A debate has been raging over whether open-source or proprietary operating systems are more secure. Because access to proprietary source code is closed, it's less likely to be exploited, say supporters. Open-source backers argue that the support of a programming community means more eyes are examining and working on the code, so that bugs are likely to be spotted and fixed sooner.
Novell's recently released consumer OS, SuSE Linux Professional 9.3, is built on open-source underpinnings. Executives from the company said that even though the design of its products might be more transparent than that those from Microsoft or Apple, Novell's approach to security is likely similar to that of its proprietary rivals.
"Whether its Linux, Tiger or Longhorn, you have to treat security as a process rather than a state," said Roman Drahtmueller, Novell's Linux security architect. "It's not going to be only a feature or solution or a product that can make your environment or network secure, it's about the procedures and processes regarding how software security is treated in general. We may think that Linux does a better job of that, but I believe all the vendors are looking at security in this manner."
Security upgrades in the new generation of OSes range from improvements in the underlying architecture to the inclusion of anti-spyware and other tools, the manufacturers said.
For Apple, the most important new security features in Tiger are technologies that help consumers control the programs they add on top of the OS, said Wiley Hodges, a senior product line manager at the Mac maker.
"Obviously, user behavior largely dictates the security of an OS," Hodges said. "We understand that, and it has helped dictate a lot of what we've done... We've focused a great deal on the ease of making a system secure out of the box and helping to maintain that security in the long run."
Novell's focus was on letting people dictate which security features and strategies they use, Drahtmueller said. And rival Red Hat said the new Linux subsystem in Enterprise Linux version 4, introduced in February 2005, greatly strengthens the security of the product's underlying coding.
The bolstering of security in Longhorn began with the building of the OS on Microsoft's Windows Server 2003 SP1 code base, Sullivan said. Much of the improvement available through that code is related to strengthening, or "hardening" of the programming kernel at the core of the software, he said.
Overall, the OS makers agree that consumers will play the greatest role in keeping their computers safe from outside threats, by using good judgment when going online or in sharing information with others. But the vendors concede that OSes will remain a focal point for people figuring out the best way to defend themselves.
Apple's Hodges said that's fine with him, since in the end, the OS software will be the most significant line of technological defense that consumers can rely on.
"Users, at some level, ultimately have some responsibility for what they do," he said. "It is the responsibility of the OS vendors to make it easier for customers to understand and implement the security capabilities of their systems."
4%
4%
