which Operating System is easiest to hack?

I’m a little tired of hearing completely uninformed people talk about Vista.

Whether they praise, or criticise, they’re usually not even remotely clued in properly.

They merely repeat what they heard, or read somewhere.

It’s true, Vista is more secure than XP was when it was released, but then again, Microsoft seem to always just compare themselves to their own last product. Why should they get bragging rights by comparing their latest and greatest to an OS that was released in 2001. Isn’t it ridiculous?

There’s been a lot of news lately about how easy it is to hack a computer (any computer).

I’m talking specifically about the 2008 CanSecWest security conference ‘PWN to OWN.’

It’s a yearly conference where cash rewards are given to people who can successfully hack a machine. This year, the fastest hacker wins $10,000.

The catch?

In the first round, the hack must work on a stock machine, without any 3rd party apps.

The Operating Systems?

Windows Vista SP1

Mac OS X 10.5.2

Ubuntu 7.10

So, which was the first machine to be hacked?

I was a little surprised by this, but it was a brand new Mac Book Air running Leopard.

It took Charlie Miller and his team just 2 minutes to gain complete control of the system.

The catch? It was an exploit in Safari (the mac web browser).

Many might say that this is the fault of the browser, and not the OS.

While they’d sort of be right, the OS really should have a policy kit to stop wayward apps from causing havoc.

What was the 2nd machine to by compromised?

Unsurprisingly, it was Vista. While it took more effort than Apple’s machine, it wasn’t overly complicated. It was also done through the web browser, with a plugin (Adobe Flash) vulnerability.

that leaves just one unscathed machine.

Yup, it was the GNU/Linux machine running Ubuntu 7.10.

So, why is it that Linux didn’t get hacked ?

I’ll tell you. It’s really quite simple.

Lets say you spend 5 years creating something.

You release it. It does well. You spend the next 5 years supporting, fixing, improving it.

Surely, it’s now a much better product than it was upon release, right?

There’s something wise about this logic. Unfortunately, microsoft don’t seem to get it.

They proudly ‘rewrite from scratch’ at almost every release.

But why? If Windows XP is now really stable, reliable and secure, why on earth throw it away?

I’m not really sure.

I know there are sometimes fundamental differences that need to be changed, and require major rewriting, but the problem is that there are many bugs in Vista that are there because the OS is new. According to history, by the time Vista is a little more stable and reliable, they’ll chuck that out, and start again anyway. The cycle will just continue.

This is where Linux (and Apple) are different.

With a linux OS release, they take the exact code from the previous release, improve it, and re-release it. It means you have a constantly evolving OS that rarely suffers from those n00b bugs that microsoft seem to keep recreating every few years.

Not only does this (generally) minimize bugs, improve stability, and speed up development, but it also means that old apps will continue to work on it.

Accordingly, when asked to recommend a computer to friends, I always recommend Linux to the tech savvy, and Apple to the less savvy. I never recommend Windows.

I still hold to the opinion that the only good thing Microsoft has ever created is Microsoft Office.

To paraphrase Linux Torvalds: Of the two, Apple is the least terrible.

I’ll leave more ramblings about Apple for another time.