security-keyUbuntu 12.04 LTS has topped a UK security agency’s security assessment of mobile and desktop operating systems.

GCHQ‘s information security arm ‘CESG’ reviewed eleven of the most popular “end user” OSes against a 12-point list of security criteria.

Google’s Android, Apple’s Mac OS X and Microsoft’s Windows 7, 8 and RT were among the systems compared.

A report detailing CESG’s findings was published late last year.

The Aim: Guidance

Aimed at governmental departments and public service bodies, including the British Armed Forces and NHS, the report details which systems are safest for remote working by employees whose job involves handling public-sector data. This includes the remote accessing of data, intranet services and e-mail designated ‘OFFICIAL’ level.

Detailed information on the security of each OS features, along with guidance for system administrators on how best to set-up and configure devices so that they meet necessary governmental security standards.

Ubuntu 12.04 LTS was the only operating system to fully pass 9 of the 12 listed security recommendations

What the report does not seek to do is make any formal or approved recommendation of any OS, the but evaluate the security strengths and weaknesses of each system to offer practical advice on how Government and Public Sector organisations should go about deploying devices that use them.

The Results: Ubuntu Comes Out On Top

Each OS was graded against a range of security criteria, ranging from the proficiency of disc encryption and authentication, to risk of malware, support for application sandboxing, and the secureness of VPN services.

Ubuntu 12.04 LTS was the only operating system to fully pass 9 of the 12 listed security recommendations.

Along with Windows 8 and Mac OS X 10.8, Ubuntu has no ‘significant risk’ flag against it.

While good news for Ubuntu, and great news for open-source, it could have been even better. Canonical say that Ubuntu technically met the CESG requirements for 2 of the 3 sections it did not pass. Ubuntu was marked down on ‘VPN’ and ‘Encryption’ because its implementation/software has yet to be independently assessed by an approved CESG body.

On VPN, Canonical say ‘independent assessment work for Ubuntu is being carried out by a partner’ and is expected to be completed in time for the release of Ubuntu 14.04 LTS. For Encryption, the company is seeking a sponsor to “put the software through the assessment process.”

The Full Report

The full report by the CESG, including the full report on Ubuntu 12.04, can be read online. 

CESG Security Report on Ubuntu 12.04 LTS

News Canonical precise security