The National Security Agency (NSA) recently published a report, "Best Practices for Keeping Your Home Network Secure" (PDF) in which it makes numerous recommendations designed to help home computer users avoid malware and other common problems.
Included among its suggestions are many oft-repeated tips such as keeping all software updated, using strong passwords, and so on. What mystifies me, though, is that it makes absolutely no mention of Linux--arguably the most secure PC operating system.
Instead, for its section on host-based operating system security, the NSA focuses its suggestions exclusively on Windows and Apple and the relatively limited steps that can be taken on those platforms.
'Substantial Security Enhancements'
On the Mac side, not surprisingly, the NSA urges users to keep their operating system and applications up-to-date, and to limit use of the privileged administrator account. It also recommends enabling data protection on the iPad and implementing FileVault on Mac OS laptops.
Outside the self-contained Mac microcosm, however, the NSA looks no further than Microsoft products. Targeting Windows users, it offers many tips similar to those on the Mac side, as well as installing a host-based security suite, using a Web browser and PDF reader with sandboxing capabilities, and implementing full-disk encryption (FDE) on Windows laptops.
Incredibly, its best suggestion for Windows users regarding operating system security is to make sure they've upgraded from XP to either Vista or Windows 7. Yes, that's right, it actually recommends Vista. Why not throw in IE6 while we're at it?
"Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP," the NSA writes.
For office software, meanwhile, the organization's tip is to "migrate to Microsoft Office 2007 or later."
Microsoft Trained Brain Syndrome
Now, I realize that Windows users still represent the vast majority of non-Mac users, and that Microsoft still holds a monopoly on that market, albeit a fading one. So I can see that addressing that group makes sense for a report like this.
To not even mention the possibility of using Linux, however--with its stellar security track record, among numerous other advantages--is downright negligent. Windows, after all, is now so malware-infested that Patch Tuesdays are more burdensome than ever; security experts even warn against using Windows for sensitive tasks such as online banking.
Either way, the agency needs to wake up and look beyond the walls of the Microsoft world. If security on a home PC is what you're looking for, Linux is what you want.