Slashdot Mirror
Linux Most Attacked Server?
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Funding provided by Microsoft....
Where ever you go, there you are.
But think of how many more linux servers are out there than windows servers.......
We're number one! We're number one! Woo! Party!
Er... wait, what? Is this a good thing?
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Good god sir, do you know where you are posting this? ;]
On the surface, this statistic serves both as a testament to linux's growing popularity as a server OS and ammo for those windows admins who have long taken abuses about the insecure nature of their OS. These ideas, particularly the latter, however, may prove misguided; breaches against servers are rooted not only in the security of their running OS, but also in the effectiveness of the security implementation of the system admin him/herself.
In all fairness, if the Windows icon is broken, shoudn't tux be bruised or crying or something?
Okay... do the editors read the links anymore?
This clearly came from Canada's Globe and Mail newsmapaper, which is clearly has nothing in common with the British Broadcasting Company
Does this count the number of Windows machines that were 'compromised' by BLASTER and its children? If someone gets a binary on my server and controls what my server does ( in this case, replicating the worm ), then I'd call that hacked. Just because a worm did it vs. a human doesn't mean anything. More direct hacks on Linux machines might just mean that there was much more human effort expended.
I want to delete my account but Slashdot doesn't allow it.
How do these numbers relate to the number of servers which are 'attackable' by hackers? ...even assuming (as they do) that home desktop machines on DSL/cable modems which are compromised (by worms or hackers) are not considered 'server attacks'.
Well, they don't say that, but if you include the number of infected Windows desktops this year, I have a pretty good feeling it would be a LOT more than 12,000, even if you only include infections designed to give control to an outside party (as opposed to simply spreading).
It's ironic that Microsoft provides that service for free, whereas Linux requires paying money. But it's good because at least here there's a clear way to make money off Free Software and keep programmers like me from going hungry.
John.
So, I wonder....the interesting statistic to me would be what percentage of attacks against each platform are successful? This statistic is not explicitly stated. Also did they include OS X as part of the study?
Visit Jonesblog and say hello.
These figures correspond almost directly to netcraft. Seems to me, more linux/apache boxes out on the net means more targets. IIS holds about 24% and apache is about 64%. DUH. Its not hard to see that there will be more attacks if there are more machines. I bet they didnt factor how many OS/2 boxes got attacked.
Statistics are dumb.
The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion.
So while these "attacks" on servers totalling about the same damage amounts as usual there was quite a new record high obtained by the RPC vunerability...
So they are attacking an OS that is known to be running on more servers around the world and the "damage" from these attacks is holding steady, yet we don't mention in the article title that because Windows is MAJORLY vunerable, there was nearly 30 BILLION dollars in damage done!
Interesting spin.
They count hacker attacks, although without knowing the relative numbers of servers we don't know which O/S is better.
But what about vender attacks, like patches that crash the server, or the DoS attacks that happen when a server is taken off-line for patching? And surely a precautionary disconnect when there is a MS virus storm has to count as a successful DoS attack.
-- Pot is safer than Beer
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent.
/me turns off logging and closes eyes, going back to my happy place.
Of course, that really depends on how you 'verify' a breach, doesn't it?
*sigh*
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft "Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report.
Just 360 -- less than 2 per cent -- of BSD Unix servers were successfully breached in August."
I'm upset that they didn't mention the ratio of machines hacked... i.e. just because more linux machines that were hacked than microsoft doesn't mean that the ratio tells a different story. There might be more linux servers out there.
What is slashdot?
Also, it has gained something of a reputation as a secure system, at least compared to IIS, and this may be undeserved in installations where best security practices are not followed (most of them). This is perhaps a wakeup call that it's important to patch, only set up services that are necessary, and use a firewall and intrustion detection system, but most people know that already.
I never vote for anyone. I always vote against.
-- W.C. Fields
"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."
The only way they've reduced the _proportion_ of attacks on their servers is by losing market share. The total number of attacks against Windows servers is still increasing, so it's a little premature to give them any compliments.
If voting changed anything, they'd make it illegal -- Jello Biafra
They claim a database of 280,000 attacks since 1995. They claim there were at least 18,000 attacks in August alone, or 6.5% of the total of 1% of their sample. Also, these numbers are meaningless without knowing the total population of each type of server. Oy!
I think it's time to break the statistics down application by application at that point. Show me some Apache vs. IIS numbers or MySQL vs. SQL Server numbers or exclude third party applications altogether please. For the record, I run both Windows and Linux for clients and servers and am pretty neutral in the whole OS wars thing. Each has their merits and uses, both need regular security maintenance and I am pretty much happy with both for very different reasons. I'm not a Linux zealot, but I know bad numbers when I smell them. And then...
So MS is shoring up third party applications then? They even go on to cite Sobig and MSBlast as the reasons for the high MS numbers. This is shifting over to a very FUD-like smell now.US Democracy:The best person for the job (among These pre-selected choices...)
Anonymous guy who can't remember his login
That would be WilliamGates.
Sure, we all know that Linux is on more Web Servers than MS.
But consider this: Do people attack the server because it's running Linux, or because it's hosting the SCO website?
I think the CONTENT drives far more hacks than the OS it's on...
The longer I'm a member of the Human Race, the more I believe Apocalypse is a valid solution.
I seem to recall some 500,000 servers being compromised by a worm last month. Do they only count attacks by people?
Well, that's sensible if you ignore the half million or so infections by Blaster - which clearly this article does.
I think that any analysis of digital attacks that filters out malware is missing a huge part of reality. Certainly you'd have to be nuts to call August a good month for Microsoft servers.
jim frost
jimf@frostbytes.com
mi2g disclaims all warranties as to the accuracy, completeness or adequacy of the information. mi2g shall have no liability for errors, omissions or inadequacies in the information intelligence offered or for interpretations thereof. mi2g disclaims itself of any sales lost or damages incurred to other parties as a result of this information.
Doesn't seem like this company is too confident in any of the claims made in these reports..
Their monthly intelligence has a quote that makes their "reseach methods" look shady:
The Monthly Intelligence analyses and collects data from over 7,000 hacker groups worldwide and provides detailed monthly and year-to-date information on:
Seems a little far fetched to me, I doubt many "hacker groups" are open to research companies doing data collection.
A nice idea posting the text, but I believe you'll find that the Globe and Mail extremely difficult to /. It loaded successfully every time but once for me two years ago today, and the news that day was even more interesting than Linux vs. Windows.
I think a much more meaningful statistic would be how many fully patched Windows and Linux servers are successfully hacked. With Windows, you are always vulnerable, because the rate at which vulnerabilities are discovered far surpasses the rate at which patches are issued. With OSS, OTOH, a patch is usually issued a few hours or days after the vulnerability is discovered. Hence, the amount of time a successful Linux exploit is usuable is usually much lower than an exploit for Windows.
I would guess that most Linux machines that get hacked are due to unpatched/deliberately insecure configurations - like using a dictionary word for a root password.
The society for a thought-free internet welcomes you.
ha ha.... making good of their rapidly shrinking server market share... oh this is classic. Those figures almost exactly match the market shares for Apache and Microsoft
news.netcraft.com
Apache 64.52% ... Microsoft 23.54%...
so just who is trying to kid who with the figures???
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Brought to us by our friends at mi2g. I'd take this with a grain of salt.
Number (or percentage) of successful attacks against servers maintained by professionals, sorted by operating system.
Of course there are a lot of non-secure Linux systems on the net. Lots of amateurs use Linux. After all, it's free! Notice how much the statistics in the article changed when they leveled the playing field and looked only at servers in one industry: government? Keeping to one industry caused them to look at systems maintained by sysadmins with much more equal skill levels.
From the article: Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Statistics are worthless, 70% of all people know that.
And now it's the other way around?
-------
Warning: Slashdot may contain traces of nuts.
Uh, ever heard of Solaris? FreeBSD? Companies still run web servers on these operating systems, because Solaris and FreeBSD whip the llama's ass in stability over Linux.
Also, there are some companies that will mess with HTTP headers to return different strings or no string at all, and in the case of Netcraft these don't get counted towards the final numbers. Apache is easily configured to return whatever server string you desire.
Windows hacked = windoze is ghey!
.conf files and convoluded iptables rules (4 of them to forward a port?!) that I can't really be certain.
Linux hacked = security is the responsibility of the admin!
Just look at all the backpedalling and but.. but... but..
Linux is not the super-secure platform you think it is. Not only because it's practically impossible to "not have holes in the code", but because it's a convoluded mess to try and configure.
Is my linux based router/gateway secure? I think so, but there are so many goddamn
I don't need no instructions to know how to rock!!!!
65% of successful attacks came against SCO, which MUST be running Linux since they developed it.
Maybe you didn't see this part:
"A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Gotta consider the source of this study: mi2g. They haven't been totally reliable in the past, and mi2g seems to be more interested in generating press rather than doing anything.
Of course, nobody in The Media will consider the source: the sound bite is just too good.
Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
Folks who have traditionally been Microsoft users, who have recently installed Linux on an old machine at home or maybe as dual-boot, who have little to no real experience or training with Unix-like systems or with particular open source servers, are going into to the business IT environment and installing Linux-based systems on the hype.
Sure they can get Apache webserver serving pages, they can get Tomcat doing "something", and they can certainly run XMMS quite well on their workstation, but they really have no clue how to properly use these technologies in a production environment.
They see switching to Linux-based systems as being a simple fix.
They aren't willing to extensively review their configuration or product documentation. They aren't willing to put in the significant amount of time that is in fact required to become experts with the technologies.
Yes, they certainly do get a kick out of telling their friends that they have "Linux boxes running their shop", but security suffers due to their naive incompetence.
These techs should be fired.
Open source development may be a "we'll get that feature done when we feel like it" affair, but deploying Linux-based systems in a production environment must not be.
If anything, effectively and securely deploying Linux-based solutions requires more training and knowledge than does deploying Microsoft.
Let's stop pretending otherwise.
.sig Realistic fines for copyright in
We just had a bad infection of Nachi that hit about 500 of our Win2k computers, granted that doesn't add much to the already possibly skewed numbers, but it shows that they couldnt have counted every single successful attack against MS products.
Heck with just blaster and friends' numbers added to that, I'm sure that the linux number would be at least half of the MS number.
There were several hundred thousand computers compromised by blaster last month. Did they forget this statistic, or are they having steaks on uncle Billy tonight?
Anybody can into Windows, but it takes a real hacker to get into Linux.
Seriously, I suspect that difference comes into play when you look at where the servers are used. You'll find that Linux is used in more servers that are much more worthwhile targets (ie credit card transaction processing) than Windows. So going back to the original comment, not only is it less of a challenge to break into Windows, but I suspect that there is also less reason to want to attempt to break into Windows servers.
myke
Mimetics Inc. Twitter
Any information that comes out of mi2g is suspect. They have been heavily criticized by Rob Rosenburger of Vmyths, a computer security hysteria site.
statistics can be very misleading. for example:
Common sense can cloud statistical results. For instance, a technology firm discovered that 40% of all sick days were taken on a Friday or a Monday. They immediately clamped down on sick leave before they realised their mistake. Forty per cent represents two days out of a five day working week and therefore is a normal spread, rather than a reflection of swathes of feckless opportunists trying to extend their weekends.
(preceding was taken from an ars technica article)
if 90% of servers are linux servers, then it makes sense that 90% of attacks should be against linux servers, right? im pretty sure linux is more than 67% of servers right now, so 67% is actually very low!
If over 12000 Servers were linux and were being sucessfully cracked compared to 4000 of windows boxes. Now representing this as 67% is to skew the results. What we dont actually know is how many were in the data set ?
Did they sample 20000 Servers ? 20,000 servers or 200,000 servers ?
Linux 67 Breached Linux Servers 12892 73.59%
Windows 23 Breached Windows Servers 4626 26.41%
90Total Cracked ? 17518
Well the percentile is only 90% of the figures. Which servers were in the missing 10%.
Did the survey compare windows to linux boxes alike e.g.
1 Linux Server examined to 1 windows box. for 20,000 boxes ?
I dont see any figures here for accuracy or qualification of the figures.
What I do see is a suggestion that Linux is very popular. If this is the case and we suggest that 80% of the net is unix to 20% microsoft. then 67% of 80% of the network being interupted seems very unusuall and rather high as a figure.
So I keep coming back to wondering where the figures have actually originated and been compiled.
Im fairly sure Microsoft can be secure, but unlike Unix it tends towards insecurity. Ive often compared running Microsoft boxes to herding sheep. You spend all your time keeping them alive and free of viruses. Unix on the other hand is the sheep dog, consistent , loyal and dependent.
They can bandy these figures all they like but unless they can flatten the survey and show a clear scope of investigation and comparison then I dont think we should be worrying about the quote.
And thats why Firecrackers and kittens don't mix.
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by...
All the Windows boxes that are 0wnZ3r3d are not verifiable!
MjM
Groovy. Gear. Mod.
XKCD:Xeric Knowledge Comically Dispen
Almost all attacks can be solved by good system administration. All of the Blaster issues would have been mitigated if every windows machine was patched as soon as the patch was released.
Almost all software is insecure, if run poorly.
What is the life expectancy of a Redhat 7 default install not behind a firewall?
"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.
I must confess that the first linux server that I set up was hacked for the very reason mentioned: my ambition exceeded my knowledge.
Imagine my chagrin when I got email from a couple of companies stating that an attack had been launched on their servers from my system! Let me tell you, I fixed that right quick!
I find it interesting to note the low number of Unix boxes that the article mentions as attack victims. Based on the experience of my own personal ignorance, I figure Unix operators are probobly more savvy, ergo tighter security and fewer successful attacks. Personally, I haven't been able to figure out how to configure a Unix server in a usable manner (having tried FreeBSD and failed miserably). I find Linux easier to work with, which, perhaps, invites disaster when someone with limited savvy (such as I, once upon a time) decides to roll out a server and expose it to the wild west Internet.
[For those who wonder, the incident involved someone setting up an IRC server app on my system, which then attempted to install itself, apparantly, on other systems that were better-secured than my own. Thereafter, I put everything behind a linux firewall that was locked down tighter than a nun's dainty underthings. I hope this humble and frank admission of ignorance will learn y'all to lock those ports down TIGHT!]
Mmmmmm... Bold, yet refreshing!
Vmyths appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK and The Register, (when its search engine is working) for mi2g are as enlightening as they are amusing.
http://www.theregister.co.uk/content/55/28233.html
They suck.
12,892 Linux
4,626 Microsoft
360 BSD
------
15,878 Total attacks
43,144,374 sites (netcraft)
~64% run Apache - assume all are Linux
~23% run Microsoft
64% * 43,144,374 = 27,612,399 sites running linux
23% * 43,144,374 = 9,923,206 sites running MS
0.0466% Linux sites hacked
0.0466% MS sites hacked
So, they were each hacked equally. Now the real measure would be weather the OS was hacked or software running on the OS was hacked. In particular, compare Windows vs Linux hacks, and then Apache vs IIS hacks, and then compare all remaning. Those would be interesting.
"Time is long and life is short, so begin to live while you still can." -EV
First these stats are important in demonstrating that it is important, no, imperative that admins of all flavors keep their servers up-to-date and know how to secure them effectively.
But, the stats also suggest that Linux is somehow less secure because it is attacked more often. The facts are a bit different though. Firstly, the statistics are drawn from a database of reported defacements not total defacements and definitely not total compromises. If this report were to be done in a more accurate fashion it ould have to include the hundreds of thousands of machines that are regualrly rooted by worms. Most recently, MS Blaster took over thousands of machines and reported for duty on an IRC bot channel. This report fails to account for these and many others like them.
I will conceed that Linux is defaced more than any other OS at this time but, I would also point out that this does not make it less secure. More people may report compromising a Linux box to change the Apache index page but, none of the Code, Red Blaster or many others bothered to register with the defacement database and I guarantee that these compromises outnumber Linux defacements by the millions.
I would say there is an important difference between server hacks and viri in that respect. Most people making a virus specifically target windows, while most people hacking a server don't target an OS, but an organization, therefore it is relevant that there are more Linux servers, while the number of MS boxes is not relavent in cases involving virus. The attack focus is different.
No, what he meant was we would like to see how many *attempts* there were, not just the % of successes. Without that information it is not possible to make an intelligent conclusion.
The article seems to want us to draw the conclusion that Linux is not as secure as MS. And while I won't dismiss the idea entirely, it's not reasonable to accept this without knowing more.
Did Linux repel only 25% of the attacks on it? 50%? 90%? How well did MS fare? We don't know. It doesn't say.
To be blunt, this article is a waste of time.
-3Suns
~~~~
The Revolution will be Slashdotted
This statement clearly states that less than 2 percent of the BSD servers on the net were attacked. Yet that is not what the numbers show. The numbers state that less than 2 percent of the attacks were against BSD servers. That is a very different thing indeed.
As such, there are a number of pieces of information that are needed to make this article useful:
The net will not be what we demand, but what we make it. Build it well.
It rhymes I think.
How strange it is that the numbers match up with the ones in this article.
I wish they'd split up the damage figures to clearly show the distribution. Just saying that 12,000 linux servers were bridged and 5000 windows servers totalling to 28 billions in damage including the damage done by the viruses kinda implies huge share of fault on linux. Worthless article.
Netcraf September 2003 survey says otherwise...
I am become Troll, destroyer of threads
That's probably one of the worst articles I've read from Slashdot lately. The "report" in question appears to be from British security company "mi29". First of all, that name is wrong their name is mi2g. Oh wait, THAT mi2g?
Sorry people, but I don't think they're reliable or trustworthy. They're nothing but fearmongering vultures from what I've seen of them. And as for the report? Well, it's not free, it costs 30 pounds.
So we're presented with declarations from a report of which we cannot check the methodology, by a firm who likes to regularly make pronouncements of doom that never happen. Should we believe it? Certainly not. We should simply suspend judgment for the simple reason that we lack critical information to judge its value.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
Actually, I think it's not just "shared hosts" but also the fact all da pornz is hosted on linux. And even tho many sites are kept very secure, many more of those sites (numerically, probably the vast majority of them) can easily be "hacked" by something as simple as a referer spoof. And every one of those spoofed intrusions counts - ergo it's not just the lack of security, but the utter ubiquity of hacks that certain webmasters seem to want to remain exploitable. Pretty sad when your business is so bad you have to try to give your stuff away.
Per the initial write-up: "...all successful and verifiable digital attacks against on-line servers targeted Linux..." (my emphasis)
The key word here is 'verifiable'. It is much easier to detect and validate that someone has hacked a Linux box, than a Windows box. We don't know the following that would lead more credence to any claims:
1. What is the ratio of M$ to Linux boxes that were attacked that we don't know about? (undetected and still infected - I would argue this number is much larger on the M$ side)
2. How were the percentages arrived at? If there are more Linux servers on the network than Windows servers, then we can not quantify 'percentage of total servers' and have it mean anything useful in terms of total numbers of attacks because, statistically, Linux attacks will outnumber Windows attacks given a standard distribution; since most script kiddie tools run on, and target Winblows machines, a 21% of total attacks on a few windows machines is more significant than a 67% of total attacks on a much larger group of Linux machines.
Social science numbers have no intrinsic value, except to the uninformed.
"Figures never lie, but liers tend to figure." - Longfellow
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
The Globe and Mail is the older and generally more respected newspaper. The National Post is a recent upstart. It is generally considered much more right-wing and a bit downscale.
Free Software: Like love, it grows best when given away.
I know we don't consider the primary purpose of the blaster worms as being to take down networks. Regardless, there were many networks disabled, taken down purposely to stem the flow, or just slowed to a crawl. Seems to me that Windows vulnerabilities are far more powerful and prolific than those of linux.
Let's also not forget that Windows NT marked the advent of the ignorant sysadmin. MS made it so that any yahoo willing to purchase a pc and their server software could put up their own server in very little time with very little knowledge. They literally blazed the trail for security education to those that really didn't care. Linux distros have learned from that and tightened their base security a great deal from the very early Slackware distibutions that required the enthusiast to configure everything. (where I broke my teeth)
I'd say linux has come a long way. It's broken into a new area- the ignorant sysadmin (that wants to lower the bottom line). Truth is: you can't enter this arena without doing some work and without being conscientious of your environment.
Welcome to the mainstream!
What folks really want to know is how does OS choice affect security for their organization. This study doesn't give them that information.
1) You need to get a sense of reporting bias.
2) you need to make sure you are comparing
servers in similar situations
(i.e. Linux servers at major, unpopular
corporations vs. Windows servers at major,
unpopular corporations)--and make sure they
are equally interesting targets.
I can believe that ISP's that service
certain neighborhoods are especially vulnerable
to attack--and that ISP's don't use Windows.
3) I would compare how setting affects this. I
could believe for example that Linux/BSD
are much more secure in the hands of
a professional and Linux is less secure in the
hands of a novice.
Come on, where do they get these figures? In August alone:
From NetworkWoldFusion
The Blaster worm - also known as MSBlast or LoveSAN - has spread rapidly since it was first noticed on Monday. It has infected an estimated 188,000 systems running Microsoft operating systems, including Windows XP, Windows 2000, Windows 2003 and NT, that are unpatched for the so-called RPC vulnerability discovered last month, according to a security firm tracking the worm.
They didn't count them. Why? Most of them aren't servers, right? Well how did they differentiate Linux servers then? I bet they didn't -- did they check and only record RH Advanced Server and disregard all the RH Workstation. I doubt it. This is pure FUD by a place that has trouble with math.
Another thing that's not clear here is what is classified as a successful breach? Does that mean defacing a web page? Does that mean getting full access to the box? I've had a web page on my server get defaced because I forgot to upgrade PHP, but I didn't really care that much. On the other hand getting my box rooted by somebody is a serious problem.
This sig has been temporarily disconnected or is no longer in service
I'll probably get modded down for this, but oh well.
I post often about how Linux is no less insecure than Windows or any other OS. And constantly, I get bashed, downmodded, told that there are more Linux servers but are less hacked, etc.
And yet here is a study that shows otherwise. Now look at all those people try to dismiss it. Try to dance around it, making excuses, and so on. If this study had shown that Windows was the most breached, people would take it at face value and we'd have the requisite hundreds of "I told you so" posts, heresay, anecdotes from idiots who don't patch their servers, and so on.
I'm sorry, but I just wanted to say, I told you so. All operating systems are as secure as their admins. Microsoft has millions of dollars and some of the top programmers in the world. They're damn secure. So is Linux. So are all the others, reasonably speaking. Linux is not the end-all of secure systems, and this just makes people who act that way look like idiots (especially when they're making ridiculous excuses to try to diffuse the study).
"Sufferin' succotash."
"Verifiable and successful attacks" indeed.. what about the number of unsuccessful attacks?
They have no figure on that.
This means that their conclusions rely entirely on the assumption that their data has no OS bias.
There is no reason whatsoever to assume this.
For instance, for all we know linux users might be more open about admitting attacks than windows users. Perhaps more of the windows admins were out patching their machines and didn't have time to reply. Maybe they didn't even survey the same amount of linux sites as windows sites. We know nothing.
Unless their source data is unbiased their numbers mean nothing.
I think anyone reading ./ is a qualified expert in this department.
"It's a very tangled subsystem." --Windows kernel guru
"The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups."
So, its like, here we have an organisation that manage to track 7900 hacker gruops?
Riighht...
That should make echelon pretty jelauos. The numbers are spewed out with no explanation whyatsoever wich makes someone as paranoid as me very suspicious. I have a hard time imaging a hacker giving numbers that easily. Smart hackers tend to shut their mouth. We only see the stupid scriptkiddies who brags on irc. I hope they havent used IRC logs as a measurement even if it wouldnt surprise me at all.
"Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August."
Why arent the numbers for this accounted for? I interpret this sentence as if Windows Servers was infact more attacked at govts. Why isnt those numbers revealed? Was there like, 100 000 Windows attacks or 10? The difference is also quite amusing between the number of successfully attacked systems. It seems like the govts is better at securing their servers than comercial online shops are.
And again Riiighht...
"The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.)."
"The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion"
If im right here server attacks from hackers cost 707 million. Attacks from viruses/worms (Windows since how many has even seen a linux worm let alone experienced one?) cost about 27 billion.
In that retrospect its kind of annoying if mi29 pats Microsoft on the shoulder since they account for almost all lost productivity and loss of income. Since the Microsoft attacks costs so much more or are so much more expensive i find it very hard to come to no other conclusion than that the linux attacks are no more than supercicial breaches easy recovered from. Either that or the numbers just dont add up.
As i side note, yes i think linux need better security but to gain real security on cheap intel/amd there need to be some better memory protection and more belts and straps. If one security mesurement fails there should always be a backup system to catch what slips through the first line of defense. This is my strong belief drawn from my view that no system can be whitout faults. We should try and mimik the way airplanes are built and used.
HTTP/1.1 400
The OS is really not as important as the security habits of the sysadmin, particularly related to password strength. I've known a lot of platform bigots (you know the ones, Linux is God you Microserf, bow before me for I am root and can write perl scripts) who used really lame passwords. Compromising a machine, regardless of platform, is easier when the machine is not patched (see bugtraq) and when strong authentication is not used.
Again, I repeat myself here, but it has to be said...EVERY OS is vulnerable. If anything, this article doesn't surprise me because of the difficulty in protecting a Linux system, an inherent problem with *nix flavors. You can build them to be beautiful, screaming machines, but you have to have in-depth knowledge about what to do, how to do it and why you should set them up a certain way. If you don't know what to protect yourself against, you won't do it...
Using 3L337 as a password won't protect your system from script kiddies, sorry.
man rtfm
I'm curious, was Slashdot afraid to put "Linux Most Breached Server?" in the headline? The stats were about most breached. The point wasn't who was most attacked. I guess that one word needed to be changed to soften the blow...
"Sufferin' succotash."
Since the stats for percentage hacks of linux vs. windows boxes seems to correlate very strongly with the percentage of linux servers vs windows servers (around 65% vs. 25%), it is likely that the OS being run isn't the main cause of the security problems. My theory is that the breakins are due to poor configuration and maintenance of the software. I doubt anyone would disagree that unpatched servers that aren't properly configured are vulnerable, regardless of the OS running.
Vote for Pedro
SE Linux is integrated into 2.6 and a patch to 2.4. It GREATLY improves the security of a Linux box. If someone gets root (or some other uid shell) through a buffer overflow they can no longer take over the whole system. Odds are they cannot do anything. How is this possible? By running every process in a security context carefully restricted to least priviledge through a system of mandatory access controls. If you want to see how effective this is for yourself please telnet to:
selinux.copilotconsulting.com
user: root
pass: root
... he said gently.
I don't know what their methodology was, but from looking at the results from ethereal, it's clear that there were more than 20 Windows boxes that were successfuly attacked on my broadband provider's local NAT domain alone. I doubt the proportion of clueless Windows users in this subnet is unusually high (if anything, it's likely low) so it seems very probable that many tens of thousands of windows bozes were attcked by SoBig alone.
It seems therefore extremely unlikely that only 4000-odd Windows boxes were hacked total in their study. This makes me suspect that they are playing fast and loose with their counting methods.
On my servers, I also un-setuid as many programs as I can, leaving only those that will be used regularly.
Useful resources:
tinydnsA VERY secure DNS server to replace BIND.
The Ultimate Guide to FreeBSD This book includes information about how to set up Jails in FreeBSD.
I mean, certainly part of it could be attributed to the fact that there really aren't that many windows servers. And it's pretty obvious that he's not counting viri as hacks. Could be they're counting web site compromises as "Hacks", which would explain the numbers, but which is completely misleading. It's hard as hell to totally secure a website, but a properly configured webserver should default you to "Nobody" even if it gets hacked, which would allow a theoretical intruder little leeway.
Even so, I don't know about their numbers. I mean, hypothetically speaking, if I were to go after a server, would I try a linux box, which is at least middlin secure right out of the box, or would I go after an NT box, usually hopelessly insecure, admin'd by some silly MCSE who's probably not going to notice, and not going to be able to catch me, using any one of a number of common script tools to exploit any one of a number of massive windows security flaws?
I do security for at least part of my living, and I've always found windows to be laughably insecure. I broke the security on this one box 20 TIMES in 2 weeks, and every time it was a new flaw. (And a new check for me. Mmmmmmm. Windows money.) I've never managed to do that to a linux box.
I'd really want to see their data. I mean, sure you can crack a linux box, but the easiest ways are 1) Social engineering and 2) physical access.
I've had MS guys give me their admin passwords OVER the fricking phone.
Bah. Anyway. This sounds like FUD to me.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
against Linux servers. They were SCO press releases...
How come Slashdot never gets Slashdotted?
The possessive form of "it" is "its", not "it's".
Well, I've always liked to say it thus:
The possessive of it isn't its, it's its.
Our biggest problem in this country (US) right now:
1) We are raising and building infrastructure with
admins that do not understand the technology
they are using.
2) We are educating people to be administrators
that can only push OK or CANCEL. If they can't
they complain "Oh if I can't do that then
platform isn't mature, so we don't use it."
I give analogous representations of most hapless Windows administrators to being equivalent to people who choose not to learn calculas because it is "too hard" and therefore "too expensive" to use.
If I do use calculas I will loose productivity!
Fact is, Microsoft is trying to dumb down computing to the point every possible problem you could ever have is in a wizard or dialog box.
It will never happen, and the more decisions the software makes, without approval or human intervention beyond OK or CANCEL the easier Windows is going to be to crack.
No software is ever made more secure by adding more software to fix security leaks.
The only way you reduce software vulnerabilities, is by removing software.
As we all know, every release of Windows gets bigger, and of course so does Linux.
But with Linux I have a choice on what software I install. Windows, you have only two choices.
OK and CANCEL of course.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
Thier data isn't normalize.
What is the ratio of Linux to Windows servers in the study? What was the ratio of breaches VS. Attempts?
by attempting to Normalizing the numbers we can see the following.
67% + 23.2% = 90.2 % total listed.
12892 + 4626 = 17518 combined successful attacks. = 90.2% so
100% of attacks would be 19421 breaches total.
So linux out of 13012 attacks 12892 breaches
Windows 4505 attack with 4626 Breaches
Giving linux 99.07% breach rate VS.
Microsoft at 102.67% Breach rate , Per successful attack.
If they computed there numbers correcly I should have seen 100% since there are percent and actual numbers of successful attempts.
Then again maybe there are 2% that breach MS security without a successful attack?
Anyhow its stuff like this that keeps me using FreeBSD.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
How? Easy!
67% of the attacks were against Linux servers and 12,892 sites were successfully breached.
23.2% of the attacks were against Windows servers and 4,626 sites were successfully breached.
Let's say there were 100,000 attacks, this means that the successrate for Linux is 12,892/67,000 = 19,24%, while the successrate for Windows is 4,626/23,200 = 19,94%
Linux is better than Windows. But we knew that already, didn't we...
In the case of the "lazy" admin, I've watched how over worked MS-only shops become - patches often break things, fail to fix what they claim to, or (re-)introduce additional exploits and therefore must be tested very thoroughly before going onto a production system. Some shops try to save money and have only one server, thus they pay big time for mistakes...
In those cases, breaches are due to the patches themselves breaking things or not working. Can you say NT sp2?
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The title states 'Attacked', but the article talks about successful compromises (Hacked).
Linux is the most hacked system?
Hmm...
Seems like a bit of reader manipulation there Slashdot!