Operating systems are responsible for being the go-between for allowing programs to run on your computer. They divide up your computer resources, splitting them up between applications, to let you manipulate the hardware underneath. Put shortly, any machine that can run programs needs one, whether that be macOS, Windows, or Linux
Which Operating System Should You Choose for Your Next PC? While some operating systems are more secure than others, many modern ones these days do their best to protect themselves from potential problems out of the box. As such, it would be erroneous to say that just because some are known to have more exploits than others that they do so out of being bad.
This article will cover some of these techniques that are common to most modern operating systems.
1. Memory Protection
For programs to run, they must be given resources with which they can be quickly manipulated. This comes in the form of RAM (Random Access Memory) which does exactly that. RAM is a type of temporary storage (anything that happens in it is wiped on shutdown), which lets data be written and read very quickly. When an app is started up, the operating system gives it access to a portion of this resource to run in.
Since all programs must use this resource, a malicious program could access another location in memory, which it was not allocated to. A buffer overflow is an example of this. It denotes the manipulation of memory outside of the area they are supposed to use. This can allow malicious code to run without a user knowing it, or to read things in memory that they should not.
While operating systems cannot prevent these problems from happening, many modern ones do stop them from doing damage. This is done through protecting areas in memory that programs are not allowed to access. Instead of allowing it to do anything, it will merely cause it to crash. Better that, than have any potential security breaches.
2. User Privilege Elevation
Operating systems also use the concept of privileges to help protect and secure down a computer. The idea behind them is that on one computer, there are several different users, with different things that they can access. For example, the ability to modify certain things, such as system preferences, is a type of privilege. Without them, any program a user runs might have the ability to compromise the computer, changing the operating system. Windows, for example, has the administrator account, which allows a user to make system-wide changes (e.g. in restricted folders such as where programs are located).
Likewise, Linux operating systems have a superuser account which behaves in the same way, letting you affect almost anything without any restrictions. With high power, however, comes a more significant risk of breaking things… Furthermore, potential damage if, say, the malware was run using a high level of privilege. Regular users, for example, might not be able to ask specific programs to run on startup. A user with more privilege, however, could do so, along with any malicious programs they are running
All operating systems do their best to lock down the privileges that a user has. It prevents any damage that can be caused by programs if they exist. Put shortly; they cannot do as much to the system in that state, protecting it. They instead ask users when something wishes to do something meaningful, so only things which they manually accept get through. How Will You See It? Windows, for example, has something called UAC (User Account Control). It acts as a means of giving applications higher permissions to do things only if the user accepts it. By default, programs run with only a small set of privileges, with UAC telling the user when they need to do something else (e.g. change system files).
Likewise, Linux has something a bit similar, in the form of something called Sudo and Polkit. Put shortly, and they are two methods for doing the same thing: running a program with a higher level of privilege. The only real difference is that the latter is used mostly on Linux desktops, a bit like Windows UAC. Apart from that, they both work similarly, requiring users to enter a password before proceeding.
Mobile operating systems work on a completely different level. By default, users cannot even access such powerful privileges, unless they make some tweaks. This is meant to keep their systems as secure as possible, by limiting what they can do much more. Under iOS, it has called jailbreaking. The Android equivalent is rooting. Regardless of their names, though, they do similar things.
3. Application Signing
Another essential security measure which most operating systems use these days is application signing. It ensures that programs which you run on your computer come from a trusted source. That is to say, one which is not likely to try and hurt you.
Programs, like anything else on a computer, are just made of a series of data. As such, it can be passed through and processed for verification — a digital signature of sorts to confirm it as correct. Put shortly, this signing of an application makes sure that what you are running is what you intended. Usually, this process is done by certain authorities who allow people to sign their code (for a fee). This is meant to help confirm that whatever software is running is not designed to harm the users’ system.
Programs with a large user-base generally can do such things. How You will See ItMost operating systems, try to have some level of application signing. However, they will not usually stop you if you try to run programs which are not verified. That being said, they do tend to give some level of warning against doing that. One example includes Windows UAC “unknown publisher” warning. This is not something restricted to just a few operating systems, however.
Many Linux operating systems have something similar as well. This comes in the form of software repositories, locations online which host programs which have all been signed and verified. In theory, so long as you do not go installing programs from unknown sources, you are safe. However, that is not always the case.
For example, mobile phone operating systems all host their programs in a single place. On Android, that is the Google Play Store, and iOS, the App Store. All applications on them are meant to be trustworthy and well verified. However, that has not always worked out in the past.
Not DefenselessTo put things shortly, while some operating systems are thought of as less secure than others, it is not right to say that any of them are easily broken. There are many things which happen behind the scenes which help to keep your computer safe and sound.
That is not to say they are immune, however. Security programs are still important, as are techniques to practice on your own. There is no replacement for common sense and sound judgement, after all. How do you keep your devices safe?