JANUARY 20, 2005 (TECHWORLD.COM) - Attackers are no longer bothering to attack average Linux systems, apparently because there's so much more money to be made from invading Windows, according to security researchers.

The Honeynet Project, which sets up Linux networks in order to observe attack activity, found that the life expectancy of such systems has dramatically increased from two years ago. Its 2004 findings, published recently, found that an unpatched Linux system lasts, on average, three months before it is compromised. That's compared with about 72 hours for 2001-02.

Some of the project's systems were exposed to the Internet for nine months without a successful attack.

The project's "honeynets" -- networks of two or more "honeypots" -- are designed to detect random attacks on the Internet. Such attacks are carried out on targets that are detected through random searching, scanning and hacking systems such as worms and autorooters, rather than particular attacks focused on specific targets. A honeypot is a system set up for the purpose of attracting random attack activity.

Since overall Internet attacks don't seem to be going down, the project's researchers theorized that the focus of hacking activity has shifted to Windows systems, simply because the platform is so widespread that it presents an irresistible target.

"It's now easier to hack the end user than hacking the bank," said Lance Spitzner, president of the Honeynet Project. "Banks are well protected; end users are not. Hack enough end users, and you can make as much, if not more, than hacking the bank."

While the project didn't carry out comparative research using Windows, Spitzner pointed out that research from security organizations such as Symantec Corp. and the Internet Storm Center (ISC) has found no shortage of attacks on Windows honeypots. For example, an ISC project involving Windows systems measures survival time in minutes rather than hours.
I think the "easier to hack the end user" part is increasingly true the more NT-based OSes grow in home use. Win95/98 was way harder to break because it was really only running one or two services on top of its network stack on average. Just imagine if XP were truly WinNT/2K's filesystem and OS security and Win98's home user capabilities like they promised, there would still be a lot more attacks on Linux servers.