Windows, Mac or Linux: It's not the OS, it's the user

Some operating systems may be safer than others, but naïve users pose the biggest security risk to today's businesses.

Who's got the safest operating system? Apple, Google, Microsoft? According to one security expert, what really matters is who's using the OS.

"Microsoft doesn't have a monopoly on all the technical vulnerabilities that are out there," Zulfikar Ramzan, technical director of Symantec Security Response, said Tuesday in a phone interview with PCWorld.

Today's online criminals are far more likely to target user behavior rather than a technical flaw in the OS. "It's a lot easier to do that," said Zulfikar. "You don't need as many technical skills to find one person who might be willing, in a moment of weakness, to open up an attachment that contains malicious content."

This trend has been rising rapidly over the past two years. Currently, only about 3 percent of the malicious software that Symantec encounters exploits a technical vulnerability. The other 97 percent of malware is either "piggybacking on that 3 percent," or more likely trying to trick a user through some type of "social engineering" scheme, according to Zulfikar.

Tricking the User

In other words, most attackers now target human, not technical, vulnerabilities. The key is to trick someone, usually via psychological manipulation, into compromising their own security by installing malware, for instance.

One such attack is when an organization's chief financial officer (CFO) receives an email claiming to be from the IRS. "It says you haven't paid your taxes, and if don't open up this attachment and fill out this form, we're going to fine you," Zulfiker said.

A similar scheme involves a bogus inquiry from the "Better Business Bureau." The attacker(s), claiming to be the BBB, email a company's CEO and say they've opened a complaint file against the firm. The email then instructs the CEO to open the attachment to find out more about the complaint.

Of course, in each case, the attachment propagates malicious software onto the recipient's system.

So what's a business to do? First, treat any inbound inquiry with a healthy degree of skepticism. "That should apply through all forms of communication--not just email, but even phone calls and things of that nature," said Zulfiker. And make sure that all of your employees are aware of these risks. "It's important to educate people, even on the front lines, to be careful what you divulge to the outside world about the company," he added.

Microsoft: Still the Biggest Target

No computer or operating system is 100-percent secure, of course, and different types of systems are vulnerable to different exploits.

"Microsoft, being the biggest company in the software space, has attracted the most attention," Zulfiker said. "People have tried to attack Microsoft's products because of the (huge) market share. If I'm an attacker, and I want to make the most profit from my attacks, I'm better off going for the company with the most machines out there. That tends to be Microsoft."

And if Google's upcoming Chrome OS takes off in the business and consumer market, it'll have a big target on its back too.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Bertolucci

PC World (US online)
Topics: Linux, security, Windows, Mac OS X
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?