In this lesson, I'll talk about operating systems and the threats that we see to operating systems. So by the end of the lesson, you're going to be able to tell me what kind of threats operating systems see, and explain the common methods to securing operating systems themselves. Let's talk about the common desktop operating systems. You probably guessed it, we're going to be talking about Microsoft Windows, and Apple OS X. Linux, there's a whole bunch of different operating systems out there but we'll just talk about some of the general ones. So the numbers are going to be debatable whether or not which site that you go to. So NetShare is one of the more prominent statistics companies out there for web-based technology and they estimate that Microsoft has around, excuse me, 80 to 85% of the overall market share. Now, that's being seen by, really, browsers in general, but you know what? It makes sense. Microsoft has actually seen 400 million Windows 10 devices online which is 25% of the Windows market share. So just think, if you look at Windows 7 for example, which has a huge user base, we're talking about 50% out of that 80 to 85% market share, so we're seeing over a billion devices out on the Internet that has Windows operating system installed. Apple, on the other hand, only has around 7 to 10% market share, and again, that's from NetSource. In 2017, Apple's CEO, Tim Cook, actually said we've seen a 100 million devices on Apple OSX, which is roughly four times the amount of Windows 10, I'm sorry, four times less the amount of Windows 10 devices out there. So it makes sense if you look at the numbers, 7 to 10% market share, Apple has. Now, if you look at Linux for example, Linux only runs about 2%. There's not many people that run Linux desktop systems because Linux can be difficult to deal with and it's a different way of thinking about an operating system Mobile operating systems are a little bit different. Worldwide, Microsoft has actually less than 1% market share. Apple has around 33% of the market share and Linux or Android has 64% of the market share. Now you may scratch your head and think, well everybody I know has an iPhone device. Well, most of the rest of the world, depending on what country you're coming from, you actually have an Android phone. It's more popular. It's really iPhones in the United States are the most popular, but in the rest of the world, Android has the market by far. So how do operating systems work and what are the threats that we're going to see from operating systems? Now, when you take into account all the operating systems out there and what the market shares are, you really have to look at the entirety of your user base and decide, okay what am I going to look at today? So am I going to look at Android devices? Am I going to look at Apple desktops? Well, you should be concerned with all of them and really understand how the threads interact with those systems. Operating systems have different run modes. So, ring zero is the kernel mode. This is the most privileged level mode that there is in an operating system. Ring level three is called the user mode. This is the least privileged ring level or the run level. Some operating systems only have two rings, for example. So Microsoft, the last two Microsoft operating systems for desktop and server actually only run at two of those run models, so zero and three. Some of the older ones actually use all four, zero, one, two and three. Zero is still going to be our most privileged out of any operating system. So, when we run applications, we want to make sure we're running them as a user or a service and not as the system or kernel mode, because the kernel has the most access out of the entire operating system. Doesn't matter what operating system you're using whether it's Apple, Microsoft, Linux, Android, iOS, whatever it is, you want to make sure user mode Is what you're using. This is why we do not root or escalate privileges on our mobile devices, because what happens when we root our phones is that it escalates the privilege of the user There's vulnerabilities in any operating system, but let's talk about vulnerabilities in operating systems. Most vulnerabilities are in applications, however, there are some vulnerabilities in the operating system itself. Year over year and believe it or not, Apple has actually had the most amount of vulnerabilities in their operating system, around 60% for desktop, 84% of mobile devices. Now, the reason why this is, is because, I really think that Microsoft has a little bit better programming practices in their operating system. Their latest operating system, Windows 10, is extremely blocked down, extremely secure. They're running security like nobody else in the industry. Now, that's not to say that you shouldn't go out and not buy an Apple, but we'll talk about it in a minute. Microsoft has the number two amount of vulnerabilities out there. And Linux vulnerabilities are actually very small in comparison. We're talking just a few a year, but it's in the kernel themselves. What makes up Linux is actually using the Linux kernel. So there's very few vulnerabilities in the Linux kernel In order to look at threats, and that's what we're going to talk about now, is that we have to look at market share. Now, if you recall, I said that Apple has around 7 to 10% market share. This is why the threats are historically not as bad as Microsoft. If you look at where the money's at, the virus writers are going to go after Microsoft, even though it's a more secure operating system, because they have a larger target. What do you want to hit if you were shooting a weapon? It doesn't matter if it's a gun or if it's a virus or an exploit. What are you going to try to hit? You're going to to try to use the biggest thing that you can, and that's Microsoft. It's more lucrative to go after the market share than it is to go after the 10% of systems out there. Now, we have a lot of vulnerabilities in applications though, and that's where we get cross-platform issues or cross-platform threats that come up as well. Trojans, worms, and viruses all affect all operating systems because of the cross-platform nature of applications. So things like Flash and Java are very prone to vulnerabilities because they are cross-platform, they affect all operating systems. How do we secure operating systems from these threats? Well, the biggest thing that we can do is use least privilege. Like I said, don't root your phone or jailbreak it, if that's what you want to call it. Make sure that you're using not an admin or root account when you're logging into your system. Remove unnecessary services and applications and protocols. This lowers our overall attack surface. We also want to use antivirus, even though it is the last line of defense against something that got through all the other layers. So if you're in an organization and you have a border firewall, you have an operating system firewall and you use least privilege, antivirus is going to be that last line of defense preventing something from being executed. We also want to use best practices. There are hardening guides out there from the Center for Information Security and NIST and also the NSA publishes a hardening guide as well.
