Linux Is #1 Hacker Target

[tonybradley]

Similar to this thread posted in June: Linux: More Vulnerable Than Windows?, a recent report says that the Linux operating system(s) are successfully hacked more than any other.

mi2g has been tracking data since 1995. Their database contains information on over 280,000 attacks. Based on their data, Linux led the pack during the month of August with 67% of the successful attacks being against Linux servers.

Of course, that doesn't change the fact that the world is scrambling and jumping through hoops to patch Microsoft vulnerabilities and stop the proliferation of threats such as Sobig and MSBlast. I guess the #1 target of virus / worm authors is still Microsoft.

For more details you can see this article on globetechnology.com: Linux is favourite hacker target: Study

[darkes]

Rather proves the point that *nix supporters believe that their OS is more secure than Windows. If you are going for home users then, sure Windows is more vulnerable, but only because 99% of home users run Windows, and have no idea what security means.
But there are massive security loopholes in most versions of *nix as well.

If you are going for the professional/business environment, then it does not matter whether you run *nix or Windows. You are still relying on your sysadmin to keep your system protected, and apply patches as appropriate.

[MrLinus]

But isn't this a skewed report in that there are hundreds of variations of Linux and really only one Windows (so to speak in that only Microsoft makes windows)?

[tonybradley]

But isn't this a skewed report in that there are hundreds of variations of Linux and really only one Windows (so to speak in that only Microsoft makes windows)?

Yes and no.

It might be more apples to apples to break down the Linux versions and state specifically WHICH incarnation of Linux is most vulnerable or how that rates against Microsoft.

However, wouldn't you then also need to break down Windows into its flavors? You would need to know specifically which versions of Windows- 98, Me, 2000, NT, XP, etc.- rather than lumping all of Microsoft together.

And, just like there are different Linux kernels and versions, you would further need to break it down and say that Windows 2000 Pro is vulnerable x% of the time, but Windows 2000 Pro SP2 is only vulnerable x% and Windows 2000 Pro SP4 is vulnerable even less than that or something. In other words, the service packs sort of parallel or represent the kernel updates and should be considered separately. My Windows 2000 Pro SP4 system is significantly more secure than the base Windows 2000 Pro.

Plus, in the article D.K. Matai of mi2g makes the statement that it has as much or more to do with vulnerable 3rd party applications (sendmail, pine, apache, etc) that run on Linux as it does with the actual Linux kernel or OS. So, those are fairly generic across Linux platforms.

I think that the bottom line is, was and always will be that no operating system or application is "secure by default". It comes down to the owner / administrator having the intelligence and initiative to understand the vulnerabilities and keep current with maintaining patches and securing their system / environment.

[MrLinus]

So they are including 3rd party applications with it and not Linux solely versus Windows only and not the apps? Also, 51% of the attacks going against Linux isn't as huge as it seems. To me, what is more telling is the response by readers (both Windows and Linux readers): how the stats are derived would be interesting.

Originally posted here by tonybradley
I think that the bottom line is, was and always will be that no operating system or application is "secure by default". It comes down to the owner / administrator having the intelligence and initiative to understand the vulnerabilities and keep current with maintaining patches and securing their system / environment.

Oh. I think that goes without saying. Looking at results of other surveys seems to indicate that admins are overworked (not a new theme) and either cannot or do not keep up-to-date. So pointing the finger at the technology doesn't solve the problem that remains: no matter what OS you use, unless you are on your toes you will be broken into at some point (and even if you do remain on your toes you still might be broken into).

[tonybradley]

True- you bring up very good points. Statistics by their very nature tend to serve the purpose of the author and can be spun to make whatever statement you want to make.

I think this quote raises very good issues with these stats:

Perhaps 95 per cent of all the servers that mi2g "monitors" are Linux? Or perhaps the Windows servers being reported are their customers whereas the Linux ones are reported publicly or via some other source.

Without knowing the details of how many total servers they monitor or what the makeup is its hard to determine the validity of their numbers.

On a similar note- its only "valid" if their sampling is significantly large enough and if their OS percentages match the overall percentage of those OS's around the globe.

[Deaflamb]

Statistics by their very nature tend to serve the purpose of the author and can be spun to make whatever statement you want to make.

I read the linked article and I am somewhat disappointed by the lack of details on how the statistics are collected. My main question is what does this group define as an attack? Many breaches in security don't end up being malicous. Someone may break-in and just snoop around, not damaging anything. Would this sort of "attack" be reported or just patched up and kept quiet.

It really all comes down to the system administrator I guess. There is no clear cut answer to which system is more secure, and personally I don't think their ever will be.

[Fred Brown]

Hello,
I noticed that...

"Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August."

If Linux is being hit more than MS servers, and goverments seem to be more likey to use MS over Linux yet if my memery serves me right, MS went to a Linux server for its Hot Mail account. It's not the OS but what's on the OS. As Ms Mittens says,

"no matter what OS you use, unless you are on your toes you will be broken into at some point (and even if you do remain on your toes you still might be broken into)."

There will always be a need for security.

Freddy

[wahaha]

if you want see chinese linux.
you can login www.linuxeden.com

[catch]

A few things:

You are still relying on your sysadmin to keep your system protected

If this is the case, you're already lost. You should be relying on good IS policy and procedures to protect your system. The system administrators are incidental.

So they are including 3rd party applications with it and not Linux solely versus Windows only and not the apps?

Of course, Linux is just the kernel, obviously you can't remotely target a kernel. (without going through something else like a 3rd party service and everything else involved) Services like sendmail, apache, and bind are considered standard to linux and ship with nearly every version.

But isn't this a skewed report in that there are hundreds of variations of Linux and really only one Windows

There are really only five types of Linux:
[list=1][*]Linux standard (anything that comes in a box or is not spcified below)[*]Pitbull LX (the addition of DBAC and network flags and the existance of the SA, SO, and ISSO users represent an architectual difference)[*]Trusted Linux (This HP research project uses more traditional MAC via the Bell-LaPadula model as well as the SA and SO accounts seperate this system)[*]SE-Linux (the flask architecture with its RBAC and destruction of the root user differing from the previos two systems set this research project apart)[*]Not Otherwise Specified (this includes Linuces altered to work in fundamentally differing ways. Oddly this section isn't as common as you may think and in my career I have only seen a handful of these systems.)[/list=1]

Of these, two (Pitbull LX and NOS) are quite rare, two (Trusted Linux and SE-Linux) are still just research projects. Not only that, but if you wanted you could clump Pitbull LX, Trusted Linux, and SE-Linux into one group as well (Trusted-ish operating systems). Differences besides those I've listed fall in the packaged software, installation process, default configuration criteria... none of which should be weighed when comparing security.
Windows on the other hand has two distinct flavors: Windows Single User Edition (SUE) which includes Win95, Win98, and WinMe. Additionally the NT line which includes NT4, 2000, XP, and 2003. These two lines are sharpyly different with regard to security in that the WinSUE line has no security at all. (it can't even seperate subjects and objects) Frequently these reports are skewed against Windows because the lump SUE and NT together (as do most computer people) under the justification that all Linuces/Unices are lumped together as well.

MS went to a Linux server for its Hot Mail account

Not sure where you pulled this. Hotmail used to be a FreeBSD front end with Solaris back end, Microsoft gradually switched the front end to Win2k and is in the process of switching over the back end.

catch