July 30th, 2004, 09:02 PM
78% of Linux User's Never Been Hacked
From ebcvg.com new's:
Gotta love the *nix security Official Link to Article
A Survey released by Evans Data reveals that 92% of respondents have never had their Linux systems infected with a virus.
The survey, titled Summer 2004 Linux Development Survey, also reports that 78% of Linux developers have never had their systems hacked.
Additionally, a mere seven per cent had been hacked three or more times.
According to the survey, of the 22% hacked users, 23% of intrusions were made by users with working, legit login ID's.
July 30th, 2004, 09:18 PM
Well the main reason for that is, that there is a lot less people trying to take down a linux system. I mean think about it. If 95% of the market uses windows, you are going to more than likely find a windows idiot, before you find a linux idiot. The other reason for this, is simply that *Nix users tend to know more than there windows conterparts. I mean ****, you have to know just a little to install the damn distro, a bit more than a windows user would have to know, to install windows.
It is not the Linux Security, it is the user's intelligence, along with the fact more people use Windows. I mean I can show you just how easy it is to take down a linux system that is unsecure. I have a perl script I am working to automate it.
The difference between the OS's is more a fact that, if you are a Windows user and don't know your ****, you can get by without being jacked by someone, if your smart enough to put a firewall on, and get a little AV. Just the basics.
Now a *nix user has to go farther, they have to make sure that there system is locked down, that they don't overuse root. That they don't set unneeded processes to be ran by root. A *nix user is more of an easy target than a Windows User IMHO.
The main point I am trying to make is, for a long time people have been saying that it is the OS, that is to blame, when to be honest it isn't. I have said that for myself, but after using both very indept, and taking a hit at both, they are the same. It matters who is running the system.
The reason that only 22% were hacked is:
1) Because that 22 % were probably using systems that weren't updated.
2) Those 22% of systems are so damn small on the overall amount of systems on the net, that is it sad.
3) *nix users tend to know more.
With all that said, I have to say that Windows is a pretty secure OS, if you know your ****, and know how to patch, and when not to patch.
(Though I still have problems with M$, I just won't take a hit at there OS anymore.)
July 30th, 2004, 09:26 PM
I’d say one reason cracking Linux boxes is so popular is because they make better stepping stones for attacking other system later. Crack a Linux box at a University, then use that box to crack another and obscure your identity.
July 30th, 2004, 09:31 PM
How the hell does cracking a linux box, make a better stepping stone?
Ok crack a windows Box at a university.
July 30th, 2004, 09:42 PM
My XP box has never been cracked
July 30th, 2004, 09:43 PM
im with whizkid. Those stats are like that just because:
a) the market discrenpancies between the O.S.
b) PPl still must be less dumb to work with Linux than Windows. For instance, some ppl cant even migrate to 2000/Xp because "its to hard to use"....
BTW, i can see a lot of ppl in market --- usually small companies, like bakeries -- are using Linux instead Windows due to high prices.. And gess what?
They are installing (or get installed by "tech support ppl") like windows. put cd, boot, next, next, next, next.... finish. And with cd that come on magazines.
and you can see what kind of security they get. using root for normal activities, with no password, a lot of services installed for nothing.
just wait until they are become massive..
or just games developers start to deploy a lot of games for Linux...
the problem isnt the O.S. (although it has some problems) but the interface...
between the seat and keyboard.
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.
July 30th, 2004, 09:45 PM
By stepping stone I mean using the first box to crack other boxes. There are a few reasons for wanting to do this:
1. University often have more bandwidth then other machines, so some forms of attack will be faster.
2. It obscures your identity.
3. It gives you a place to store your tools and data.
The reason Linux makes a better stepping stone then Windows is because many of the best security tools/exploits are written for Linux first and remote interactivity is a lot more easier. Windows has telnet and SSH, but there are not as common or as useful as they are on a *nix box.
July 30th, 2004, 10:08 PM
I'd like to point out a few things here. First off, numbers can mean a lot of things. It's interesting that one article says "users" when the other says "developers". While developers may be users, not usually the other way around. And developers would, I imagine, be more aware of what happens on their box. In addition, did anyone ask the question of "if you think you weren't 'hacked', have you actually checked to see that you weren't?".
What worries me about a report like this is that some will automatically associate it as meaning "linux = secure" when in fact it is just as insecure as any other system. It all depends on the user using it and how much attention to security they give the OS.
July 30th, 2004, 10:12 PM
I don't think it's got much to do with the actual security of the Operating System (Linux, in this case).
1. How many of those respondents were willing to say that they've been compromised? I don't know about you guys, but I'd have a hard time admitting that my box had been compromised.
It's like those stats saying that crime has risen in a certain region of the country compared to 50 years ago, while it's actually the willingness of people to report the crime that has risen.
2. How many respondents' systems had been compromised without the user even knowing it?
Under this category would fall most respondents who don't have anti-virus.
3. If you'd ask the same question to a Windows-target group (of Windows developers), I'm sure you'd get even "better" results (if not 100% of "clean" systems. No Windows-developer is probably even allowed to report that his system has been compromised, and definitely if he works for MS).
There are at least 5 more objections to this study...
I say it's a worthless study, just like most studies where you ask someone to admit something "embarassing". And it's even more worthless because there probably wasn't any verification (not that that would be possible unless the survey is done in a controlled environment, which would defeat the purpose of the study).
I'm done rambling now.
Edit: add MsMittens' objections to my list
July 31st, 2004, 12:10 AM
MsM: Good observation, I didn't really pay attention to the fact that developer's are user's but not alway's the same way around. Excellent point, which add's to knowledge of that same OS which add's to security. Hrmm, then again you have people like pooh sun tzu who is a developer (or something of the like) and seem's to know his OS pretty well.