Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References.

Published byAlan Cornelius Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References."— Presentation transcript:

1 CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References

2 Overview Briefly, Overview of Linux Security OS Vulnerabilities Linux Windows Max OS X

3 National Vulnerability Database Classifies and organizes reported vulnerabilities for various software programs and systems Mitre has the contract to maintain this database http://web.nvd.nist.gov/view/vuln/search?execution=e2s1 You can search this database for all the vulnerabilities associated with a system

4 Evaluation: Windows Vs. Linux Vulnerabilities The United States Computer Emergency Readiness Team (CERT) uses its own set of metrics to evaluate severity of any given security flaw Query CERT vulnerabilities notes database for “Windows” and “Linux” keywords to examine metrics for 40 most recent reported vulnerabilities A number between 0 and 180 expresses final metric, where number 180 represents the most serious vulnerability The ranking is not linear – In other words, a vulnerability ranked 100 is not twice as serious as a vulnerability ranked at 50 CERT considers any vulnerability with a score of 40 or higher to be serious enough to be a candidate for a special CERT Advisory and US-CERT technical alert

5 CERT: Query Result for Keyword “Microsoft”

6 CERT: Query Result for Keyword “Microsoft” (continued)

7 CERT: Query Result for Keyword “Linux”

8 CERT: Query Result for Keyword “Linux” (continued)

9 CERT: Evaluation of Query Results for Microsoft and Linux CERT web search capabilities do not produce perfectly desirable results in terms of granularity or longevity – Especially True for Linux The “Linux” search results include a number of Oracle security vulnerabilities that are common to Linux, UNIX, and Windows – In Top 40 CERT results for “Microsoft”, Top entry containing the severity metric of 78 5 entries have a severity rating of 40 or greater – In Top 40 CERT results for Linux Top entry containing the severity metric of 26.52 None other entry have a severity rating 27 or greater

10 Vulnerabilities http://blogs.zdnet.com/security/?p=758 Recent years, lots of comparisons – 2007 brought improved security with Windows Vista and Mac OS X Leopard – Compiled security flaws in Mac OS X and Windows XP and Vista and placed them side by side – Vulnerability statistics from third party vendor Secunia and broke them down by Windows XP flaws, Vista flaws, and Mac OS X flaws

11 Table of Flaws Windows vs. Mac Windows XP, Vista, and Mac OS X vulnerability stats for 2007 XP Vista XP + Vista Mac OS X Total extremely critical 3 1 4 0 Total highly critical 19 12 23 234 Total moderately critical 2 1 3 2 Total less critical 3 1 4 7 Total flaws 34 20 44 243 Average flaws/month 2.8 1.7 3.7 20.3

12 Analysis of Data Apple had more than 5 times number of flaws per month than Windows XP and Vista in 2007 – Most of these flaws were serious – This seems to go against conventional wisdom Noteworthy... – Windows Vista showed fewer flaws than Windows XP, Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren’t present in Windows XP

13 Update - Pwn2Own 2009 Want to guess the results of 2009? – Charlie Miller has done it again – 2nd consecutive year, security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser – Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine – Miller said he came to the CanSecWest security conference with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.” http://www.zdnet.com/blog/security/pwn2own-2009-safarimacbook- falls-in-seconds/2917 Current results beyond 2009 https://en.wikipedia.org/wiki/Pwn2Own

14 Microsoft Vulnerabilities http://www.sans.org/top-cyber-security-risks/#trends September 2009 Over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS08-067

15 References The Register Security Report: Linux vs. Windows http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_li nux/#execsummary http://blog.loaz.com/timwang/index.php/2008/03/30/security_vulnerabili ty_showdown_mac_os_v Security vulnerability showdown, Mac vs. Linux vs. Ubuntu http://blog.loaz.com/timwang/index.php/2008/03/30/security_vuln erability_showdown_mac_os_v IBM report: Vulnerabilities still going unpatched http://news.cnet.com/8301-1009_3-10154662-83.html Mac versus Windows vulnerability stats for 2007 http://blogs.zdnet.com/security/?p=758

16 The End

Download ppt "CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References."

Similar presentations

National Database Templates for the Biosafety Clearing-House Application (NDT-nBCH) Overview of the US nBCH Applications.

National Database Templates for the Biosafety Clearing-House Application (NDT-nBCH) Overview of the US nBCH Applications.
What is an operating system? Is it software?

What is an operating system? Is it software?
MS Access.

MS Access.
CSCD 303 Essential Computer Security Fall 2010 Lecture 5 - Desktop Security Vulnerabilities Reading: Chapter Security Hole.

CSCD 303 Essential Computer Security Fall 2010 Lecture 5 - Desktop Security Vulnerabilities Reading: Chapter Security Hole.
Professor J. JOHNSON, MSMIS.  History of Computers  Operating Systems  Microsoft Windows  Networking Concepts  Internet vs. WWW  Browsers 4/29/2015Prof.

Professor J. JOHNSON, MSMIS.  History of Computers  Operating Systems  Microsoft Windows  Networking Concepts  Internet vs. WWW  Browsers 4/29/2015Prof.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Miles McQueen, Jason Wright, Lawrence Wellman Idaho National Laboratory and University of Idaho September, 2011 Banff Metrisec Are Vulnerability Disclosure.

Miles McQueen, Jason Wright, Lawrence Wellman Idaho National Laboratory and University of Idaho September, 2011 Banff Metrisec Are Vulnerability Disclosure.
Security and Open Source: the 2-Edged Sword Crispin Cowan, Ph.D WireX Communications, Inc wirex.com.

Security and Open Source: the 2-Edged Sword Crispin Cowan, Ph.D WireX Communications, Inc wirex.com.
COMPUTER SYSTEMS OPERATING SYSTEMS AND SOFTWARE NEXT.

COMPUTER SYSTEMS OPERATING SYSTEMS AND SOFTWARE NEXT.
Upgrading Software CIT 1100 Chapter4.

Upgrading Software CIT 1100 Chapter4.
Assignment Marking via Online Self Assess Margot Schuhmacher, Lecturer Higher Education Development Unit, Centre for Learning and Teaching Support, Monash.

Assignment Marking via Online Self Assess Margot Schuhmacher, Lecturer Higher Education Development Unit, Centre for Learning and Teaching Support, Monash.
Operating Systems CS101 – Autumn 2005 Wk04 - Lecture 1.

Operating Systems CS101 – Autumn 2005 Wk04 - Lecture 1.
Advanced Security Center Overview Northern Illinois University.

Advanced Security Center Overview Northern Illinois University.
8 Systems Analysis and Design in a Changing World, Fifth Edition.

8 Systems Analysis and Design in a Changing World, Fifth Edition.
Server Operating Systems Last Update 2013.08.19 1.11.0 Copyright 2000-2013 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Server Operating Systems Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
The Death of Windows XP End of the line for venerable operating system Dr. Jan Vanderpool

The Death of Windows XP End of the line for venerable operating system Dr. Jan Vanderpool
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
ABSTRACT Before the evolution of computers, all the details in a banking systems used to be maintained manually. This is not advisable because maintenance.

ABSTRACT Before the evolution of computers, all the details in a banking systems used to be maintained manually. This is not advisable because maintenance.

Similar presentations

Ads by Google