More Attacks on Linux than Windows

the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."

Which are more successful?

[1010011010]

Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?

Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.

Re:Which are more successful?

[stubear]

Or perhaps the rise of Linux has correlated with the increase of "noobs" using Linux leaving many security issues unchecked. A perusal of bugtraq will show a long list of security issues for Linux (as many, if not more, than Windows).

Re:How many from Redmond?

Oh, good grief, get a grip. I have 3 friends that work at MS. Two are software engineers, one is a test engineer. Both of the developers have Linux boxen at home because they really freaking like the OS and it's a fun break to code and configure a Unix-like system. They tell me they have many coworkers who see it the same way. MS pays their bills and Linux is their hobby because they're smart nerds. It's not perfect, but it's better than them going home brainwashed and only eating their own dogfood.

Microsoft is not nearly as "one-mind" and Borg-like as many would like to believe. That makes it harder to spread your flavour of hatred. Hate the company's practices, sure. But don't believe that the majority of people there really give a fsck enough to care one way or the other. It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.

Missing key word: DETECTED

[karlm]

The number of detected attacks is rising sharply for linux and slightly falling for Windows. What percentage of Windows houses install an IDS solution? What about Linux houses? What percentage of Linux break-ins get reported to someone? and Windows break-ins? There very well may be a point this year when attacks against Linux outnumber attacks against Windows, but I think it's more likey that the vast vast majority of attacks againt Windows machines go unnoticed.

Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.

If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.

Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.

I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.

(Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)

In summery, let's not forget that Linux and Windows often get deployed in very different environments.

The reason behind the attacks...

[fmaxwell]

Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?

A better thing to know is what the goals of the attacks were. For instance, attackers trying to get credit card numbers from major e-commerce sites would be more likely to attack Linux machines because (I believe that) Linux powers more successful e-commerce sites than does Windows. This is even more true lately, when respected security professionals are warning customers off of IIS (It Isn't Secure) and Windows platforms.

Another possible motivation is bragging rights. Defacing a web site running on Windows NT and IIS is not really all that impressive when Microsoft is issuing new security warnings and patches on an almost hourly basis. If you are going to try to impress everyone, you pick a fight with the biggest, meanest guy at the bar, not with some little shrimp that can't defend himself.

Re:Don't Bother: vnunet author Middleton is a Moro

[fanatic]

Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.