SUSE Linux Enterprise Desktop
Bullet-proof Security
Download
SUSE® Linux Enterprise Desktop 11 delivers the most secure desktop computing platform available today. Beginning with its heritage in the UNIX world, and adding the strength and manageability of the leading application security technology, SUSE Linux Enterprise Desktop delivers bullet-proof security and peace of mind.
Windows Security Problems
When you think of Windows security, lots of things come to mind. Viruses, malware, and spyware. The blue screen of death. Long delays in getting the latest patches from Microsoft. Security flaws can cost you hundreds of millions of dollars per year as you fix your Windows system and install new service packs. This leads to lost time, productivity, and money. Gartner estimates that Windows security vulnerabilities have increased desktop TCO by as much as US$200 per user per year1.
Microsoft claims it has improved security in Vista over previous versions of Windows. However, a May 2006 Yankee Group report cited the following problems2:
- Vista's security features may be so user-unfriendly that users simply won't use them.
- Vista did not close some of the biggest Windows security issues (e.g., those in Active X, NetBIOS, RPC, IIS and others).
- Fixing security and eliminating backwards compatibility (the source of many security problems) will cause tens of thousands of applications to stop working.
- Some Vista security features require users to gain permission to do things they could easily do before. Rather than go through that hassle, users may simply ignore or turn off the features, making Vista no more secure than earlier versions without those features.
So why is Windows inherently insecure? First, it's a monolithic operating system with services such as Internet Explorer tightly integrated into the operating system. This allows a single security vulnerability to expose the entire Windows system to damage. Secondly, Windows traditionally created extra security vulnerabilities by establishing user accounts with "administrator" privileges by default. This allows any malware program to wreak havoc by installing new applications and creating, changing or deleting virtually any file on the machine.
SUSE Linux Enterprise Strengthens Security
SUSE Linux Enterprise Desktop delivers bullet-proof security in two key ways. First, unlike Windows, Linux has a much more modular architecture. Different elements of the operating system are loosely coupled together, making it much more difficult for a security flaw from one part of the system to impact another part of the system. In addition, SUSE Linux Enterprise does not provide administrator or unlimited privileges by default. This ensures that an application can only do what it is "supposed" to do. For instance, when you run an application such as a word processor, that word processor runs with your restricted privileges. It can only write to your own home directory. It cannot write to a system file or even to another user’s directory unless your IT administrator explicitly gives you permission to do so. This limits widespread damage to the system.
Second, SUSE Linux Enterprise also includes a powerful suite of built-in security tools. It includes AppArmor®, a powerful application-level security framework that provides mandatory access control for programs. AppArmor allows you to specify the files that a program may access and the operations that it may perform on the files. Any other behavior beyond that scope is denied and logged. This protects your desktop against the exploitation of software flaws. It includes everything you need to contain programs and thwart attempted exploits, including zero-day attacks. AppArmor also includes a "learning mode" that automates the development of application-specific security so that no new expertise is required. Finally, it contains integrated Virtual Private Networking (VPN), a firewall, antivirus tools, and certificate management to bring further peace of mind.
Because Linux is inherently more secure than Windows, and thanks to advanced security technology such as AppArmor, SUSE Linux Enterprise Desktop offers the most secure desktop computing platform today.
A Look At the Numbers
If you take a look at the numbers, the security flaws that Windows has is staggering. For instance, the United States Computer Emergency Readiness Team (CERT) uses a key set of metrics to evaluate the severity of any given security flaw. A number between 0 and 180 expresses the final metric, where the number 180 represents the most serious vulnerability. CERT considers any vulnerability with a score of 40 or higher to be serious enough to be a candidate for a special CERT Advisory and US-CERT technical alert. Based on statistics run on January 8, 2009, as shown below, Windows has six times as many severe vulnerabilities than Linux, and over twelve times as many severe vulnerabilities than SUSE (based on both openSUSE® and SUSE Linux Enterprise Desktop)3. These trends clearly show that Windows security flaws are both more frequent and more severe that Linux flaws.
