Operating systems aren't any more secure than the idiot using it

So this week, we've had a roundup of posts on Apple's latest OS X release, Leopard, and the security "features" that went into it, where they fall short, and what's missing. Thomas Ptacek has a great post over at Matasano with even more insightful comments on the security of Apple's latest OS. (To those less technically inclined, the techiness increases exponentially. I love it!) Daniel Meissler also posted about the latest trojan to hit Mac, which in my opinion... isn't a trojan at all. To summarize his post, this is what's required for the "trojan" to pwn you:

1. Go to a malicious site. 2. Get prompted to install software. 3. Choose to install it. 4. Put in your admin password when it asks for it. 5. Get pwned.

So this brings me to, "an operating system is only as secure as the idiot using it." I'm tired of arguing about the security of Windows versus Linux versus OS X. They're pretty much all the same, and they're all insecure. A competent user or sysadmin managing it will limit the number of services running and ports open, install only signed/verified applications, and practice safe browsing. This won't protect you or them from an 0day.

Whether your grandma is more secure using one OS over another, again... it'll only be as secure as she can be. With more and more vulnerabilities exploiting the browser and targeting the user, no OS is secure.

Posted by Marcin on Thursday, November 1, 2007 in Apple, Linux, Security and Windows.