pretty much any linux core, even if only to be virtually free of virus threats

microsoft and security dont belong together



microsoft security = security through obscurity

2

Actually, Windows 2000 is the most secure os, out of the low assurance operating systems of course. If you want to go the high-assurance route, check out GEMSOS.



Without getting back into what has become a painfully irritating subject of discussion, here is what makes Windows more secure than *nix.



1. High level account separation: ie, no root account, rather there are separate acocunts with restricted/restrictable power

2. Reference monitor, *nix can't have one, and SELinux is not an equal replacement.

3. More finely grained and scalable ACLs, covering both the file system, and the system processes.

4. Windows has a far better audit process.

5. Although this may have been obvious by the reference monitor, Windows is a microkernel OS.





Meh, there are numerous reasons. I would evaluate all of them against the Common Criteria and judge for yourself.



EDIT: once you have setup your chosen OS, I would be happy to have my crew do any penetration testing required, since you seem somewhat more competant than the rest of the people here.

There is no good answer to your question.

There are many ways to answer your question, but with each answer there would be a caveat and unknown factor which makes any opinion based on quicksand.



So, for example

- Least number of "bugs." The problem with this is that you're only able to evaluate what is known. Does a bug count if it's not widely known?

- Number of vulnerabilities. So, if a bug exists and it's also determined to possibly provide an attack vector, not only is this again based on what is publicly known but there are degrees of seriousness and mitigating configurations. What a mess trying to score the importance of whether a vulnerability is significant, serious or not.

- Number of exploits. Again, based on what is known.

- How easy is it for the SysAdmin to make a mistake? This is probably the main reason why many might consider Windows "more secure" than *NIX. GUIs and objects simplify admnistration leading to fewer mistakes and better security.

- Patching. All OS suffer discovered vulnerabilities over time and need to be patched. How difficult is it to patch? How reliable are patches? How quickly are patches released? Again, this is probably where Windows enjoys an edge over *NIX with its centralized management, reporting and accountability compared to the diverse world of open source and publicly licensed software.

- Attack Surface. Although the basic OS is the foundation, a computing machine normally runs a number of applications that require exposure outside of its physical boundaries. If you can't manage this exposure, the OS is extremely vulnerable.

- Memory Management. Things like overbuffer attacks have existed since the beginning of computing yet still exist today. A proper OS should not only not suffer from memory space vulnerabilities, it should also know how to protect poorly written applications from themselves (and everything else).



I'm sure others can come up with a longer list than this evaluating security, so basically any question about one OS being more secure than another is probably unanswerable unless each one was deployed in isolation, locked behind doors and communicating with no one or nothing... in which you would then say that every such machine was completely secure.

Fedora 7 works with selinux already installed so it will be ultra secure.