Slashdot Mirror
More Attacks on Linux than Windows
the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Yeah, but the difference between attack counts between Linux and Windows are how many of those attacks are successful...
- Jester
Is this including all the viruses, script kiddies, etc. etc. that tend to fill up logs?
If it's only sentient attacks, then it makes sense. Windows isn't a challenge, Linux is.
Otherwise, I beg to difer. There are countless sites out there dedicated to shameless display of nimda/code red, and script-kiddie attacks in their logs.
-Sara
the attacks on amiga boxen where at record lows
Is that Linux has grown in popularity over the past year, taking even more market share away from windows... ...do you think the script kiddies have any idea what OS the server they're "attacking" is running?!
And, as someone already pointed out...who had more successful attacks...Windows, I'm sure...
We're Number One! We're Number One! We're Num... oh. Never mind.
The real question to ask is, "how many of these attacks are successful as compare to attacks on Windows?"
Fight Spammers!
Of how the phrase "and if this trend continues" can pretty much turn otherwise useful statistics into a big mess.
You know, watching a puppy grow, you could say, "And if this trend continues, this will soon be a super-dog the size of Godzilla, and will devour Tokyo."
Funny, that never seems to happen.
Are scriptkidiots lookig for real chalenges? (=
No, that would be "getting laid".
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Security hole discovered in Linux handheld
Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.
From my point of view.. "so?" Theres tons of Linux vendors. If we dont fall in love with one and get all biased, then we can just assume that the better ones will float to the top over time. (That regarding that people would actually stop buying an OS cause its insecure). People get all religious over this stuff, and to some end it is kind of fun, trying to advocate this little OS towards your friends and such... but in the end, isn't it really a matter of us having the advantage of all the time in the world? What magic event is going to occur that will stop linux dead in its tracks? I guess "chill out" is a bad retortion to an article I didnt read, but, oh well :)
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
to find that Micro$oft marketing is behind this.
668: Neighbour of the Beast
I don't really care about the number of attacks (unless it escalates to DOS), it's the number of successful attacks that is important.
And since Linux is much more heterogenous than Windows, a "linux" attack directed at me is less likely to succeed since it is less likely I have the exact hole that is being exploited.
Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.
Here's some critical questions of this study:
1. How was this data taken? What was the sampling method? What was considered an attack?
2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.
3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.
4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"
5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.
6. What is being done about the problems?
Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.
What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.
Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
social sciences can never use experience to verify their statemen
These statistics make sense. More and more people are adopting Linux now. There are two main drivers for this trend: People hear that Linux is better and organizations don't want to pay Microsoft's draconian licence fees.
The real question is whether these attacks are successful. Unfortunately, while the number of Linux servers is going up, so is the number of people who own or administer these systems and who aren't security-aware.
I think it's in the best interest of our community to assist the newbies when they have questions about setting up their systems, particularly when it comes to security. I've seen too many newbies laughed at in the IRC #security channels or the newsgroups. We should welcome them and try to help them; otherwise, The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.
There is no doubt that Linux is now a mainstream alternative. Remember, though, that the hard part is not to arrive, but to maintain a leadership position. That's the difference between the Rolling Stones and the one-hit wonders. In order to maintain our leadership, we should work together toward making the community aware of the pitfalls, and the distro vendors should probably come up with a policy of "all services closed" and forcing the users to open them, not the other way around. Other people will probably add better ideas to these suggestions.
The real measure is not whether the attacks are on the rise; it's the number of successful attacks that we should be concerned with.
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
How many Windows attacks go unreported and unnoticed? All this can show really is that Linux attacks are increasingly easier to notice and report, while Windows attacks either are actually lower or (more likely) go unnoticed and perhaps even persist over a long time.
I design user interfaces for a free network management application,
What counts as an attack? So worms don't count, or the number would be in the millins. Reported attacks? Those shouldn't count much because there is "little incentive for a company to report computer attacks.
Here's another story by the supposed source, but again, they don't at all define what they mean by "attack".
Windows has been successfully attacked over twice as often than Linux since 4/2000. Looking at today's list, 17 Win, 12 Linux, 15 other.
sulli
RTFJ.
Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.
From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).
In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.
But the trend of Linux boxes that get 0wn3d comapred to the Windows boxes that get 0wn3d probably show a difrent story.
Check out Alldas.org ffor some numbers.
Its unfortunate for the article that no quantifiable evidence is offered. For all we know the numbers were pulled from somebody's imagination.
Successful attacks is one, but what about re-infection/compromise?
For instance compare some of the Win2k boxes to a RedHat 7.2 box I had compromised.
The Win2k box (not mine, un?/fortunately) had been caught by nimda or some other vulnerability and after being formatted was *again* bit by nimda/code red when trying to get the updates.
(a cd or local machine with the patches never crossed the dude's mind until the second time around).
My box was compromised by a user running a trojaned IRC bot (eggdrop? was the trojan).
I know, I know, that was my fault for slacking off/being caught up in other things, but the next go around was wipe, install the data, kill services that are not needed (chkconfig, nice tool) and edit the hosts allow/deny to hell and back.
I was *P.O'ed*. FTP/SSH/HTTP is the only thing running currently with large ranges of IP's blocked if I see even *one* probe I don't like.
(no complaints, yet).
The large difference was the "state" of the admin.
The win2k dude thought it was the "cost of doing business", mine was "those fscking tools + idiot user I'll do everything I can to keep it from happening again.
Sigh vs GRRRRRR, is what I call it.
That reminds me, it has been a day or so since I grepped the logs...
Gotta go.
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
You can connect macs to the internet? Thats pretty cool... be nicer when they come out with network cards, I still can't get mine connected to my network.
The real question is whether these attacks are successful.
First of all, a lot of comments in this thread comes from people who seem to assume that is some kind of viscious attack on their favorite OS instead of an announcement of a simple fact: there are more attacks on Linux now than before. Nobody said anything about this suggesting that Linux is less secure than it used to be.
The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.
It's true, so how, exactly, could it be FUD? Oh, you mean that MS would start saying things like: "look how many hax0red boxes you have, this must mean that Linux is rotten when it comes to security!" But isn't this exactly what the Linux community has been doing for years? Why do we always hear "Windows/Outlook/both suck because a gazillion boxes were infected by the ILoveYou virus" instead of "Windows users suck when it comes to security related issues, as a gazillion of them opened unknown attachments and got infected?"
Doublespeak, I say. And I'm no troll.
"If you think education is expensive, try ignorance" - Derek Bok
I remember the day that Code Red hit, when the Internet started running slow and my webserver got repeatedly hit by Code Red attacks from all over the place. If and when I see the same effect from a Linux worm, I'll know we've hit the same point.
Ahhhh so we are counting how many times a script kiddie hits enter. You know this article doesnt shock me at all. Wow big suprise that the OS with the most servers is getting hit more and more. I dont see how this could shock anyone. What I am curious about is how many of these attacks were major attacks or organized attacks. That would be interesting reading.
This is another article by James Middleton, who is not a trustworthy source on this issue.
I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.
I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
It's true, so how, exactly, could it be FUD?
Saying "There are more attacks on linux systems" becomes FUD when you imply that this is bad. More attacks doesn mean more successful breakins. Truth can be FUD in the right context.
The source of the data is supposed to be the "mi2g SIPS database", about which they say:
(Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients... yup, includes Microsoft).
The combination of Windows and Outlook is riddled with issues. Attachments shouldn't appear to be one data type but actually be malicious executable code (due to Outlook's desire to hide file extensions and how it handles conflicts with MIME types and extensions). But say our users treat all attachments as plague-infested rats and refused to touch them. Past vulnerabilities have meant that simply READING a malicious email (and/or having it displayed in the preview panel) executed malicious code. Yes - the age-old joke about "don't read email called 'fun time'" became reality. Outlook, and its incorporation with Windows, has created a very virus/trojan friendly environment. If it weren't for the excellent scheduling features of an Outlook/Exchange combination, it would likely be dropped from any security-conscious corporate desktop.
Windows systems themselves are an interesting challenge. We'll ignore the fatally flawed Win9x architecture and focus on the industry favorite NT/2k/XP. The very tools that should help an administrator keep his/her system safe has gained a certain degree of fear over the years - service packs and hotfixes have been known to cause more trouble than they fix. WinNT administrators tend to delay rollout of new service packs until they feel comfortable all bugs have been discovered by early adopters. Any system configuration (adding or removing system software components) often reverse changes by service packs, hotfixes, and administrator configurations and requires re-application of those changes. The infosec standard of hardening a host by removing all unnecessary components is foreign to the Windows environment. Windows system components are rarely designed to be removed and attempting to remove them means traversing a minefield of illogical dependencies - thankfully there are a few good minefield maps in the form of hardening guides. Of course, keep the guide close at hand. Any addition or removal of system components, hotfixes, or service packs will mean re-applying the hardening process.
In short, Windows was not designed with good security principles in mind - and it shows. It IS possible to configure a secure Windows host (assuming vulnerabilities are patched in an expedient manner). But its a pain.
Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.
If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.
Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.
I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.
(Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)
In summery, let's not forget that Linux and Windows often get deployed in very different environments.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
on the community here at /. I expect the following opinion to be unpopular, but you never know.
No matter how disgusting MS's business practices are, they are still not the evil side in this story. The script kiddies are. So why are we spending so much time blaming MS for this story? I could care less if MS financed this story. I could care less if I am still getting Code Red attempts daily on my machines. What I do care about is that everyone on the internet, even those people running MS products, is secure.
The biggest problem we have on the internet from a security standpoint is ignorant users. The fact that we still get code red attempts shows that this is a huge problem.
MS seems to be a bit more ahead on the curve when it comes to this (somewhat...I'll say more about this in a minute). In Windows XP, the OS will check for critical updates automatically, and will either download and install it by itself, or let you know that it is available. (This depends on how you set it up. You can also have it not do this behavior, and are given the choice to decide when you get on the internet for the first time.) I personally think that the default behavior should be to autocheck and notify, with options to turn it off buried somewhere. This would help protect the ignorant, while giving the choice to those of us who know more and are willing to do more with our OS to make our own choice.
Of course, MS is also very slow at putting out security patches, and there is NO excuse for that.
We will see more problems like this in the future. No matter what anyone says, Linux is not exactly as user friendly to the average Joe as Windows is. So while it may be more secure OOTB, as new exploits are discovered we will run into more and more problems because average Joe will not know that there is a new security hole on his Linux box. I can imagine quite a few of you will try and blame this coming problem on the average Joe, but remember....the customer is always right. If average Joe doesn't feel like subscribing to a security mailing list and sifting through a tone of email a day, he shouldn't have to. And we shouldn't expect him to want to do that, anymore then average Joe should expect us to like Celion Dion.
So we should do something about this now, before it gets out of hand. Make the default action for a desktop Linux setup check for security patches and notify, with a dire warning that will scare the bejeebus out of average Joe. Make it pretty easy to turn off for those of us with a bit of knowledge. Keep pumping out patches. But make sure your average mouth breathing computer user can install the patch, without worrying about dependencies and without having to type anything. Point and click is their friend, even if it isn't necessarily ours.
That is what we should be doing. Let's clean our own side of the street first, and worry about blaming MS for another thing later.
BTW, I still see attempts by rootkits from Linux boxes daily, and these are (like the Code Red attempts) caused by boxes that are unpatched against security holes that have been fixed for a very looong time.
Stupid, stupid article. No one knows how many attacks there are. The numbers are entirely nonsense. My guess is that whoever wrote that saw some way to make money by saying it.
mi2g is a company that makes more money if you think the sky is falling.
Many more stories like that, and Slashdot will stop being popular.
The article says, "But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404."
My guess is that attacks occur about 20 times per hour for each IP address. That's how computers are rooted within 25 minutes of connecting to the Internet; there are continuous attacks to find weaknesses. That's how many I see, anyway.
That number cannot be the number of successful attacks, either. Most people who are rooted do not report that fact to anyone. Many Windows users would not even know they have been successfully attacked. How could they report it?
Change in subject: At the top of every article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service says at section "4. CONTENT", paragraph 6,
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."
The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.
This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
I don't know about Internet attacks, but we are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.
EULA: I've been studying their methods, and I have a sneaky contract of my own. I agree to VA Software Corporation's sneaky contract if they agree to mine: At any time of my choosing, VA Software Corporation will give all managerial and financial control of the company to me.
We have two operating systems, and their associated applications, implemented in unsafe languages, with broken and/or archaic security models, competing for how many weeks they can run before getting rooted by a new exploit.
How pathetic.
Mea navis aericumbens anguillis abundat
Maybe the attacks on Linux machines are increasing, because there are more Linux machines running or supporting critical IT infrastructure. IT engineers may be replacing old NT boxen with Linux machines.
Unfortunately this puts Linux in the security spotlight. More exploits will be found and patched (which is a good thing), and the public nature of linux security information may be exploited and used against the Linux community.
it was the beta version of win 3.1 i believe and it would not function correctly with dr. dos because they crippled it.
. html
http://www.theregister.co.uk/content/archive/7715
Think about the hacker mindset for a minute. Most of these attackers are using Linux, because that's what their scripts were written for, and because they think Windows is lame - to use, and to hack. Even most of the ultra-successful defacers out there will only attack Unix systems and network devices/appliances these days, because bragging about hacking into a Windows system isn't elite in the eyes of their peers; they will catch shit from their buddies for attacking such an easy target.
If anybody out there is as clueless as this troll, please e-mail me your questions. I'm in the trenches with these kiddies 24/7 and can give you a better idea of what's going on than most nerdy bugtraq subscribers who think they know shit because they read some mitnick autobiography and they run an unstable kernel.
Topic: "More Attacks on Linux than Windows"
Content: "If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems".
Anyone more than me that thought that Linux had more atacks than Windows?
Beware: In C++, your friends can see your privates!
In another "survey" I wrote on the toilet today, statistics suggest honeypot servers running Linux are significantly more likely to be attacked than IIS servers!
Sorry, but this report is so lacking in facts or sources that it might as well have been a conversation overheard in a pub. In my server logs here, the number of IIS exploit attempts is absolutely overwhelming! In other server's I've administered this is also the case. Sorry, I smell FUD...
Code, Hardware, stuff like that.
In 10 years when all servers are Linux there will be more attacks on Linux than anything else. Or something like that.
So what?
How many are successful?
the ironic thing about your comment is that c#'s original name was c-- (you have to type cminusminus to google it properly, I think), which was, in part, a non gpl'd alternative to gcc's intermediate code system (ie. the way the GNU Compiler Collection uses one comiler for all the languages it supports, and they all compile to the same intermediate code). c-- was designed to be a better core language to use as a base language to code ontop of- ie. a non gpl'd version of gcc.
Microsoft changed c--'s name to c# for marketing reasons.
...and this lie crawls out of its mouth: 'I, the state, am the people.'
It wasn't just the beta version...Novell (they had bought Digital Research by this point) sent me a couple of floppies (5.25" DD) with an update to DR DOS 6 to deal with issues in the final version of Win3.1 (not that I needed them since I used DESQview). I still have them around here someplace...
20 January 2017: the End of an Error.
Go to http://www.vmyths.com and search for mi2g under RANTINGS.
Credibility is not their strong point.
Alright, aside from the facts the following statments people are making:
A) Linux use is growing
B) How many of these were really successful attacks?
C) What counts as an attack?
D) Studies from the group which conducted this one are questionable.
Clearly people are neglecting to give MS credit for some of it's accomplishments over the last year. One of the largest changes was the speed at which updates were made available and most of these through the windows update site. Now when new holes in their products were found, MS responded for the most part almost immediatly and patched up their code within hours/days and posted it up on for everyone to download. Also, they're working on making these updates even easier than before, anyone with windows 2000 who keeps on top of patches will notice that the interface has changed, you can set it to automatically apply security patches. Also another point is that people are finally realising that their computer will be far more secure if they just apply the latest patches.
Holes in Linux are not always patched up right away and lets face it, Linux code warriors can't always respond to a patch for each distro when ones found like MS can or distribute it as easily. Because they're a single entitiy, they have quite the advantage when it comes to communication and distrobution.
In the last year Microsofts efforts to patch up their software were far and beyond anything they have done in the past, and that is something Linux buffs won't easily admit to. Now, Palladium is a whole nother ball game mind you =)
I will agree with you that ipchains/iptables are great firewall apps. However, I do not agree that win32 personal firewalls are bad.
My laptop is equiped with a winmodem. As such, I have a choice between no internet access, purchacing an external modem, using win32 unfirewalled, or using a win32 firewall. My choice, based mostly on convenience, is to use Norton Firewall. It detects and logs a lot of attacks. All the attacks are sorted and identified by the port that was probed. It even tries to identify the attack that is associated with that port.
For a non-technical user, it is a great program. It has charts, graphs, and logs that are easy to understand. It will even provide nonintrusive popups for attacks in real time. I think that, from a desktop POV, linux developers could learn a lot from taking a look at it.
I'd rather you do it wrong, than for me to have to do it at all.
I've been running IIS -- and unix-based web servers for about 5 years. Our IIS boxes have NEVER been hacked. We had disabled .htr and other mappings long before Code Red emerged -- as MS had advised. The fact is, 90% of all of the Windows vulnerabilites have been fixable with permissions and registry modifications. Keeping patches up to date is a pain, but not impossible.
Without a doubt, MS has a lot to learn about security, but tools such as URLScan and the like have made it much easier to lock down an IIS server.
It's also worth remembering, that as an application server, IIS has the ability to do a LOT out of the box (COM, ASP, ISAPI (and outdated vulnerable technologies using HTR). In any case, can not compare IIS with Apache -- you must compare it with Apache + Tomcat + Turbine, etc.
Is this sig nificant?
Perhaps you haven't been following the remote Apache worm that's been going around lately?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
If not, you're vulnerable to a worm that's been going around that is similar to Code Red (hijacks your server and turns it into a DDoS platform). I know at least 4-5 people who were hit by this in the 2 days it took the fix to get into security.debian.org.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
My Linux box reports a number of attacks against the FTP server and Apache each day
Perhaps the reason Linux gets more attacks reported is that Unix has very good logging and nix admins actually read their logs and report attacks. I knew some Nt administrators even in very big operations that never read their log files. Personally I thing the the script kiddies just scan and hit whatever they can. A linux box might be more useful once the it is compromised, but that is another issue.
Could Jesus microwave a burrito so hot, that he himself could not eat it....HS
It's been my experience that the skill of the admin for the box (and management's willingness to let the admin do his job) has much to do with the security of the box. A good Windows admin (if you can find one) will have a more secure box than a lousy *nix admin. (If both admins are equally good, I'd bet on the *nix over windows any day.)
IMHO, Mandrake has a good idea for their install. At the end of the install, before any servers are turned on, it prompts you to update if you have an internet connection. This feature adds security relatively painlessly.
I see a lot of post here, and hear a lot of apache admins go on about their logs filling with attacks from CodeRed, Nimda, etc (which obviously get no where)
So my thought is could the increase of attacks on linux box be beacuse most(all?) the MS boxes are infected drones, all attacking every IP they see?
and thus more linux boxes get attacked.
I know it an extreme view, but a Nimda drone attacking an apache box, although pointless, is still adds to the statistic of more linux boxes being attacked
An 'anonymous coward' said: care to back that up at all? I don't know the guy from a hole in the head, but those are some pretty nasty allegations to throw around w/no evidence behind them...
There have been 2 other cases where articles by this guy on VNUNET were clearly wrong, too far wrong for casual error. One of them sprang from the (ill-considered) statistics posted at securityfoucs.com that compared the counts of windows and linux vulnerabilities. But the linux vulnerabilities included applications and the windows numbers did not. securityfocus.com clearly stated that fact. Also, each linux vulnerability was counted each time it occurred in any distribution, causing multiple counting of many of them. Middleton did not mention either of these facts, simply using the raw numbers to imply that windows security is better than linux.
The other case was equally egregious. Its headline was "Hackers turn on open source", with a lead paragraph saying the same, but with no clear data backing it up. In fact, the article referenced an increase in website defacements, then noted that 'virtual websites' where many sites are on one machine, were involved, thereby rendering the statistic fairly useless.
This guy is hack, or worse. He's already had too much benefit of the doubt.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Both of these stories are availability via linuxtoday.com, BTW. If you go to vnunet.com, please use a browser with image-loading turned off (mozilla, galeon, lynx, links, w3m). No point giving the advertisers of these morons any hits.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Maybe that's because there are MORE Linux boxes out in production than there were a last year and people are starting to drop IIS because of the security nightmare it is?
Think about what happened last year....Code Red abused IIS servers to death and sysadmins started realizing that Linux/Apache was a viable alternative, what with the kernel networking code improvements it got in 2.4.x, (or was that 2 year ago?) not to mention the publicity Linux has been getting increases every year.
Not exactly a profound leap of logic to make this deduction.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
More Attacks on Linux than Windows
AND
If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems.
is FALSE
I can't see the correctness of the subject line. It should say "More Attacs on Linux than Windows... um, maybe... in the future.."
...for a web dev position with cross training to network security (which I was, and still am, very interested in.) This was in 1998, IIRC. The head geezer is one D.K. Mattai. He told me they did consultancy for a lot of City (financial) firms, including info-sec work, and that I'd be paid a small basic (about 20K IIRC, not much even then) with substantial commission on any sales I made. Between the man himself, his dodgy "lounges" microsite idea (he wanted a "carlounge" site, a "videolounge", etc, but had dodgy ideas about advertorial as a revenue stream), the very non-technical, "hobby job" feel of the place (I only met him, and saw little evidence of anyone else using the rather flashy offices in Battersea - right on the Thames in fact, not a cheap location!)... just weirded me out a bit. I remember walking along the embankment afterwards, looking at the sun on the river and thinking "I know I hate Logica, but I'm not sure I trust this set-up - in fact I don't think I'd take it if he offered me the job." He tried to pressure me into signing up on the spot, too, IIRC. Oh yeah, and he thought NT4 and IIS were the bee's testes for secure servers.
Anyway, over the next four years or so I kept coming across sitings of him in Need To Know. Search for mi2g or "D.K. Mattai" and you'll see what I mean. He puts up some new FUD release every six -12 months, and presumably reaps some consultancy fees from the credulous and ill-informed. The other day I saw he'd even got himself onto the BBC with some nonsense "survey" about virus attacks by Al Qaeda... before that, it was anti-globalisation
protesters who were going to make the sky fall.
In short: nothing to see here, move along please.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Here's a good piece on Vmyths about mi2g. They're full of it. I wouldn't be surprised if the entire "report" was based on a sample of two machines. On a home network. With an inquisitive teenager around :)
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
I've seen too many newbies laughed at in the IRC #security channels or the newsgroups.
I totally agree! I used to hang out in the linux* IRC channels to help people quite a lot, but became sick of all the bitching and script kiddies kicking anyone who didn't run their preferred version of Linux (anyone mentioning they ran RH was usually banned for some reason), or trying to start arguments by giving obtuse or antagonistic replies to questions. That sort of bullying is not anything I want a part of, and does Linux no good what-so-ever.
I don't know if Windows has any sort of community, but I can't imagine it would have such a high percentage of irritating know-it-alls driving people away.
Rant over
Code, Hardware, stuff like that.
Comment removed based on user account deletion
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
A better thing to know is what the goals of the attacks were. For instance, attackers trying to get credit card numbers from major e-commerce sites would be more likely to attack Linux machines because (I believe that) Linux powers more successful e-commerce sites than does Windows. This is even more true lately, when respected security professionals are warning customers off of IIS (It Isn't Secure) and Windows platforms.
Another possible motivation is bragging rights. Defacing a web site running on Windows NT and IIS is not really all that impressive when Microsoft is issuing new security warnings and patches on an almost hourly basis. If you are going to try to impress everyone, you pick a fight with the biggest, meanest guy at the bar, not with some little shrimp that can't defend himself.
"Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year."
If the average System Administrator for Windows platforms are anything like the ones where I work, they are just unaware of the attacks. So they go unreported.
The race isn't always to the swift... but that's the way to bet!
I would guess more and more people are using 2k or XP instead of older versions of Windows. Things are improving in Windows, and a unix machine are just more interesting to have hacked into. In fact, it is not even hard to break into a computer that isn't patched quickly when an exploit is released.
I'd say that all OSes needs to become more safe, because it is going to affect people in negative ways when their computers are compromised. That is way more important than arguing over which OS is the best.
As far as I can tell, a compromised Linux machine is far more useful than a compromised Win* box, to the attacker.
So... let me use my brain... you have given me two choices:
1) Windows setup in an insecure way.
2) Linux setup in a secure way
Basically, your choices would parallel the choices in the following example:
Which is better?
1) Apples
2) Oranges
In other words, what you are comparing isn't fair. Why isn't it something like, which is more secure?
1) A Windows machine not hooked to a network
2) A Linux machine not hooked to a network
You seriously can't compare the configuration of a standard home user's Windows PC to a professionally configured Linux machine and have it be a valid comparison of their security.
Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
oh yeah, when are the debian packages coming out for that?
sic transit gloria mundi
Those attempts to run ``/MSADC/root.exe'' directed toward Apache servers? I must have seen several dozen of those this week alone. (Heh heh heh)
CUR ALLOC 20195.....5804M
Does that hundreds of Code Red attack on my Debian servers count?
Just curious.
Though the study is pretty badly flawed, this phenomeenon will likely continue, perhaps not to exceed windows, but it is a possiblility. What is being seen here is that linux is gaining market share, and it at least perceived as valuable information to know by even Windows administrators. The main problem plaguing Windows security is quality of the administrators. Commercials give the impression that MCSE = big buks, so people with little drive or knowledge go for it for the cash. Administrators are suddenly a dime a dozen and with MCSEs all over place and limited knowledge of managers conducting employee selection, its hard to determine quality among candidates, so you get lazy or unknowledgable sysadmins. These large masses of people have been seeing Unix as a dying, historical thing and have ignored it. Now, to *these* people, Linux is a sort of renaissance to Unix computing, so they see it as possibly figuring into their job and start to take it up. Also, other computer people who want to feel elite also pick it up and start doing things without fully understanding the risks and consequences. As Apache and even OpenSSH have shown us, no software is perfect, and ultimately it is the awareness and competency of the sysadmins that determine security. And for linux the signal-to-noise ratio is getting lower...
:) There haven't been many serious widespread issues for a while until recently. Now with the increased market and exposure, script kiddies and the like find linux a more appealing target, especially those who thinks linux users need to be taken down a notch or two. So all of a sudden, we have lazy or new sysadmins faced with an increasing number of attacks.
Also, sysadmins of Unix systems especially are getting lazy, I'm guilty of that
Personally, I think I'm going to start deploying gentoo more on servers. Patched versions seem to work into the portage tree most quickly, while other places tend to a bit slower, either because of QA or lack of maintainers.. I know QA is good, but to tie up *security* patches in QA too long is bad... I'll take my risks on testing a patch with a possible, yet unknown exploit than a certain, known exploit..
XML is like violence. If it doesn't solve the problem, use more.
Not precisely.
The theory of evolution predicts the opposite, actualy. The ones who do the stupid things don't survive.
Ref.: The Darwin Awards
I think we've pushed this "anyone can grow up to be president" thing too far.
I'm not confident enough in AMYTHING to post the url anywhere :) Doing so is just asking for it and would get me in trouble anyway.
:D, j/k
I distrust all software, BTW. Like I said its 90% the admin and 10% the actual SW no matter how "secure" anyone says it is.
And if you insist: www.nsa.gov
why run from Vincenzo?
I'm hanging out for a (+5, Underrated) myself.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
Still no "real" attacks on the system today, though.