More Attacks on Linux than Windows

the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."

Is this FUD?

Sounds like Microsoft FUD to me...

Re:Is this FUD?

[blane.bramble]

I dunno. My Linux box reports a number of attacks against the FTP server and Apache each day. Of course these attacks are Windows exploits, so they fail. Would they count as attacks against Windows or Linux in this survey?

Which are more successful?

[1010011010]

Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?

Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.

Re:Which are more successful?

[jaxdahl]

Perhaps it's the inverse?

More attacks on linux could be occuring because it's more likely to succeed?

Re:Which are more successful?

[1010011010]

Perhaps more attacks on linux could be occuring because it's more likely to succeed?

Anything is possible, even if not it's not probable. It could also be a result of Linux displacing windows in the server space. If there's 100 attacks/second, and windows' market share falls by 2% at the same time the Linux market share increases by 2%, then there will be a decrease in the number of attacks on Windows, and an increase in the number of attacks on Linux.
If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.

Re:Which are more successful?

[stubear]

Or perhaps the rise of Linux has correlated with the increase of "noobs" using Linux leaving many security issues unchecked. A perusal of bugtraq will show a long list of security issues for Linux (as many, if not more, than Windows).

Re:Which are more successful?

[ecrips]

The majority of attacks that I've noticed on my Linux box have been attempts at exploiting IIS bugs. But since I'm running Apache that hardly matters.

So how many of these attacks are actually targeted at Linux, and how many of them are just random probes or generic attacks (DoS for instance)?

Re:Which are more successful?

[$carab]

Hmmm.....maybe. But as I recall, somebody had a hacking contest with default installs of Mandrake and SuSE, and nobody rooted the servers. I think that noobs would have to go out of their way a little to make their system insecure.

Contrast that to.....IIRC Extremetech, which set up a Win2k and IIS server, and had it infected with Code Red Twice within like 26 minutes of connecting it to the web and downloading updates from Microsoft.

Re:Which are more successful?

[md17]

Why do people continue to point to bugtraq as the measure for "Which OS is more secure?" That is so far from the truth... The key thing you are forgetting is the "bug severity" factor. I would say that in general Windows has less bugs than Linux (On bugtraq) but those bugs are more servere. Thus in my opinion, Linux is still more secure. You are also forgetting that hardening a Linux box is much easier than haddening a Widnows box. I can make my Linux box very secure with very little effort. Example:
Turn off all services except ssh.

Please stop pointing to buqtraq and saying:
Windows has less security issues than Linux, therefore Windows is more secure than Linux.

Re:Which are more successful?

Nice troll. http://online.securityfocus.com/cgi-bin/sfonline/v ulns.pl Shows approximately 5 times as many vulnerabilities for Microsoft than for Red Hat.

How this reached +5 is beyond me.

Re:Which are more successful?

[Afrosheen]

I'll second that 26 minutes with win2k/IIS. I have a friend that insists on serving with that ill combination, and he got rooted/cracked/whatever within 25 minutes of connecting to the net. I couldn't stop laughing.

Re:Which are more successful?

you just keep telling your self that

Re:Which are more successful?

[antirename]

It is almost impossible, in my experience, to connect a default SP1 install of win2k with IIS server running without it getting immediatly infected by a worm. I don't think you could keep it up clean long enough to download, let alone install, all the updates and patches. I built one for a friend, and I tried just to see what would happen. Got infected by Nimda and Code Red. I downloaded the service packs on another box, made sure I had all of the patches on another disk, and intalled all of that stuff before I connected it. No more problem. Bottom line: patch any known issues before connecting to the web, with ANY OS. Otherwise, you're painting a big "kick me" on your index page for all the worms and kiddies out there.

Re:Which are more successful?

[mondoterrifico]

How does this get moderated 5 for interesting? Its blatant FUD against Microsoft. O wait, i forgot, this is Slashdot.

Re:Which are more successful?

[BlueUnderwear]

It is almost impossible, in my experience, to connect a default SP1 install of win2k with IIS server running without it getting immediatly infected by a worm.

Is this still correct now? I've first heard these stories last August/September, and at that time, they were probably true due to the enormous stock of already infected systems. However, is this 25 minute figure still true nowadays? Obviously, a box gets rooted much quicker if there are hundreds of thousands of instances of Code Red out there trying to stumble upon its IP, than if there are only a handful infected machines left. Of course, even with only a handful Code Red machines left, one of them will eventually "find" the newly installed box, but I'd guess this would takes days, rather than minutes.

Re:Which are more successful?

[dacarr]

On top of this, of the Linux attacks, which are the more as a result of administrator idiocy? (IE, ridiculously simple passwords) Now let's also consider holes that, when found, have patches available within a day or so - or sometimes, hours. If this trend continues, nothing will change.

Re:Which are more successful?

[antirename]

I agree, I should have mentioned that this was at the height of the Code Red/Nimda problem. I was just curious to see if you could do a install and upgrade over the web if you didn't already have all the necessary CDs. I might repeat the experiment out of morbid curiousity, though. It might be possible to do it now and have a clean box, but I wouldn't reccomend that approach :)

Re:Which are more successful?

[Afrosheen]

I wouldn't try it. One glance at the logs on either of my apache boxes tells the truth: code red/nimda is still everywhere, looking for new boxes to hijack. The friend I mentioned put his box online back in April. He more or less set it up and had to go home for the day...tried to terminal services in and it was already cracked. Had weird ftp services running on it and everything. It's just a sad, sad day when you put a server up, walk away, and it's cracked before you get back from the bathroom. I know it's irresponsible of the admin, but even more irresponsible of the vendor.

Re:Which are more successful?

[billatq]

It is almost impossible, in my experience, to connect a default SP1 install of win2k with IIS server running without it getting immediatly infected by a worm.

Is this still correct now?

It is indeed correct. Anyone who stays on top of their web server logs will see plenty of code red attacks every day. The fact that a default windows 2000 install is susceptable to it doesn't help. Personally, I don't want to keep up with all of the patches that IIS needs. Apache out of the box is secure enough. However, if you absolutely have to use IIS, make sure you burn SP2 along with the other updates to a cd beforehand and install them onto the machine before connecting it to the internet.

Re:Which are more successful?

[marcelC]

I've had my linux box on the net for 3 days now and for the past three days some geek apperantly tried to hack it, by trying to access cmd.exe(through http get in apache) in a lot of different way's. He didnt even try to see what server/os I was running, if these are hacker attacks, I wouldn't worry about those figures.

Re:Which are more successful?

[Col.+Panic]

a long list of security issues for Linux (as many, if not more, than Windows)

The Linux kernel has more issues? No. Applications that run on Linux? Possibly. Now compare the number of apps on each platform. Linux is more secure than Windows if you:

a. do not install tons of server programs that you are not going to run

b. use tcpwrappers to initiate programs that can use it and use hosts.[allow/deny] to control access to those programs.

c. use Bastille to harden the box

d. use ipchains/tables to control access to your PC or network - don't feed me crap about a personal firewall; this is an actual firewall.

just my $.02

Re:Which are more successful?

[BlueUnderwear]

Anyone who stays on top of their web server logs will see plenty of code red attacks every day. The fact that a default windows 2000 install is susceptable to it doesn't help.

Just grepped for <tt>../..</tt> in my <tt>httpd/error_log</tt>.<p>
292 matches.<p>
But that log goes back to April 30th. Last year in August, I had that many probes in <em>one day</em>. So, I'd say, CodeRed/Nimbda activity did indeed decrease...

Re:Which are more successful?

Oh, yeah, it's okay when MSFT buys FUD in the popular press, and in congress, but it's not okay the other way around... riiiight

Re:Which are more successful?

[Entropy_ajb]

So then you admit, that it is not that Linux is any better than Windows, it is only that its user base is willing to spend all of there time updating there OS?

Re:Which are more successful?

Or maybe it's because all the big Windows exploits from last year have been patched, and the numbers are now back to normal levels. Code Red and Nimda both came out last year and they were by far the most prolific worms to hit the Windows platform. We haven't seen anything this year that comes close.

Re:Which are more successful?

[PacoTaco]

I wonder what's considered an "attack." With the relatively low numbers they site, I assume they're talking about relatively sophisticated attacks, not old IIS worms. Any decent black hat will do an OS fingerprint before they try anything.

Re:Which are more successful?

Most Linux security problems are local exploits not the kind of stuff that can be exploited over the web. Conversly most of Windows problems are exactly the kind of things script kiddies look for. Most of these "attacks" are nothing more than some 13 year kid sitting behind his Winblows box running some distributed dos attack. Im not scared. The problem is that .01% of attacks that are run by governments and "other groups" not by individuals. The Russians for one have been really good at shutting down Chechen websites.

Re:Which are more successful?

[stevey]

That could well be true - but you have to think about people installing Linux with the old CD's they've got lying around and never updating the systems.

Even people running Debian who can update with minimal effort might not - due to apathy, lack of understanding, or connection speed issues..

Re:Which are more successful?

[spongman]

interesting hypothesis, but unfortunately it's not based on fact. netcraft statistics show linux replacing Sun on the server, windows usage is rising, too.

Re:Which are more successful?

[ClosedSource]

IIS is not installed by default under win2k. So you can start without IIS, connect to the internet and download patches. Disconnect from the internet, install IIS, install the patches and then reconnect to the internet. You don't need a second machine.

Re:Which are more successful?

Linux has ALWAYS appealed for n00bs.

Linux IS UNIX for dummies.

Re:Which are more successful?

[big_hairy_mama]

I hope you grepped for \.\./\.\. :)

Re:Which are more successful?

[charon.de]

The question is where do you get your facts from?
netcraft shows a drop for M$ www server.

Microsoft -2.72%

Re:Which are more successful?

[big_hairy_mama]

Um, duh. That's CodeRed or Nimda. Both those worms just try random IP addresses -- there is no one sitting behind the box to check whether you're actually running IIS.

Re:Which are more successful?

[BlueUnderwear]

Actually, I used fgrep ;-)

Re:Which are more successful?

[Cally]

mi2g are FUDsters, and crap FUDsters at that.
Check some of these out...

http://www.ntk.net/index.cgi?b=02001-09-28&l=128 #l
http://www.ntk.net/index.cgi?b=02001-04-27&l=4 6#l
http://www.ntk.net/index.cgi?b=02001-04-27&l= 5 8#l
http://www.ntk.net/index.cgi?b=02000-02-25&l= 9 8#l
http://www.ntk.net/index.cgi?b=01999-12-24&l= 109#l
http://www.ntk.net/index.cgi?b=01999-11-05&l=7 9#l
http://www.ntk.net/index.cgi?b=01999-11-05&l= 8 0#l

just search NTKfor mi2g, there are plenty more where they came from.

Re:Which are more successful?

[Cally]

Reference, please?!

IMHO, a typical default Linux install would be lucky to last 24 hours on a broadbank connection. Even an OpenBSD honeypot was opened the other day, the story was here... (I'm sure the Honeynet Project have some stats but haven't time to look em up, sorry)

Re:Which are more successful?

> If ... windows' market share falls by 2% ... If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.

No. 2% loss in a time period will approach zero but not reach it.

Re:Which are more successful?

WTF, common sense say noone is using Windows anymore. So of course linux will have more attacks.

Re:Which are more successful?

[jelle]

"Turn off all services except ssh."

That's a way to do it, just make sure you're running openssh version 3.4 with privilege separation.

Re:Which are more successful?

openssh before 3.4 has no default hole on Debian Linux.

Re:Which are more successful?

Check your IIS log

Re:Which are more successful?

Almost 1% of my server's total available bandwidth is being chewed up by attempted attacks from infected IIS servers.

Trust me, the IIS worms are alive and squirming.

Re:Which are more successful?

\\ No. 2% loss in a time period
\\ will approach zero but not reach it.

What?? Fractals again?? Curses!!

Re:Which are more successful?

[duren686]

So when 0.0098 Windows machines are serving webpages, could they stand a slashdotting?

Re:Which are more successful?

or maybe the attacks on windows are falling off because linux machines are more useful, and are more likely to be easy to install bnc and an eggdrop onto.

Re:Which are more successful?

[sgtsanity]

f this trend continues, then it logically follows that there will be no more Windows servers at some point in the future. If this trend continues of eating 2% more market share every time period, then eventually Linux will control more than 100% of the market share.

Re:Which are more successful?

[DavesError]

The reasons there are more attacks on linux compared to windows is that the average intelligence level of attackers is dropping. Looking through my logs and snort and such, I have not found a single attack on my systems that were meant for linux. 99% of the attacks are some variation of attack against web-iis.exe. All these attacks are meant for windows systems, but are being used against linux machines, so we go ahead and assume that 90% of all linux systems are getting the same type of attacks and that means you have 89% of all attacks on linux machines being meant for windows machines. So subtracting that 89% from the attacks from the linux attack total windows is by far receiving more valid attacks.

Re:Which are more successful?

[Michael+Jackson]

The attacks on Linux machines are more successful, as it's easier to do things remotely with a rooted *nix box than a win32 box.

Re:Which are more successful?

[mentin]

But as I recall, somebody had a hacking contest with default installs of Mandrake and SuSE...

I bet these "default" installs were not ".0" versions, or did not have Apache installed. Otherwise, it could be cracked by any script kiddie.

To get fair comparision, you have to install all W2K updates before connecting to the net, or install OEM version that has latest service pack included.

This message is just plain FUD.

Re:Which are more successful?

TROLL

Otherwise, define "better than"

Note i did not use "then"

Re:Which are more successful?

[Robert+The+Coward]

Check my server log I run apache but I get 1000 of request the last 5 Days of the month for C:\winnt\...
If I ran an unproteched system during those 5 Days I think 25 Mins would be a little long.

Robert

Re:Which are more successful?

[Influxx]

> Disconnect from the internet, install IIS, install the patches and then reconnect to the internet.

You don't even need to disconnect. Just install all the security patches and then as a final step install IIS.

Re:Which are more successful?

[rjamestaylor]

my apache log files are still registering nimda and code red (I && II) attack attempts. 50 unique attempts since June 22. That is down from ~50 an hour last Fall.

Re:Which are more successful?

As of today I, personally, have 144 days uptime running smtp, http, ntp and ftp servers open to the public.

It's a default install with the Mandrake updates automatically applied once a week.I let Apachetoolbox update Apache for me.

IMHO, you don't know your butt from a mixed metaphor.

For one thing, these servers are not enabled by default ... there are very few avenues of attack in a default install and none of them lead to root.Every one of these servers have to be enabled by the administrator and you have to have at least a little on the ball to get them fired up and configured.

You're trolling. Say "Hi" to Bill for me.

Re:Which are more successful?

[kingkade]

and i've had running a win2k server/IIS 5.1, w/ nntp http smtp and ftp completely open as well with windows updates every 10 days or so for 1 and a half times as long as what you said with not one successful attack.
IMHO: it's 90% the admins fault for a rooted server.

Re:Which are more successful?

If it aint in the box, it aint a default install.

I don't know about SuSE, but I don't think Mandrake installs and initializes Apache by default.

"Default" means just that ... "default".

According to my httpd logs, Nimda and Code Red are still thriving. In fact, they constitute the great majority of the hits on my server. It's been over a year since the patch was released, when are you folks (Windows users) going to get your systems patched?

Re:Which are more successful?

[Citizen+of+Earth]

If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.

Also if current trends continue, the number of transistors in a microprocessor will exceed the number of subatomic particles in the universe in 360 years.

Re:Which are more successful?

[Moonshadow]

I hear that something called the "ping" attack is pretty common on Linux servers. Evil hackers, always pinging those Linux boxes! What's even worse is that Linux servers are vulnerable to it! You can even find out if a certain machine is online!

Sounds pretty dangerous to me. I mean, with all those Linux-based webservers, the entire internet is vulnerable! Something has to be done about it!

Re:Which are more successful?

[geneticAlg]

Linux's rise in share as a corporate server may have something to do with it's increase in attacks. Who wants to infiltrate someone's personal p0rn collection?

Re:Which are more successful?

[If something does't seem completely logical or contradictory somewhere, like MS being on the same level with RedHat in one place and with Sun in another, that's probably because I'm merging things I found in two different articles that were written almost half a year apart]

You could look at it this way: for the past couple of years, the number of vulnerabilities discovered in WinNT and 2000 combined has been at approximately the same level as that for RedHat linux alone, and at about 50% of all linux distros combined. The absolute leader in the vulnerability top 100 is Mandrake, with M$ sharing the 4th position with Sun.
It's not because headlines don't cry out that the world is about to end everytime a hole is found in linux/solaris/unix, that none are found.

Only this year, and that's because MS expressly started searching for them, the number of vulnerabilities found in Win2000 is rising - above RedHat, but (at the time of the article I can't find anymore - see below) it still looked like it wouldn't surpass all of linux combined.

So where do you think attacks would me more successful?

Source: "here or here, "Windows more secure than Linux?"

I thought I saw another article last Friday with more recent figures (including the first months of 2002) and saying that this ratio, except for the peak in 2002, has been constant for a couple of years, but I can't find the blasted thing anymore.

Also interesting is this page where a number of people explain their ideas about win/lin security. I suppose most /. nerds are going to call it biased because linux doesn't exactly come out good.

Some people reacted to the first article that comparing a single OS to all flavors of linux combined isn't honest, but (1) NT and 2000 aren't a single OS any more than linux is and they represent a larger installed system base, (2) even in the case of a few individual linux distro's MS still wins, and (3) neither is combining all the good sides of different linux flavors, or comparing the holes in an OS plus those in all its apps to just an OS alone, and all of these are daily habits in linux advocacy if it fits the linux side.

Re:Which are more successful?

Look at it a little less biased.

If the linux community does it, it's called information. If MS does it, it's called FUD.

Has been that way for years, and I don't think it will change anytime soon.

Re:Which are more successful?

I get at least one of those per week, and my machine is up only for a few hours a day.

After I added a response that says "Your IP was logged" to such attempts, the morons started trying even harder: now they were getting a success return code, but not even looking at the results.
They started sending commands like 'tftp get <file>' with their own IP inside (not even a password), and then trying to execute the downloaded program (which wasn't there of course).

I'm not watching all the time and I didn't set any alarms, but I'm thinking about adding one and ftp-ing a bit myself the next time I catch one.

Re:Which are more successful?

[libertarian]

Um, no. When there are "less than 1" servers left.. (2% of 2 servers is .04 servers) Without a whole server you're not doing much.

Of course this is all purely hypothetical.

Re:Which are more successful?

[libertarian]

"Turn off all services except ssh."

Yeah, that's really a usefull system. Granted, we are talking about novice users, but suppose they *want* to share files, etc? What do they do then?

Re:Which are more successful?

[ClosedSource]

Perhaps. Sometimes patches have to be made after installation. For example, in Windows NT 4 if you install Service Pack 6 and then install networking, you must reinstall Service Pack 6 to correct problems with the default installation of networking. I don't know if Windows 2000 and IIS work like that, but it wouldn't surprise me.

The Difference...

[Jester998]

Yeah, but the difference between attack counts between Linux and Windows are how many of those attacks are successful...

- Jester

Re:The Difference...

[PacoTaco]

The real difference is that up until recently you were more likely to get fake Natalie Portman porn breaking into a Linux box than anything useful. :)

Re:The Difference...

[Jester998]

Yup... but now that major animation houses are using Linux, breaking into a Linux box now yields more realistic Natalie Portman porn than before... :)

Re:The Difference...

[ImaLamer]

Well there isn't stats for those Windows machines which had their log files deleted before intruders left.

Scriptkidiots

Are scriptkidiots lookig for real chalenges? (=

Re:Scriptkidiots

Are scriptkidiots lookig for real chalenges? (=

No, that would be "getting laid".

Re:Scriptkidiots

LO F***ing L!!!

Re:Scriptkidiots

[glwtta]

oh yeah, when are the debian packages coming out for that?

Is this sentient attacks, or attacks in general?

[neuroticia]

Is this including all the viruses, script kiddies, etc. etc. that tend to fill up logs?

If it's only sentient attacks, then it makes sense. Windows isn't a challenge, Linux is.

Otherwise, I beg to difer. There are countless sites out there dedicated to shameless display of nimda/code red, and script-kiddie attacks in their logs.

-Sara

And yet...

the attacks on amiga boxen where at record lows

But one point to this...

[IronTek]

Is that Linux has grown in popularity over the past year, taking even more market share away from windows... ...do you think the script kiddies have any idea what OS the server they're "attacking" is running?!

And, as someone already pointed out...who had more successful attacks...Windows, I'm sure...

Re:But one point to this...

[Master+Bait]

Right. I'll go out on a long limb here and claim that the mi2g 'study' was financed by an unnamed corporate monopoly.

Re:But one point to this...

[taniwha]

It may also mean that many of the really interesting systems are running linux rather than windows - defacing a govt web server may be more interesting than hitting Joe Schmo's windows box

Re:But one point to this...

You have got to be sore from jerking each other off like this. Listen carefully --

Linux. Is. Inconsequential.

I understand who I am dealing with here, but these black helicopter theories are getting ridiculous, even for you malcontents.

Re:But one point to this...

[ealar+dlanvuli]

I wouldn't find it hard to believe MS paid for this press release, it's certainly a very easy logic jump to make.

Re:But one point to this...

Thank you Mr. Gates for pointing this out. ...just because you say it, doesn't make it true, and it beats what you jerk off to...

Re:But one point to this...

[stevey]

do you think the script kiddies have any idea what OS the server they're "attacking" is running?!

They clearly don't - I get many automated IIS exploits against my public facing box.

If it were me doing the cracking I'd first fingerprint the machine so I could narrow down attacks that were sensible and only apply those. (eg. Unix -> ssh exploit, Solaris rpc.statd exploit, windows IIS/SQL exploit).

Clearly either the script kiddies are clueless - or, worse, are actually exploiting so many machines clandestinely that they don't need to worry about wasted failed attempts..

Re:But one point to this...

Ah, but defacing a large commercial site running IIS is more interesting than Jack Hacker's lame apache daemon that shares out pictures of his pooch and his contributions to Fetch'doggie'mail or whatever other lameware.

Re:But one point to this...

[0x0d0a]

Linux. Is. Inconsequential.

Not in the server market, it isn't.

And MS isn't worried about going out of business. If there's a viable alternative to their product, they have *much* less leverage to squeeze companies. So even a few percent of marketshare hurts, and Linux has a good chunk of the server market.

OTOH, while I'm sure there are folks at MS responsible for dealing with desktop threats from Linux, countering desktop Linux can't possibly be a priority at the minute.

Re:But one point to this...

[kadehje]

Right. I'll go out on a long limb here and claim that the mi2g 'study' was financed by an unnamed corporate monopoly.

Why on earth would my electric company care whether I was running a Linux box or a Windows box? Unless someone manages to root a box and cut its power, they should be happy regardless of which OS I'm running. Of course, they have told me they'd rather have me hack my hair drier that draws 10 amps and use it as a file server; they claim one of those has never been OwN3d by a script kiddie before.

Re:But one point to this...

One thing all you linux kids need to understand is that MS doesnt just sell an OS. I work in corporate IT, and I love MS for many reasons.

1. If something gets fuxor'd you can search the knowledge base, instead of having to post to a linux forum and hope some 15 year old who had that problem before happens to read your message.

2. You can always call MS. Sure, you can pay for support from Red Hat too, but I still think #1 is one of the most compelling reasons.

3. Diversity- everyone writes software for MS. Also, businesses generally need to run specialized apps made for a specific reason; are you going to tell the VP of Accounting that you wont run a network app he needs because you refuse to have MS servers on the network? Good luck in your job search.

4. Lower TCO, Lower support. Im one of the few people in my company that can fix the big problems. We *hopefully* will be hiring a sys engineer (I generally try to be the network engineer when I have time, haha), but I think it would take ten times as long to find a GOOD person who know linux, and they would probably end up taking an offer from someone who could afford to pay more anyway.
The cost of support staff figures into TCO as well, even if the OS *is* free. Free beer is good for home, but bad for business.

Overall, the only thing I see linux doing that could be of any potential value to me is network services. Having one linux box that will do FTP, DNS, DHCP, and maybe logon authentication with Samba would be a big help.

But overall it doesnt seem worth the hassle. I was reading up on Linux for a while (after working with MS for so many years its like learning another language), but our long-term goals include Active Directory.

So I put the linux book aside and picked up the AD book; its ultimately a better use of resources (my time) building on what I know than trying to do something different that has a small payoff.

Re:But one point to this...

Overpaying for OS/soft/support to underpay employees is a funny business model. I say, go for it! ;-)

Re:But one point to this...

Having been the sysadmin in heterogeneous environments I must say that keeping Win2k systems alive and functioning took far more of my time than anything else on the network. This includes HP/UX, Novell, SCO, Linux, and BSD systems. Even though I detest the first three OSes, they at least had the decency to maintain a respectable uptime all while consuming far fewer hardware resources than the Win2k servers. The first three were all legacy systems, and truthfully, we ignored them except for the most part. Windows on the other hand is a chore, and an incredibly poorly documented one at that.

I will resist the impulse to go through your list of grievances and simply say this: MS support is the worst in the industry. It is pricey, it is only needed because anything remotely technical is undocumented, and you are likely speaking with a script reading idiot when you do call them. If you want to see support done right, try HP, Cisco, or Sun. Then you will be speaking with an engineer for anything other than trivial problems. As for Linux / BSD support, you will often be speaking with the person who coded the program! Do yourself a favor and get out of IT. You sound like someone who needs their hand held when making decisions.

Re:But one point to this...

Just one +1 funny to start with... and you would have gotten up to +5.

Yay!!

[SEWilco]

We're Number One! We're Number One! We're Num... oh. Never mind.

Re:Yay!!

[SEWilco]

(Yes, I intentionally phrased it so it is ambiguous whether it resembles a celebration of MS-Windows' long leadership, or of recent attempts directed at Linux)

How many from Redmond?

[www.sorehands.com]

I wonder how many of these attacks come from Redmond or from Microsoft employees?

The real question to ask is, "how many of these attacks are successful as compare to attacks on Windows?"

Re:How many from Redmond?

[Anonymous+Cowtard]

Probably significantly less than attacks from Linux users against Microsoft. Of course, maturity isn't expected from either camp on this front.

Re:How many from Redmond?

Oh, good grief, get a grip. I have 3 friends that work at MS. Two are software engineers, one is a test engineer. Both of the developers have Linux boxen at home because they really freaking like the OS and it's a fun break to code and configure a Unix-like system. They tell me they have many coworkers who see it the same way. MS pays their bills and Linux is their hobby because they're smart nerds. It's not perfect, but it's better than them going home brainwashed and only eating their own dogfood.

Microsoft is not nearly as "one-mind" and Borg-like as many would like to believe. That makes it harder to spread your flavour of hatred. Hate the company's practices, sure. But don't believe that the majority of people there really give a fsck enough to care one way or the other. It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.

Re:How many from Redmond?

Lets see-

Microsoft employees are highly paid, highly educated professionals that probably couldn't care less about Linux.

Linux coders work for days without a shower in dimly lit rooms fueled only by caffeine and their hatred of Microsoft.

Who is more likely to write an attack???

Re:How many from Redmond?

[kasparov]

YHBT. YHL. HAND.

Re:How many from Redmond?

YHBT

you and your whole community can keep doing what they do best and turn your back on surfacing issues... nice game plan...

i got one for ya

IITIGA

ignore it till it goes away

Re:How many from Redmond?

[jejones]

MS could buy BIGNUM hackers and put them to work finding security holes in Linux and BSD using a trivial percentage of their petty cash. MS has done things with the intent of breaking other software in the past (e.g. the bogus warning when Windows 3.1 ran atop something other than MS-DOS, the calls in win32s.dll that ask for RAM intentionally out of range for virtual DOS sessions under OS/2, "DOS isn't done until Lotus won't run"). It's not a matter of hatred; it's a matter of MS SOP.

Re:How many from Redmond?

[lynmax]

MS did port IE 5.01 to HP-UX and Solaris, including MediaPlayer (true that they don't issue security updates as frequently for Windows, ie, don't hold your breath waiting for updates). I put in a request to MS to port IE to Linux. I prefer IE over Netscape (fewer crashes on Windows, Solaris). On Linux, Netscape crashes too much for me. IE is my preferred browser on my SPARCStation at home, now if I just had IE for Linux, I would be a happy camper.

Re:How many from Redmond?

Granted, Microsoft employees may like Linux just fine, but Microsoft management surely doesn't. So all management has to do is tell a small group to write a bunch of attack scripts, set 'em going, and then reap the propaganda benefits of how Linux gets attacked more than Windows.

Re:How many from Redmond?

It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.

;-) It's only a job. Even the concentration camp guardians were only following orders...

Re:How many from Redmond?

wans't there a rumor that in effect claimed that Microsoft employees were prohibited from working on GPL projects?

Re:How many from Redmond?

[0x0d0a]

Really? I know one person that works at Microsoft, and he runs Linux as well. As a matter of fact, he keeps a Tux in his cubicle.

Are there actually any coders that *like* Windows at MS?

Re:How many from Redmond?

I have several friends who work for MS as well. One of them (the guy who introduced me to linux back in '92) was hired by MS to join a team that is trying to figure out how to stop Linux. When he went there, he was only interested in earning good money (I know that he turned it down at 150K/yearly and said that he would not do it for less than 200k). I have not talked to him since about 2 months after he started (it sux, but that is simply life). Do I think that MS is simply about nice manners. no way. He told me some of what they were up to. He was surprised how important Linux is to MS. MS borrows the tricks from old IBM and improvs on them. Is everybody involved? you have to be kidding. This is a very large company. Normally for the dirty tricks department, they hire just a small group of ppl and pay them well to keep quiet. Everybody else is just a grunt in game of life.

Re:How many from Redmond?

[hansroy]

With the advent of Opera 6.0, MS trolls have begun appearing en masse on the Opera ng's. Some think its a sign that Opera is competing well enough for MS to send its minions. There are even rumors that MS pays people to troll the ng's. Supposedly this was admitted by some of the trollers. See Rex Ballard for more info.

Re:How many from Redmond?

There are no cubicles @ Microsoft. Everyone has an office.

Re:How many from Redmond?

[GigsVT]

It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.

Yeah, the Nazi party employed a lot of people too. They were just doing their job.

Go ahead, invoke Godwin's law, you know I'm right.

Re:How many from Redmond?

[atolicus]

how can you compare concentration camps to microsoft?

Re:How many from Redmond?

[atolicus]

how can you even compare the two?

Re:How many from Redmond?

[GigsVT]

how can you even compare the two?

Havn't you seen the movie Antitrust? It's a very good documentary.

Re:How many from Redmond?

Thank you, Bill, for that fine comment!

Showing your boys how to troll?

Re:How many from Redmond?

You didn't mention mozilla.

Re:How many from Redmond?

wow, you're truly a tasteless little shit...

Re:How many from Redmond?

And your friends are criminals, supporting a criminal overlord. A pity the DoJ is too pathetic to do anything about their own verdict.

Man, I love that shit. "Waah, I have to work there, it's just a job, I have a family, waah."

Yeah, if you can't get a job anywhere but Microsoft, maybe you shouldn't be touching a computer.

I agree with the fact that MS isn't Borg-like. It's more like the Dominion. Everyone thinks they're an individual, and everyone thinks they're cool, whispering how much that they don't like it in the hallways. Yet they won't dare grumble in front of the Founder, or dare to leave.

Re:How many from Redmond?

[Malcontent]

They are both evil? Maybe MS is not as evil but they are evil nevertheless.

Re:How many from Redmond?

[Malcontent]

I'll take this on.

Hitler was a very evil man. He did not like jews, gypsies or anybody who was not white and as a result rounded up millions of them and killed them. This was an attack on a specific subset of human beings and is rightfully regarded as one of the all time lows in human behaviour.

MS is attempting to do something I submit is just as bad. Let me explain.

What separates us from the animals is the ability to communicate and pass knowledge from one human being to another. We have combined this with persistent methods of communication such as writing. MS is seeking to control and limit how we communicate with each other. They are on the forefront of finding ways to limit and to charge for that communication. By attacking our right to freely exchange information, by partnering up with powerful organizations with the same aim, and by bribing politicians to back them up MS is attacking what it means to be a human being.

Sure they are not killing a specific subset of people but they are attacking humanity as a whole. Less damage done to more people. Somewhere in there some sort of equavalence gets reached.

Re:How many from Redmond?

[Malcontent]

Sorry Just a job does not cut it. Every single person who works for MS is at least partially responsible for everything evil MS does. Just like loggers are responsible for the clearcuts.

Re:How many from Redmond?

[andcal]

Instead of using analogies that you don't really know anything about, why don't you try just explaining yourself rationally?

Thanks to thinking like yours, there has been a 75-percent fall-off in logging over the past 18 or so years. You might think this is good, but this has helped boost the density of America's forests to about 700 trees-per-acre, versus about 70 in 1900. In fact the last president ignored the General Accounting Office's August 1999 prediction that "it is only a matter of time before catastrophic wildfires become widespread."

Clear-cutting is not a good practice, but just like how clear-cutting definitely not the forest's greatest problem right now, Joe Blow's biggest problem in life isn't whether or not the company he works for might be acting like a corporation or not. In fact, like MSFT employees more after your comment, just because I won't subscribe to the sheep mentality that seems to prevade the OS community that technological choices are paramount to religious choices. But I guess it's just not ok to hate someone because they are (insert least favorite religion here), so the human mind needs to replace that natural bigotry with something else. Let's get them damn "corporatites" and run them out of town!

It just floors me how many "enlightened" people don't realize how they are just like the billions of human beings who came before them, with just as many warts & prejudices, only they just hate different groups of people, so they think it's alright to hate & pre-judge individual people just because of their ill-conceived idea of how the universe operates.

Try studying history thoroghly for a while. You may end up hating the same people, but at least then you won't be under the odd impression that it's because you are inherently good, and they are all inherently bad

And no, I have nothing to do with forestry at all, I just recognized negative propaganda when I saw it, and took about 10 seconds to find some numbers to show that what you were saying is fluff

Re:How many from Redmond?

So by this logic, all the people who worked for Enron and lost their retirement savings are also "at least partially responsible" for the evil that the executives of the company did?

Re:How many from Redmond?

Most definitely not interesting.
Most certainly offensive.

Re:How many from Redmond?

[Malcontent]

Fist of all it was not really an analogy. I was answering an anology by replying to both parts of the previous post. Please learn to read.

"has helped boost the density of America's forests to about 700 trees-per-acre, versus about 70 in 1900."

And this is a bad thing? The forest density levels are still not where they were "pre white man" and will never get back there. During the settling of north east the land was razed pretty good and thanks to the efforts of the environmentalists (not the loggers mind you) we have replanted a lot of those forests. Of course the nature of the forest has changed. The trees are monocultured and planted in neat and straight rows which adds a un-natural feel to them but at least they are trees and not a parking lot.

As for the wild fires so what? fires have gone on for billions of years and will go on for a billion more. We should let the forests burn it's good for them. Decades of fire surpression has harmed the forests just as bad as clearcutting has. Please go do some research for gods sake. When you are doing your research you may want to consider sources other then Rush Limbaugh of the cato institute or other republican/big business lapdogs. Fires are good. If you are afraid of fires live in the city. If you build a house in the forest then expect your house to burn, your dogs to get attacked by wild animals etc. Take some god damned personal responsibilty for your idiotic decisions.

"Joe Blow's biggest problem in life isn't whether or not the company he works for might be acting like a corporation or not. In fact, like MSFT employees more after your comment,"

Well duh you moron. Did I say MSFT employees didn't have bigger problems? Like I said learn to read you retard. Of course they have bigger problems but that does not negate their complicity in the evil acts done by their bosses. They knowing work for an evil company and are contributing to the bottom line of that company. They are morally culpable. On the other hand I doubt any of them are lining up to give you kisses or money because you like them so much.

"took about 10 seconds to find some numbers to show that what you were saying is fluff "

Ah yes now I know why you are so ignorant. You think 10 seconds of research is enough to understand the complexities of forest ecosystems.

Re:How many from Redmond?

[Malcontent]

Of course they were.

This is a fine example...

[Latent+IT]

Of how the phrase "and if this trend continues" can pretty much turn otherwise useful statistics into a big mess.

You know, watching a puppy grow, you could say, "And if this trend continues, this will soon be a super-dog the size of Godzilla, and will devour Tokyo."

Funny, that never seems to happen.

Re:This is a fine example...

[Latent+IT]

Damn. And I was going for funny. *shrug* ;p

Re:This is a fine example...

[Myco]

Specious, as you well know. The whole purpose of statistics is extrapolation. Statistics can be used to deceive, but that doesn't change the fact that they do provide good information about probable future trends when properly interpreted.

On another note, your post totally reminds me of that time on the Simpsons when Disco Stu was talking about Disco sales rising in such-and-such years in the 70's. He says "If this trend continues... heeeeyyyy!"

Re:This is a fine example...

[majcher]

My favorite example like this is as follows:

"When Elvis Presley died in 1977 there were 37 Elvis impersonators in the world. Today there are 48,000. If the current trend continues, by the year 2010, one out of every three people in the world will be an Elvis impersonator."

Re:This is a fine example...

[portnoy]

Indeed. And Thankyou. Thankyouverymuch.

Re:This is a fine example...

[rw2]

Yeah, I remember in '96 the popular one was to say that, at the then current adoption rates, every man, woman and child in the US would be a java programmer by 2010.

Re:This is a fine example...

[cybercuzco]

They had something like this on the daily show a while back. They had some nutritionist on saying that cookie monster was making children fat. At the end of the sketch, the reporter was talking to john stewart and said " Since cookie monster came on the air in 1968, ive gained 120 lbs, if this trend continumes, by the time i reach 100, ill weigh 460 lbs!" And john stewart said, "but you were 3 years old in 1968" and the reporter said, "so?"

Not detected

[BinBoy]

The research found that Linux systems in the firing line typically deployed open source third-party applications, certain versions of which contained well known vulnerabilities which are not being patched fast enough and are continuously exploited by hackers.

A lot of people have complained about patches not being included in the kernel fast enough but it seems app patches are slowing down as well. What's going on? Maybe this is affected by school schedules.

How to fill your hard drive with music, movies and pictures while you sleep.

Re:Not detected

[heby]

not the app patches are too slow, the users / sysadmins are. it's probably mainly an attitude problem - "i'm running linux, linux is secure"; yeah right. and it could be so simple: an entry for security.debian.org in /etc/apt/sources.list and regular apt-get update; apt-get upgrade certainly protects me from "well known" vulnerabilities. even if it sometimes takes a couple of days for the new versions to show up after the vulnerability was published they're normally there before exploits get widely available. other than that: run the services you need and not even one more.

the price of IT security is eternal vigilance.

Only makes sense....

[kyoko21]

It only make sense that most attacks are Linux type systems. Linux is more becoming the staple of the home router/firewall. When you have a community of users (linux and windows), most people would honestly say that would have a Linux or *nix type system up in the front line than a Windows box. With the number of homenetworking becoming more complex, it would only see the number of Linux attacks in crease because a good number of computer users are hiding their Windows boxes behind Linux firewalls. :-)

If anything, it just goes to show you that Microsoft is just hiding behind a clout of Linux warriors doing all the dirty work :-) Way to go GNU/Linux.

Re:Only makes sense....

[rikkards]

I was thinking (course this is optimistic) that maybe, just maybe, some of these Windows users have actually learned from reading articles about security or talking to people and are using software (Zonealarm, Winroute, etc.) or hardware (Linksys Routers, etc) firewalls.

Like I said it may be optimistic.

Re:Only makes sense....

[rikkards]

Forgot to mention I would like to see who sponsored this study though.

Re:Only makes sense....

Oh yea. EVERYONE at the local computer super stores are just chomping at the bit for LINUX firewalls.

Linux is becoming the staple of the home router/firewall?

hehehe

Re:Only makes sense....

"Linux is more becoming the staple of the home router/firewall."

Ha! Maybe amongst /.ers and other geeks, but no, you're quite mistaken. Most SOHO systems I've seen are M$ and M$ only, with little or no serious firewalling.

Re:Only makes sense....

I'm running a linux box behind a windows firewall.

Why? Because there are too many linux nerds out there who know much more about linux and ways to get in than I do, compared to the general stupidity of the windoze hackers who basically amuse themselves trying to get in through holes that were closed a year ago.

In 6 months Windows will release a exploit scanner

for Linux that will install an EULA daemon to keep an eye on those pesty root kits like vmlinuz, passwd, shadow, and glibc.

The main reason

[unixmaster]

The main reason is imho the apache hole which has an ready avaliable exploit for OpenBSD systems and OpenSSH root exploit which has a ready made exploit too . Both exploits are mailled to vuln-dev mailing list of securityfocus.com by GOBBLES security group. So kids have two interesting programs in their hands so what do you think they do ?

Re:The main reason

Correction. The hole was with FreeBSD systems. Get your facts straight.

Re:The main reason

[unixmaster]

What ya talking about ? Apache hole affected all systems but Gobbles security only released *BSD exploit.

Firewalls

[zaffir]

My firewall blocks at least 30 LAND attacks every day. Are they counting these as attacks on my firewall, or, since they're Windows vulerabilities, are they counted as attacks on Windows?

The reason

Windows boxen pose no challenge anymore... skript kiddies want to skite, we all know there mentalities. Defacing a Windows http server is so yesterday's-news nowadays that it doesn't give a hax0r any 31331-cred anymore. Tough boxes like Linux, *BSD, especially OpenBSD are what give script kiddies maj0r hax0r kudos now.

Where the hell do they get these numbers?

[nagora]

Our firewall in the office gets four or five sniffs a day from script kiddies so, unless we're a special target, these numbers are orders of magnitude too low.

TWW

Re:Where the hell do they get these numbers?

[jd142]

Right. There are a lot of flaws with this article, starting with the numbers. First of all, they don't define what they consider an "attack" to be. That's a big gaping hole you could drive a truck through (note lack of a link here).

They also don't define what constitutes a "box" in this context. Even if it were servers only, the numbers are incredibly low. My little development web server got several thousand code red attacks last fall. Luckily, I was running Apache on Linux, so all it did was fill up my logs.

If they are talking about pure number of attacks, as they appear to be, this is actually pretty good news. Apache webservers outnumber IIS webservers approximately 2 to 1 according to Netcraft (and by the way, has anyone noticed that Apache has been gaining the past couple of months). Assuming on a small percentage of people run Apache on Windows, we could assume that the attacks on Linux servers should be twice that of attacks on Windows servers, but the numbers are not that far apart.

So this article appears to be pretty fluff piece with no real meaning. Like most news stories.

Re:Where the hell do they get these numbers?

[antirename]

The numbers only make sense if 1) they're a benchmark of attacks on their own machines or certain selected machines or 2) if they're looking at web defacements. If these are defacements or defacement attempts, the numbers sound about right. However, with Attrition out of the tracking business, I would have to wonder where they got the data. Alldas is up and down like a yo-yo lately.

Re:Where the hell do they get these numbers?

I agree with you. I leave my home linux box 24/7 exposed to the net. I watch all the attacks (via logs) that occur. I find it funnny the number of Window attacks against my box. Most likely automated, but still from what I see, it would be about 10 windows to 1 linux.

Does this include handhelds?

[sheldon]

Security hole discovered in Linux handheld

Re:Does this include handhelds?

[caca_phony]

I guess it is time to upgrade my unfirewalled zaurus server ;P

maybe...

[ranger8x]

the script kiddies are growing up and looking for more of a challenge? they know there are a ton of holes in Windows based systems. maybe getting into a linux system makes them feel more l33t. just a thought.

(obvious)

For the record, these are security attacks, not verbal/slanderous from PR types or the media, right?

Yea, and about CodeRed?

[clump]

Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.

Re:Yea, and about CodeRed?

[BlueUnderwear]

Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*.

This makes me wonder even more about those statistics. Many people already have noticed that the stat only talks about attacks, not successful attacks. But it doesn't even speak about properly targeted attacks either... Could it be that our statistician apprentices were counting those Code Red probes as attacks against Linux if they happened to show up in a Linux boxes logs? Even if these "attacks" have no chance of succeeding against such target?

Re:Yea, and about CodeRed?

Let me tell you something; you're lucky. I don't even advertise my domain. Guess what? I asked a friend to visit a hosted page, and when I looked in my access logs.. well, SECONDS after he got the page I told him to visit.. roughly 8 code red attacks attempted on my Apache server.
LOL!

Re:Yea, and about CodeRed?

[Our+Man+In+Redmond]

Only ten? Man, can I switch to your ISP?

Re:Yea, and about CodeRed?

[Ironfist_ironmined]

man you have underhanded friends...

Re:Yea, and about CodeRed?

Did anyone read the "our values" page on mi2g, where this report comes from, it goes something like
"... We are committed to the Creation and Protection of online wealth..."

If thats the case, putting out a report that discredits a "free" OS would seem to be in line with their value system.

Re:Yea, and about CodeRed?

[Nishi-no-wan]

I hear you on this one. My logs report 4-8 per day on average, with about 3 Nimda attaks per week. Due to the amount of time and effor I put into notifying attacking ISPs on the same A, B, and C IP blocks, this number is probably lower than some. I'm also seeing an increase in scans trying to execute "/cmd.exe?/c+dir". (I'm not sure if I should report them or not.)

Of course, while these attacks are geared toward M$, they are attacking my *BSD machine. Perhaps due to so many Linux and/or *BSD machines reporting attacks to DShild and others, all of these M$ attacks are being counted against the non-M$ community.

I had three attacks after Goobles released the Apache exploit. (Well, actually one attack and two scans of my "powered by" page since I had upgraded after the first attack.)

I used to get quite a few SSH attempts, but since blocking most CN domains at the firewall after them (and sadmind worm attempts), they've pretty much disappeared.

The second most prevelant "attack" to CodeRed is formmail.pl scans. When is AOL going to put a sting on the collector at f2@aol.com?

Aftermath of a hack attempt

On Windows... My machine is dead... Must have been another Windows crash... I'll reinstall (again)

On Linux...Hmm.... someone has been trying to attack ...(etc)

Or from another point of view

[digitalsushi]

From my point of view.. "so?" Theres tons of Linux vendors. If we dont fall in love with one and get all biased, then we can just assume that the better ones will float to the top over time. (That regarding that people would actually stop buying an OS cause its insecure). People get all religious over this stuff, and to some end it is kind of fun, trying to advocate this little OS towards your friends and such... but in the end, isn't it really a matter of us having the advantage of all the time in the world? What magic event is going to occur that will stop linux dead in its tracks? I guess "chill out" is a bad retortion to an article I didnt read, but, oh well :)

What kind of attacks?

[unixfd0]

I bet if they added in infected servers looking for other servers...the numbers would be quite different.

Attacks on Windows machines falling off?

Yeah, right.. tell that to my httpd error_log and its thousands of recent lines of logged attempts to infect my Power Macintosh with the Code Red or Nimbda worms.

Where's the analysis of where these numbers came from? Maybe attacks on linux are going up because linux's market share is increasing. (I mean, probably not, but if you don't analyze the numbers you don't *know*.) What's our sample space here? I couldn't even clearly figure out from the article what blocks of time they were looking at. Was the ENTIRE study based on those 200 or so government servers they mention?

If you compare the block of three months during which the Code Red and Nimbda crises were taking place to the last block of three months, where we had new exploits in both apache and openssh, of COURSE you're going to see windows attacks going down and linux attacks going up-- and that doesn't show anything except that in your first sample space of time you had a MAJOR worm crisis going on in the windows area due to a widespread unpatched hole, meaning windows attacks just soared for a month or so, but in your second time sampling this crisis had died down and been fixed a bit, so overall attacks will be much lower. Meanwhile in the last little block of time you'll see a flurry of linux attacks you didn't see last year because at this moment we have a couple of newly discovered linux holes, and the crackers are rushing to exploit them before everyone is patched.

I'm not saying the above is what this study did, but something funny seems to be going on-- they seem to be implying from the article that they compared the first half of this year to all of last year, but i couldn't work it out. What the hell does "dropped by 20% from last year" mean?

I am unconvinced there is any merit to this study at all.

Re:Well...

Its short-sighted thinking like this that gets attacks on the rise. Remeber the OpenSSH input vulnerability? Well guess what, it trashed OpenBSD's default install 'root hole' record. Think FreeBSD is more secure? I would like to know what your smoking.

In case you don't know, no matter how 'secure' an OS is, it will be cracked if the admin doesn't pay attention to it.

Where do they get these figures,

and what counts as an "attack"?

I know that I put up an http server on my dialup (as I've tried before today) and have it come under attack from someone in Korea (the bane of my ISP for several years now) every half hour. This attack doesn't enter into their figures, goes unrecorded, yet they quote numbers down to the 1s column?

I wouldn't be at all surprised

[PHAEDRU5]

to find that Micro$oft marketing is behind this.

Re:I wouldn't be at all surprised

"to find that Micro$oft marketing is behind this."

I agree... M$ could be setting up old unpatched linux servers just to ofset the stats.

All I'm saying is I wouldn't put it past them.

Re:I wouldn't be at all surprised

I wouldn't be surpised if stats are being manipulated (i.e., as others have noted, leave out mention of severity,scope, and effectivenes) in order make for a nice headline.

"Pope Regularly Manipulates Penis" (no mention that objective is just to piss).

"Windows Less Secure than Linux" (yawn, no story there)

quality of the "attack"

[hedley]

Someone doing a portscan at a linux box with ipchains/ipfw does nothing more that add a text line to a logfile. This in my mind is not an attack. Firstly the attacker is using a master key that is 99% windows oriented, how many SubSeven attacks (27374) actually give back an "i'm listening" response when the target is linux? Does that scan qualify as an attack? I suppose the storage for that 90char log is my burden in the attack. With HD's in the 1$/GB region I can handle a few "attacks". I keep thinking of the Pink Panther and Cato attacking Clouseau. A bumbling fiasco each time it happened. I think there are thousands of Cato's out there waiting to "attack" my machine but I see and expect the same slapstick style attack that yields absolutely no fruit whist they move on to unpatched IIS 3.0 machines where there really is something for them to attack.

It's like someone in a dingy shooting an air rifle at a battleship. Does nothing but amuse/annoy the crew of the ship.

I don't care.

[undeg+chwech]

I don't really care about the number of attacks (unless it escalates to DOS), it's the number of successful attacks that is important.

And since Linux is much more heterogenous than Windows, a "linux" attack directed at me is less likely to succeed since it is less likely I have the exact hole that is being exploited.

Re:I don't care.

[betatron]

In the case of Code Red, the number of attempted attacks should be proportional to the number of sucessful attacks (compromised hosts), but I suppose that's not the point.

Propaganda

[dh003i]

Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.

Here's some critical questions of this study:

1. How was this data taken? What was the sampling method? What was considered an attack?

2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.

3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.

4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"

5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.

6. What is being done about the problems?

Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.

What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.

Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.

Re:Propaganda

[TurdFurgeson]

Nice comeback!

Now that you got your agression out you can go help the community by writing some code or something.

Re:Propaganda

[dh003i]

Of course you do. It is bad news about linux. Just do what you do best; smear the numbers

Typical response of someone who's been blinded by propaganda. We know nothing about how this study was done, and little about the organization that did it, although they appear to be corporate (already a hint that they're unfairly biased).

Its only bad knews if you are shallow and don't consider anything beyond what was presented, as you have obviously done. Gee, there's twice as many attacks against Linux, that must be bad. That's like saying, "Gee, Allen Iverson shoots twice as much as anyone else, that must be good". Its not. The number of attempts are IRRELEVANT. The only thing that is relevant is the percentage of successes and the net number of successes.

Re:Propaganda

[dh003i]

Do you work for Red Hat? You certainly seemed very biased, most likey you are a major stockholder or executive of some Linux company. Why else would you spend so much time defending Linux?


What a crock of shit. I'm biased because I don't blindly believe that whatever is told to me is completely representative of the truth? I'm biased because I'm asking the important questions that are relevant to security, not just the superficial ones?

It seems more like your the one who's biased, as you've completely ignored the valid point I made: the number of attacks against a system is irrelevant. Its only the percentage of successes and total number of successes.

Re:Propaganda

[Coppit]

Dude. Can't you tell a troll news article when you see one?

Re:Propaganda

[Shant3030]

I agree with you views on this. A source of study has to be carefully scrutinized. A great example of this happened a few years back at my university (University at Albany).

Princeton Review, a college prep company that has SAT classes and provides college information and rankings, questioned students at various campuses as to what is the number one party school. They decided to come to Albany on the day of Kegs and Eggs (a rather large bar opens at 8am one Saturday morning and kids get drunk and pour beer all over each other.). They polled the drunked students as they were leaving the bar and naturally, they voted for U at Albany. This, however, is not the main contributing factor to Albany's dubious ranking... A few representitives of Princeton Review had come down to the campus and began soliciting Princeton Review prep classes for graduate exams (MCAT, LSAT, GMAT, etc). Well, the university, having an affiliation with Princeton Review's rival, Kaplan, kicked them off campus. It is a strong belief among administration, that we were given this ranking out of spite.

As with anything in the media, you must take information with a grain of salt and look deeper into the true meaning, sources and objectives of the survey, artiles, etc. It is our responsibilty to question companys or groups that put forth this information, because it could very well be jaded by propaganda.

Re:Propaganda

Ok, someone copy paste this and make /. editors look through this list and see if the "study" is worth us wasting our time reading before they post it.

This is 4th grade science class stuff. You know, the part where the teacher goes "Okay Bobby, and how did you discover this?"

Re:Propaganda

HAHAHHA

Yea, it's a funny name. :-)

Re:Propaganda

[mrowlands]

and nobody talks about the attacks that are undetected at all........

Re:Propaganda

[Prof.Phreak]

4. What kind of attacks were these?

People attacking Linux boxes with baseball bats?

Linux use is growing. More and more people move from Windows to Linux. Now, as soon as they realize that they can't get their sound, modem, scanner, or cd burner working, they take a baseball bat and attack the box.

Re:Propaganda

[Tony-A]

Do you work for Red Hat? You certainly seemed very biased, most likey you are a major stockholder or executive of some Linux company. Why else would you spend so much time defending Linux?
Hmmph. I'd guess that he's using one of the BSDs.
How do you count Code Red attacks on apache?

Re:Propaganda

[QuadGoatBoy]

Our LINUX webserver has had over 96,000 Nimda attacks since September 18th of last year, with peak days of about 4,000 attacks a day since we started logging. Of course, since we are not running Windows, we have never been infected by Nimda, but still, that is an enormous number of attacks. That I know of, we have yet to have an Apache attack, or any Linux-based, or Linux-intended attack, much less one that succeeded.

Nimda stats on our server

On a rather pathetic side note, I just set up a brand new webserver yesterday, and it has already received over 100 Windows-intended attacks. Again, since this new webserver runs Linux, my system was not compromised, but for a system online for less than 24 hours to get 100 Windows-intended attacks, that is incredible.

There are lies, damned lies...

[wrinkledshirt]

I'm not going to go so far as to say this article is FUD, but I've got some questions about the way they (as well as the mi2g article it's based upon) present their information.

1. Does an attack mean there's a successful exploit? Or is it just an attack?

2. Is the rise due to the fact that Linux is constantly becoming a more popular server OS, and there are more and more instances of Linux out there to attack?

3. Early on they talk about attacks against Linux, and later they talk about government sites "succumbing to attacks". Do these mean the same thing?

(C'mon, step right up and get yer +1 Informatives by answering these questions ;)

Re:There are lies, damned lies...

[antirename]

Most companies don't report security problems. Are they trying to suggest that 7000 companies told them, even anonymously, that "our security sucks so bad we got rooted by a 10 year old who found some exploit code"? I don't think so. Releasing data like this with no explanation is useless, unscientific, and likely to be FUD. Never trust anyone who could give you an explanation, but won't.

Makes sense -- more Linux systems than a year ago

[ciurana]

These statistics make sense. More and more people are adopting Linux now. There are two main drivers for this trend: People hear that Linux is better and organizations don't want to pay Microsoft's draconian licence fees.

The real question is whether these attacks are successful. Unfortunately, while the number of Linux servers is going up, so is the number of people who own or administer these systems and who aren't security-aware.

I think it's in the best interest of our community to assist the newbies when they have questions about setting up their systems, particularly when it comes to security. I've seen too many newbies laughed at in the IRC #security channels or the newsgroups. We should welcome them and try to help them; otherwise, The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.

There is no doubt that Linux is now a mainstream alternative. Remember, though, that the hard part is not to arrive, but to maintain a leadership position. That's the difference between the Rolling Stones and the one-hit wonders. In order to maintain our leadership, we should work together toward making the community aware of the pitfalls, and the distro vendors should probably come up with a policy of "all services closed" and forcing the users to open them, not the other way around. Other people will probably add better ideas to these suggestions.

The real measure is not whether the attacks are on the rise; it's the number of successful attacks that we should be concerned with.

Cheers!

E

Re:Well...

Why was he modded down? Another case of moderation gone awry...

Only attacks that are noticed can be recorded

[robolemon]

How many Windows attacks go unreported and unnoticed? All this can show really is that Linux attacks are increasingly easier to notice and report, while Windows attacks either are actually lower or (more likely) go unnoticed and perhaps even persist over a long time.

Re:Only attacks that are noticed can be recorded

[superdk]

I work for a CLEC (phone company) that provides T1s data and voice. Most of the time we provide a router and manage it ourselves. You would not believe how many admins/IT departments don't know that their windows boxes have been compromised. Someone says their internet is slow, a ticket comes to my group, we look at the traffic going across the router and sure enough, some box inside the network is scanning subnets on a specific TCP or UDP port.

we've got the webserver worms scanning on port 80...
then there's a nice SQL hack out there that scans on 1433
there's a netbios hack which scans 139
and there are a few other obscure hacks for some other servces which aren't used too much

in the last year of doing this job, i saw one guy with a linux box and an old, unpatched version of Bind. his box was scanning on port 53 of course.

why do i see so many windows boxes that are hacked/infected? mainly because most people don't know to use anything else!! beyond that they don't manage the boxes like they should (patches, updates...) and on top of that, they don't know when it's been compromised. poor management and lax security practices cause a BIG part of the problem. the correlation most people make is "windows = poor security" when they should be saying "admin-who-doesn't-understand-anything-but-point-a nd-click = poor security"

now i'm not a windows advocate, but for crying out loud, if a windows admin keeps up with patches and updates and keeps logs and does all the right stuff, he'll most likely be ok. on the other hand, if a linux admin installs the box and leaves it hanging out on the internet, he's going to have problems.

Re:Only attacks that are noticed can be recorded

[LucoZade]

Rubbish! What do you think r00tkits are for?

The majority of Linux servers that are compromised belong to admins that are too incompetent^Winexperienced to detect a decent rootkit.

Of course...

[linefeed0]

...the linux boxes haven't had a virulent worm or two, or three, going around and making all the installations with holes sputter all over the network so they get noticed.

To Sum up Linux's response

Nuh uh, nuh uh, not true!

Re:To Sum up Linux's response

Polesmoker.

11,828 attacks for windows last year

[interiot]

The article claims that the number of attacks on windows system last year were 11,828.

What counts as an attack? So worms don't count, or the number would be in the millins. Reported attacks? Those shouldn't count much because there is "little incentive for a company to report computer attacks.

Here's another story by the supposed source, but again, they don't at all define what they mean by "attack".

Re:11,828 attacks for windows last year

The article claims that the number of attacks on windows system last year were 11,828.

Wow, I acount for about half of those attacks (Code Red and variants) on my webserver, I feel special.

Re:11,828 attacks for windows last year

[lscoughlin]

I really am curious as to what counts as an attack. I'd forgotten one of my webservers and it's been running for a year or so, and when i checked the logs recently there were close to 11,000 nimbda/coderead/whatever iis bounces in my apache error_log.

What's that count as?

Re:11,828 attacks for windows last year

[shoppa]

During the height of "Code Red" last year, I was getting more than 11828 attacks per hour.

Not a single one was succesful, of course :-)

Re:11,828 attacks for windows last year

[Tokerat]

Perhaps poor wording for "vunerabilities"?

Still, i thgouth there where more than that for windows, and certainly less for Linux...

Re:11,828 attacks for windows last year

[pongo000]

joker@thefarm 126% grep 'winnt\/system32\/cmd.exe' www-error_log | wc -l
10209


Wow...I wonder who the other 1,619 attacks were against? Anybody here willing to own up?

Re:11,828 attacks for windows last year

[interiot]

Well, if you count the number of unique IPs that CodeRed probed you, then that's the minimum number of successful break-ins. Whick is certainly more than 11k.

Re:11,828 attacks for windows last year

my linux static 56k httpd got more exploitation attempts than that in about 2 months from code red and it's many variants

Re:11,828 attacks for windows last year

[Tony-A]

Might be right at that.
Code Red is one.
Nimda is two. ...

Re:11,828 attacks for windows last year

[Citizen+of+Earth]

The article claims that the number of attacks on windows system last year were 11,828.

I would suspect that my Linux desktop machine at home alone has received more Windows attacks than that.

more attacks on komandeer tahoe than billygates

The Harken Tale: Harken Energy purchased Bushboy's worthless oil company Spectrum7 for $2 million (bailing Bushboy out of big debts) in the late 80s and put Bushboy on their board and paid him a $120,000/year "consulting fee." Harken then lent Bushboy $180,000 so he could buy Harken stock. Bushboy was on their Board and was a member of their 3 man "Audit group" which was privy to the companies financial woes in 1990. After being briefed about Harken's cash flow problems in April, 1990, Bushboy sells his stock in June, 1990, when some mystery investor pays him $848,000 based on a "cold call" made by some stock broker (this is what the Bushboy people really say). In August, 1990 the poor financial condition of Harken becomes known and the stock drops like a rock to 1/4 its value when Bushboy sold it. Bushboy fails to report the sale of the stock by the 10th day of the month following the sale as required by law. He doesn't file the necessary SEC documents until 36 weeks later! The SEC head was appointed by Bushdaddy who is now president. Although the head of the SEC, Mr. Doty, was Bushboy's personal attorney, he doesn't recuse himself from any judgement of Bushboy and although the SEC refuses to exonerate Bushboy's criminal conduct it chooses not to investigate or prosecute (surprise!). The whole Bushboy/Harken deal stinks to high heaven and makes Whitewater seem like the jaywalking that it was in comparison, but Bushboy and the GOPers will block any attempt to investigate and hire a Special Prosecutor as they were so quick to do in Whitewater. Harken will be Whitewashed, as is everything else in Bushboy's sleazy past.

what constitutes an attack?

[gimpboy]

our webserver gets attacked all the time... those attacks are trying to exploit an iis bug, but i would consider them attacks non the less. so if more linux machines are getting attacked, then that might suggest there are more linux machines to be attacked. it doesnt really mean more successful attacks.

well if you believe alldas.org

[sulli]

Windows has been successfully attacked over twice as often than Linux since 4/2000. Looking at today's list, 17 Win, 12 Linux, 15 other.

Re:well if you believe alldas.org

[antirename]

Alldas is at least verifiable, and has a definition of "successful attack", even if that's "joo were haxored" on the index page. More serious and subtle attacks (theft of data, for example) probably go unreported.

Macs?

[Myco]

I'd be curious to know what the attack statistics are like for Macs. I remember hearing about how there are hardly any Mac viruses in the wild because nobody bothers to design them for such a small user community. I would expect something similar for network attacks. But Mac sales are on the rise, so I wonder if the trend is reversing. Anyone know?

Re:Macs?

[wo1verin3]

You can connect macs to the internet? Thats pretty cool... be nicer when they come out with network cards, I still can't get mine connected to my network.

Re:Macs?

[Meowing]

Completely OT, but there used to be SCSI ethernet adapters you could get, and IP over Localtalk too.

The Macs did get hit with the ping o' death attacks years ago, but under the classic OS there really wasn't much for a remote attacker to expoit. There are some good things to say about having an OS that doesn't do anything...

Re:Macs?

www.apple.com/macosx

Re:Macs?

Oh and check out what the Army is running.

not from our perspective

[sloth+jr]

We run hosted web services for customers that between two datacenters aggregate about 50 million web hits a month.

Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.

From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).

In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.

Re:Well...

He was modded down because his post is misinformation. "X is more secure than Y" without proof isn't informative. He clearly is trying to troll.

Good News for Open Source Companies

More hack attacks, and especially data destroying, secret revealing security breaches could be great news for cash strapped open source and other Linux companies. While you can't charge for the software, you can make a pretty penny cleaning up the mess from the software.

Wouldn't Doub It

[Ashcrow]

But the trend of Linux boxes that get 0wn3d comapred to the Windows boxes that get 0wn3d probably show a difrent story.

Check out Alldas.org ffor some numbers.

Re:Wouldn't Doub It

Get a god damned dictionary please.

Makes sense, you would rather "own" a linux box

[cs668]

If I were going to go after mchines I would much rather go after linux boxes.

Although they are harder to compromise they are more versitile when you do.

You know you will have a compiler, an easy to use over the network environment.

They are just more usfull to you.

Re:Is this sentient attacks, or attacks in general

[clump]

Its unfortunate for the article that no quantifiable evidence is offered. For all we know the numbers were pulled from somebody's imagination.

Linux is dying

Anyone can foresee that the end is coming. Already Linux has lost the coolness factor and all the greedy land grab by the many commercial splinter distributions has turned off many developers, who are now discovering that BSD is already everything that Linux has wasted years trying to re-implement or steal.

why

With the # of people that have jumped on the linux bandwagon in the last 3 years, a lot of them are running linux, just to say they are running linux. Most of these people are not administating their box's correctly. Nor do most of them even understand what it is they are supposed to do to administrate it properly. As long as the popularity of linux continues to grow, and basic moron users still exist - I would expect the attacks on linux to climb as well.

And another question:

[A_Non_Moose]

Successful attacks is one, but what about re-infection/compromise?

For instance compare some of the Win2k boxes to a RedHat 7.2 box I had compromised.

The Win2k box (not mine, un?/fortunately) had been caught by nimda or some other vulnerability and after being formatted was *again* bit by nimda/code red when trying to get the updates.
(a cd or local machine with the patches never crossed the dude's mind until the second time around).

My box was compromised by a user running a trojaned IRC bot (eggdrop? was the trojan).
I know, I know, that was my fault for slacking off/being caught up in other things, but the next go around was wipe, install the data, kill services that are not needed (chkconfig, nice tool) and edit the hosts allow/deny to hell and back.
I was *P.O'ed*. FTP/SSH/HTTP is the only thing running currently with large ranges of IP's blocked if I see even *one* probe I don't like.
(no complaints, yet).

The large difference was the "state" of the admin.
The win2k dude thought it was the "cost of doing business", mine was "those fscking tools + idiot user I'll do everything I can to keep it from happening again.

Sigh vs GRRRRRR, is what I call it.

That reminds me, it has been a day or so since I grepped the logs...

Gotta go.

from the activate-the-shield-array dept

[mister+sticky]

that should read:

"from the more-power-to-the-FUD-deflector-array! dept"

Linux boom

...brings this to a reality. Many system administrators out there had a 2 month course and the companies, eager to save money, call them for the work.

I'd say most linux administrator today are idiots who think they're 31337 'cause they've installed and got a default-installation Conectiva linux "server" up and running.

Linux Is Just Easier

[jaywhy]

First of, I think one of the best features Linux has can hurt it in this area. Personally if I was a hacker. I'd rather root a Linux just because it's easier to administer remotely.

Secondly, hackers pretty much all run BSD or Linux. Script kiddies are going to hack what they know and sadly that is Linux.

-Jason Yates

Re:Linux Is Just Easier

[antirename]

First, I wouldn't count script kiddies as hackers. And, I'd bet that a lot of them don't run linux. Hang out on an IRC channel devoted to one of those "hacking challenges". A few years ago cyberarmy had a challenge called Zebulon, one of the challenges was to connect to it with a linux box. That actually seemed to stump most of them. Yeah, I know it was lame, but I was bored that weekend. Most of those kids were running windows. Same with sites such as neworder. Mostly windows users, judging by the posts. I'm sure there are a lot of kiddies using linux, but certainly not all of them.

Well of course.

[bbtom]

There are going to be a higher amount of people who report Linux attacks and security holes, because something is generally done about them - due to the high amount of Open Source programmers out there to fix them.

Meanwhile, if your Windows box gets hacked, who ya going to call? Bill Gates? "Well, you do know that getting hacked is now a special feature!"

Now, it would be more interesting if somebody did some research in to the fixing times - how long it takes for Microsoft to bring out a fix for security holes, as compared to that of OSS project programmers.

That'll be very interesting, and provide some good ammunition against the typical MS-FUD that gets pushed out so frequently.

But...

Windows users have learned to use "windows update"
think about it.. if you need to install a security update.. you just hit a button.. There is no real "easy" way to update your software on a linux box or someone who isn't in the know. Or if you dont RTFM..which some users don't.. most new linux users I've seen are happy enough just to get a network connection up and use netscape.

duh.

A hacked linux machine is more usefull than a hacked windows machine.

worms...

Do these numbers include all the e-mail worms spreading through Outlook and Windows?

If not they should raise the number of attacks on Windows systems
by a few million.

Re:

[Theodore+Logan]

The real question is whether these attacks are successful.

First of all, a lot of comments in this thread comes from people who seem to assume that is some kind of viscious attack on their favorite OS instead of an announcement of a simple fact: there are more attacks on Linux now than before. Nobody said anything about this suggesting that Linux is less secure than it used to be.

The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.

It's true, so how, exactly, could it be FUD? Oh, you mean that MS would start saying things like: "look how many hax0red boxes you have, this must mean that Linux is rotten when it comes to security!" But isn't this exactly what the Linux community has been doing for years? Why do we always hear "Windows/Outlook/both suck because a gazillion boxes were infected by the ILoveYou virus" instead of "Windows users suck when it comes to security related issues, as a gazillion of them opened unknown attachments and got infected?"

Doublespeak, I say. And I'm no troll.

I remember the day that Code Red hit

[dvdeug]

I remember the day that Code Red hit, when the Internet started running slow and my webserver got repeatedly hit by Code Red attacks from all over the place. If and when I see the same effect from a Linux worm, I'll know we've hit the same point.

Hey, wait a minute!

[kev-san]

You're not allowed to post pro-Microsoft studies on Slashdot!

Re:Hey, wait a minute!

Why not? Are you afraid that they may be right? I like Linux but people like you make the linux community look stupid.

Could be more interesting

[Seawolf359]

Ahhhh so we are counting how many times a script kiddie hits enter. You know this article doesnt shock me at all. Wow big suprise that the OS with the most servers is getting hit more and more. I dont see how this could shock anyone. What I am curious about is how many of these attacks were major attacks or organized attacks. That would be interesting reading.

why are we here

think about this, intellectually

1, kaaza, outlook, win32(insert fav virii here)
backdoors installed and operating correctly

2, linux with only ssh loaded with a funky
root password that prolly cant be hacked

3, your brain is working now, go ahead and make
the decision

Re:why are we here

[Anonymous+Cowtard]

So... let me use my brain... you have given me two choices:

1) Windows setup in an insecure way.

2) Linux setup in a secure way

Basically, your choices would parallel the choices in the following example:

Which is better?

1) Apples

2) Oranges

In other words, what you are comparing isn't fair. Why isn't it something like, which is more secure?

1) A Windows machine not hooked to a network

2) A Linux machine not hooked to a network

You seriously can't compare the configuration of a standard home user's Windows PC to a professionally configured Linux machine and have it be a valid comparison of their security.

Don't Bother: vnunet author Middleton is a Moron

[fanatic]

This is another article by James Middleton, who is not a trustworthy source on this issue.

I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.

I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.

maybe.

[BenTheDewpendent]

maybe the hackers are looking for a challenge? tring to be diffrenet or just bored of goin after IIS and 2k/NT4 boxes...

maybe its cause the good stuff to hack is on linux boxes.

who cares as long as the community can keep with patches and holes patched. which the linux world seems to be much better at than the MS world.

Re:

[ivan256]

It's true, so how, exactly, could it be FUD?

Saying "There are more attacks on linux systems" becomes FUD when you imply that this is bad. More attacks doesn mean more successful breakins. Truth can be FUD in the right context.

lying with satistics

[isbhod]

i hate articles like these, you know, the articles that give a sensational headline and then the body has 0!, no!, none!, not a bit of proper supporting evidence.
There are number of reasons why Linux boxes could be attacked more this year than windows boxes, each of which completely changes the tone of the article, but unfortunately do not make for good journalism. And that's what it's all about these days, fuck the story, just tell it in an interesting way. The public doesn't care what it's eating, just as long as it comes wrapped in a BigMac warpper. I don't know about you, but i'm sick of being treated like this. Please Slashdot, no more articles like this.

oh and the real reason why more linux boxes will be attacked this year is becasue there are more Linux boxes this year than previously and Linux box owners report attacks more offen than the window user that probably doesn't even know he is a victim of attacks.

Attention

At last! Linux finally has arrived! It's getting the attention it has always deserved.

Re:Is this sentient attacks, or attacks in general

Out of all the "hack attempts" in the last 2 days my works network has had about 95% IIS hack attempts with the rest ssh/rpc probes or anonymous ftp attempts (which could be to exploit either OS or just someone looking for pub ftp sites).

This info courtesy of snort.

While usually we do have slightly more ssh/rpc attempts than this the amount of IIS exploits is never less than 75% of all the breakin attempts we have. I'd attribute most of these attacks to worms.

Hardly scientific I know (unfortunately the snort box was reinstalled 2 days ago so I can't give many figures except from memory) but in my opinion the article is wack.

And if the sun keeps setting today

It's never going to come up again.

Remember, folks, all buffer overruns have been fixed in Microsoft code. Why, Bill Gates said it himself.

There goes the "Linux zealots" myth

[FooBarWidget]

Nearly everywhere (including Slashdot), I see people bitching about "Linux zealots who blindly attack Microsoft".
But now, it turns out to be the opposite: the majority (Microsoft fanboys) are actually attacking Linux! People blindly believe the "Linux users are all zealots"-FUD, so the Linux-hatred is growing rapily. It's only a matter of time before it's bigger than Windows-hatred.

How ironic...
People bitching about Linux users complaining, while actually the opposite is true.

Re:There goes the "Linux zealots" myth

Well who is it you think has been doing the bitching? That's right, the Linux hating MS Windows zealots.

Open source

[thelinuxking]

This is one of the problems and one of the benefits that linux is open source. The bad thing is that hackers can see the weaknesses in the code and exploit them. The good thing is that users can help fix the faulty code, and patch the error, unlike in windows, where microsoft usually is the one to "patch" the vulnerabilty.

mi2g

[doom]

Evidentally, this story is a re-typing of the press release from "mi2g", so you might as well look at the original: Digital attacks on Open Source systems soar. It includes a bunch of pointers to pdfs of graphs of their data (none of which I can read because of some sort of "can't find colorspace cs8" error). But they don't appear to include any additional information, they're just graphs.

The source of the data is supposed to be the "mi2g SIPS database", about which they say:

The mi2g SIPS (Security Intelligence Products and Systems) database has information on over 6,000 hacker groups and maintains a record of over 60,000 individual hacking events since 1995. The SIPS intelligence citations include the 2002 Computer Security Institute (CSI) / Federal Bureau of Investigation (FBI) Computer Security Issues and Trends Survey [Vol. VIII, No. 1 - Spring 2002]

(Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients... yup, includes Microsoft).

Re:mi2g

Oh I don't know, they don't seem to be all bad. http://www.mi2g.com/cgi/mi2g/press/speech171001.ph p Makes you wonder when they signed on Microsoft as a client though...

Re:Is this sentient attacks, or attacks in general

Agreed. All I ever see in my logs (FreeBSD machines all of them) are script kiddie trolls looking for Microsoft machines, and of course the usual Code Red stuff. FWIW Code Red attempts are up by 30% on the machines I look after.

And only 1 out of 10 email messages to the IP block owners admin or ISP abuse department ever gets acknowledged.

Anyone supporting mi2g's assertions?

This isn't the first time mi2g have claimed that attacks on open source systems are on the increase, there's a 15 May article on VNUNET itself. It's also not the first time they've made big statements of this kind, a quick Googling will reveal that. What I want to know is which security groups are corroborating these statements? I've only really seen them from mi2g.

Re:Is this sentient attacks, or attacks in general

[antirename]

Have you ever looked through a Snort log, for example, after a box has been running for a few days? In many cases, I don't think you could tell if it was a sentient attack or not (Code Red, on a kiddiot typing away in IE?) I'm guessing that they filtered out false alarms, and just compared logged incidents to the OS running on the server. Or, it could be that some of these are defacements that were reported. That would probably make it easier to tell.

Re:Don't Bother: vnunet author Middleton is a Moro

[LucoZade]

I second this.

I don't bother to look at the authors, but VNUnet is a massive source of IT doom and gloom. They twist the facts such as to pose the news in a completely negative light, regardless of whether that makes the whole story and worthless and inaccurate.

Oh no! The World will end tomorrow as a result of a flaw found in Apache [doesn't mention that it's difficult (impossible?) to exploit under Linux/Solaris, the two main web server OS's, of course]. May God have mercy upon our souls!

Can you say Opera?

Opera is another option under Linux. I use that as my primary browser under Windows.

Mattel, SLAPP terrorists intent on destroying free speech.

it is...

FUD and marketing tactics from the third party antivirus and firewall makers that fear losing business because more people are moving away from Micky$oft's vulnerable kludgeware...

Re:it is...

Micky$oft kludgeware!!! LOLOLOLOL!!!!111

*Fart*

Not a surprise, really

[X-Nc]

I'm nor suprised at this at all. I would expect the rate to continue to climb. We will likely see Linux as the #1 target very soon. But I guarentee you will also see no decline in actually breakins or virus infections in WinXX. The only real problem the Linux world will see is the same problem that is at the heart of all secrutiy breakins; lack of updates & errata kept curent.

You forgot!!!!

[www.sorehands.com]

You forgot a few things.

Which DOS did Microsoft make Win3.1 incompatible with?

Didn't Microsoft spread FUD claiming GPL is viral?

Re:You forgot!!!!

[GutBomb]

it was the beta version of win 3.1 i believe and it would not function correctly with dr. dos because they crippled it.

http://www.theregister.co.uk/content/archive/7715. html

Re:You forgot!!!!

[ncc74656]

it was the beta version of win 3.1 i believe and it would not function correctly with dr. dos because they crippled it.

It wasn't just the beta version...Novell (they had bought Digital Research by this point) sent me a couple of floppies (5.25" DD) with an update to DR DOS 6 to deal with issues in the final version of Win3.1 (not that I needed them since I used DESQview). I still have them around here someplace...

Re:You forgot!!!!

[chrylis]

Even worse than that... it *was* the final version of Win3.1, and it *would* function correctly. Digital Research had done a good enough job of rebuilding DOS that it was bug-for-bug compatible. Windows only gave a "warning" about something that was irrelevant and then proceeded to work just fine. But the box scared people who didn't know better, and DR-DOS never took off, at least in part because people thought it wouldn't work with Windows.

Re:

[antirename]

Yep. That's called spin, and MS is getting better at it. Or sneakier, depending on how you look at it. Palladium, anyone?

Heed the warning

[wormbin]

I'm sure a lot of the slashdot crowd knows about security updates, firewalls, and TCP SYN flags, but remember that there are a lot of folks out there that don't have a clue what any of this means. These clueless folks are the same newbies that are installing an arbitrary distribution onto an old box and promptly plugging that box into their cable modem.

The next time you introduce a friend to linux, be sure to give them a rudimentary security lesson and make sure they are installing security updates.

Boredom

I think cracking Windows had gone down because the
crackers aren't having any more fun and they want
a challenge.

Nice FUD

[ergo98]

I find this especially humorous: I've run variants of 95, 98, ME, NT 3.51, NT 4.0, 2000, and XP since August 31st, 1995, and I have never had my machine compromised (nor have I ever had a virus for that matter). A friend, a heavy Linux advocate, has had his Linux box rooted _3_TIMES_. I realize that in both cases we're probably outlyers in the sample spread, but your sample cases are ridiculous.

Re:Nice FUD

I've had neither Windows nor Linux compromised. Your sample cases are ridiculous.

Re:Nice FUD

You can't even lie straight.

When CodeRed first came out you were being hit about 5 times per minute, and since your anti-virus software hadn't seen CodeRed before you were infected.

Also, your boxes are probably platforms for countless DoS attacks.

is it possible..

[dioxide]

is it possible that this is because a remote linux machine is more useful than a remote windows machine?

this is off the wall

--this is totally unrelated to your post, except your analogy, where it's almost exact. There's a great old movie out there you need to rent and see, called "soldier of the king". You just might enjoy it.

Come on, it's obvious!

In related news, the Pope announced he was Catholic.

The reason for this is so obvious. A lot of these attacks are done by people in the MP3/warez scene looking for places to distribute their stuff. What good is a Windows machine? Absolutely none! There's no easy way of logging in to it remotely, and even if you can, there are hardly any programs to run.

Re:

[_Sprocket_]

Why do we always hear "Windows/Outlook/both suck because a gazillion boxes were infected by the ILoveYou virus" instead of "Windows users suck when it comes to security related issues, as a gazillion of them opened unknown attachments and got infected?"

First, I agree that security ultimately rests with the individual user and system administrator. Security is not a shrink-wrapped product or a final destination. It is a process. Users are often the weakest link in any system and must use some judgment to avoid endangering the systems they rely on. And system administrators must remain vigilant to keep the systems in their care properly maintained and up to date. But there are systems that are exceptionally difficult to use and maintain due to architectural mistakes in their design.

The combination of Windows and Outlook is riddled with issues. Attachments shouldn't appear to be one data type but actually be malicious executable code (due to Outlook's desire to hide file extensions and how it handles conflicts with MIME types and extensions). But say our users treat all attachments as plague-infested rats and refused to touch them. Past vulnerabilities have meant that simply READING a malicious email (and/or having it displayed in the preview panel) executed malicious code. Yes - the age-old joke about "don't read email called 'fun time'" became reality. Outlook, and its incorporation with Windows, has created a very virus/trojan friendly environment. If it weren't for the excellent scheduling features of an Outlook/Exchange combination, it would likely be dropped from any security-conscious corporate desktop.

Windows systems themselves are an interesting challenge. We'll ignore the fatally flawed Win9x architecture and focus on the industry favorite NT/2k/XP. The very tools that should help an administrator keep his/her system safe has gained a certain degree of fear over the years - service packs and hotfixes have been known to cause more trouble than they fix. WinNT administrators tend to delay rollout of new service packs until they feel comfortable all bugs have been discovered by early adopters. Any system configuration (adding or removing system software components) often reverse changes by service packs, hotfixes, and administrator configurations and requires re-application of those changes. The infosec standard of hardening a host by removing all unnecessary components is foreign to the Windows environment. Windows system components are rarely designed to be removed and attempting to remove them means traversing a minefield of illogical dependencies - thankfully there are a few good minefield maps in the form of hardening guides. Of course, keep the guide close at hand. Any addition or removal of system components, hotfixes, or service packs will mean re-applying the hardening process.

In short, Windows was not designed with good security principles in mind - and it shows. It IS possible to configure a secure Windows host (assuming vulnerabilities are patched in an expedient manner). But its a pain.

Linux is more useful than Windows

...even script kiddies think so.

They are "owning" Linux boxes because Windows doesn't offer any decent DDoS software nor can it compile their exploits easily.

dumb article

[martinflack]

That article is a waste of time.
- They fail to define an "attack".
- They fail to scale figures for deployed boxes (i.e. twice as many OSS web servers should get twice as many attacks).
- They deride OSS admins for slowly applying patches without looking at the closed-source admins.
- The article has a popup window ad. Death to them!

Missing key word: DETECTED

[karlm]

The number of detected attacks is rising sharply for linux and slightly falling for Windows. What percentage of Windows houses install an IDS solution? What about Linux houses? What percentage of Linux break-ins get reported to someone? and Windows break-ins? There very well may be a point this year when attacks against Linux outnumber attacks against Windows, but I think it's more likey that the vast vast majority of attacks againt Windows machines go unnoticed.

Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.

If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.

Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.

I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.

(Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)

In summery, let's not forget that Linux and Windows often get deployed in very different environments.

Re:Missing key word: DETECTED

[Tablizer]

(* the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring..... *)

The actual "stupid drunk frat boys" will probably end up being your boss somewhere, I hate to say it.

A Helen Lovejoy like Solution

[RobPiano]

One thing I know from working with kids is that they love to fight (or atleast play fight). Computer fighting seems pretty cool and harmless to kids (even if it takes out your business server out, a kid would not naturally assume this is a problem). Being alittle more computer savvy than your friends means that you win the fight, and are thus cooler/more manly than your friend.

Well Linux is considered more l33t than Windows, and its getting extremly easy to use. Kids will think they are VERY computer savvy by installing Linux, and a computer genius for using someone elses program to do a simple attack. Once one kid gets Linux installed they will install Linux on their friends machines. Since Linux is free, there are no barriers to entry, and it will spread rapidly the easier it gets to use.

So all I can say is, I plead you Slashdot Community. Make your GUI's impossible to use, create lots of undocumented features, have your programs be buggy unless your users are using the most difficult to use distribution of Linux.

I mean really, won't someone please think about the children?!
Rob

thanks for your post.

--I'm one of those linux newbies who is appalled at the lack of security with linux, and the difficulty of setting up an effective firewall. All I hear is how easy it is, to me, it's pretty dang hard. I just spent an hour earlier this morning seaching fereshmeart for an easy to use GUI firewall interface I can use. I have one now-but I'm not sat8isfied with it and I'd bet a nickle I am hacked/cracked right now as I'm typing this. I even downloaded the GUI prog, put it on floppy, reinstalled the OS-RH 7.2-, installed the interface, then got online and still got problems. I can see outgoing packets on my external modem. I'm not a "server", all I want to do is surf the web, listen to netradio, normal easy simple stuff like that. I will admit to being completely a non programmer. Near as I can see, you need to be an ubergeek with linux to actually *have* any security. The replies so far on this thread with guys who claim to be secure, you can tell they are uberusers, probably professionals. HOW is a newbie supposed to get there without all that training and experience? Not use your computer for the internet? Back to using windows or mac for months until you can use linux? Why would anyone even consider doing that if theyweren't running a pro level server, or HOW could they do that with a normal single home box? Like, what's the point, if you have a machine that's working, why would you spend months struggling to make something else work, the fun of reinventing the wheel? an apple or microsoft CD just doesn't cost that much if you look at hundreds of hours of intense skull sweat to save 100$.

This sort of reasoning applies to 99% of the hooman beans out there, they won't care, they'll pay apple or microsoft the 100$, they just will.

This catch 22 is nutso. I posted on the other "top 10 linux problems" thread running as well, to me, LACK of out of the box and EASY to use security will drive more people away from linux. Just faking them out that they have security by checking "high security" on install and running those "firewall wizards" that really don't work as advertised is causing the problems. It's time for the linux "community"-whomever that is-to come clean on actually how difficult it is to maintain even minimum security. It is NOT easy, it DOES require a professional level of command line expertise. This is the ONE serious lack in all the thousands of linux projects ouyt there, the lack of a firewall that isn't betaware hell, one that doesn't require complete command line mastery.

Above, IMO, of course. Personally, I'm waiting one more RH release, whichever the new one is gonna be 7. whatever or if they really make it 8.0. I'll try that one, purchaisng from a clone cd place. IF it works and it has security, I'll buy redhats version at full price and support them. I'm not interested in trying other distros anymore, I tried mandrake and after a week it would never even dialout for me. My opinion is that if the biggest, best named well known linux company can't release something that works on the desktop for joe average homje user, no way will the little companies be able to pull it off, they will become the hobbyist dead ends they are now, except for the server/embedded market, which is what? 1% of computer sales and users, or less?

Bottom line, if linux don't care about me and the other 99% of us out here in normal user land, if our interst and money ain't appreciated, with our concerns, then we probably won't care about you either, no harm nor foul, just don't expect much more cash. The landlord, the grocery, the gas station all run on cash. We don't mind dropping cash on ease of use and security. I'll just re-switch my cash back to where it's been the past decade and a half, back to apple, because my time is worth it. At minimum wage, trying to setup security and reloading the os and searching google I spent more than buying 10 copies of apple or microsoft so far, or some such large number, lost track now..

Re:thanks for your post.

[mrseth]

All the Redhats after 7.0 (or 7.1?) set up a firewall by default. And keeping on top of security is easy with up2date, red-carpet or apt-rpm (my personal favorite). The easiest firewall script I've found so far is pmfirewall (http://www.pointman.org). It is nice because it is tiny and simple. The only issue is that it is kind of out of date, e.g., it uses ipchains instead of iptables. Yes, it is a command line program, but it is a very friendly one. I wish they'd update it.

This "discussion" is a sad commentary

[VarmintCong]

on the community here at /. I expect the following opinion to be unpopular, but you never know.

No matter how disgusting MS's business practices are, they are still not the evil side in this story. The script kiddies are. So why are we spending so much time blaming MS for this story? I could care less if MS financed this story. I could care less if I am still getting Code Red attempts daily on my machines. What I do care about is that everyone on the internet, even those people running MS products, is secure.

The biggest problem we have on the internet from a security standpoint is ignorant users. The fact that we still get code red attempts shows that this is a huge problem.

MS seems to be a bit more ahead on the curve when it comes to this (somewhat...I'll say more about this in a minute). In Windows XP, the OS will check for critical updates automatically, and will either download and install it by itself, or let you know that it is available. (This depends on how you set it up. You can also have it not do this behavior, and are given the choice to decide when you get on the internet for the first time.) I personally think that the default behavior should be to autocheck and notify, with options to turn it off buried somewhere. This would help protect the ignorant, while giving the choice to those of us who know more and are willing to do more with our OS to make our own choice.

Of course, MS is also very slow at putting out security patches, and there is NO excuse for that.

We will see more problems like this in the future. No matter what anyone says, Linux is not exactly as user friendly to the average Joe as Windows is. So while it may be more secure OOTB, as new exploits are discovered we will run into more and more problems because average Joe will not know that there is a new security hole on his Linux box. I can imagine quite a few of you will try and blame this coming problem on the average Joe, but remember....the customer is always right. If average Joe doesn't feel like subscribing to a security mailing list and sifting through a tone of email a day, he shouldn't have to. And we shouldn't expect him to want to do that, anymore then average Joe should expect us to like Celion Dion.

So we should do something about this now, before it gets out of hand. Make the default action for a desktop Linux setup check for security patches and notify, with a dire warning that will scare the bejeebus out of average Joe. Make it pretty easy to turn off for those of us with a bit of knowledge. Keep pumping out patches. But make sure your average mouth breathing computer user can install the patch, without worrying about dependencies and without having to type anything. Point and click is their friend, even if it isn't necessarily ours.

That is what we should be doing. Let's clean our own side of the street first, and worry about blaming MS for another thing later.

BTW, I still see attempts by rootkits from Linux boxes daily, and these are (like the Code Red attempts) caused by boxes that are unpatched against security holes that have been fixed for a very looong time.

1) Stupid, stupid article. 2) Slashdot owns you?

[Futurepower(R)]

Stupid, stupid article. No one knows how many attacks there are. The numbers are entirely nonsense. My guess is that whoever wrote that saw some way to make money by saying it.

mi2g is a company that makes more money if you think the sky is falling.

Many more stories like that, and Slashdot will stop being popular.

The article says, "But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404."

My guess is that attacks occur about 20 times per hour for each IP address. That's how computers are rooted within 25 minutes of connecting to the Internet; there are continuous attacks to find weaknesses. That's how many I see, anyway.

That number cannot be the number of successful attacks, either. Most people who are rooted do not report that fact to anyone. Many Windows users would not even know they have been successfully attacked. How could they report it?

Change in subject: At the top of every article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."

This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service says at section "4. CONTENT", paragraph 6,

"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."

The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.

This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.

I don't know about Internet attacks, but we are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.

EULA: I've been studying their methods, and I have a sneaky contract of my own. I agree to VA Software Corporation's sneaky contract if they agree to mine: At any time of my choosing, VA Software Corporation will give all managerial and financial control of the company to me.

The reason?

[PeeOnYou2]

Obviously... more people are using linux than windows now to run their useful servers. Why would anyone want to attack a worthless win95,98,98se,xp,me computer when there's a juicy unpatched linux box sitting right there, with all the guts and glory?

Think about it... its probably not a good thing in MS' eyes.. at least it shouldn't be..

A Pox on Both Your Houses

[Detritus]

It's rather sad to see two octogenarian, congenitally deformed lepers, who think perfume is an adequate substitute for hygiene, arguing about who is more sexy. "Oooh, but I've still got both of my ears and most of my fingers, unlike that tramp."

We have two operating systems, and their associated applications, implemented in unsafe languages, with broken and/or archaic security models, competing for how many weeks they can run before getting rooted by a new exploit.

How pathetic.

Re:A Pox on Both Your Houses

[markhahn]

ahhh, right. so why is it that people have continued to choose unsafe, broken, archaic platforms for so many decades? sorry, it's simply not valid to claim that laziness is the reason.

it's ridiculous to lump unix and windows into the same category. though it really makes an excellently condescending slam!

Lets think about this for a minute...

[luphus]

Maybe I wasn't paying attention enough when scanning the comments so far, but I don't think I've seen this. What'd be more fun to play with and/or be more useful after you've hacked it? A linux box or a windows box? It's like deciding whether to go after a piggy bank or a bank vault. Thicker crunchy outside perhaps, but a creamy center that is several orders of magnitude yummier...

Statistical recursion

In 1999, an Elvis Impersonator died from living the good life. Today, there are three Elvis Impersonator Impersonators. If this trend continues, in 2009, there will be 65535 Elvis Impersonator Impersonators.

This is a Good Thing

[simm_s]

Maybe the attacks on Linux machines are increasing, because there are more Linux machines running or supporting critical IT infrastructure. IT engineers may be replacing old NT boxen with Linux machines.

Unfortunately this puts Linux in the security spotlight. More exploits will be found and patched (which is a good thing), and the public nature of linux security information may be exploited and used against the Linux community.

The reason.

Nobody kicks a dead dog.

Don't be fucking stupid

Even though alot of people try to seperate the script kiddies from the hackers, the people who do the most attacking are the script kiddies, who then get labeled as 'hackers' by the media. There is a thin line between an unsuccessful attack and a root compromise these days, especially with all of these tools that scan for vulnerabilities and automatically run the exploit on the vulnerable hosts.

Think about the hacker mindset for a minute. Most of these attackers are using Linux, because that's what their scripts were written for, and because they think Windows is lame - to use, and to hack. Even most of the ultra-successful defacers out there will only attack Unix systems and network devices/appliances these days, because bragging about hacking into a Windows system isn't elite in the eyes of their peers; they will catch shit from their buddies for attacking such an easy target.

If anybody out there is as clueless as this troll, please e-mail me your questions. I'm in the trenches with these kiddies 24/7 and can give you a better idea of what's going on than most nerdy bugtraq subscribers who think they know shit because they read some mitnick autobiography and they run an unstable kernel.

Re:Don't be fucking stupid

heh i agree. its interesting that nobody has modded this post up, its hella true. all my defacer friends avoid windows like the plage because its lame to hack

slashdotters are afraid of the truth that its not because linux is more vulnerable, its because windows is just not interesting to hack. what could a windows user possible have of interest besides maybe credit cards

Re:Don't be fucking stupid

The original poster's point was that an attack on Windows is more likely to succeed than an attack on Linux, because Linux is more secure than Windows.

And you are saying that Windows is so insecure, and breaking into it is so easy, that hackers find it boring.

So you are both saying that Linux is harder to break into than Windows.

And yet you call the original poster stupid.

I'm confused.

Re:Don't be fucking stupid

Oops. I just re-read the original post, and I am no longer confused. It appears that he was trying to suggest that Linux boxes are getting hacked, but we just don't know it, because the hacks were successful. But it's very badly worded, which allowed me to interpret it as having the opposite meaning.

You're right -- he's a moron.

Re:Don't be fucking stupid

[ObitMan]

Best Windows Defacement happens at lanparties.
Look for the dumbasses that have thier whole drive shared. Put nasty goatse pictures in the startup dir.
Fun fun fun, especially if they don't crash while there and have to reboot.
Hopefully it's thier mom's computer and she sees it when they boot up at home.

What constitutes an attack?

[Albanach]

The article doesn't seem to mantion what actually makes up an attack. My apache logs are full of requests for cmd.exe - still... so yes someone attacked my web server, so what? Unless they're trying to DOS me by making the apache error log fill my hard disk it's not a very successful attack strategy.

The article reads to me like analyists out looking for new business. Maybe every major user of MS server software is already employing a security consultant so there's litttle market potential for growth. So the company grab some stats to make it look like there's an explosion in attacks on linux, show the stats to managers, not the IT department, and then get a nice consultancy fee to come in and tell IT that they should run red-carpet every day to check for upgrades.

Because of Windows Update

[Frank+of+Earth]

MS made it so easy to install patches, it ridiculous. You can either go to windowsupdate.microsoft.com and let it figure out what patches to install or you can just run the automatic update in your systray and it will scan updates for you automatically.

The only thing you have to do is reboot your computer.

Misleading topic? Improvement please!

[Jugalator]

Topic: "More Attacks on Linux than Windows"

Content: "If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems".

Anyone more than me that thought that Linux had more atacks than Windows?

Damn those HP attacks!

[FyRE666]

In another "survey" I wrote on the toilet today, statistics suggest honeypot servers running Linux are significantly more likely to be attacked than IIS servers!

Sorry, but this report is so lacking in facts or sources that it might as well have been a conversation overheard in a pub. In my server logs here, the number of IIS exploit attempts is absolutely overwhelming! In other server's I've administered this is also the case. Sorry, I smell FUD...

Well that's a load of bullshit...

[UnrefinedLayman]

... and anyone running a webserver can tell you.

193.6.9.33 - - [13/Jul/2002:01:08:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 318
64.164.89.42 - - [13/Jul/2002:03:25:23 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 318
217.10.221.190 - - [13/Jul/2002:04:04:44 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 318 66.100.173.242 - - [13/Jul/2002:07:46:32 -0700] "GET / HTTP/1.1" 400 373
66.100.173.242 - - [13/Jul/2002:07:46:34 -0700] "POST / HTTP/1.1" 411 359 64.65.244.2 - - [13/Jul/2002:08:13:08 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
64.65.244.2 - - [13/Jul/2002:08:13:09 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
64.65.244.2 - - [13/Jul/2002:08:13:09 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
64.65.244.2 - - [13/Jul/2002:08:13:10 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
64.65.244.2 - - [13/Jul/2002:08:13:10 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
64.65.244.2 - - [13/Jul/2002:08:13:11 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 315
64.65.244.2 - - [13/Jul/2002:08:13:12 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 315
64.65.244.2 - - [13/Jul/2002:08:13:12 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
64.65.244.2 - - [13/Jul/2002:08:13:12 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
64.65.244.2 - - [13/Jul/2002:08:13:13 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
64.65.244.2 - - [13/Jul/2002:08:13:14 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
64.65.244.2 - - [13/Jul/2002:08:13:14 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
64.65.244.2 - - [13/Jul/2002:08:13:15 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
64.65.244.2 - - [13/Jul/2002:08:13:15 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
64.65.244.2 - - [13/Jul/2002:08:13:16 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+d ir HTTP/1.0" 404 298
64.65.244.2 - - [13/Jul/2002:08:13:16 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
63.207.103.80 - - [13/Jul/2002:11:32:10 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
63.207.103.80 - - [13/Jul/2002:11:32:12 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
63.207.103.80 - - [13/Jul/2002:11:32:13 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
63.207.103.80 - - [13/Jul/2002:11:32:14 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
63.207.103.80 - - [13/Jul/2002:11:32:15 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
63.207.103.80 - - [13/Jul/2002:11:32:16 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 315
63.207.103.80 - - [13/Jul/2002:11:32:17 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 315
63.207.103.80 - - [13/Jul/2002:11:32:18 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
63.207.103.80 - - [13/Jul/2002:11:32:19 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
63.207.103.80 - - [13/Jul/2002:11:32:20 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
63.207.103.80 - - [13/Jul/2002:11:32:21 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
63.207.103.80 - - [13/Jul/2002:11:32:22 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
63.207.103.80 - - [13/Jul/2002:11:32:23 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
63.207.103.80 - - [13/Jul/2002:11:32:24 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
63.207.103.80 - - [13/Jul/2002:11:32:25 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+d ir HTTP/1.0" 404 298
63.207.103.80 - - [13/Jul/2002:11:32:26 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
63.207.103.80 - - [13/Jul/2002:12:19:45 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
63.207.103.80 - - [13/Jul/2002:12:19:48 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
63.207.103.80 - - [13/Jul/2002:12:19:52 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
63.207.103.80 - - [13/Jul/2002:12:19:56 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284

Bear in mind that is an unedited log. Over 70% of requests for documents on my webserver are attempted IIS exploits. Are Linux attacks on the rise? Sure, maybe, but as long as there are infected Windows servers worming their way around, Windows attacks will also be higher.

Re:Well that's a load of bullshit...

[Inthewire]

Klerk ought to get ahold of this - page widening motherfucker...

Re:Well that's a load of bullshit...

Here is the bug:

default.ida?Nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a

Gee what a surprise!

[bunhed]

If I were inclined to burgle, I would certainly prefer the bust into the house that has all the cool gear to play with then to spend my time breaking into the dog house in the back yard. No?

So what there are more Linux attacks than MVS too

[gelfling]

In 10 years when all servers are Linux there will be more attacks on Linux than anything else. Or something like that.

So what?

How many are successful?

People need a challenge.

[dudeness]

The reason that the attacks on Linux machines are on the rise is probably because the vast majority of Linux users have taken very well thought out precautions against such attacks.

Windows has almost gotten broing with the huge string of attacks that have been plauging North America for the last couple of years and I think that many of the hackers out there are looking for something challenging to crack; i.e. Linux.

Re:Well...

What? Besides the fact that /. is pro Linux anti everything else?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Maybe Linux admins are more aware

[dbravender]

How were the results of the study obtained? It could be that Windows admins are simply less aware of attempts to compromise their machines than their Linux counterparts.

Re:No shit there's more attacks on Linux

[caca_phony]

when C# becomes more popular, buffer overruns and dangling pointers will be toast, so security problems will basically disappear. In comparison to Linux L00sers, anyways, where buffer overruns are considered a sign of how cool you are. (I uze l337-j00 See Minuz Minuz, is s0 fazT!!!)

the ironic thing about your comment is that c#'s original name was c-- (you have to type cminusminus to google it properly, I think), which was, in part, a non gpl'd alternative to gcc's intermediate code system (ie. the way the GNU Compiler Collection uses one comiler for all the languages it supports, and they all compile to the same intermediate code). c-- was designed to be a better core language to use as a base language to code ontop of- ie. a non gpl'd version of gcc.

Microsoft changed c--'s name to c# for marketing reasons.

Is this FUD == mi2g ?

[bariumXray]

For the FUD picture on mi2g:

Go to http://www.vmyths.com and search for mi2g under RANTINGS.

Credibility is not their strong point.

Sticking up for M$...

[toby360]

Alright, aside from the facts the following statments people are making:

A) Linux use is growing
B) How many of these were really successful attacks?
C) What counts as an attack?
D) Studies from the group which conducted this one are questionable.

Clearly people are neglecting to give MS credit for some of it's accomplishments over the last year. One of the largest changes was the speed at which updates were made available and most of these through the windows update site. Now when new holes in their products were found, MS responded for the most part almost immediatly and patched up their code within hours/days and posted it up on for everyone to download. Also, they're working on making these updates even easier than before, anyone with windows 2000 who keeps on top of patches will notice that the interface has changed, you can set it to automatically apply security patches. Also another point is that people are finally realising that their computer will be far more secure if they just apply the latest patches.

Holes in Linux are not always patched up right away and lets face it, Linux code warriors can't always respond to a patch for each distro when ones found like MS can or distribute it as easily. Because they're a single entitiy, they have quite the advantage when it comes to communication and distrobution.

In the last year Microsofts efforts to patch up their software were far and beyond anything they have done in the past, and that is something Linux buffs won't easily admit to. Now, Palladium is a whole nother ball game mind you =)

OT: Personal Firewalls

[Bios_Hakr]

I will agree with you that ipchains/iptables are great firewall apps. However, I do not agree that win32 personal firewalls are bad.

My laptop is equiped with a winmodem. As such, I have a choice between no internet access, purchacing an external modem, using win32 unfirewalled, or using a win32 firewall. My choice, based mostly on convenience, is to use Norton Firewall. It detects and logs a lot of attacks. All the attacks are sorted and identified by the port that was probed. It even tries to identify the attack that is associated with that port.

For a non-technical user, it is a great program. It has charts, graphs, and logs that are easy to understand. It will even provide nonintrusive popups for attacks in real time. I think that, from a desktop POV, linux developers could learn a lot from taking a look at it.

Re:OT: Personal Firewalls

[JPriest]

"For a non-technical user, it is a great program. It has charts, graphs, and..

um, no, Norton products and many windows firewalls are mostly FUD based.

ie. "Warning!: 35 sub 7 hack attempts blocked by Norton!! your hackers IP address is ppp.aol.ip.addy!!"

When all this really is, is a connect request for a port that is in closed state to begin with. Tiny personal Firewall is one of the only windows firewalls I can stand. But I personally don't run a windows firewall, placing the system behind a NAT box is better than a software based firewall anyway. I would suggest getting a NAT box and/or installing a free firewall like TPF or ZA long before paying $50 for Norton. Norton spreads FUD because they make money on it, a NAT box is the best way to secure against connection attempts, and if you are using outlook or outlook express you are wrong. Did I mention NAT?

Re:OT: Personal Firewalls

[Col.+Panic]

I didn't mean that "personal firewalls" have absolutely no merit - they can detect when an app tries to access the Internet, and they are better than nothing. I actually recommend them to clients in Win32-only shops where otherwise they are only protected by their router.

good report but...

[carpe_noctem]

I don't trust any report that uses the phrase "hack attack". At least "information superhighway" seems to have been eliminated from the English language. ;)

Weakness of Open Source

This is just an inherent weakness of Linux, Open Source.

The type of attacks perpetrated on Linux are typically of a general class, off-by-one, buffer overflows, privalege separation issues, etc. When a general class of vunerability is discovered in an application or protocol, it typically takes idividual patches for each appication at different times to get it closed up.

Microsoft is a unified enitity. Microsoft engineers communicate with each other, and are coordinated by a central managment.

Open Source developers rarely communicate amongst themselves.

Re:Don't Bother: vnunet author Middleton is a Moro

care to back that up at all? I don't know the guy from a hole in the head, but those are some pretty nasty allegations to throw around w/no evidence behind them...

Never been hacked...

[rmpotter]

I've been running IIS -- and unix-based web servers for about 5 years. Our IIS boxes have NEVER been hacked. We had disabled .htr and other mappings long before Code Red emerged -- as MS had advised. The fact is, 90% of all of the Windows vulnerabilites have been fixable with permissions and registry modifications. Keeping patches up to date is a pain, but not impossible.

Without a doubt, MS has a lot to learn about security, but tools such as URLScan and the like have made it much easier to lock down an IIS server.

It's also worth remembering, that as an application server, IIS has the ability to do a LOT out of the box (COM, ASP, ISAPI (and outdated vulnerable technologies using HTR). In any case, can not compare IIS with Apache -- you must compare it with Apache + Tomcat + Turbine, etc.

win2k/IIS vs apache

[Trepidity]

Perhaps you haven't been following the remote Apache worm that's been going around lately?

Re:win2k/IIS vs apache

One worm for Apache compared to how many for Windows?

Re:win2k/IIS vs apache

It's currently only infecting bsd system......

Are you running Apache 1.3.26 or newer?

[Trepidity]

If not, you're vulnerable to a worm that's been going around that is similar to Code Red (hijacks your server and turns it into a DDoS platform). I know at least 4-5 people who were hit by this in the 2 days it took the fix to get into security.debian.org.

Re:Are you running Apache 1.3.26 or newer?

> If not, you're vulnerable to a worm that's been going around that is similar to Code Red (hijacks your server and turns it into a DDoS platform). I know at least 4-5 people who were hit by this in the 2 days it took the fix to get into security.debian.org.

If you are going to lie, you have to be smarter about it than that. Remember your training: don't embellish. Microsoft should penalize you a day's pay.

You can't possibly know 4-5 people who were infected while waiting for a fix to reach Debian, because during that time the only exploit that existed was a _BSD_ exploit. There were no Linux exploits during that period.

Besides, I don't know what you are gloating about. Unlike the constantly-vulnerable IIS, this is the first major exploit to hit Apache in years. In fact, according to this article, Apache has gone "four and a half years without a serious vulnerability":

http://online.securityfocus.com/columnists/91

By the way, the Apache worm has been a total flop. Because the fix got out so quickly, and because Linux and Apache are so easy to keep up-to-date, the vast majority of Apache servers are now immune.

Contrast that with Windows and IIS. Code Red and Nimda are a year old, yet they are still making the rounds.

It is a sad fact that, even with current patches applied, Microsoft software is still full of holes. As evidence, note that there are currently 19 unpatched IE security holes:

http://www.pivx.com/larholm/unpatched/

Re:Are you running Apache 1.3.26 or newer?

[Brian+Knotts]

Really? They were running Debian BSD?

Nice try, munchkin.

Linux Admins vs Nt

[MADCOWbeserk]

My Linux box reports a number of attacks against the FTP server and Apache each day

Perhaps the reason Linux gets more attacks reported is that Unix has very good logging and nix admins actually read their logs and report attacks. I knew some Nt administrators even in very big operations that never read their log files. Personally I thing the the script kiddies just scan and hit whatever they can. A linux box might be more useful once the it is compromised, but that is another issue.

Could Jesus microwave a burrito so hot, that he himself could not eat it....HS

Admin skill

[berzerke]

It's been my experience that the skill of the admin for the box (and management's willingness to let the admin do his job) has much to do with the security of the box. A good Windows admin (if you can find one) will have a more secure box than a lousy *nix admin. (If both admins are equally good, I'd bet on the *nix over windows any day.)

IMHO, Mandrake has a good idea for their install. At the end of the install, before any servers are turned on, it prompts you to update if you have an internet connection. This feature adds security relatively painlessly.

No MS Boxes left to attack?

[Trevelyan]

I see a lot of post here, and hear a lot of apache admins go on about their logs filling with attacks from CodeRed, Nimda, etc (which obviously get no where)

So my thought is could the increase of attacks on linux box be beacuse most(all?) the MS boxes are infected drones, all attacking every IP they see?
and thus more linux boxes get attacked.

I know it an extreme view, but a Nimda drone attacking an apache box, although pointless, is still adds to the statistic of more linux boxes being attacked

Why beat a dead horse?

There is no challenge in hacking something (Windows) that is already well known for its insecurities.

It makes about as much sense as trying to score with the prom queen even after she's scored with the entire football team--yeah, I could do it, but where's the challenge?

Trend Continues?

[mrmag00]

Disco Stu: Disco sales are up by 500%. If this trend continues, BAM.

Thats all I could think of when I read that.

Re:Don't Bother: vnunet author Middleton is a Moro

[fanatic]

An 'anonymous coward' said: care to back that up at all? I don't know the guy from a hole in the head, but those are some pretty nasty allegations to throw around w/no evidence behind them...

There have been 2 other cases where articles by this guy on VNUNET were clearly wrong, too far wrong for casual error. One of them sprang from the (ill-considered) statistics posted at securityfoucs.com that compared the counts of windows and linux vulnerabilities. But the linux vulnerabilities included applications and the windows numbers did not. securityfocus.com clearly stated that fact. Also, each linux vulnerability was counted each time it occurred in any distribution, causing multiple counting of many of them. Middleton did not mention either of these facts, simply using the raw numbers to imply that windows security is better than linux.

The other case was equally egregious. Its headline was "Hackers turn on open source", with a lead paragraph saying the same, but with no clear data backing it up. In fact, the article referenced an increase in website defacements, then noted that 'virtual websites' where many sites are on one machine, were involved, thereby rendering the statistic fairly useless.

This guy is hack, or worse. He's already had too much benefit of the doubt.

Attacks

[Herkum01]

the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems. It is the Seattle Mariners fault, if they had not had "Bat Day"(Get a Free Bat) on the same day that Bill Gates paid admission for any MS employee going to the game, this would not have happened.

Re:Don't Bother: vnunet author Middleton is a Moro

[fanatic]

Both of these stories are availability via linuxtoday.com, BTW. If you go to vnunet.com, please use a browser with image-loading turned off (mozilla, galeon, lynx, links, w3m). No point giving the advertisers of these morons any hits.

Are you kidding me?

[forkboy]

Maybe that's because there are MORE Linux boxes out in production than there were a last year and people are starting to drop IIS because of the security nightmare it is?

Think about what happened last year....Code Red abused IIS servers to death and sysadmins started realizing that Linux/Apache was a viable alternative, what with the kernel networking code improvements it got in 2.4.x, (or was that 2 year ago?) not to mention the publicity Linux has been getting increases every year.

Not exactly a profound leap of logic to make this deduction.

Correct subject lines...?

[mehfu]

More Attacks on Linux than Windows
AND
If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems.
is FALSE

I can't see the correctness of the subject line. It should say "More Attacs on Linux than Windows... um, maybe... in the future.."

Why the concern for terrorists web sites?

Most Linux security problems are local exploits not the kind of stuff that can be exploited over the web. Conversly most of Windows problems are exactly the kind of things script kiddies look for. Most of these "attacks" are nothing more than some 13 year kid sitting behind his Winblows box running some distributed dos attack. Im not scared. The problem is that .01% of attacks that are run by governments and "other groups" not by individuals. The Russians for one have been really good at shutting down Chechen websites.

The question would be why should we be concerned about the Russians shutting down terrorists' web sites?

Although I agree with you on the first item I am surprised by the comment in support of the terrorists is Russia.

Actually good statistic

because the most attacked system, attacks per host per second are the Checkpoint firewalls running on Linux/BSD/Solaris.

With Windows there is one attack per host, death afterwards, so what one has to look at is how many attacks per minute on the same host between down time.

I'd bet that...percentage wise...

[newestbob]

...there have been more Linux attacks than Windows hacks.

I have had "scratch" Linux machines (i.e., ones that I didn't care about) broken into. One via a "lpd" buffer overrun remote-root exploit, and one via a similar nfs exploit.

I've *NEVER* had this happen to a Windows machine.

Of course, machines I care about are behind a hardware firewall that blocks EVERYTHING (including ICMP/ping).

The real problem

[octogen]

The worst problem regarding security is probably the fact, that today's mainstream processors mix up code, data and adresses in memory without being able to distinguish between these categories.

You can put anything (even some characters of input from the keyboard) into memory and let the computer use it as a memory address - and this is really a very, very bad architecture.

If an attacker could only modify data by exploiting buffer overflows instead of being able to put additional code on your machine and to execute it, his or her possibilities would be much more limited.

Most secure operating systems can't prevent a security breech within an application, but are still able to prevent access to the OS itself, to other applications or to sensitive data. This is done by strictly following the 'principle of least privilege', which mainly means that you do not run any process with all-powerful root privileges.
(Take a look at Argus' homepage for more information about secure Unix kernels with authorizations/privileges instead of 'root')

IBM invented a technology which would be suitable for protecting the system from unintentionally modified addresses, almost 20 years ago (in the System/38).

We definately need better processors and better operating systems.

A short summary of methods to prevent from buffer overflow exploitation:
* If a process CALLs a subroutine, the return addresses shall become pushed onto the stack and marked as a 'valid address' in some kind of shadow memory (if you have 64bit long addresses, you need 128MB additional memory as the shadow RAM for each 1024MB RAM).
* If some piece of data is MOVed to memory, then the memory region shall become marked as 'non-valid address' in shadow memory.
* If a processor tries to fetch an address from a memory region which is not marked as 'valid address' then the processor shall raise an exception (interrupt) to inform the operating system about the invalid pointer.
* Shadow memory shall only be accessible from the highest privilege level (that is, from kernel mode)
* User mode processes shall not be able to use OS APIs in order to mark modified addresses as 'valid address' unless the user process has the privilege to use the API.
* There should be a privilege which causes the OS to ignore invalid pointers and resume execution of a user process, in order to ensure that even very old programs (which use pointer manipulation without correct casting, etc.) can be used.

Unfortunately, there is almost no information on the net about hardware pointer protection, so you will possibly need to look into Frank Soltis' book "Inside the AS/400" to get very detailed information.

Inside the AS/400, Frank Soltis

And they use php

[Bruj0]

Isnt that ironic? :)

How many were remote exploits vs. local exploits?

I mean, to me, a shell exploit isn't that bad, and I guarantee you a significant number of Linux exploits are shell users rooting a box, not some script kiddie on the Internet owning your box cuz he knows the IP address. Windows probably doesn't have many local exploits, due to the architecture. I'd take 10 local exploits vs. one remote one.

I interviewed for mi2g

[Cally]

...for a web dev position with cross training to network security (which I was, and still am, very interested in.) This was in 1998, IIRC. The head geezer is one D.K. Mattai. He told me they did consultancy for a lot of City (financial) firms, including info-sec work, and that I'd be paid a small basic (about 20K IIRC, not much even then) with substantial commission on any sales I made. Between the man himself, his dodgy "lounges" microsite idea (he wanted a "carlounge" site, a "videolounge", etc, but had dodgy ideas about advertorial as a revenue stream), the very non-technical, "hobby job" feel of the place (I only met him, and saw little evidence of anyone else using the rather flashy offices in Battersea - right on the Thames in fact, not a cheap location!)... just weirded me out a bit. I remember walking along the embankment afterwards, looking at the sun on the river and thinking "I know I hate Logica, but I'm not sure I trust this set-up - in fact I don't think I'd take it if he offered me the job." He tried to pressure me into signing up on the spot, too, IIRC. Oh yeah, and he thought NT4 and IIS were the bee's testes for secure servers.

Anyway, over the next four years or so I kept coming across sitings of him in Need To Know. Search for mi2g or "D.K. Mattai" and you'll see what I mean. He puts up some new FUD release every six -12 months, and presumably reaps some consultancy fees from the credulous and ill-informed. The other day I saw he'd even got himself onto the BBC with some nonsense "survey" about virus attacks by Al Qaeda... before that, it was anti-globalisation
protesters who were going to make the sky fall.

In short: nothing to see here, move along please.

Nimda

[jigokukoinu]

Does Nimda trying to propogate itself count as an attack?

mi2g are notorious FUD merchants

[Cally]

Here's a good piece on Vmyths about mi2g. They're full of it. I wouldn't be surprised if the entire "report" was based on a sample of two machines. On a home network. With an inquisitive teenager around :)

Re:Makes sense -- more Linux systems than a year a

[FyRE666]

I've seen too many newbies laughed at in the IRC #security channels or the newsgroups.

I totally agree! I used to hang out in the linux* IRC channels to help people quite a lot, but became sick of all the bitching and script kiddies kicking anyone who didn't run their preferred version of Linux (anyone mentioning they ran RH was usually banned for some reason), or trying to start arguments by giving obtuse or antagonistic replies to questions. That sort of bullying is not anything I want a part of, and does Linux no good what-so-ever.

I don't know if Windows has any sort of community, but I can't imagine it would have such a high percentage of irritating know-it-alls driving people away.

Rant over ;-)

Return on results...

From an attackers perspective (that isn't just doing it for the "hey lets 0wn these boxes just because we can!" but actually wants to abuse rooted systems for other things... porn, warez, etcetera...), a linux system would be worth more due to the ability for the attacker to turn around and do useful things with the machine. Additionally, linux systems tend to have higher uptimes (especially with servers) hence it'd be a lot more valuable to have access to a rooted machine 24 hours a day instead of some guys office workstation he turns on at 8am and turns off at 5pm.

Wait, these aren't verbal attacks...

[xactoguy]

Oops... must have read that title wrong, sorry, I thought that a miracle had occurred, and more people were dissing Linux than Windows... that'll only happen when Bill Gates realeases "Micronux", then we'll all have something to laugh at. :)

Re:Wait, these aren't verbal attacks...

[POds]

Well incase you didnt already know, Microsoft Windows as we know it today (XP) is actualy based on Unix. Although, you might as well say it wasnt, dare i say most of it has prolly be "worked" out of the system.

By when bill gates started out in this area, he first created his own version of Unix, which i can not remember the name of, but this eventualy became a foundation for NT, which of course is worked into XP now. :)

A simple search on google should reveal Micorsofts beginings on the Unix platform.

Re:Wait, these aren't verbal attacks...

[Inthewire]

NT was based on VMS, not Unix. You may be thinking of the TCP/IP stack that was sourced from BSD.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Misleading title

[Hempo]

If you read the article you will notice that there were MORE attacks on Windows than on Linux.

In the first six months of this year 7,630 covert attacks have taken place on Linux boxes. The total number of attacks last year amounted to 5,736. But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404.

The title should read "Linux attacks on the rise."

-just wanted to clear that up

ratio is important

[Metaldsa]

After the whole "Mac people are smarter" and this new "more linux" attacks are coming out I would like to see more ratios. The more people on a system causes more attacks to go up, most likely expodentially. Why make a mac or linux virus that exploits their browsers when your only getting such a small part of the market.

I would take a guess and say windows systems have more expoitable code than linux and mac but does this fact only become apparrent b/c of their market share? If apple had 96% of the market and windows had 4% would we have that many people attacking (or even hear about it for that matter) windows users like we do now?

I think this is also the reason we don't have too many cell phone/pda virus or attacks....yet.

The reason behind the attacks...

[fmaxwell]

Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?

A better thing to know is what the goals of the attacks were. For instance, attackers trying to get credit card numbers from major e-commerce sites would be more likely to attack Linux machines because (I believe that) Linux powers more successful e-commerce sites than does Windows. This is even more true lately, when respected security professionals are warning customers off of IIS (It Isn't Secure) and Windows platforms.

Another possible motivation is bragging rights. Defacing a web site running on Windows NT and IIS is not really all that impressive when Microsoft is issuing new security warnings and patches on an almost hourly basis. If you are going to try to impress everyone, you pick a fight with the biggest, meanest guy at the bar, not with some little shrimp that can't defend himself.

Ummm... Well... No...

[Eric+Damron]

"Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year."

If the average System Administrator for Windows platforms are anything like the ones where I work, they are just unaware of the attacks. So they go unreported.

Disco Stu!

"In 1979, sales of Disco records were up over 800%! If this trend continues..."

"Umm, I think those fish in your shoes are dead"

My take on all of this

[forgoil]

I would guess more and more people are using 2k or XP instead of older versions of Windows. Things are improving in Windows, and a unix machine are just more interesting to have hacked into. In fact, it is not even hard to break into a computer that isn't patched quickly when an exploit is released.

I'd say that all OSes needs to become more safe, because it is going to affect people in negative ways when their computers are compromised. That is way more important than arguing over which OS is the best.

Good reason.

[AMuse]

As far as I can tell, a compromised Linux machine is far more useful than a compromised Win* box, to the attacker.

No kidding

Linux has no Microsoft equivalent to generate all those FUD attacks.

With all the FUD attacks Microsoft launches against Linux, I'm surprised the attacks actually on Microsoft products weren't too low to measure. Hell, Microsoft has even incited the dead into attacking Linux. Maybe Bill Gates really is related to God!

Re:Is this sentient attacks, or attacks in general

> but in my opinion the article is wack.

No, you just misunderstood them. They meant that Linux is being attacked more IN THEIR LAB. :-)

Bullshit meter going through the ceiling

// I know at least 4-5 people who were hit // by this in the 2 days...bla...bla...bla

All right, I call bullshit on this one. You know 4-5 people who were running servers that got exploited by the worm? Like, what are the actual ratios for exploited:exploitable? possibly as high as 1:1000 would be conservative to say the least which means that your 4-5 people represent about 4-5 thousand servers. Either your group of friends are extremely unlucky or extremely stupid, one or the other. Now, get the hell off your mommy's computer before you break something.

I am so sick of people who try to bolster themselves with bullshit.

Re:Don't Bother: vnunet author Middleton is a Moro

[fanatic]

Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.

Or it is just that...

[Kindaian]

There are a lot more linux/unix servers out there then windows servers?

I mean servers, not domains mind me...

Cheers...

How many *successful* attacks??

[borgheron]

How many successful attacks have there been on Linux boxes vs successful attacks on Windows boxes. Just because there are more attacks on Linux doesn't make it less secure, it just means that hackers are targeting it.

Thanks for the heads up. It doesn't mean squat.

GJC

More Attacks on Linux Rather Than Windows?

Really? Heh. Well, we'll have to fix that. ;)

more lies with statistics?

[fermion]

I certainly never thought about mentioning that fraternities, in general, are more concerned with appearances and grades , and the money that they hope will come from the looks and grades, than learning, but, since, the gauntlet has been thrown, and I can integrate my way out of a paper bag, even to the point of doing QM the hard way, and I have only seen bright management majors use DE to cook books to steal millions of dollars from the working stiffs, and since this is an article about lying with statistics, I think I will take the challenge.

First, trying to prove something with a single statistic is meaningless. A person using a single number to attempt to prove a point generally has either had a lapse of judgment or has no understanding of statistics, math, or the logical process. As an aside, using the GPA to justify the existence of the fraternity indicates either a lack of respect for the process of learning, or the misconception that GPA and learning are equivalent.

Furthermore, using a double step statistics, i.e. the ranking of the fraternity within fraternities, and the ranking of fraternities in the general population, instead of the single step of the rankine the fraternity within the general population, is a classic tricks used to lie with statistics.

Finally, the statics, even at face value, is quite ambiguous. Were there a few people allowed in the fraternity merely because they were smart, and the rest of the fraternity cheated off these poor saps? Did the members of the fraternity have lots of money to hire tutors to do homework and take home tests? Did the fraternity know of the lazy professors who did not change their tests every semester , and, with copies of past tests, have training sessions to let the otherwise uneducated brothers pass the test?

It is really not my intention to be mean or disparage frat boys. I just find it incredible ironic that in an article that is largely about lying with statistics, the author, who claims to be an intelligent educated man of letters, would justify his existence by doling the same.

Re:Free market, anyone?

[jefu]

Its also worth noting that the mi2g people are offering security services, so the interesting ambiguities in their report are clearly a way to attract new business.

This /. article is AWESOME!

[MegaFur]

This /. article is AWESOME!

Because they actually used the word "than" (in the title) rather than "then" when it was appropriate to do so.

I think I could die happy now.

My $.02

[uid8472]

From the point of view of a machine connected to the Internet by cable modem, in terms of rejected TCP SYN packets, grouped by destination port, over a period of a little over 2 weeks:

1. port 1433 (MS SQL server), with 1325 packets
2. port 27374 (SubSeven, a Windows backdoor program), with 393 packets
3. port 12345 (NetBus, another Windows backdoor program), with 361 packets
4. port 80 (HTTP, of course), with 205 packets. (Since the connections aren't accepted, I have no data on which specific exploits they might be intended for.)
5. port 119 (Usenet NNTP), with a paltry 66 packets
6. port 21 (FTP), with 59 packets.

There were a few others (notably the SOCKS proxy service, the SunRPC portmapper, Telnet, and lpd) in the list, but none had more than 8 packets.

Yes, you are allowed

But they should be real studies and not some fud, which is what I am going to guess this is.

Obligatory Response

[Scott+Carnahan]

Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments.

Those stupid drunk frat boys...

Ow, my ass.

On-topic bit: It is interesting that you back up your criticism of the statistical methods used in the article by citing anecdotal evidence of Windows users' cluelessness. I think it unlikely that the members of your fraternity made up a non-trivial sample space. Despite its flaws, the article made the point that Linux is increasingly perceived as a viable target, and that as its acceptance as a server platform increases, the likelihood that a given installation is vulnerable seems to rise.

If it doesn't kill you ...

[Peahippo]

... it might make your stronger.

Linux will probably benefit from the exercise.

Now, if we make a Linux server that will survive Slashdotting, then we've really got something.

Bull!

I don't believe it. This mi2g is the same outfit that spread a similar claim a few months ago. I think they are trying to drum op business.

They fail to mention or reference the expliots/apps used and I haven't heard of that many new/successful exploits that remain unpatched for any length of time.

Real meaning behind this post

In the 24 posts listed on your user info page, 17 of them mention you went to MIT. Are you sure the reason for this post wasn't just to tell everyone that. Again.

Re:Is this sentient attacks, or attacks in general

[Brian+Knotts]

For all we know the numbers were pulled from somebody's imagination.For all we know the numbers were pulled from somebody's imagination.

"Imagination" isn't quite the word I would put there. :-)

hrm...

[cypr355]

Mr. Middleton obviously hasn't read this message board yet...

Oh, windows systems... that makes a little more sense.

Mom isn't a sys admin

The reason my mom doesn't want to use linux is 'cause she's not a sys admin, and won't get around to applying patches. She needs an OS that auto-updates, like OS X or WinXP.

linux vs windows

[1lus10n]

okay yeah sure ill belive that there alot of ATTACKS on linux sure , but how many actually work ? and of the ones that do work how many of them are either do to an un-patched server or a noob admin ?
now compare that to windows.
i am pretty damned sure windows has way more exploits that are UNFIXED than does linux. most OSS holes are patched within days, most microsoft holes are patched in WEEKS or MONTHS ... sometimes NEVER. not to mention most of these "holes" in linux actually require a brain cell and time to exploit whereas most windows holes have scripts for them ....
not to mention this is all one big assanine discussion SOLARIS and openBSD are the two security OS's. you wanna be paraniod run them.
hell i dont think i EVER remember hearing of a gapping hole in solaris and i WORK for sun..... (of course i could be wrong about that)

Laziness!

[Rozzin]

ahhh, right. so why is it that people have continued to choose unsafe, broken, archaic platforms for so many decades? sorry, it's simply not valid to claim that laziness is the reason.

At some point, in an e-mail message, I wrote a rant that relates to this....

What are they counting...

[rnturn]

... as an attack on a Linux system?

Those attempts to run ``/MSADC/root.exe'' directed toward Apache servers? I must have seen several dozen of those this week alone. (Heh heh heh)

Not surprising, look at Bugtraq this year.

[Simon]

Ignoring the poorly presented, ill-defined etc etc stats. It should not be surprising to see attacks and Linux and unix-like machines on the rise. This year has seen remote holes found for OpenSSH and Apache, which *are* being exploited in the wild right now. It has never been so easy for script kiddies to crack Linux etc type boxes as it is now. There are still plenty of vulnerable machines out there that have not been patched yet...

--
Simon

Liar using Statistics?

[rickst29]

I find the statistics which are used to justify the headline of the article to be surprising. Last year (the year of Code Red) this analyst counts only 11,828 attacks? :O And the U.S. government suffered only 254 and 54 attacks in the first halves of these two years? :O These figures seem awfully low. I'm also confused about WHAT is being measured. Apache runs on MS-Windows (as well as BSD, Solaris, and several other Operating Systems). However, the article seems to equate Apache with Linux. Having assumed this, does it also count exploits of other software (e.g., OpenSSH, bind, perl, rsync, squid) as attacks on "Linux-Apache" web servers? And if so, why doesn't he count the (hideously numerous) Outlook disasters which occur on Outlook Servers? Microsoft employees, of course, frequently encourages customer to run IIS and Outlook on isolated systems. (Separate from each other, separate from "normal" file servers, and separate from all other software products.) I suspect that M$ software will remain too buggy to trust, even in isolation, for many years to come.

Code Red

[jsse]

Does that hundreds of Code Red attack on my Debian servers count?

Just curious.

Are you confident....

Are you confident enough in win/iis to post the URL here?

Re:Are you confident....

Please don't ask people to do stupid things - you are only contributing to the dumbing-down of our species.

Re:Are you confident....

[HiThere]

Not precisely.

The theory of evolution predicts the opposite, actualy. The ones who do the stupid things don't survive.

Ref.: The Darwin Awards

Re:Are you confident....

[kingkade]

I'm not confident enough in AMYTHING to post the url anywhere :) Doing so is just asking for it and would get me in trouble anyway.
I distrust all software, BTW. Like I said its 90% the admin and 10% the actual SW no matter how "secure" anyone says it is.
And if you insist: www.nsa.gov
:D, j/k

Linux security 'survey' is nothing of the kind

[bredgar]

the VNU author did not question the methodology of the Mi2G piece, but The Register did. mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and "information from automatic robots". "Sites such as Alldas.org make no attempt to suggest that their data is comprehensive, and it's questionable if mi2g's figures can be used as a metric to compare the vulnerability of different operating systems. But then it's very hard to get solid figures on this kind of data so mi2g's figures may be indicative. " http://www.theregister.co.uk/content/55/26177.html Mi2G has a history - its Y2K forecasts were notorious - http://www.kumite.com/myths/opinion/thoughts/1999/ mi2g.htm

Will probably see more of this...

[Junta]

Though the study is pretty badly flawed, this phenomeenon will likely continue, perhaps not to exceed windows, but it is a possiblility. What is being seen here is that linux is gaining market share, and it at least perceived as valuable information to know by even Windows administrators. The main problem plaguing Windows security is quality of the administrators. Commercials give the impression that MCSE = big buks, so people with little drive or knowledge go for it for the cash. Administrators are suddenly a dime a dozen and with MCSEs all over place and limited knowledge of managers conducting employee selection, its hard to determine quality among candidates, so you get lazy or unknowledgable sysadmins. These large masses of people have been seeing Unix as a dying, historical thing and have ignored it. Now, to *these* people, Linux is a sort of renaissance to Unix computing, so they see it as possibly figuring into their job and start to take it up. Also, other computer people who want to feel elite also pick it up and start doing things without fully understanding the risks and consequences. As Apache and even OpenSSH have shown us, no software is perfect, and ultimately it is the awareness and competency of the sysadmins that determine security. And for linux the signal-to-noise ratio is getting lower...

Also, sysadmins of Unix systems especially are getting lazy, I'm guilty of that :) There haven't been many serious widespread issues for a while until recently. Now with the increased market and exposure, script kiddies and the like find linux a more appealing target, especially those who thinks linux users need to be taken down a notch or two. So all of a sudden, we have lazy or new sysadmins faced with an increasing number of attacks.

Personally, I think I'm going to start deploying gentoo more on servers. Patched versions seem to work into the portage tree most quickly, while other places tend to a bit slower, either because of QA or lack of maintainers.. I know QA is good, but to tie up *security* patches in QA too long is bad... I'll take my risks on testing a patch with a possible, yet unknown exploit than a certain, known exploit..

Super Security Hole

[muzzy]

Turn off all services except ssh

Mmmh... having only openssh running on a box sure makes it very secure! History has shown this to be true, too, with not many ssh vulnerabilities out there, not many implementation flaws!!

Never trust a statistic/study...

[bankman]

...that you didn't forge yourself.

The parent poster named some very important flaws that go with this particular article that is reporting about this study.

Here are two more:

1. Overall methodology
2. Sample group (i.e. how many machines, how many running Linux/Windows, setup of the machines, default/hardened etc.)

It can be argued (I love academic talk) that this article would probably even fail as an abstract in most universities. Nevertheless, this article is read and even gets coverage, so it can be assumed that many people will read it. How many readers know about flaws in studies and statistics to read the article on an informed basis?

Very few, most of their readers will most likely be management people (I am one myself btw) and misinterpreted (not me). In fact it is written so that the uninformed (read: non-IT, non-security) reader has to misinterpret it.

The interesting thing is, that anyone who is knowledgable in the industry could have written a better article making the point for Windows. Surely it would have been ripped apart here on /. , but that's not the target audience anyway. It's targeted at industry decision makers, who depressingly often have no idea about IT and/or research methodologies. They will read it as: "WINDOWS MORE SECURE THAN LINUX AFTERALL - Gates better than Torvalds"

It's FUD, and not good one at that.

The one thing...

that makes this show how much you know of windows, is that on windows you can't delete or edit a log file before the system hase closed it and started a new log for the next day, you can only read it.

Re:The one thing...

Its not a surprise Linux maniacs doesnt know how Windows work and they dont even know how to set up
a windows server properly, maybe it easier for them to talk.

Almost all linux maniacs run also windows computers so its not a surprise they scream when their computers are full of bugs that they dont understand how to fix.

I wonder if they even know how to setup linux properly

Of course they need someone to blame for their own stupidity,

Great!

[d2002xx]

It represents that fewer and fewer idiots use Windows. And by the end of year, people using Linux systems may surpass ones using Windows systems!

Causation folks, not correlations.

Maybe people don't care what system they are trying to hack. Increases in Linux hacks could be attributed to an increase in Linux use last year. If IT departments (or whoever reported this) are as bad as our Social Psych department then I refuse to read on. Causation folks, not correlations.

No challenge there

[hayden]

I'm hanging out for a (+5, Underrated) myself.

And as I write...

[Nishi-no-wan]

And as I wrote the above, Snort notified me that a major computer manufacturer in Palo Alto, CA has become the latest victim of CodeRed to attempt an attack on my site. (I do hope it's not a pre-install model.)

Still no "real" attacks on the system today, though.

But, but, but...their website looks so "corporate"

[cyclist1200]

They must be on the level...right?

Right?

Neat-looking site plus buzzwords equals credibility, doesn't it?

because we're winning!

[hatrisc]

this is only due to the fact that there are more people running linux than there are windows...