Safest OS and Anti-virus combination?

[Maru777]

Hello tom'sHardware community,

I am thinking about making a separate super-secure netbook/laptop for financial transactions (mostly just because I am a little paranoid, and also just for fun).
So I came up with these question:

Which operating system (Linux/Unix distributions, OS X, Win 8, etc) is least susceptible to attack?

I would imagine that antivirus software made for more mainstream operating systems, such as Windows, are more robust and have more up-to-date virus definitions than anti-virus software made for Linux/Unix. (Correct me if I am wrong). Does a more robust mainstream antivirus necessarily more secure than a safer OS (i.e. Unix) with it's own less mainstream anti-virus?

Thanks!

 

[Emerald]

There are mainstream AV software programs for Linux which are as robust as the Windows version.

http/www.makeuseof.com/tag/free-linux-antivirus-programs/

Personally I would go for Linux with Firefox.

 

[jazzop]

The best anti-virus protection is your own behavior. It far outperforms any security software on the market.

The next line of defense would be to protect against directed attacks (which are fairly unlikely if you don't have enemies or advertise yourself on the web as something worth attacking). The obvious solution is to unplug the ethernet cable when you don't need to use it. If that's too impractical, you can spend a lot of time fine-tuning your firewall and disabling services that punch holes through the firewall.

If you are worried more about government surveillance and that sort of thing, you can have a bootable system on a DVD or thumb drive. Each time you shut down and restart, you have a brand new system with no prior history. You'll need to micromanage what happens to any files you want to work with, since they won't persist after shutdown. You can plug in a second USB drive to store your files separately.

 

[eatmypie]

If you are just going to bank websites and not talking about storing other peoples financial information on your computer there is no need to have AV on linux or if you have a mac with OSX. The only reason why any linux or mac users will use AV is if they have files on their system that they use with something like a SQL database and they implement it so the users downloading or going to their website don't become infected. But I wouldn't really recommend just AV if you go that route I would implement a few virtual servers to deal with the transactions. Then I would set up something like an IDS and IPS sensor via another virtual box to put sensors on both the IDS and IPS for whatever you use for the transactions. But if you just plan on doing something like I said before where it is just you using it to do your own banking I would download https/www.whitehatsec.com/aviator/ if you go the linux route I just downloaded the mac version and extracted it as a tar ball I believe and then I think it has an install.sh file after you extract it.

 

[okcnaline]

Grab a Mac. And by itself it already has the best security.

 

[eatmypie]

Apple forgot to roll out over 6 months+ of updates, it isn't the most secure by far.

 

[okcnaline]

It's more secure than Windows, as far as I care. The reason is the secure structure of the OS.
1) BSD kernels are fundamentally different than Windows, which makes Linux and BSD much more harder to get infected. Why? Same fundamentals for Windows viruses are different for the basis of Unix.
2) BSD kernels are variants of Linux, and has common codes but also different codes. Regular Linux viruses aren't quite well exposed against BSD.
3) Apple locks down the system pretty well. It's impossible to run the virus as a kernel extension (.kext, or drivers) because there is an exclude list. There are also more of these security stuff all around the OS, at places that are possible to penetrate when permission is given.
4) Along with a good firewall, antivirus, security... And I think scans are conducted without using much resources.

Even if Apple forgets to roll out updates, it's still more secure than others. It's because of the kernel and the OS.

 

[eatmypie]

It isn't, mac OSX and linux are both easily exploitable. Most people like you fall into this category of thinking it is, less than 10% of computer users use a mac, so it makes no sense for for most people creating exploits in their little warehouses to pay people to develop them. Most of the mac related viruses and malware are never noticed for months because of this. If 80 or 90% of users started using macs the target operating system would change and most of the malware and viruses in the wild would change completely where you would see windows becoming less infected and less windows users needing antivirus or any form of security.

Also a lot of exploits are out there for macs but no vendor really cares to use them if you look at http/www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/cvssscoremin-2/cvssscoremax-2.99/Apple-Mac-Os-X.html it shows you a lot of the vulnerabilities, but nothing like a code or anything else that lets other use them. It is meant as a security reference.

 

[okcnaline]

It's easy to exploit, but you'll need root to do any damage. About 25 of the vulnerabilities listed are applicable for RELEVANT versions (10.7-10.10), and I'm sure they're patched. And most of that is merely identification problems, so it's not a virus.

And you're right! Every system is vulnerable, but then Macs aren't as badly infected because 1) it's more prone to security fixes when there is one that needs it and 2) there isn't much viruses to do so.

Compare the website you listed against ones for Windows 7 or 8 or 10. Let's see: there are 115 vulnerabilities this year alone. http/www.cvedetails.com/vulnerability-list/vendor_id-26/year-2015/Microsoft.html There are around 50 vulnerabilities for Mac.

 

[eatmypie]

You still are missing the point, also the website I listed only shows a few involving what comes packaged whenever a user installs the os. So you still aren't comprehending what I'm saying correctly. Each vulnerability could spawn several different pieces of malware that could contain different hashes values and could go undetected. But a majority of exploits happen from actual apps, and there a several apps that work on both OSX, and windows. So if the app is vulnerable itself, the chances are that it will most likely effect all the operating systems it supports. As far as needing root privileges goes for actually carrying out an exploit is completely false, if you had a decent amount of knowledge in security you would know this. I own a mac and I do most of my work on a mac but I don't try to defend it by saying it is more secure than any other OS because it isn't.