document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8714 from fuzheng1998/master

Browse Source 
就这样合并吧,其实对提交的数量并没有特别要求,只是确实过多的提交会不太好。辛苦大家了。
This commit is contained in:
Xingyu.Wang 2018-05-08 23:55:00 +08:00 committed by GitHub
commit 7b2395ea60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 104 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
sources/talk/20180206 Why Linux is better than Windows or macOS for security.md
View File

@ -1,104 +0,0 @@
fuzheng1998 translating
Why Linux is better than Windows or macOS for security
======
![](https://images.idgesg.net/images/article/2018/02/linux_security_vs_macos_and_windows_locks_data_thinkstock-100748607-large.jpg)
Enterprises invest a lot of time, effort and money in keeping their systems secure. The most security-conscious might have a security operations center. They of course use firewalls and antivirus tools. They probably spend a lot of time monitoring their networks, looking for telltale anomalies that could indicate a breach. What with IDS, SIEM and NGFWs, they deploy a veritable alphabet of defenses.
But how many have given much thought to one of the cornerstones of their digital operations: the operating systems deployed on the workforces PCs? Was security even a factor when the desktop OS was selected?
This raises a question that every IT person should be able to answer: Which operating system is the most secure for general deployment?
We asked some experts what they think of the security of these three choices: Windows, the ever-more-complex platform thats easily the most popular desktop system; macOS X, the FreeBSD Unix-based operating system that powers Apple Macintosh systems; and Linux, by which we mean all the various Linux distributions and related Unix-based systems.
### How we got here
One reason enterprises might not have evaluated the security of the OS they deployed to the workforce is that they made the choice years ago. Go back far enough and all operating systems were reasonably safe, because the business of hacking into them and stealing data or installing malware was in its infancy. And once an OS choice is made, its hard to consider a change. Few IT organizations would want the headache of moving a globally dispersed workforce to an entirely new OS. Heck, they get enough pushback when they move users to a new version of their OS of choice.
Still, would it be wise to reconsider? Are the three leading desktop OSes different enough in their approach to security to make a change worthwhile?
Certainly the threats confronting enterprise systems have changed in the last few years. Attacks have become far more sophisticated. The lone teen hacker that once dominated the public imagination has been supplanted by well-organized networks of criminals and shadowy, government-funded organizations with vast computing resources.
Like many of you, I have firsthand experience of the threats that are out there: I have been infected by malware and viruses on numerous Windows computers, and I even had macro viruses that infected files on my Mac. More recently, a widespread automated hack circumvented the security on my website and infected it with malware. The effects of such malware were always initially subtle, something you wouldnt even notice, until the malware ended up so deeply embedded in the system that performance started to suffer noticeably. One striking thing about the infestations was that I was never specifically targeted by the miscreants; nowadays, its as easy to attack 100,000 computers with a botnet as it is to attack a dozen.
### Does the OS really matter?
The OS you deploy to your users does make a difference for your security stance, but it isnt a sure safeguard. For one thing, a breach these days is more likely to come about because an attacker probed your users, not your systems. A [survey][1] of hackers who attended a recent DEFCON conference revealed that “84 percent use social engineering as part of their attack strategy.” Deploying a secure operating system is an important starting point, but without user education, strong firewalls and constant vigilance, even the most secure networks can be invaded. And of course theres always the risk of user-downloaded software, extensions, utilities, plug-ins and other software that appears benign but becomes a path for malware to appear on the system.
And no matter which platform you choose, one of the best ways to keep your system secure is to ensure that you apply software updates promptly. Once a patch is in the wild, after all, the hackers can reverse engineer it and find a new exploit they can use in their next wave of attacks.
And dont forget the basics. Dont use root, and dont grant guest access to even older servers on the network. Teach your users how to pick really good passwords and arm them with tools such as [1Password][2] that make it easier for them to have different passwords on every account and website they use.
Because the bottom line is that every decision you make regarding your systems will affect your security, even the operating system your users do their work on.
**[ To comment on this story, visit[Computerworld's Facebook page][3]. ]**
### Windows, the popular choice
If youre a security manager, it is extremely likely that the questions raised by this article could be rephrased like so: Would we be more secure if we moved away from Microsoft Windows? To say that Windows dominates the enterprise market is to understate the case. [NetMarketShare][4] estimates that a staggering 88% of all computers on the internet are running a version of Windows.
If your systems fall within that 88%, youre probably aware that Microsoft has continued to beef up security in the Windows system. Among its improvements have been rewriting and re-rewriting its operating system codebase, adding its own antivirus software system, improving firewalls and implementing a sandbox architecture, where programs cant access the memory space of the OS or other applications.
But the popularity of Windows is a problem in itself. The security of an operating system can depend to a large degree on the size of its installed base. For malware authors, Windows provides a massive playing field. Concentrating on it gives them the most bang for their efforts.
As Troy Wilkinson, CEO of Axiom Cyber Solutions, explains, “Windows always comes in last in the security world for a number of reasons, mainly because of the adoption rate of consumers. With a large number of Windows-based personal computers on the market, hackers historically have targeted these systems the most.”
Its certainly true that, from Melissa to WannaCry and beyond, much of the malware the world has seen has been aimed at Windows systems.
### macOS X and security through obscurity
If the most popular OS is always going to be the biggest target, then can using a less popular option ensure security? That idea is a new take on the old — and entirely discredited — concept of “security through obscurity,” which held that keeping the inner workings of software proprietary and therefore secret was the best way to defend against attacks.
Wilkinson flatly states that macOS X “is more secure than Windows,” but he hastens to add that “macOS used to be considered a fully secure operating system with little chance of security flaws, but in recent years we have seen hackers crafting additional exploits against macOS.”
In other words, the attackers are branching out and not ignoring the Mac universe.
Security researcher Lee Muson of Comparitech says that “macOS is likely to be the pick of the bunch” when it comes to choosing a more secure OS, but he cautions that it is not impenetrable, as once thought. Its advantage is that “it still benefits from a touch of security through obscurity versus the still much larger target presented by Microsofts offering.”
Joe Moore of Wolf Solutions gives Apple a bit more credit, saying that “off the shelf, macOS X has a great track record when it comes to security, in part because it isnt as widely targeted as Windows and in part because Apple does a pretty good job of staying on top of security issues.”
### And the winner is …
You probably knew this from the beginning: The clear consensus among experts is that Linux is the most secure operating system. But while its the OS of choice for servers, enterprises deploying it on the desktop are few and far between.
And if you did decide that Linux was the way to go, you would still have to decide which distribution of the Linux system to choose, and things get a bit more complicated there. Users are going to want a UI that seems familiar, and you are going to want the most secure OS.
As Moore explains, “Linux has the potential to be the most secure, but requires the user be something of a power user.” So, not for everyone.
Linux distros that target security as a primary feature include [Parrot Linux][5], a Debian-based distro that Moore says provides numerous security-related tools right out of the box.
Of course, an important differentiator is that Linux is open source. The fact that coders can read and comment upon each others work might seem like a security nightmare, but it actually turns out to be an important reason why Linux is so secure, says Igor Bidenko, CISO of Simplex Solutions. “Linux is the most secure OS, as its source is open. Anyone can review it and make sure there are no bugs or back doors.”
Wilkinson elaborates that “Linux and Unix-based operating systems have less exploitable security flaws known to the information security world. Linux code is reviewed by the tech community, which lends itself to security: By having that much oversight, there are fewer vulnerabilities, bugs and threats.”
Thats a subtle and perhaps counterintuitive explanation, but by having dozens — or sometimes hundreds — of people read through every line of code in the operating system, the code is actually more robust and the chance of flaws slipping into the wild is diminished. That had a lot to do with why PC World came right out and said Linux is more secure. As Katherine Noyes [explains][6], “Microsoft may tout its large team of paid developers, but its unlikely that team can compare with a global base of Linux user-developers around the globe. Security can only benefit through all those extra eyeballs.”
Another factor cited by PC World is Linuxs better user privileges model: Windows users “are generally given administrator access by default, which means they pretty much have access to everything on the system,” according to Noyes article. Linux, in contrast, greatly restricts “root.”
Noyes also noted that the diversity possible within Linux environments is a better hedge against attacks than the typical Windows monoculture: There are simply a lot of different distributions of Linux available. And some of them are differentiated in ways that specifically address security concerns. Security Researcher Lee Muson of Comparitech offers this suggestion for a Linux distro: “The[Qubes OS][7] is as good a starting point with Linux as you can find right now, with an [endorsement from Edward Snowden][8] massively overshadowing its own extremely humble claims.” Other security experts point to specialized secure Linux distributions such as [Tails Linux][9], designed to run securely and anonymously directly from a USB flash drive or similar external device.
### Building security momentum
Inertia is a powerful force. Although there is clear consensus that Linux is the safest choice for the desktop, there has been no stampede to dump Windows and Mac machines in favor of it. Nonetheless, a small but significant increase in Linux adoption would probably result in safer computing for everyone, because in market share loss is one sure way to get Microsofts and Apples attention. In other words, if enough users switch to Linux on the desktop, Windows and Mac PCs are very likely to become more secure platforms.
--------------------------------------------------------------------------------
via: https://www.computerworld.com/article/3252823/linux/why-linux-is-better-than-windows-or-macos-for-security.html
作者:[Dave Taylor][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.computerworld.com/author/Dave-Taylor/
[1]:https://www.esecurityplanet.com/hackers/fully-84-percent-of-hackers-leverage-social-engineering-in-attacks.html
[2]:http://www.1password.com
[3]:https://www.facebook.com/Computerworld/posts/10156160917029680
[4]:https://www.netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222017-02%22%2C%22dateEnd%22%3A%222018-01%22%2C%22segments%22%3A%22-1000%22%7D
[5]:https://www.parrotsec.org/
[6]:https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html
[7]:https://www.qubes-os.org/
[8]:https://twitter.com/snowden/status/781493632293605376?lang=en
[9]:https://tails.boum.org/about/index.en.html

104
translated/talk/20180206 Why Linux is better than Windows or macOS for security.md Normal file
View File

@ -0,0 +1,104 @@
为什么 Linux 比 Windows 和 macOS 的安全性好
======
![](https://images.idgesg.net/images/article/2018/02/linux_security_vs_macos_and_windows_locks_data_thinkstock-100748607-large.jpg)
企业投入了大量时间、精力和金钱来保障系统的安全性。最强的安全意识可能就是有一个安全的运营中心。他们肯定用了防火墙以及反病毒软件。他们可能花费大量时间监控他们的网络,寻找可能表明违规的信号异常。与 IDS、SIEM 和 NGFW 一样,他们部署了一个名副其实的防御字母表。
然而又有多少人想过数字化操作的基础之一:部署在员工的个人电脑上的操作系统?选择桌面操作系统的安全性是一个考虑的因素吗?
这就产生了一个 IT 人士都应该能回答的问题:一般部署哪种操作系统最安全呢?
我们问了一些专家他们对于以下三种选项的看法Windows最复杂的平台也是最受欢迎的桌面操作系统macOS X基于 FreeBSD 的 Unix 操作系统,驱动着苹果的 Macintosh 系列运行;还有 Linux这里我们指的是所有的 Linux 发行版以及与基于 Unix 的操作系统相关的系统。
### 我们怎么会这样
企业可能没有评估他们部署到工作人员的操作系统的安全性的一个原因是,他们多年前就已经做出了选择。退一步讲,所有操作系统都还算安全,因为侵入他们,窃取数据或安装恶意软件的业务还处于起步阶段。而且一旦选择了操作系统,就很难再想改变。很少有 IT 组织希望将全球分散的员工队伍转移到全新的操作系统上。唉,他们已经受够了把用户搬到一个选好的新版本操作系统时的负面反响。
还有,重新考虑它是高明的吗?这三款领先的桌面操作系统在安全方面的差异是否足以值得我们去做出改变呢?
当然商业系统面临的威胁近几年已经改变了。攻击变得成熟多了。曾经支配了公众想象力的独自的青少年黑客已经被组织良好的犯罪分子网络以及具有庞大计算资源的政府资助组织的网络所取代。
像你们许多人一样,我已经有了很多那儿的亲身经历:我曾经在许多 Windows 电脑上被恶意软件和病毒感染,我甚至被 Mac 文件的宏病毒感染了。最近,一个广泛传播的自动黑客绕开了网站的保护程序并用恶意软件感染了它。这种恶意软件的影响一开始是隐形的,甚至有些东西你没注意,直到恶意软件最终深深地植入系统以至于它的性能开始变差。一件有关病毒蔓延的震惊之事是我从未被不法之徒特定针对过;当今世界,用僵尸网络攻击 100,000 台电脑容易得就像一次攻击几台电脑一样。
### 操作系统真的很重要吗?
给你的用户部署的那个操作系统确实对你的安全态度产生了影响,但那并不是一个可靠的安全措施。首先,现在的攻击很可能会发生,因为攻击者探测了你的用户,而不是你的系统。一项对参与过 DEFCON 会议黑客的[调查][1]表明“84的人使用社交工程作为攻击策略的一部分。”部署安全操作系统只是一个重要的起点但如果没有用户培训强大的防火墙和持续的警惕性即使是最安全的网络也会受到入侵。当然用户下载的软件扩展程序实用程序插件和其他软件的风险始终良好但却成为恶意软件出现在系统上的一种途径.
无论你选择哪种平台,保持你系统安全最好的方法之一就是确保立即应用了软件更新。一旦补丁正式发布,黑客就可以对其进行反向工程并找到一种新的漏洞,以便在下一波攻击中使用。
而且别忘了最基本的操作。别用 root 权限,别授权用户连接到网络中的老服务器上。教您的用户如何挑选一个真正的好密码并且使用例如 [1Password][2] 这样的工具,以便在每个他们使用的帐户和网站上拥有不同的密码
因为底线是您对系统做出的每一个决定都会影响您的安全性,即使您的用户工作使用的操作系统也是如此。
**[ 若要给这个故事写评论, 请访问 [Computerworld's 的 Facebook 主页][3]. ]**
### Windows流行之选
若你是一个安全管理人员,很可能文章中提出的问题就会变成这样:是否我们远离微软的 Windows 会更安全呢?说 Windows 主导商业市场都是低估事实了。[NetMarketShare][4] 估计互联网上 88% 的电脑令人震惊地运行着 Windows 的版本之一。
如果你的系统在这 88 之中,你可能知道微软会继续加强 Windows 系统的安全性。改进重写了或者重新改写了他的代码库,增加了它的反病毒软件系统,改进了防火墙以及实现了沙箱架构,这样在沙箱里的程序就不能访问系统的内存空间或者其他应用程序。
但可能 Windows 的流行本身就是个问题操作系统的安全性可能很大程度上依赖于装机用户量的规模。对于恶意软件作者来说Windows 提供了大的施展平台。专注其中可以让他们的努力发挥最大作用。
像 Troy WilkinsonAxiom Cyber Solutions 的 CEO 解释的的那样“Windows 总是因为很多原因安全性保障来的最晚,主要是因为消费者的采用率。由于市场上大量基于 Windows 的个人电脑,黑客历来最有针对性地将这些系统作为目标。”
可以肯定地说,从梅丽莎病毒到 WannaCry 或者更强的,许多世界上可见的恶意软件早已对准了 Windows 系统.
### macOS X 以及通过隐匿实现的安全
如果最流行的操作系统总是成为大目标,那么用一个不流行的操作系统能确保安全吗?这个主意是老法新用——而且是完全不可信的概念——“通过隐匿实现的安全,” 这保持了软件专有的持续内部运作因此不为人知是抵御攻击的最好方法。
Wilkinson 坦言macOS X “比 Windows 更安全”但他急于补充说“macOS 曾被认为是一个安全漏洞很小的完全安全的操作系统,但近年来,我们看到黑客制造了额外的漏洞攻击苹果系统。”
换句话说,攻击者会扩大活动范围而不会无视 Mac 领域。
Comparitech 的安全研究员 Lee Muson 说在选择更安全的操作系统时“macOS很可能是被挑选的一员”但他提醒说这一想法并不令人费解。它的优势在于“它仍然受益于通过隐匿实现的安全感和微软提供的更大的目标。”
Wolf Solutions 公司的 Joe Moore 给予了苹果更多的信任,称“现成的 macOS X 在安全方面有着良好的记录,部分原因是它不像 Windows 那么广泛,而且部分原因是苹果公司在安全问题上干的不错。”
### 最终胜者是 …
你可能一开始就知道它:专家们的明确共识是 Linux 是最安全的操作系统。然而,尽管它是服务器的首选操作系统,但将其部署在桌面上的企业却很少。
如果你确定 Linux 是要选择的系统,你仍然需要决定选择哪种 Linux 系统,并且事情会变得更加复杂。 用户需要一个看起来很熟悉的用户界面,而你需要最安全的操作系统。
像 Moore 解释的那样“Linux 有可能是最安全的,但要求用户是很强大的用户。”所以,它不是针对所有人的。
将安全性作为主要功能的 Linux 发行版包括 Parrot Linux这是一个基于 Debian 的发行版Moore 说,它提供了许多与安全相关开箱即用的工具。
当然,一个重要的区别是 Linux 是开源的。Simplex Solutions 的 CISO Igor Bidenko 说,编码人员可以阅读和评论彼此工作的现实看起来像是一场安全噩梦,但这确实是让 Linux 如此安全的重要原因。 “Linux 是最安全的操作系统,因为它的源代码是开放的。任何人都可以查看它,并确保没有错误或后门。”
Wilkinson 阐述说“Linux 和基于 Unix 的操作系统具有较少的信息安全领域已知的可利用的安全缺陷。技术社区对 Linux 代码进行了审查,该代码有助于提高安全性:通过进行这么多的监督,易受攻击之处、漏洞和威胁就会减少。”
这是一个微妙的而违反直觉的解释,但是通过让数十人(有时甚至数百人)通读操作系统中的每一行代码,代码实际上更加健壮,并且发布漏洞错误的机会减少了。这与 PC World 为何出来说 Linux 更安全有很大关系。正如 Katherine Noyes 解释的那样,“微软可能吹捧它的大型付费开发者团队,但团队不太可能与基于全球的 Linux 用户开发者进行比较。 安全只能通过所有额外的关注获益。”
另一个被 PC 世界(一个由 [IDG](https://zh.wikipedia.org/wiki/%E5%9B%BD%E9%99%85%E6%95%B0%E6%8D%AE%E9%9B%86%E5%9B%A2) 发行的电脑杂志)举例的原因是 Linux 更好的用户特权模式Windows 用户“一般被默认授予管理员权限那意味着他们几乎可以访问系统中的一切”Noye 的文章讲到。Linux反而很好地限制了“root”权限。
Noyes 还指出Linux 环境下的多样性可能比典型的 Windows 单一文化更好地对抗攻击Linux 有很多不同的发行版。其中一些以其特别的安全关注点进行差异化。Comparitech 的安全研究员 Lee Muson 为 Linux 发行版提供了这样的建议“Qubes OS 对于 Linux 来说是一个很好的出发点,现在你可以发现,爱德华斯诺登的认可大大地掩盖了它自己极其卑劣的主张。”其他安全性专家指向专门的安全 Linux 发行版,如 Tails Linux它旨在直接从 USB 闪存驱动器或类似的外部设备安全地匿名运行。
### 构建安全趋势
惯性是一股强大的力量。虽然人们有明确的共识,认为 Linux 是桌面系统的最安全选择,但并没有出现让 Windows 和 Mac 机器倾倒的倾向。尽管如此Linux 采用率的小幅增长却可能会产生对所有人都更加安全的计算,因为市场份额的丧失是确定能获得微软和苹果公司关注的一个方式。换句话说,如果有足够的用户在桌面上切换到 LinuxWindows 和 Mac PC 很可能成为更安全的平台。
--------------------------------------------------------------------------------
via: https://www.computerworld.com/article/3252823/linux/why-linux-is-better-than-windows-or-macos-for-security.html
作者:[Dave Taylor][a]
译者:[fuzheng1998](https://github.com/fuzheng1998)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.computerworld.com/author/Dave-Taylor/
[1]:https://www.esecurityplanet.com/hackers/fully-84-percent-of-hackers-leverage-social-engineering-in-attacks.html
[2]:http://www.1password.com
[3]:https://www.facebook.com/Computerworld/posts/10156160917029680
[4]:https://www.netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222017-02%22%2C%22dateEnd%22%3A%222018-01%22%2C%22segments%22%3A%22-1000%22%7D
[5]:https://www.parrotsec.org/
[6]:https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html
[7]:https://www.qubes-os.org/
[8]:https://twitter.com/snowden/status/781493632293605376?lang=en
[9]:https://tails.boum.org/about/index.en.html