Slashdot Mirror
The World's Safest Operating System
fredrikr writes "UK-based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80 percent of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks."
This is not the best way to conduct research. When I was doing research at NIH we would say of this sort of thing, "After discarding all data to the contrary, the hypothesis was proven."
While this research may show that Linux servers are over-represented in overt acts of hacking, this does not statistically make the Linux OS the least secure. Attacking a particular system simply makes it popular for attack. In order to characterize Linux, or any other OS, as the least secure, there would need to be evidence that an equal amount of other OS's were unsuccessfully attacked or the success rate was lower. Other variables that would required controls would be the hacker, level of sophistication of attack, etc. etc.
To say that "...while Linux servers were the most vulnerable,,," only means that they may have been the most targeted. I am not saying that the conclusions of this research are incorrect, I am saying that from what I have read, they cannot come to those conclusions.
Keep Smiling!
Erick
http://www.busyweather.com/
For all the servers out there, I wonder how many people actually run up2date or apt from time to time. I imagine more people run windows run windows update than any linux equivalent.
Let's face it. Linux isn't for just the uber-geek anymore. So logically, more systems are going to be hacked into when people with no security sense are managing systems.
Don't blame the operating system. Blame everyone who thinks they're a competent sysadmin, but really aren't.
Not to mention that this article doesn't weigh in percentages. There are a *LOT* more linux servers out there than there are BSD, Windows and Mac OS X servers. When one factors in percentages, Linux really isn't *that* bad.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Different distributions vary greatly in how secure they are out of the box and in how easy it is to apply security updates once they are deployed. Also, talking about absolute numbers of breakins is completely uninformative without knowing the number of systems deployed for each.
To be news, they need to say what proportion of computers use each OS, and what apps were hacked. It even says third party software accounts for a lot of the Linux hacks.
Nothing to see here except some meaningless statistics. Yawn.
Somebody needs to take some basic statistics. The fact that Linux is most often the operating system involved in server compromises is not surprising since Linix is the is most often the operating system involved in servers in the first place. If you normalize out for server market share, you'll find things are more or less even.
When it comes to servers, selecting a bad choice of a password or forgetting to properly set file permissions is still the easiest way to get hacked, and that will always be operating system independent. And, that accounts for the majority of security weaknesses. Worms and viri are a client-side issue, servers don't often get hit with those.
So, good work OSX fans. You finally found a metric by which having the fewest number of servers in actual use makes you look good...
::puts on flame-proof suit::
Linux is made up of _many_ distributions, who hack together systems out of many disparate apps. Each is slightly different. This diversity means none can Q.A. their systems as well as a unified project like FreeBSD does. I've seen some unbelievable bugs in a very well-known Linux distro, there for no reason there than their resources are stretched too thin.
Linux is also a Unix. People who put up *BSD servers are Unix hacks. People who put up Linux servers are oftentimes ordinary people who are trying to cut costs from not going with Windows. Unix is powerful, if you don't know how to handle that power, you put your systems at real risk.
How many linux servers are there in the wild, how many bsd ones, and how many windows ones. I'd be tempted to guess that the geeks favourite OS is by far the most popular server OS...
In other words, it's the same story as Windows on the desktop - there are more attacks because there are more servers. Since they don't give us percentages of installed vs breached, the data is essentially useless. Rule #1: Normalise your data before comparison....
Simon.
Physicists get Hadrons!
The system admins usually don't know what they're doing, and the system gets broken into--it has nothing to do with the system itself. The admins should know how to configure the system - instead of leaving the defaults on. The defaults for other systems are most probably simply safer than the defaults in Linux.
Scorta futuere amo!
Nope. This isn't going to fix all of the hacks this report is talking about. Simply pick a root password of "password". up2date won't scream about that... but you're sure to be hacked rather quickly.
Stupidity runs on any OS...
they forgot a very important piece of information: the percentage of total servers accounted for by these systems.
armed with this statistic and the age old mathematical operation of *division* one could make these results meaningful.
in other news, a new study finds that red heads are much less likely to commit violent crimes. Data for left-handed people is also encouraging.
-ashot
The group discounted the recent wave of worms, viruses and other attacks that have affected Windows systems worldwide.
"When we ignore most of the break-ins that windows had, it had less than linux!"
followed by BSD and Mac OS X with 555 breaches
This completely ignores the proportion of these OS's that got hacked. If there are only 556 of them deployed, then this is a terrible break-in rate. Obviously there are more than 556, but there are fewer BSD servers than linux servers.
<high-level position here>
<name of stupid small company here>
While I'll admit that I find these behaviors pretty annoying, you can bet that Linux would enjoy a somewhat better security record if it were that hard to forget updates. It's a shame more Linuxes don't ship with at least the option of turning this on for desktop and small server folks.
At SCO, we offer increased security by running our website with Linux and only connecting the SCO machines to McDonald's cash registers and machines too old and slow to run root toolkits.
Absolute numbers are fine, but what about normalizing it for the total number of BSD, Linux, and Windows servers in use in this study? That's the more meaningful number. Then, what constitutes a successful attack?
Also, a useful study would look at how machines are maintained, password policies, etc.
Now before I come off sounding like a Linux apologist, it is quite possible there are some serious weaknesses that need to be addressed. If so, I hope they give us full info on the attacks so we can fix the problems. But these numbers as they stand don't tell us a darn thing.
If a dedicated admin configures Selinux and heavy duty firewalls, and puts Klingon password policies in place, I'd personally still be confident to match that system against anything out there. Default Redhat installs, on the other hand, are something else again. So again we need more info. It's all in how things are set up and maintained. The question actually being asked here - which OS is strongest, all other things being equal - is a really really tough one to answer. There are many other issues that must be addressed first.
So, as far as any useful information is concerned, this article doesn't appear to have any. What if the Linux machines simply had the best intrusion detection in place? (I'm not saying they did, but it's a fair question.) Need More Information!
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
I think this paragraph says it all - it comes down to poor admins. If you have a bajillion-dollar lock made out of unobtainuim, but leave the key under the doormat, you're less secure than if you have a 2-dollar master lock but aren't dumb about the key.
mi2g analysed 17.074 successful digital attacks against servers and networks. It states: "With Linux accounting for 13,654 breaches, Windows for 2,005 breaches followed by BSD and Mac OS X with 555 breaches worldwide in January 2004."
They say how many attacks they analyzed, but they didn't mention the pool of hosts that these attacks were taken from.
Were there 1000000 linux hosts, 200 Windows hosts, and 6 Mac OS hosts? If so, that would radically change the conclusion that is implied.
Also, it's interesting to note that they did NOT count automated attacks by viruses, etc.
I'm sure there are interesting conclusions in their study of attacks, but given the lack of data, this study doesn't provide enough data to conclude that one OS is safer than other.
We should not be concentrating on which operating is more secure than another. This just promotes the myth that people can 'choose' the most secure operating system and then they are secure. No operating is secure, if you do not keep it up to date and patched.
Everytime I see an article like this, I wonder how many users and administrators will get the false impression that if they just switch to another platform they will have done their job.
Security is a process. It is not all about the technology, and it requires educating users and managers to be effective.
This probably isn't an issue for the vanilla BSDs, but OS X and Windows are both much more likely than Linux to simply be a workstation rather than a server, given the fact that the overwhelming number of Linux boxes are in use as servers.
It's generally not too bad to secure a workstation against remove attacks-- you can just rip out anything listening. On a server, you *have* to be running some sort of server software, and if that has holes, you are open to attack.
May we never see th
I'm guessing the hypocrite in you would have reared it's ugly head.
And this is a good example of discarding all the data, coming to any conclusion you wish, and then putting the onus on others to debunk your unsupported premise, which, as it happens, has no logical bearing on the argument you are attacking.
A very popular methodolgy, but not a valid one.
For purposes of bias I will point out my posting history will show that I use Windows 98, Mac System 7, Mac OS8 and various flavors of Linux at the moment, but have a very strong preference for Linux for explicitly stated reasons, some of which relate directly to the deleted data in this study, some of which do not. You'll find that my position is at least unbiased enough that I have been accused of being both an MS lackey and a Linux zealot, although I don't recall that I've ever been accused of being a Mac head. I have never so much as sat at a BSD terminal or an OSX box, although I would have no particular objection to doing so, it would be fun, and I am inclined to believe that BSD is more secure than the majority of Linux distros at the moment.
If you wish to debunk this you will have to do your own homework in finding evidence to the contrary.
Ad hominem strawman arguments will be promptly and cheerfully ignored.
KFG
Great, yet another brain-damaged research that considers Linux an OS, and talks as if all Linux distributions were identical in terms of out-of-the-box security and ease of applying security updates. Hell, if we ever asked those morons what Linux distro they used to compute their Linux results, I bet they would say "uh... Linux 9.0 ?"
You are as safe as you make your server/system to be. If you don't patch you will get hacked and will not be safe. Same goes with windows, linux, Anything. Unless you have you're own OS that doesn't have patches :P. Can't stress how stupid it is NOT to put up a firewall blocking ports you really dont need open. Anything out of the box and kept that evil "default" setting Is bound to get h4x0r'd (hehe)
Now that Linux is running with the big boys I hear a lot of throat clearing. What happened to being more secure? Worms were discounted because the study was based on one hacker, one server, not a script kiddie writing an automated bot designed to attack everyone's home machine. This was about servers, not workstations. Looks like Linux is in the same boat Microsoft was in with 2000/XP, namely everyone and their mother is setting up Linux servers. Linux was never more or less secure than Microsoft. It's "security" was based on it's obscurity. Now that installations abound, however, the Linux community is having their work scrutinized and put to the test. Sorry boys, the easier you make it to use, the more people will try to hack it. Goes with the territory. Just ask Microsoft =]
End of Line.
You know why there's more overt hacking of Linux boxes than BSD boxes. Because there are far less BSD boxes out there to be hacked.
You know why there's far more Linux boxes that are being overtly hacked than windows? Because if you are a hacker, what the hell are you going to do with a Windows box? It's just not as interesting or powerful to remotely control a windows box.
I'm not a hacker, but if I was one, I would not waste my time on trying to 0wn windows boxes. I'd go after Linux boxes. Not because they are easier to breach, but because they are more fun to play with when you do.
This sig has been temporarily disconnected or is no longer in service
Uh...I haven't read all this other guy's posts. But they don't change the fact that his point here is incontrovertibly correct. Throwing out the most popular method for breaching security is a completely unacceptable way to conduct research that hopes to conclude relative security. That's pretty damn basic.
I mean, do you seriously disagree? You think this study actually shows that Linux is less secure than Windows? Even after you realize that they are ignoring SQL-slammer, Blaster, MyDoom, Nimda, Code Red...............and on and on?This is one of the most bone-headed studies I think I've ever seen. Anybody duped by this has absolutely no concept of either computer security or basic logic.
Given a choice between free speech and free beer, most people will take the beer.
Don't forget, they're also only counting Overt attacks, I.E. Verified ones... ones that leave a trace. It could very well be that all of those windows or OSX boxes were at some point Owned, but that the attack was so successful as to not leave a trace. It also requires "modification to any of its publicly visible components whilst executing...data attacks... [or] command and control attacks."
They also don't list their methodology, which I find disturbing. Out of 17k successful, caught, non-automatic hacks, x were against these systems. However, they don't say where those 17k come from, and don't put it in the perspective of the percentage of those systems in use. If you go to their homepage, they list something called a SIPS (Security Intelligence Products and Systems) System. This data comes from "Personal Relationships at CEO, CFO, CIO, CISO level within the banking, insurance, and reinsurance industry... monitoring hacker bulletin boards... and anonymous communication channels." That's a pretty unscientific pool to be pulling data from. Essentially, you're talking about hacks that were either reported by friends in high places, friends in low places, or bragged about by hackers on publicly accessible bbses.
So if you want to take the survey methodology seriously, then the survey proves beyond a shadow of a doubt that Linux has more non-automated attacks involving changing publicly accessible interfaces that were caught and reported by friends to mi2g.
The ______ Agenda
How exactly does a third party determine (a) that there has been an attack on a server, (b) that the attack was successful, and (c) the OS of the server that was attacked? The only way I could see getting this information is from people filing reports about their server when it is attacked. Likewise, in parts of the study this mi2g group quantizes exactly how many attacks certain 'hacker groups' made during the last month. I'm sure the cracker underground is just jumping at the opportunity to tell mi2g every time they compromise a server. I could see possibly establishing relationships with companies so they file reports whenever their server is compromised, but claiming they know how many attacks a given hacker group performs each month completely destroys any credibility they have in my mind.
Sure...we've got evidence. You can even (hopefully) find it in your own memory of the day when the whole Internet had major slowdowns and large service outages when SQL-slammer came out.
Or perhaps you just want to take a look at any number of statistics that compare breaches and don't ignore all worms. I'm not going to go link-hunting for you this second, but if you seriously look for any real studies on this subject and make sure they are taking all attacks into consideration, the numbers are tremendously different.
Seriously...just think about it for a second. Have you ever seen someone perform an attack on a Windows box that would be considered for this study? I've seen several hundred Windows breaches now (I've worked in computer repair shops, and now an ISP, for some time) and so far I think every last one of them involved some sort of worm, virus, scripted exploit or trojan. If you leave all this out, what do your numbers mean?
What a dumbass way to conduct a study.
Given a choice between free speech and free beer, most people will take the beer.
It is time to stop the religuous falme wars about "my OS is more secure than your OS".
We all know Windows has bugs, becuase people revel in revealing Microsoft's weaknesses. Hackers love to attack Windows because it is ubiquitous and so it is also the most attacked.
What this report points out, with all its flaws, is the the Linux system has problems too. Linux supporters have turned a blind eye to this and have loudly trumpted Linux as secure, while Windows is not. This simply wasn't true, but made Linux supporters feel goos about themselves. And even if it is a bit better, that isn't the point.
There will be bugs in Linux and Windows and other OS'es as long as new development continues. Further, as long as humans adminster the boxes, admins will do silly things and create vulnerabilities.
Just one bit that I'd say this is not quite on the mark in this closing statement: Windows makes it easy to patch a machine for the consumer, one box at a time; they make it easy for corporate customers with tools that can push updates onto boxes (although the required reboots are an issue unto themselves). Please correct me if I'm wrong, but I'd venture a guess that the issue is that you don't have these tools because they cost money that isn't easy to justify for the number of Windows servers you have.
The major problem as I see is is exactly what another poster stated -- that vulnerabilities may exist for months before a patch becomes available from Microsoft, and we may not be informed of them in a timely manner. The sheer number of ways that a Windows machine may be vulnerable for variable periods of time seems to me to be orders of magnitude greater than any Open Source package or the Linux kernel itself.
The ease of patching vs. the costs of doing so is a very valid reason (among many, obviously) for choosing one operating system over another. But to me it's far more important to know when a vulnerability exists and when a patch will be available. Windows loses in this regard, hands down.
Disclaimer: IANASBIPTBOOS
- Leo
You don't use science to show that you're right, you use science to become right.
Let's look a bit at the article. If you look at the FAQ link, after "Executive Summary" ( http://www.mi2g.net/cgi/mi2g/press/faq.pdf )
1. mi2g notes that hackers they anonymously interviewed preferred attacking Linux systems, NOT because they're inherently less secure - but because of configuration errors that run rampant from poor sysadmining.
1b. Unfortunately, this immediately invalidates any analysis of the security of the actual operating systems. Not to be redundant, but the system is only as good as the administrator.
2. I don't know where I saw someone ask this, but if you look at section two: "Multiple website attacks resulting from a single system breach" do actually count as many. For instance: if foo.com and bar.com are being hosted off the same server, and that server is breached, they count it as two attacks. Their reasoning is that from an insurance perspective, the industry is shelling out twice as many bucks they would've if it had only been a single page.
====
Okay. This article tells us one thing: Linux systems breached are simply victims of poor sysadmining. This should spur us on to do one thing. LEARN.
Shoot, if you're doing this informally, then get a good friend and learn to hack linux systems together; spend spare time hacking each other's systems. If you're doing this professionally, then *learn*. Readreadread. Patch. Patch. Read some more. Patch again. Retouch the basics; shut down unneeded services; configure permissions correctly. Go drop a hundred bucks at Barnes and Noble and buy a 12 pound book on Linux sysadmining. Or security. Above all, no matter how you do it, or even on what platform you do it...
Learn.
'If you're flammable and have legs, you are never blocking a fire exit.'
The usage patterns and target market/audience for these operating systems are very different.
There are huge variations in security between
- a Linux box set up by a novice student
- a Solaris system participating in a cluster serving a major consumer website
- a Mac OS X Server machine running stock network services for a graphic design firm
I'd like to hear more about how they accounted for these differences before I make up my mind.org.slashdot.post.SignatureNotFoundException: ewg
I like how the very first post discounts the point of this article right off by saying, sure, maybe linux got attacked successfully a lot, but what about all the other attacks that would've succeeded on Windows?
Come on, people. The fact is, the linux boxes got attacked successfully. That's a Bad Thing, regardless of what happened to Windows. It's an embarrassing thing for us linux people. Here's the real rub...
I've read studies over several years saying that linux boxes are nearly as secure as FreeBSD installations if the administrator sets up the environment properly . The results of the slashdotted study here is the result of the RTFM culture...hard to operate and administer, very little respect for the user in the design of the OS as a whole. I mean "respect" in the sense of "let's make this trivially easy to use because it's possible and respect the user's time" rather than "let's respect the user's intellect by reasoning they'll figure out how to work this thing no matter how ridiculously complicated we make it."
This study ought to convince all the people out there that don't worry about linux being too hard to use...it's affecting everyone, not just newbies. Not just dummies. Even admins can't set up a secure box. We have to keep working on usability folks. Fact is linux is more potentially secure than Windows--but not in practice because no one can figure out how to lock it down.
sev
but have you considered the following argument: shut up.
When you say that windows is so insecure because it's users will execute anything, what do you think will happen if windows users move to linux? They will double click an email, see a popup window (assuming the program was written for the right desktop enviroment, which is a entirely different linux problem) that says "You're system must be updated to run this program. Please enter your root password." and BAM! you have a rooted linux box. The attacks tried in this article are do not rely on a bad users, but on insecure OSes.
#!/bin/sh :; do
while
$0 &
done
As an OS X user, i'm afraid that some jackass is going to take the this as a challenge and find a way to hack into my little box. If Apple ever advertises that OS X is the safest operating system that's when it's going to hit the fan. The automatic software updates feature is the perfect distribution system for some buggy code, it seems. But in my opinion, OS X does run more secure than any other OS i've ever used. Best thing - it comes that way right out of the box. -ko
Whereas I have strong doubts about the validity of this study, I also have strong doubts about the security of GNU/Linux. It may build on UNIX principles that have been tested through time, and Linus certainly emphasises code quality, but the system as a whole is pretty new and therefore untested, and not all contributors can reasonably be expected to be aware of all possible security issues. Also, the C library is full of unsafe functions (fgets, scanf, ...), and the privilige system is quite coarse, often requiring that processes have powers that far exceed what they need to have (e.g. to install a program in the /usr/local filesystem, virtually anyone runs it with root priviliges - which also allows the process to overwrite files elsewhere in the system.
A lot of vulnerabilities are found in programs that are part of typical GNU/Linux installations. Although patches are typically made available swiftly, it's still the admins' responsibility to apply them. A system is only as secure as you keep it, and with all the wannabees running Linux c0z 1tz 1337, I don't have very high expectations. Also, keep in mind that Linux has been a small target, which makes it less popular with crackers, and that attacks against it don't affect J. Windows Luser's system, so the chances that you'll here about them are significantly reduced.
I run Debian GNU/Linux myself and I am completely in love with it, because it provides a system that Just Works and that I can understand the workings of. Debian puts a lot of effort in quality and security, however, I won't make any claims about how secure it is until I have trustworthy data about it.
Please correct me if I got my facts wrong.
Your survey is skewed because you're completely clueless about linux. It was funny, yet somehow sad, to read of your slapstick antics just now.
With any supported redhat, clicking on up2date does the trick - without the paid rhn though, you will not be able to get the same service - but guess what, you use apt or yum and get all the same updates. once apt is installed, just say "apt-get install synaptic", and from then on, you can point and click you way through package installs from the various software repositories available.
Firstly the original poster claimed that all major distros had an easier patch system than Windows. I disagreed and posted my personal experience. This is reinforced by you tellimg me that I now have to PAY to get a reliable easy to use patch system (Windows updates always have been free). Secondly are you now suggesting that the fact people have to work out how to patch the box is easier than Windows Update and automatic updates?
I disagree. Ease of use is the point of this discussion, not that it can be made to work with a lot of pissing around.
i) the BSDs are pretty obscure. The people who use them do so for a reason. To get into BSD you've initially got to be attracted by something they offer, and what they offer is security. I'd say the average BSD user knows more about Unix than the average linux user. (No, I don't use BSD. Well, not much.)
/. linux weenie thinks knowing how to comment things out of inetd.conf makes him a security expert. He thinks his ultra-leet gentoo boxen are watertight, and doesn't need to implement a security policy or look at his logs, then gets worked over by a script kiddie.
ii) BSD is not a buzzword like linux. No clueless middle manager ever asked his clueless admin to set up an OpenBSD server because he saw an item on TV about it. Again, if BSD is there, it's probably there for a reason.
iii) the average
iv) the herd's reaction is "it says something negative about linux, which is perfect, ergo it's FUD"
v) why do linux vendors (and also Sun) feel bundling as much freely downloadable crap as possible adds value to the product, rather than just making more of a PITA to manage properly?
That "gooey" python stuff only lives on the RedHat derived distros as far as I can tell, and it's never stopped me from using the tried and true methods either. I tend to ignore all of that stuff completely as it's superfluous. (I also tend to just not install any of it... the package selector is nice enough to keep them together)
::shrugs::
Also, some of the scripts are damn useful. For example, the redhat-printer-conf. And I've looked at that baby, and it is some _hardcore_ python. It can handle like seven different printing systems, and detects which ones you have installed. It even comes with "Print Test Page".
Mint!
Actually, the worst offender is SuSE. YaST will completely take over all your configuration files. And YaST is written in C. OTH, YaST is pretty friggin complete, and it has a well documented plugin system so it's not as bad as it seems. Still, you just don't install it (or install it but don't use it). Problem solved.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
As Linux comes to be more and more ubiquitous I predict that we will see viruses and worms written for linux that will actually spread. This is not to say that linux is any more or less secure than windows, but all operating systems have weaknesses that can be exploited. Windows main weakness is clueless users in my opinion. Linux doesn't have that problem, but it may have the problem of having over confident users.
I have the most secure system in the world sitting in my den. It is a windows 95 box with no modem and no network card. I will give anyone $1000 if they can even do a port scan on it. Oh and the power supply is bad. Ultimate security! Almost as obscure er..secure as OSX!
We setup two firewalls facing the Internet, a MS Proxy server and a redhat9.0 as a test server. The redhat was compromised using sendmail and samba exploits and it was used as a staging area for further attacks before we knew. Thank god the admin password was different on the servers else we would have lost quite a bit of the company.
But I dont think Linux is at fault. I did not use iptables to block unneeded ports on the outside and I did not patch sendmail ( I shouldve used qmail). I shouldve taken close care of suid files, used ssh instead of telnet, jailed most servers, never used root and generally kept checksums of the important binaries. Thats what real security takes, thats whats easily possible on Linux, thats what Windows lacks and THATS what I didnt do.
Altho our firewall now is a single openbsd (which does most of the above by default), I still recommend Linux, but with patches applied, services disabled, ports blocked and servers run in jails. If they compare default installs, Windows isnt running much, older redhats are running too much with no patching of daemons whose sources are available online, and the results are biased. Just give me a server to secure, give the same to a Microsoft representative, some time for us and then attack the two servers all you want.
Just as tomshardware maxes out their test PC's specs to compare video cards properly(radeon and geforcefx will both be about the same on a pentium2 with 64mb ram, 4gb hdd), OS security tests should rule out technician incompetency.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Every time somebody comes out with a statistic negative toward windows, the less secure in their reasoning ability among this community always start with the "hurrahs" and "score one for linux!" But whenever anyone tries to tell you you're just maybe wrong, and that, perhaps, linux is not as secure as you think it is, then you get all bitchy and cry and make dumb excuses. Go ahead and mod me into the toliet, but before you do please consider all sides of the arguement for once, jeeze. (not nessesarily saying that anyone is right or wrong on either side in this particular incident, but i hear a lot of flamebait come from a lot of people every time something like this comes up)
Okay, this is the SECOND study posted to Slashdot that has shown that Linux is the most breached operating system on the Internet.
If it were shown to be Windows, nobody would be arguing, but because there is insane bias around here, we get lots of yimmer-yammer trying to run circles around the data.
How many studies have to come out before Slashdotters stop proclaiming Linux as the magic security solution? GNU was hacked twice last year, and GNOME, Debian, and Gentoo were all hacked. What gives?
Just my two cents. I'm compiling Gentoo right now...I love Linux. But I'm not so naive to pretend it's the end-all solution. I haven't read all the comments, but I fully expect to read the same, typical, anectdotal bullshit--"Well, where *I* worked..." or "Well, *I* spend more time on Windows patching..." or "Well, if *I* were conducting the study, I would..."
Notice it's detected attacks? Perhaps it's because the Linux tools are better at detecting and defeating attacks than Windows? How many of those attacks were successful and only detected AFTER the damage was done? Not many, I bet...