combined all the Windows versions into one category.
Or split all the Android versions into separate categories.

The way the data is presented is misleading. Which does not mean it is not true.

My own quick googling got me the following: https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=1 which assumes Win has +90% in its space (desktop+laptop) while Android has +60% among mobiles.

But then here: http://www.zdnet.com/article/the-federal-government-on-what-are-the-most-popular-us-end-user-operating-systems/ they seem to quote government data from last year which combined results, and Win is at ca 58% in first place, while Android is in 3rd place at 13.9% behind iOS at 16.4%. Last year's data, but still... did it change that fast that drastically?

It seems we can find any data supporting any hypothesis on the internet. So I still have no clue.

And yet, for the purpose of this discussion, my gut feeling tells me that Win has an absolutely overwhelming market share within the target group = Go player(s) paranoid about system security yet year after year unwilling to switch to a system more secure than Win.

Can you find any solid numbers on that?

_________________
- Bantari
______________________________________________
WARNING: This post might contain Opinions!!