Jump to content

What's the "best" OS for surfing the web?

miri

By miri
in General Chat

 Share

Recommended Posts

miri

miri

Posted
Posted

Hi,

I would like to ask the experts here a couple of questions.

As we're all aware the web can be dangerous terrain depending on where you are and more and more frequently it's just dangerous no matter where you are and what you do.

What do you guys think is the "safest" desktop OS to keep one safe while surfing?

Would it be wrong to argue that Windows is too risky because of it's wide spread?

What do you guys use and what are your safety policies while being out there on net?

Best wishes,

Miri

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

There is no best. Your security is up to you and your own practices. If you don't practice Safe Hex then the OS doesn't matter.

Yes, the Windows OS family is the largest target of malicious intent. That can be mitigated by practicing Safe Hex, maintaining the system properly and having situational awareness.

Link to post
Share on other sites
GT500

GT500

Posted
Posted

Browser's like Firefox and Safari cross OS boundaries.

I'm sure you also meant to include Opera, Google Chrome, etc. ;)

As for the "best OS for web browsing", technically the OS is just there to provide an environment for your Internet browser to run on, and provide the API's for it to access the Internet and display things on the screen (usually with help from drivers).

From a security aspect, you can make the case that a Unix-based platform is not susceptible to malicious software designed for Windows, however Unix-based platforms also have their own vulnerabilities (the recent rise in malware for MacOS is excellent proof of this). Windows has system file protection, and can replace its own system files with backup copies, which your average Unix-based platform does not do (even Linux, while it may at times seem bullet proof, cannot protect itself against a program that has root access and wants to change settings or delete/modify files).

Now, if all you want is an operating system with which you never have to worry about malware, then you would want something that loads from a read-only media (such as a bootable CD or DVD). There are various Linux and BSD operating systems that will do this, most of which come with a web browser such as Firefox, and some of which come with other web browsers such as Opera. There are also Windows based boot disks that you can build yourself using special software, although this is not as easy as just downloading an ISO image of a Linux boot disk. Going this route, of course, has some serious limitations. You are stuck with the software that is on the disk, and if you do install anything new then it is gone the moment you restart the computer (this is what makes them impervious to malware, as all changes made to a system by an infection, including the infection itself, are gone after a restart of the computer). Also, you would not be able to use any new hardware that did not already have drivers installed on the boot disk (although if you know what you are doing in Linux, you should be able to get around this limitation on a Linux boot disk, as you can reload the kernel without restarting the computer).

And, of course, after all of that... Virtual Machines with shapshots make life easier, even if you want to browse the Internet with an unpatched install of Windows XP. And there's also sandbox technology that can protect your computer from any permanent changes being made while you are browsing the Internet. You can actually stay on Windows (even if it is vulnerable) and remain in relative safety with these technologies.

Oh, and always make sure to install the latest updates, not just for Windows but for Flash, Java, etc. as well. ;)

Link to post
Share on other sites
CWB

CWB

Posted
Posted

yep ... what GT500 said .

put to task , i would choose a unix/linux based system (excluding the MAC) over windows .

the main reason is that the linux stuff is less of a "target" than MAC and windows .

as for which browser ...

as was stated , no browser is immune to attack/compromise ... some are more susceptible than others .

personally , i would choose FF with a few add-ons to help out the situation .

with windows , a *real* AV coupled with FF (with add-ons) is a prudent choice .

again , ones surfing habits determine to a degree the chances of infection/compromise .

to draw an analogy based on personal experience and the observation(s) of *others* :

"if you go to a bar to drink a few sodas , chances are , sooner or later , you'll be drunk"

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

I'm sure you also meant to include Opera, Google Chrome, etc. ;)

The list was meant to be exemplary but I did deliberatey leave out the Google data mining application. ;-)

As for the "best OS for web browsing", technically the OS is just there to provide an environment for your Internet browser to run on, and provide the API's for it to access the Internet and display things on the screen (usually with help from drivers).

From a security aspect, you can make the case that a Unix-based platform is not susceptible to malicious software designed for Windows, however Unix-based platforms also have their own vulnerabilities (the recent rise in malware for MacOS is excellent proof of this). Windows has system file protection, and can replace its own system files with backup copies, which your average Unix-based platform does not do (even Linux, while it may at times seem bullet proof, cannot protect itself against a program that has root access and wants to change settings or delete/modify files).

Now, if all you want is an operating system with which you never have to worry about malware, then you would want something that loads from a read-only media (such as a bootable CD or DVD). There are various Linux and BSD operating systems that will do this, most of which come with a web browser such as Firefox, and some of which come with other web browsers such as Opera. There are also Windows based boot disks that you can build yourself using special software, although this is not as easy as just downloading an ISO image of a Linux boot disk. Going this route, of course, has some serious limitations. You are stuck with the software that is on the disk, and if you do install anything new then it is gone the moment you restart the computer (this is what makes them impervious to malware, as all changes made to a system by an infection, including the infection itself, are gone after a restart of the computer). Also, you would not be able to use any new hardware that did not already have drivers installed on the boot disk (although if you know what you are doing in Linux, you should be able to get around this limitation on a Linux boot disk, as you can reload the kernel without restarting the computer).

Well that's not really true. I was in a discussion in '08 with an IA professional (CISSP, CSSLP, GIAC, yada, yada) and it was based upon a CDROM server hosting an array of DVD drives (the array was SCSI but was using SCSI to IDE interfaces mounted on each IDE DVD drive) using an embedded OS loaded purely from ROM. The fact is the OS may be Read-Only while stored on ROM but once the OS is loaded into RAM and operating then it can be compromised and thus could be made into a BOT or Zombie as the system had networking connectivity. It was not invulnerable to malware. I lost that discussion. You are making the same point I tried to make. Its a refutable point.

The last point being cross-platform malware. There is malware in the wild that can infect different OS' such as the BackDoor.Wirenet.1 or a trojan that infects MAC OS, Windows or Linux or the simple Office Macro Virus. If the OS runs MS Office then the OS can suffer the macro virus [ I really prefer to use 'parasite' to describe this family of malware and not virus because the macro lives in the MS Office "host" application but, I don't have a say in the definition. It does fit the definition of a virus as they do self replicate but parasites in the animal world also self replicate. ]

And, of course, after all of that... Virtual Machines with shapshots make life easier, even if you want to browse the Internet with an unpatched install of Windows XP. And there's also sandbox technology that can protect your computer from any permanent changes being made while you are browsing the Internet. You can actually stay on Windows (even if it is vulnerable) and remain in relative safety with these technologies.

Oh, and always make sure to install the latest updates, not just for Windows but for Flash, Java, etc. as well. ;)

Which goes back to mitigation by practicing Safe Hex, maintaining the system properly and having situational awareness.

Link to post
Share on other sites
Guest Seagull

Guest Seagull

Posted
Posted

To add to what everyone else had suggested...

I agree that no Operating System is perfect and you should use what you feel comfortable with. Windows can be very secure if implemented correctly and kept up to date.

My personal Operating System of choice is Windows 7 Ultimate x64. My browser of choice is Google Chrome with AdBlock extension My security setup is ESET Smart Security 5, Malwarebytes PRO, and TrueCrypt to encrypt my hard drive (my personal computer is a laptop and I take it everywhere with me so better safe than sorry and I have the whole drive encrypted.)

Like I said about Windows operating system, the software you use like a browser can be much more secure if you configure it correctly also. Same goes for your Anti-Virus and Firewall you can configure them to protect you much better by cranking up some settings, but this can cause the possibly of false positives, I have my settings in ESET Smart Security configured very tightly but I never had any kind of false positive.

I also have implemented Local and Group Policies that come with Windows. With Policies you can make Windows very secure and you have alot more control over the Operating System. For example, you can disable autorun in Windows Policies thus preventing some kinds of autorun viruses or malware from running automatically. If you're very paranoid you can use Software Restriction Policies to prevent software from installing in any given location to prevent malware or a virus from installing themselves.

I hope this helps. :)

Link to post
Share on other sites
GT500

GT500

Posted
Posted

Well that's not really true. I was in a discussion in '08 with an IA professional (CISSP, CSSLP, GIAC, yada, yada) and it was based upon a CDROM server hosting an array of DVD drives (the array was SCSI but was using SCSI to IDE interfaces mounted on each IDE DVD drive) using an embedded OS loaded purely from ROM. The fact is the OS may be Read-Only while stored on ROM but once the OS is loaded into RAM and operating then it can be compromised and thus could be made into a BOT or Zombie as the system had networking connectivity. It was not invulnerable to malware. I lost that discussion. You are making the same point I tried to make. Its a refutable point.

You are quite right about this. The point in using an OS from some sort of ROM storage is the fact that the data stored in the ROM cannot be modified, and thus a reboot of the computer is the same as a complete reformat of the install media and reinstall of the operating system. Obviously I left out this little detail, however when running an operating system from a bootable CD or DVD for the purposes of Internet browsing, one must not leave the operating system running when they are done browsing, otherwise the point of using an operating system from a bootable CD/DVD is nullified. ;)

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

I caution people about making broad statements that Product X is more secure or safer than Product Y. The security of that system is based upon the actions of the system manager. That is a system user or owner of a personal computer. I have always stated that all the software in the world won't protect them from their own actions. That includes the base Operating System. One can not be lulled into a false sense of security merely because they were using Product X and it is purported to be a safe OS.

As for the preponderance of malicious software, viruses and worms are but a subset of all malware and when in such a such a discussion they must be approaching this from the overarching concepts and principles of the discussion where "malware" is concerned.

This again all goes back to my statement about "...mitigation by practicing Safe Hex, maintaining the system properly and having situational awareness." which is actually an OS independent statement and covers the system of systems known to be any computing platform. I use the terminology "system of systems" because summed up that's what it is and can be modeled as such. When modeling a computing platform as a "system of systems" it is no different than an automobile. One might not see the correlation but in black box modeling they are the same and can be modeled the same. When you look at this from a POV as a black box model you can compare an automobile to a computer. For example the "ignition system" is a subsystem of the automobile and the software associated with networking is a subsystem of a computer. You can look at maintenance. If you don't change the oil or check the air pressure of your tires it will lead to system failure. Likewise not properly updating the software can lead to a system or subsystem failure. One can then use the same examination concerning the operator/owner of the "system of systems" where their actions have a direct correlation to the perceived "safety" of that system. If an individual took Darvon and proceeded to the bar and consumed 2 shots of Jägermeister and attempts to drive a purportedly "safe automobile" then the safety of the factory vehicle becomes lessened by the actions of the operator/owner. The same goes with a computer. How one uses and operates that system of systems can diminish the factory (Plain Jane or Stock) OS.

Link to post
Share on other sites
DarkSnakeKobra

DarkSnakeKobra

Posted
Posted

I caution people about making broad statements that Product X is more secure or safer than Product Y. The security of that system is based upon the actions of the system manager. That is a system user or owner of a personal computer. I have always stated that all the software in the world won't protect them from their own actions. That includes the base Operating System. One can not be lulled into a false sense of security merely because they were using Product X and it is purported to be a safe OS.

That is so true. On Linux/Unix you should always run the sudo command to run/install with root and never log in directly as root(root account should be disabled). As well as paying attention to what you install/run.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.