Slashdot Mirror
The World's Safest Operating System
fredrikr writes "UK-based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80 percent of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks."
Looks like mi2g doesn't have the best reputation:
h is tory.html
t ml
m l"
"And yes, every time an mi2g story has come up, an ugly flamewar has started. The funny thing is, it's the security equivalent of an Adequacy troll.
Some links:
http://www.attrition.org/errata/charlatan/mi2g-
http://www.theregister.co.uk/content/55/28233.h
http://www.nwfusion.com/news/2002/1107msfoul.ht
Mi2g
Second link leads to this page which shows what a crock this (company/report) is.
Read Why is mi2g so unpopular?
Then read this complete debunking of the scam^Wfirm.
Slashdot is trolling us -- did I wake up in Soviet Russia??
-- @rjamestaylor on Ello
I don't know about the results but this 'security company' has been in the news before and as far as I know it was labeled as bunch of charlatans by real security experts at security focus. Read more about mig2 at: http://www.attrition.org/errata/charlatan/mi2g-his tory.html
You're kidding, right? The main /problem/ with Windows is the number of (often hidden) servers that are running by default. UPnP, DCOM, Windows Messenger, etc, etc, etc.
It's always a long day... 86400 doesn't fit into a short.
No it doesn't. It reads as shades of grey. "Here, let's discount all the big problems/hacks that are affecting Windows. My, now it looks much more secure then Linux."
Furthermore, given how quickly a potential problem can be fixed in Linux, as opposed to the "wait, and wait, and wait some more" approach to the MS Service Packs, I'd have to say that the methodology used to reach at least some of the conclusions in the article is seriously flawed.
Kierthos
Mr. Hu is not a ninja.
As seen in the netcraft FAQ : Since the last server of the top 50 have an uptime of 1073 days, there's no way a Linux box could be in the list.
The original post reminded us not to forget that Windows or OS X boxes could have undiscovered exploits. I'm reminding that Linux can also have undiscovered exploits. By definition, we cannot know how many undiscovered exploits there are in each OS, so we cannot quantify and compare them. Therefore, we must ignore them and talk about the known exploits. Flamebait?
If anything will destroy Linux, it's fanboy groupthink that the OS is invulnerable. Every choice has a downside. Deciding to leave a service off by default probably makes it more secure, though less convenient. When there are numbers like these presented, it's exactly the time to review such choices to see if they are the right choices to make for your users. Flamebait?
Be sure to LART the person who installed it for you. telnetd is not part of Debian's base installation, so it had to have been manually added later.
Dewey, what part of this looks like authorities should be involved?
Sure it does... It's not enabled by default, and as far as I know, there's no GUI to enable it, but it certainly comes with telnetd preinstalled:
greyfox ~% uname -a /usr/libexec/telnetd /usr/libexec/telnetd* /etc/inetd.conf /usr/libexec/tcpd telnetd
Darwin greyfox.azeotrope.org 6.8 Darwin Kernel Version 6.8: Wed Sep 10 15:20:55PDT 2003; root:xnu/xnu-344.49.obj~2/RELEASE_PPC Power Macintosh powerpc
greyfox ~% ls -l
-r-xr-xr-x 1 root wheel 50012 Jan 18 02:05
greyfox ~% grep telnet
#telnet stream tcp nowait root