Slashdot Mirror
More Attacks on Linux than Windows
the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."
Yeah, but the difference between attack counts between Linux and Windows are how many of those attacks are successful...
- Jester
Perhaps it's the inverse?
More attacks on linux could be occuring because it's more likely to succeed?
Is that Linux has grown in popularity over the past year, taking even more market share away from windows... ...do you think the script kiddies have any idea what OS the server they're "attacking" is running?!
And, as someone already pointed out...who had more successful attacks...Windows, I'm sure...
Of how the phrase "and if this trend continues" can pretty much turn otherwise useful statistics into a big mess.
You know, watching a puppy grow, you could say, "And if this trend continues, this will soon be a super-dog the size of Godzilla, and will devour Tokyo."
Funny, that never seems to happen.
Windows boxen pose no challenge anymore... skript kiddies want to skite, we all know there mentalities. Defacing a Windows http server is so yesterday's-news nowadays that it doesn't give a hax0r any 31331-cred anymore. Tough boxes like Linux, *BSD, especially OpenBSD are what give script kiddies maj0r hax0r kudos now.
Perhaps more attacks on linux could be occuring because it's more likely to succeed?
Anything is possible, even if not it's not probable. It could also be a result of Linux displacing windows in the server space. If there's 100 attacks/second, and windows' market share falls by 2% at the same time the Linux market share increases by 2%, then there will be a decrease in the number of attacks on Windows, and an increase in the number of attacks on Linux.
If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I don't really care about the number of attacks (unless it escalates to DOS), it's the number of successful attacks that is important.
And since Linux is much more heterogenous than Windows, a "linux" attack directed at me is less likely to succeed since it is less likely I have the exact hole that is being exploited.
Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.
Here's some critical questions of this study:
1. How was this data taken? What was the sampling method? What was considered an attack?
2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.
3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.
4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"
5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.
6. What is being done about the problems?
Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.
What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.
Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
social sciences can never use experience to verify their statemen
These statistics make sense. More and more people are adopting Linux now. There are two main drivers for this trend: People hear that Linux is better and organizations don't want to pay Microsoft's draconian licence fees.
The real question is whether these attacks are successful. Unfortunately, while the number of Linux servers is going up, so is the number of people who own or administer these systems and who aren't security-aware.
I think it's in the best interest of our community to assist the newbies when they have questions about setting up their systems, particularly when it comes to security. I've seen too many newbies laughed at in the IRC #security channels or the newsgroups. We should welcome them and try to help them; otherwise, The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.
There is no doubt that Linux is now a mainstream alternative. Remember, though, that the hard part is not to arrive, but to maintain a leadership position. That's the difference between the Rolling Stones and the one-hit wonders. In order to maintain our leadership, we should work together toward making the community aware of the pitfalls, and the distro vendors should probably come up with a policy of "all services closed" and forcing the users to open them, not the other way around. Other people will probably add better ideas to these suggestions.
The real measure is not whether the attacks are on the rise; it's the number of successful attacks that we should be concerned with.
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
How many Windows attacks go unreported and unnoticed? All this can show really is that Linux attacks are increasingly easier to notice and report, while Windows attacks either are actually lower or (more likely) go unnoticed and perhaps even persist over a long time.
I design user interfaces for a free network management application,
What counts as an attack? So worms don't count, or the number would be in the millins. Reported attacks? Those shouldn't count much because there is "little incentive for a company to report computer attacks.
Here's another story by the supposed source, but again, they don't at all define what they mean by "attack".
Why do people continue to point to bugtraq as the measure for "Which OS is more secure?" That is so far from the truth... The key thing you are forgetting is the "bug severity" factor. I would say that in general Windows has less bugs than Linux (On bugtraq) but those bugs are more servere. Thus in my opinion, Linux is still more secure. You are also forgetting that hardening a Linux box is much easier than haddening a Widnows box. I can make my Linux box very secure with very little effort. Example:
Turn off all services except ssh.
Please stop pointing to buqtraq and saying:
Windows has less security issues than Linux, therefore Windows is more secure than Linux.
Right. There are a lot of flaws with this article, starting with the numbers. First of all, they don't define what they consider an "attack" to be. That's a big gaping hole you could drive a truck through (note lack of a link here).
They also don't define what constitutes a "box" in this context. Even if it were servers only, the numbers are incredibly low. My little development web server got several thousand code red attacks last fall. Luckily, I was running Apache on Linux, so all it did was fill up my logs.
If they are talking about pure number of attacks, as they appear to be, this is actually pretty good news. Apache webservers outnumber IIS webservers approximately 2 to 1 according to Netcraft (and by the way, has anyone noticed that Apache has been gaining the past couple of months). Assuming on a small percentage of people run Apache on Windows, we could assume that the attacks on Linux servers should be twice that of attacks on Windows servers, but the numbers are not that far apart.
So this article appears to be pretty fluff piece with no real meaning. Like most news stories.
MS could buy BIGNUM hackers and put them to work finding security holes in Linux and BSD using a trivial percentage of their petty cash. MS has done things with the intent of breaking other software in the past (e.g. the bogus warning when Windows 3.1 ran atop something other than MS-DOS, the calls in win32s.dll that ask for RAM intentionally out of range for virtual DOS sessions under OS/2, "DOS isn't done until Lotus won't run"). It's not a matter of hatred; it's a matter of MS SOP.
Ahhhh so we are counting how many times a script kiddie hits enter. You know this article doesnt shock me at all. Wow big suprise that the OS with the most servers is getting hit more and more. I dont see how this could shock anyone. What I am curious about is how many of these attacks were major attacks or organized attacks. That would be interesting reading.
It's true, so how, exactly, could it be FUD?
Saying "There are more attacks on linux systems" becomes FUD when you imply that this is bad. More attacks doesn mean more successful breakins. Truth can be FUD in the right context.
We have two operating systems, and their associated applications, implemented in unsafe languages, with broken and/or archaic security models, competing for how many weeks they can run before getting rooted by a new exploit.
How pathetic.
Mea navis aericumbens anguillis abundat
Think about the hacker mindset for a minute. Most of these attackers are using Linux, because that's what their scripts were written for, and because they think Windows is lame - to use, and to hack. Even most of the ultra-successful defacers out there will only attack Unix systems and network devices/appliances these days, because bragging about hacking into a Windows system isn't elite in the eyes of their peers; they will catch shit from their buddies for attacking such an easy target.
If anybody out there is as clueless as this troll, please e-mail me your questions. I'm in the trenches with these kiddies 24/7 and can give you a better idea of what's going on than most nerdy bugtraq subscribers who think they know shit because they read some mitnick autobiography and they run an unstable kernel.
Topic: "More Attacks on Linux than Windows"
Content: "If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems".
Anyone more than me that thought that Linux had more atacks than Windows?
Beware: In C++, your friends can see your privates!
Alright, aside from the facts the following statments people are making:
A) Linux use is growing
B) How many of these were really successful attacks?
C) What counts as an attack?
D) Studies from the group which conducted this one are questionable.
Clearly people are neglecting to give MS credit for some of it's accomplishments over the last year. One of the largest changes was the speed at which updates were made available and most of these through the windows update site. Now when new holes in their products were found, MS responded for the most part almost immediatly and patched up their code within hours/days and posted it up on for everyone to download. Also, they're working on making these updates even easier than before, anyone with windows 2000 who keeps on top of patches will notice that the interface has changed, you can set it to automatically apply security patches. Also another point is that people are finally realising that their computer will be far more secure if they just apply the latest patches.
Holes in Linux are not always patched up right away and lets face it, Linux code warriors can't always respond to a patch for each distro when ones found like MS can or distribute it as easily. Because they're a single entitiy, they have quite the advantage when it comes to communication and distrobution.
In the last year Microsofts efforts to patch up their software were far and beyond anything they have done in the past, and that is something Linux buffs won't easily admit to. Now, Palladium is a whole nother ball game mind you =)
My Linux box reports a number of attacks against the FTP server and Apache each day
Perhaps the reason Linux gets more attacks reported is that Unix has very good logging and nix admins actually read their logs and report attacks. I knew some Nt administrators even in very big operations that never read their log files. Personally I thing the the script kiddies just scan and hit whatever they can. A linux box might be more useful once the it is compromised, but that is another issue.
Could Jesus microwave a burrito so hot, that he himself could not eat it....HS
I see a lot of post here, and hear a lot of apache admins go on about their logs filling with attacks from CodeRed, Nimda, etc (which obviously get no where)
So my thought is could the increase of attacks on linux box be beacuse most(all?) the MS boxes are infected drones, all attacking every IP they see?
and thus more linux boxes get attacked.
I know it an extreme view, but a Nimda drone attacking an apache box, although pointless, is still adds to the statistic of more linux boxes being attacked
More Attacks on Linux than Windows
AND
If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems.
is FALSE
I can't see the correctness of the subject line. It should say "More Attacs on Linux than Windows... um, maybe... in the future.."
From an attackers perspective (that isn't just doing it for the "hey lets 0wn these boxes just because we can!" but actually wants to abuse rooted systems for other things... porn, warez, etcetera...), a linux system would be worth more due to the ability for the attacker to turn around and do useful things with the machine. Additionally, linux systems tend to have higher uptimes (especially with servers) hence it'd be a lot more valuable to have access to a rooted machine 24 hours a day instead of some guys office workstation he turns on at 8am and turns off at 5pm.
So... let me use my brain... you have given me two choices:
1) Windows setup in an insecure way.
2) Linux setup in a secure way
Basically, your choices would parallel the choices in the following example:
Which is better?
1) Apples
2) Oranges
In other words, what you are comparing isn't fair. Why isn't it something like, which is more secure?
1) A Windows machine not hooked to a network
2) A Linux machine not hooked to a network
You seriously can't compare the configuration of a standard home user's Windows PC to a professionally configured Linux machine and have it be a valid comparison of their security.