Linux vs OS X | Which more secure?

[Niely]

Hello

I was actually wondering, a lot of people say that Mac OS X is a lot more secure then Linux + more suitable for pentesting, and programming.
Directly I clearly said: "No, Linux is more safe because safety is one of their main goals, there are also a lot more and better free tools for Linux available regarding pentesting and programming."

The other's reply was that you can run all tools available for Linux, also for Mac OS X + OS X is more secure for whatever reason.

But I was wondering, which is now actually more secure? Linux (Mint/Arch) or Mac OS X?
And which is the more suitable for Pentesting?
Which is the more suitable for programming?
And why?

Thanks for reading,
Niely

[hexdef101]

Depends on alot of things, but the simple answer is Linux. Here is why...

Linux seperates user and system level processes. This seperation is kernal level (maintained by the Iron Fist of Linux Torvalds)
While Apple claims to do similar, as the system is Closed Source almost no one can verify that apple doesn't simply incorperate backdoors around this seperation (its a good bet they do).

Also as Linux is Open Source there are Alot more eyes watching out just in case someone tries to sneak a backdoor into the kernal.
These eyes also have very large mouths attached that shout it to the heavens every time they catch something. Everything else is up to the Distro though, so some are more secure then others.

[Niely]

^Thanks a lot for your help!
Is Arch Linux for example good secured? Which is the best secured?

Maybe still other reasons why Linux is more secure and more suitable for pentesting/programming.

[hexdef101]

as to programming. That depends greatly upon whats being programmed. If your making an app to run on windows, its better to use their system,same for Mac, and Linux. While building a Linux Program is possible on Windows/Mac, there are alot of things that you have to take into account because of system differances.


Pentesting I will leave up to those who actually know about that sorta thing

[Niely]

^Thanks for your reply.
That's true.

But let's say, I want to create a browser. Which OS is the most suitable for that? Linux with all his free tools and customizing? Or Windows/OS X with expensive tools?
(Of course you need to change a few things for each OS, but for the biggest part).

[hexdef101]

Distro security differances are not That big an issue. Arch and those based on it are generally just as secure as any other Distro Base. I wouldn't worry greatly about that. I bet if you asked a 1000 differant linux users, you would get a 1000 different answers, as everyone has their favorite distro. Most of the security is Kernel Level so generally speaking its the same regardless of distro.

[hexdef101]

Again I would say it depends on what system you want to run your browser on. That said I suppose Linux would take the lead because many of the actual tools are Free and Open Source.

[Niely]

^Thanks!
I exactly thought the same!

Distro security differances are not That big an issue. Arch and those based on it are generally just as secure as any other Distro Base. I wouldn't worry greatly about that. I bet if you asked a 1000 differant linux users, you would get a 1000 different answers, as everyone has their favorite distro. Most of the security is Kernel Level so generally speaking its the same regardless of distro.

Thanks.
They stated that 'the software around the kernel' was insecure.

[hexdef101]

Of course they did. Thats just what I would expect they would say. After all you don't expect McDonalds to say Burger King is better.

[Niely]

Another question:
If XNU (Apple's kernel) is open-source, doesn't it have equal as much chance to get vulnerabilities found as Linux? Most security is kernel based...

[ktheking]

Not much difference in both. They both are an adoption of MAC (Mandatory Access Control)

The discussion boils down to the difference between TrustedBSD, AppArmor and SElinux.

more here : http://en.wikipedia.org/wiki/Mandatory_access_control

Default Ubuntu : AppArmor
RHEL,CENTOS,etc. : SElinux
Mac OS X : TrustedBSD : http://www.trustedbsd.org/mac.html

Here's a nice overview of SElinux : http://www.ibm.com/developerworks/library/l-selinux/

If I'd run apache (proxy/reverse proxy)webservers I'd deffo go for SElinux over the trustedbsd from OSX.
But for regular desktop usage like mint, apparmor/trustedbsd/selinux are all good enough. Usually the real security risk lies between the chair and the keyboard.