Windows Vista for better security? I don't think so.

A recent NSA report recommends Vista but neglects to mention Linux, the most secure PC operating system of all.

The National Security Agency (NSA) recently published a report, "Best Practices for Keeping Your Home Network Secure" (PDF) in which it makes numerous recommendations designed to help home computer users avoid malware and other common problems.

Included among its suggestions are many oft-repeated tips such as keeping all software updated, using strong passwords, and so on. What mystifies me, though, is that it makes absolutely no mention of Linux--arguably the most secure PC operating system.

Instead, for its section on host-based operating system security, the NSA focuses its suggestions exclusively on Windows and Apple and the relatively limited steps that can be taken on those platforms.

'Substantial Security Enhancements'

On the Mac side, not surprisingly, the NSA urges users to keep their operating system and applications up-to-date, and to limit use of the privileged administrator account. It also recommends enabling data protection on the iPad and implementing FileVault on Mac OS laptops.

Outside the self-contained Mac microcosm, however, the NSA looks no further than Microsoft products. Targeting Windows users, it offers many tips similar to those on the Mac side, as well as installing a host-based security suite, using a Web browser and PDF reader with sandboxing capabilities, and implementing full-disk encryption (FDE) on Windows laptops.

Incredibly, its best suggestion for Windows users regarding operating system security is to make sure they've upgraded from XP to either Vista or Windows 7. Yes, that's right, it actually recommends Vista. Why not throw in IE6 while we're at it?

"Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP," the NSA writes.

For office software, meanwhile, the organization's tip is to "migrate to Microsoft Office 2007 or later."

Microsoft Trained Brain Syndrome

Now, I realize that Windows users still represent the vast majority of non-Mac users, and that Microsoft still holds a monopoly on that market, albeit a fading one. So I can see that addressing that group makes sense for a report like this.

To not even mention the possibility of using Linux, however--with its stellar security track record, among numerous other advantages--is downright negligent. Windows, after all, is now so malware-infested that Patch Tuesdays are more burdensome than ever; security experts even warn against using Windows for sensitive tasks such as online banking.

Either the NSA has fallen prey to the lingering misperception that PC users and Windows users are always one and the same, or it's exhibiting classic signs of Microsoft Trained Brain Syndrome.

Either way, the agency needs to wake up and look beyond the walls of the Microsoft world. If security on a home PC is what you're looking for, Linux is what you want.

Join the CSO newsletter!

Error: Please check your email address.

Tags unixopen sourceLinuxMac OSMicrosoftWindowssoftwareoperating systemsnon-WindowsApple

More about AppleetworkLinuxMicrosoftNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Katherine Noyes

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts