El artÃculo data de finales de Marzo de 2007, y se llama 2006 Operating System Vulnerability Summary.Los sistemas analizados son Windows XP, Server 2003, Vista Ultimate, Mac OS9, OSX Tiger, OSX Tiger server.5, FreeBSD 6.2, Solaris 10, Fedora Core 6, Slackware 11, SuSE Enterprise 10 y Ubuntu 6.10.
Todos estos sistemas fueron sometidos a escaneos de vulnerabilidades durante la fase de instalación, algo que es la primera vez que veo. Posteriormente, se repitió el análisis tras el primer inicio, para dar a conocer la situación del sistema “tal y como vieneâ€. Adicionalmente, con nmap, se hicieron enumeraciones de puertos y servicios, para determinar el grado de exposición frente a ataques externos tras la instalación.
Las conclusiones son más o menos las que todos tenemos en mente:
As far as “straight-out-of-box†conditions go, both Microsoft’s Windows and Apple’s OS X are ripe with remotely accessible vulnerabilities. Even before enabling the servers, Windows based machines contain numerous exploitable holes allowing attackers to not only access the system but also execute arbitrary code. Both OS X and Windows were susceptible to additional vulnerabilities after enabling the built-in services. Once patched, however, both companies support a product that is secure, at least from the outside. The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each system generally maintained its integrity against remote attacks. Compared with the Microsoft and Apple products, however, UNIX and Linux systems tend to have a higher learning curve for acceptance as desktop platforms.
Fuente: http://www.sahw.com/wp/