Slashdot Mirror
More Attacks on Linux than Windows
the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
the attacks on amiga boxen where at record lows
Is that Linux has grown in popularity over the past year, taking even more market share away from windows... ...do you think the script kiddies have any idea what OS the server they're "attacking" is running?!
And, as someone already pointed out...who had more successful attacks...Windows, I'm sure...
We're Number One! We're Number One! We're Num... oh. Never mind.
The real question to ask is, "how many of these attacks are successful as compare to attacks on Windows?"
Fight Spammers!
Of how the phrase "and if this trend continues" can pretty much turn otherwise useful statistics into a big mess.
You know, watching a puppy grow, you could say, "And if this trend continues, this will soon be a super-dog the size of Godzilla, and will devour Tokyo."
Funny, that never seems to happen.
Are scriptkidiots lookig for real chalenges? (=
No, that would be "getting laid".
Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.
Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.
Here's some critical questions of this study:
1. How was this data taken? What was the sampling method? What was considered an attack?
2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.
3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.
4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"
5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.
6. What is being done about the problems?
Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.
What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.
Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
social sciences can never use experience to verify their statemen
These statistics make sense. More and more people are adopting Linux now. There are two main drivers for this trend: People hear that Linux is better and organizations don't want to pay Microsoft's draconian licence fees.
The real question is whether these attacks are successful. Unfortunately, while the number of Linux servers is going up, so is the number of people who own or administer these systems and who aren't security-aware.
I think it's in the best interest of our community to assist the newbies when they have questions about setting up their systems, particularly when it comes to security. I've seen too many newbies laughed at in the IRC #security channels or the newsgroups. We should welcome them and try to help them; otherwise, The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.
There is no doubt that Linux is now a mainstream alternative. Remember, though, that the hard part is not to arrive, but to maintain a leadership position. That's the difference between the Rolling Stones and the one-hit wonders. In order to maintain our leadership, we should work together toward making the community aware of the pitfalls, and the distro vendors should probably come up with a policy of "all services closed" and forcing the users to open them, not the other way around. Other people will probably add better ideas to these suggestions.
The real measure is not whether the attacks are on the rise; it's the number of successful attacks that we should be concerned with.
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
How many Windows attacks go unreported and unnoticed? All this can show really is that Linux attacks are increasingly easier to notice and report, while Windows attacks either are actually lower or (more likely) go unnoticed and perhaps even persist over a long time.
I design user interfaces for a free network management application,
What counts as an attack? So worms don't count, or the number would be in the millins. Reported attacks? Those shouldn't count much because there is "little incentive for a company to report computer attacks.
Here's another story by the supposed source, but again, they don't at all define what they mean by "attack".
Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.
From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).
In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.
Right. There are a lot of flaws with this article, starting with the numbers. First of all, they don't define what they consider an "attack" to be. That's a big gaping hole you could drive a truck through (note lack of a link here).
They also don't define what constitutes a "box" in this context. Even if it were servers only, the numbers are incredibly low. My little development web server got several thousand code red attacks last fall. Luckily, I was running Apache on Linux, so all it did was fill up my logs.
If they are talking about pure number of attacks, as they appear to be, this is actually pretty good news. Apache webservers outnumber IIS webservers approximately 2 to 1 according to Netcraft (and by the way, has anyone noticed that Apache has been gaining the past couple of months). Assuming on a small percentage of people run Apache on Windows, we could assume that the attacks on Linux servers should be twice that of attacks on Windows servers, but the numbers are not that far apart.
So this article appears to be pretty fluff piece with no real meaning. Like most news stories.
This is another article by James Middleton, who is not a trustworthy source on this issue.
I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.
I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
It's true, so how, exactly, could it be FUD?
Saying "There are more attacks on linux systems" becomes FUD when you imply that this is bad. More attacks doesn mean more successful breakins. Truth can be FUD in the right context.
The source of the data is supposed to be the "mi2g SIPS database", about which they say:
(Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients... yup, includes Microsoft).
Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.
If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.
Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.
I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.
(Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)
In summery, let's not forget that Linux and Windows often get deployed in very different environments.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
We have two operating systems, and their associated applications, implemented in unsafe languages, with broken and/or archaic security models, competing for how many weeks they can run before getting rooted by a new exploit.
How pathetic.
Mea navis aericumbens anguillis abundat
Topic: "More Attacks on Linux than Windows"
Content: "If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems".
Anyone more than me that thought that Linux had more atacks than Windows?
Beware: In C++, your friends can see your privates!
Alright, aside from the facts the following statments people are making:
A) Linux use is growing
B) How many of these were really successful attacks?
C) What counts as an attack?
D) Studies from the group which conducted this one are questionable.
Clearly people are neglecting to give MS credit for some of it's accomplishments over the last year. One of the largest changes was the speed at which updates were made available and most of these through the windows update site. Now when new holes in their products were found, MS responded for the most part almost immediatly and patched up their code within hours/days and posted it up on for everyone to download. Also, they're working on making these updates even easier than before, anyone with windows 2000 who keeps on top of patches will notice that the interface has changed, you can set it to automatically apply security patches. Also another point is that people are finally realising that their computer will be far more secure if they just apply the latest patches.
Holes in Linux are not always patched up right away and lets face it, Linux code warriors can't always respond to a patch for each distro when ones found like MS can or distribute it as easily. Because they're a single entitiy, they have quite the advantage when it comes to communication and distrobution.
In the last year Microsofts efforts to patch up their software were far and beyond anything they have done in the past, and that is something Linux buffs won't easily admit to. Now, Palladium is a whole nother ball game mind you =)
My Linux box reports a number of attacks against the FTP server and Apache each day
Perhaps the reason Linux gets more attacks reported is that Unix has very good logging and nix admins actually read their logs and report attacks. I knew some Nt administrators even in very big operations that never read their log files. Personally I thing the the script kiddies just scan and hit whatever they can. A linux box might be more useful once the it is compromised, but that is another issue.
Could Jesus microwave a burrito so hot, that he himself could not eat it....HS
Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?
A better thing to know is what the goals of the attacks were. For instance, attackers trying to get credit card numbers from major e-commerce sites would be more likely to attack Linux machines because (I believe that) Linux powers more successful e-commerce sites than does Windows. This is even more true lately, when respected security professionals are warning customers off of IIS (It Isn't Secure) and Windows platforms.
Another possible motivation is bragging rights. Defacing a web site running on Windows NT and IIS is not really all that impressive when Microsoft is issuing new security warnings and patches on an almost hourly basis. If you are going to try to impress everyone, you pick a fight with the biggest, meanest guy at the bar, not with some little shrimp that can't defend himself.
Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody