Security by default, in ''

software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...

'', means that the default configuration settings are the most secure settings possible, which are not necessarily the most user-friendly settings. In many cases, security and user-friendliness are evaluated based on both risk analysis and usability tests. This leads to the discussion of ''what'' the most secure settings are. As a result, the precise meaning of "secure by default" remains undefined. In a

network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they a ...

, this typically means first and foremost that there are no listening INET(6) domain sockets after installation; that is, no open network ports. This can be checked on the local machine with a tool like

netstat In computing, netstat (''network statistics'') is a command-line network utility that displays network connections for Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interf ...

and remotely with a

port scanner A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host a ...

such as

nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap prov ...

. As a general rule, a secure

network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

is only as secure as the least secure

node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph * Vertex (geometry), a point where two or more curves, line ...

in the entire network. If a program uses secure configuration settings by default, the user will be better protected. However, not all users consider security and may be obstructed by secure settings. A common example is whether or not blank

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s are allowed for

login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some form ...

. Not everyone can, or is willing to, type or memorize a password. Another way to secure a program or system is through

abstraction Abstraction in its main sense is a conceptual process wherein general rules and concepts are derived from the usage and classification of specific examples, literal ("real" or " concrete") signifiers, first principles, or other methods. "An a ...

, where the user has presented an interface in which the user cannot (or is discouraged to) cause (accidental)

data loss Data loss is an error condition in information systems in which information is destroyed by failures (like failed spindle motors or head crashes on hard drives) or neglect (like mishandling, careless handling or storage under unsuitable conditions) ...

. This, however, can lead to less functionality or reduced flexibility. Having user control preferences does not typically cause this but at the cost of having a larger part of the

user interface In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine f ...

for configuration controls. Some

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

s or

device A device is usually a constructed tool. Device may also refer to: Technology Computing * Device, a colloquial term encompassing desktops, laptops, tablets, smartphones, etc. * Device file, an interface of a device driver * Peripheral, any devi ...

s that have an

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...

system, have default usernames and passwords. If not properly changed, anyone who knows the default configuration can successfully

authenticate Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

. For non-unique defaults, this practice would violate the principle of 'security by default'.

Operating systems

OpenBSD OpenBSD is a security-focused operating system, security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking N ...

claims to be the only

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

that is fully secure by default. This, however, does not mean it is inherently the most secure operating system. This is because that depends on the definition of an

. There are many operating systems that are not capable of networking with other systems, and when considering the amount of network-based security compromises today, one can argue such an operating system is more secure. OpenBSD is a

Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', '' Server'', and ''Core'' for Internet of things devices and robots. All th ...

is a

Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading on ...

aimed at

desktop A desktop traditionally refers to: * The surface of a desk (often to distinguish office appliances that fit on a desk, such as photocopiers and printers, from larger equipment covering its own area on the floor) Desktop may refer to various compu ...

users that hides the administrative account by default and only allows the first user to gain administrative privileges for certain system tasks (such as installing system updates, and managing

disk drive Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by various electronic, magnetic, optical, or mechanical changes to a surface layer of one or more rotating disks. A disk drive is ...

s).

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...

does not hide this account, but users with limited rights can still fully utilise the system. Microsoft Windows and

Linspire Linspire (formerly Lindows) is a commercial operating system based on Debian and Ubuntu and currently owned by PC/OpenSystems LLC. It had been owned by Linspire. Inc. from 2001 to 2008, and then by Xandros from 2008 to 2017. On July 1, 2008, Li ...

have been criticised{{Citation needed, date=March 2007 for allowing the user to have administrative privileges without warning—a potential threat to the system.

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

and subsequent versions of Windows attempt to remedy this situation through its

User Account Control User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed

system.

Operating systems

See also