Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Attacks on Linux than Windows

Posted by CmdrTaco on from the activate-the-shield-array dept.

the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."

11 of 411 comments (clear)

  1. Yea, and about CodeRed? by clump · · Score: 5, Informative

    Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.

  2. not from our perspective by sloth+jr · · Score: 5, Informative
    We run hosted web services for customers that between two datacenters aggregate about 50 million web hits a month.

    Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.

    From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).

    In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.

  3. Wouldn't Doub It by Ashcrow · · Score: 2, Informative

    But the trend of Linux boxes that get 0wn3d comapred to the Windows boxes that get 0wn3d probably show a difrent story.

    Check out Alldas.org ffor some numbers.

  4. Re:Which are more successful? by Anonymous Coward · · Score: 2, Informative

    Nice troll. http://online.securityfocus.com/cgi-bin/sfonline/v ulns.pl Shows approximately 5 times as many vulnerabilities for Microsoft than for Red Hat.

    How this reached +5 is beyond me.

  5. Don't Bother: vnunet author Middleton is a Moron by fanatic · · Score: 3, Informative

    This is another article by James Middleton, who is not a trustworthy source on this issue.

    I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.

    I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.

    --
    "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  6. mi2g by doom · · Score: 5, Informative
    Evidentally, this story is a re-typing of the press release from "mi2g", so you might as well look at the original: Digital attacks on Open Source systems soar. It includes a bunch of pointers to pdfs of graphs of their data (none of which I can read because of some sort of "can't find colorspace cs8" error). But they don't appear to include any additional information, they're just graphs.

    The source of the data is supposed to be the "mi2g SIPS database", about which they say:

    The mi2g SIPS (Security Intelligence Products and Systems) database has information on over 6,000 hacker groups and maintains a record of over 60,000 individual hacking events since 1995. The SIPS intelligence citations include the 2002 Computer Security Institute (CSI) / Federal Bureau of Investigation (FBI) Computer Security Issues and Trends Survey [Vol. VIII, No. 1 - Spring 2002]

    (Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients... yup, includes Microsoft).

  7. Re:Which are more successful? by billatq · · Score: 2, Informative
    It is almost impossible, in my experience, to connect a default SP1 install of win2k with IIS server running without it getting immediatly infected by a worm.

    Is this still correct now?

    It is indeed correct. Anyone who stays on top of their web server logs will see plenty of code red attacks every day. The fact that a default windows 2000 install is susceptable to it doesn't help. Personally, I don't want to keep up with all of the patches that IIS needs. Apache out of the box is secure enough. However, if you absolutely have to use IIS, make sure you burn SP2 along with the other updates to a cd beforehand and install them onto the machine before connecting it to the internet.

  8. Re:Which are more successful? by BlueUnderwear · · Score: 3, Informative
    Anyone who stays on top of their web server logs will see plenty of code red attacks every day. The fact that a default windows 2000 install is susceptable to it doesn't help.


    Just grepped for <tt>../..</tt> in my <tt>httpd/error_log</tt>.<p>
    292 matches.<p>
    But that log goes back to April 30th. Last year in August, I had that many probes in <em>one day</em>. So, I'd say, CodeRed/Nimbda activity did indeed decrease...

    --
    Say no to software patents.
  9. Re:No shit there's more attacks on Linux by caca_phony · · Score: 2, Informative
    when C# becomes more popular, buffer overruns and dangling pointers will be toast, so security problems will basically disappear. In comparison to Linux L00sers, anyways, where buffer overruns are considered a sign of how cool you are. (I uze l337-j00 See Minuz Minuz, is s0 fazT!!!)

    the ironic thing about your comment is that c#'s original name was c-- (you have to type cminusminus to google it properly, I think), which was, in part, a non gpl'd alternative to gcc's intermediate code system (ie. the way the GNU Compiler Collection uses one comiler for all the languages it supports, and they all compile to the same intermediate code). c-- was designed to be a better core language to use as a base language to code ontop of- ie. a non gpl'd version of gcc.

    Microsoft changed c--'s name to c# for marketing reasons.

    --
    ...and this lie crawls out of its mouth: 'I, the state, am the people.'
  10. Is this FUD == mi2g ? by bariumXray · · Score: 2, Informative
    For the FUD picture on mi2g:

    Go to http://www.vmyths.com and search for mi2g under RANTINGS.

    Credibility is not their strong point.

  11. Re:Which are more successful? by Robert+The+Coward · · Score: 2, Informative

    Check my server log I run apache but I get 1000 of request the last 5 Days of the month for C:\winnt\...
    If I ran an unproteched system during those 5 Days I think 25 Mins would be a little long.

    Robert