Slashdot Mirror
Linux Most Attacked Server?
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
On the surface, this statistic serves both as a testament to linux's growing popularity as a server OS and ammo for those windows admins who have long taken abuses about the insecure nature of their OS. These ideas, particularly the latter, however, may prove misguided; breaches against servers are rooted not only in the security of their running OS, but also in the effectiveness of the security implementation of the system admin him/herself.
It's ironic that Microsoft provides that service for free, whereas Linux requires paying money. But it's good because at least here there's a clear way to make money off Free Software and keep programmers like me from going hungry.
John.
The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion.
So while these "attacks" on servers totalling about the same damage amounts as usual there was quite a new record high obtained by the RPC vunerability...
So they are attacking an OS that is known to be running on more servers around the world and the "damage" from these attacks is holding steady, yet we don't mention in the article title that because Windows is MAJORLY vunerable, there was nearly 30 BILLION dollars in damage done!
Interesting spin.
But think of how many more linux servers are out there than windows servers.......
The ratio of Windows workstations to Linux workstations has never stopped us from divining that the reason there are more viruses for Windows because of its ubiquity, not necessarily its security record.
Why should this be any different?
NO CARRIER
"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."
The only way they've reduced the _proportion_ of attacks on their servers is by losing market share. The total number of attacks against Windows servers is still increasing, so it's a little premature to give them any compliments.
If voting changed anything, they'd make it illegal -- Jello Biafra
They claim a database of 280,000 attacks since 1995. They claim there were at least 18,000 attacks in August alone, or 6.5% of the total of 1% of their sample. Also, these numbers are meaningless without knowing the total population of each type of server. Oy!
I think it's time to break the statistics down application by application at that point. Show me some Apache vs. IIS numbers or MySQL vs. SQL Server numbers or exclude third party applications altogether please. For the record, I run both Windows and Linux for clients and servers and am pretty neutral in the whole OS wars thing. Each has their merits and uses, both need regular security maintenance and I am pretty much happy with both for very different reasons. I'm not a Linux zealot, but I know bad numbers when I smell them. And then...
So MS is shoring up third party applications then? They even go on to cite Sobig and MSBlast as the reasons for the high MS numbers. This is shifting over to a very FUD-like smell now.US Democracy:The best person for the job (among These pre-selected choices...)
So we can rail against MS for having an insecure operating system and flaunt Linux's proliferation in the market, and then dismiss that its because of Linux's dominance that more Linux systems are getting hacked. We should instead try to foster a more security mindeded friendly community to educate the Linux sysadmins out there. This is a problem, that should not be lightly dismissed. If there was a larger percentage of windows boxes out there would anyone say 'But think of how many more windows servers are out there than linux servers.......
Number (or percentage) of successful attacks against servers maintained by professionals, sorted by operating system.
Of course there are a lot of non-secure Linux systems on the net. Lots of amateurs use Linux. After all, it's free! Notice how much the statistics in the article changed when they leveled the playing field and looked only at servers in one industry: government? Keeping to one industry caused them to look at systems maintained by sysadmins with much more equal skill levels.
From the article: Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Also, what percentage of the boxes that were hacked did the admin even detect? There are a lot of hacked Windows machines out there sending out viruses that the owners don't even realize are hacked. Where are the admin tools like /var/log/secure, last, tripwire?
ZoneAlarm? Please.
Folks who have traditionally been Microsoft users, who have recently installed Linux on an old machine at home or maybe as dual-boot, who have little to no real experience or training with Unix-like systems or with particular open source servers, are going into to the business IT environment and installing Linux-based systems on the hype.
Sure they can get Apache webserver serving pages, they can get Tomcat doing "something", and they can certainly run XMMS quite well on their workstation, but they really have no clue how to properly use these technologies in a production environment.
They see switching to Linux-based systems as being a simple fix.
They aren't willing to extensively review their configuration or product documentation. They aren't willing to put in the significant amount of time that is in fact required to become experts with the technologies.
Yes, they certainly do get a kick out of telling their friends that they have "Linux boxes running their shop", but security suffers due to their naive incompetence.
These techs should be fired.
Open source development may be a "we'll get that feature done when we feel like it" affair, but deploying Linux-based systems in a production environment must not be.
If anything, effectively and securely deploying Linux-based solutions requires more training and knowledge than does deploying Microsoft.
Let's stop pretending otherwise.
.sig Realistic fines for copyright in
I'd like to see them show exactly what the vast majority of these attacks consisted of. Because without that data, you can't derive whether it is the system or the person implementing it that is the cause of security failure.
I know many admins who are not worth two cents and I know others who are so swamped with tasks that they don't have time to patch much less check logs on a regular basis.
This is my sig. There are many like it but this one is mine.
That's not the point.
The point is that this report handily debunks the myth that a Linux server is inherantly more secure than a Windows server.
The more rational among us here have tried to get the message out that no server is secure if there's an idiot at the helm.
Good admins make secure servers, not an operating system, despite what the zealots would have us believe.
"Ask not what your country can do for you." --John F. Kennedy
If over 12000 Servers were linux and were being sucessfully cracked compared to 4000 of windows boxes. Now representing this as 67% is to skew the results. What we dont actually know is how many were in the data set ?
Did they sample 20000 Servers ? 20,000 servers or 200,000 servers ?
Linux 67 Breached Linux Servers 12892 73.59%
Windows 23 Breached Windows Servers 4626 26.41%
90Total Cracked ? 17518
Well the percentile is only 90% of the figures. Which servers were in the missing 10%.
Did the survey compare windows to linux boxes alike e.g.
1 Linux Server examined to 1 windows box. for 20,000 boxes ?
I dont see any figures here for accuracy or qualification of the figures.
What I do see is a suggestion that Linux is very popular. If this is the case and we suggest that 80% of the net is unix to 20% microsoft. then 67% of 80% of the network being interupted seems very unusuall and rather high as a figure.
So I keep coming back to wondering where the figures have actually originated and been compiled.
Im fairly sure Microsoft can be secure, but unlike Unix it tends towards insecurity. Ive often compared running Microsoft boxes to herding sheep. You spend all your time keeping them alive and free of viruses. Unix on the other hand is the sheep dog, consistent , loyal and dependent.
They can bandy these figures all they like but unless they can flatten the survey and show a clear scope of investigation and comparison then I dont think we should be worrying about the quote.
And thats why Firecrackers and kittens don't mix.
"We should instead try to foster a more security mindeded friendly community to educate the Linux sysadmins out there. This is a problem, that should not be lightly dismissed."
You are right. I've read a lot of anti-MS babble here that has me a little spooked. Evidently, when Linux is more secure than Microsoft, the impression is generated that you can install a Linux based webserver and you're instantly secured. That's what I did. Being a Linux newb, I set up a Redhat/Apache server and within 2 weeks it was rooted. We had to have our sysadmin build us a new one. (It was a project for me to grow...)
It only takes one exploit to destroy your server. Vigilance is absolutely necessary on either platform. Maybe it's time to end the anti-MS pissing contest and focus on good practices in general for whatever OS you're using.
"Derp de derp."
This statement clearly states that less than 2 percent of the BSD servers on the net were attacked. Yet that is not what the numbers show. The numbers state that less than 2 percent of the attacks were against BSD servers. That is a very different thing indeed.
As such, there are a number of pieces of information that are needed to make this article useful:
The net will not be what we demand, but what we make it. Build it well.
From MI2g website:
So if a single ISP box gets hacked, they may count that as 100 linux sites hacked because of virtual hosting.
But even more important than their actual counting methods are where they get their data. Again, according to the same paper:
mi2g is principally reliant on data for SIPS and EVEDA from a number of sources:
reinsurance industry in Europe, North America and Asia. We have been involved in
pioneering cyber liability insurance cover for Lloyd's of London syndicates which has
given us access to case history since the late 1990s.
hackers who we use for penetration testing and developing our bespoke security
architecture that feed digital risk information through to us on a continuous basis
including vulnerabilities, exploits and the latest serious attacks they are aware of.
hacker groups.
So their highly informed executive manager friends seem to know when their linux systems get hacked versus their windows systems, they browse the web, looking at defacement sites and they converse with script kiddies via email. Umm, does anyone else see an issue with their data collection methods besides me?
If you don't yet, then let me give you a simple example. Let's say that I wanted to bias the results. Mmm
You can show me analyst reports by people like this all day long. In the end, this report bears no relation to what I see day to day in the real world.
Come on, where do they get these figures? In August alone:
From NetworkWoldFusion
The Blaster worm - also known as MSBlast or LoveSAN - has spread rapidly since it was first noticed on Monday. It has infected an estimated 188,000 systems running Microsoft operating systems, including Windows XP, Windows 2000, Windows 2003 and NT, that are unpatched for the so-called RPC vulnerability discovered last month, according to a security firm tracking the worm.
They didn't count them. Why? Most of them aren't servers, right? Well how did they differentiate Linux servers then? I bet they didn't -- did they check and only record RH Advanced Server and disregard all the RH Workstation. I doubt it. This is pure FUD by a place that has trouble with math.
- Security is a relative measure, there is no absolute security.
OK, fine, we're past that. Now, from an architectural point of view, MS has no hope of being as secure as a BSD, or even a Linux. The reason is the tight coupling between components within not only their OS architecture, but also the server-side software as well.
The problem is that creates an environment where undue damage can occur due to the compromise of what should be an extraneous service. An example was a flaw in IE which allows a "root" type exploit. Another is Biztalk requires a number of software packages which should not be needed (i.e. Visual Studio) on the machine. This is both a security and stability issue.
Linux and Tomcat or Apache require exactly that, the kernel, network libs, and Tomcat / Apache. The issue IMHO as to why so many Linux boxes are getting hammered is beacuse of vendors like Red Hat which include a number of unneeded services and have them active by default. They've gotten BETTER, but they still have garbage on there that is ABSOLUTELY not needed. Example, we've drunk the RH "kool-aid" at my company. Fine, I like Linux, but in hardening our servers we have to pull out TONS of sh!t from what was a CUSTOM install!!! (now using kickstart) I hate to admit, this is a sore spot with me
In essence they're created a Windows-like system in that regard. The only difference is that you can remove it post-install. Regardless, my point stands.
The de-coupled nature of Linux and BSD create an environment where one can create a "more" secure environment then what Windows can provide. Stupid vendors can undo this, but for the most part...
The other point is that this "survey" did nothing to point out what kinds of attacks these were? Were these hitting the OS, or a service that ran on top of it (i.e. Apache or IIS)? This article seems like flamebait to me... I agree with your points on desktop users. I disagree on one minor point - Blaster. My Dad keeps his machines patched and has anti-virus (McAffee - I know, I know...) and he was still hit. My company pushes updates as well and so were we.
Computer Science is Applied Philosophy
I'm curious, was Slashdot afraid to put "Linux Most Breached Server?" in the headline? The stats were about most breached. The point wasn't who was most attacked. I guess that one word needed to be changed to soften the blow...
"Sufferin' succotash."