Slashdot Mirror
More Attacks on Linux than Windows
the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Is this including all the viruses, script kiddies, etc. etc. that tend to fill up logs?
If it's only sentient attacks, then it makes sense. Windows isn't a challenge, Linux is.
Otherwise, I beg to difer. There are countless sites out there dedicated to shameless display of nimda/code red, and script-kiddie attacks in their logs.
-Sara
On Windows... My machine is dead... Must have been another Windows crash... I'll reinstall (again)
On Linux...Hmm.... someone has been trying to attack ...(etc)
Oh, good grief, get a grip. I have 3 friends that work at MS. Two are software engineers, one is a test engineer. Both of the developers have Linux boxen at home because they really freaking like the OS and it's a fun break to code and configure a Unix-like system. They tell me they have many coworkers who see it the same way. MS pays their bills and Linux is their hobby because they're smart nerds. It's not perfect, but it's better than them going home brainwashed and only eating their own dogfood.
Microsoft is not nearly as "one-mind" and Borg-like as many would like to believe. That makes it harder to spread your flavour of hatred. Hate the company's practices, sure. But don't believe that the majority of people there really give a fsck enough to care one way or the other. It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.
Out of all the "hack attempts" in the last 2 days my works network has had about 95% IIS hack attempts with the rest ssh/rpc probes or anonymous ftp attempts (which could be to exploit either OS or just someone looking for pub ftp sites).
This info courtesy of snort.
While usually we do have slightly more ssh/rpc attempts than this the amount of IIS exploits is never less than 75% of all the breakin attempts we have. I'd attribute most of these attacks to worms.
Hardly scientific I know (unfortunately the snort box was reinstalled 2 days ago so I can't give many figures except from memory) but in my opinion the article is wack.
I agree with you views on this. A source of study has to be carefully scrutinized. A great example of this happened a few years back at my university (University at Albany).
Princeton Review, a college prep company that has SAT classes and provides college information and rankings, questioned students at various campuses as to what is the number one party school. They decided to come to Albany on the day of Kegs and Eggs (a rather large bar opens at 8am one Saturday morning and kids get drunk and pour beer all over each other.). They polled the drunked students as they were leaving the bar and naturally, they voted for U at Albany. This, however, is not the main contributing factor to Albany's dubious ranking... A few representitives of Princeton Review had come down to the campus and began soliciting Princeton Review prep classes for graduate exams (MCAT, LSAT, GMAT, etc). Well, the university, having an affiliation with Princeton Review's rival, Kaplan, kicked them off campus. It is a strong belief among administration, that we were given this ranking out of spite.
As with anything in the media, you must take information with a grain of salt and look deeper into the true meaning, sources and objectives of the survey, artiles, etc. It is our responsibilty to question companys or groups that put forth this information, because it could very well be jaded by propaganda.
100% Insightful
Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.
If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.
Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.
I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.
(Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)
In summery, let's not forget that Linux and Windows often get deployed in very different environments.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
on the community here at /. I expect the following opinion to be unpopular, but you never know.
No matter how disgusting MS's business practices are, they are still not the evil side in this story. The script kiddies are. So why are we spending so much time blaming MS for this story? I could care less if MS financed this story. I could care less if I am still getting Code Red attempts daily on my machines. What I do care about is that everyone on the internet, even those people running MS products, is secure.
The biggest problem we have on the internet from a security standpoint is ignorant users. The fact that we still get code red attempts shows that this is a huge problem.
MS seems to be a bit more ahead on the curve when it comes to this (somewhat...I'll say more about this in a minute). In Windows XP, the OS will check for critical updates automatically, and will either download and install it by itself, or let you know that it is available. (This depends on how you set it up. You can also have it not do this behavior, and are given the choice to decide when you get on the internet for the first time.) I personally think that the default behavior should be to autocheck and notify, with options to turn it off buried somewhere. This would help protect the ignorant, while giving the choice to those of us who know more and are willing to do more with our OS to make our own choice.
Of course, MS is also very slow at putting out security patches, and there is NO excuse for that.
We will see more problems like this in the future. No matter what anyone says, Linux is not exactly as user friendly to the average Joe as Windows is. So while it may be more secure OOTB, as new exploits are discovered we will run into more and more problems because average Joe will not know that there is a new security hole on his Linux box. I can imagine quite a few of you will try and blame this coming problem on the average Joe, but remember....the customer is always right. If average Joe doesn't feel like subscribing to a security mailing list and sifting through a tone of email a day, he shouldn't have to. And we shouldn't expect him to want to do that, anymore then average Joe should expect us to like Celion Dion.
So we should do something about this now, before it gets out of hand. Make the default action for a desktop Linux setup check for security patches and notify, with a dire warning that will scare the bejeebus out of average Joe. Make it pretty easy to turn off for those of us with a bit of knowledge. Keep pumping out patches. But make sure your average mouth breathing computer user can install the patch, without worrying about dependencies and without having to type anything. Point and click is their friend, even if it isn't necessarily ours.
That is what we should be doing. Let's clean our own side of the street first, and worry about blaming MS for another thing later.
BTW, I still see attempts by rootkits from Linux boxes daily, and these are (like the Code Red attempts) caused by boxes that are unpatched against security holes that have been fixed for a very looong time.
I've been running IIS -- and unix-based web servers for about 5 years. Our IIS boxes have NEVER been hacked. We had disabled .htr and other mappings long before Code Red emerged -- as MS had advised. The fact is, 90% of all of the Windows vulnerabilites have been fixable with permissions and registry modifications. Keeping patches up to date is a pain, but not impossible.
Without a doubt, MS has a lot to learn about security, but tools such as URLScan and the like have made it much easier to lock down an IIS server.
It's also worth remembering, that as an application server, IIS has the ability to do a LOT out of the box (COM, ASP, ISAPI (and outdated vulnerable technologies using HTR). In any case, can not compare IIS with Apache -- you must compare it with Apache + Tomcat + Turbine, etc.
Is this sig nificant?
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
A better thing to know is what the goals of the attacks were. For instance, attackers trying to get credit card numbers from major e-commerce sites would be more likely to attack Linux machines because (I believe that) Linux powers more successful e-commerce sites than does Windows. This is even more true lately, when respected security professionals are warning customers off of IIS (It Isn't Secure) and Windows platforms.
Another possible motivation is bragging rights. Defacing a web site running on Windows NT and IIS is not really all that impressive when Microsoft is issuing new security warnings and patches on an almost hourly basis. If you are going to try to impress everyone, you pick a fight with the biggest, meanest guy at the bar, not with some little shrimp that can't defend himself.
Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody