Unpatched Linux Lives 3 Months on Internet

Allnighterking writes "The Honeypot project Honeynet.org has released their study on the expected lifetime of an unpatched default Linux install. If some of you remember AvanteGarde recently did a study of its own with several versions of Windows products and found that the average lifetime was about four minutes. Internet Week has an article on the study and the PDF with the full details of the study is available on Honeynet.org. Needless to say, from my viewpoint this is a good reason to limit Windows installations in IT that any PHB and/or Smiling Man can understand. Have them put into a spreadsheet and see what this kind of security means to their bottom line."

It depends

[PrivateDonut]

That value would depend on the distro and its age.

Actually no,

[SimianOverlord]

Linux versus windows in the workplace will not be decided by showing them a spreadsheet of fiddled figures. This test is hardly a good way to test security, its an interesting sideshow, no more.

The message isn't Linux > Windows, it's that not keeping up to date with your patches is dangerous, and Linux is less of a target than Windows at the moment. By the submitters criterion, you would be recommending Apple to your PHB, not Linux, as an unpatched box wasn't even hit with any OS specific exploits!

Another desperately bad spin on an otherwise mildly interesting article.

Re:Actually no,

[node+3]

What the hell are you talking about? This article is like *any* article in that it applies only in the areas it applies.

The relevant data here is that if you are going to set up an internet server, a computer that will connect directly to the internet, or a computer in an untrusted environment in general, that Linux and Mac OS X are statistically least vulnerable to remote exploits (with some caveats related to the configuations tested).

It's just another (and a very important, but not necessarily the *most* important) metric to use when choosing a server OS.

Duh. So actually, yes, this *IS* a potential reason to choose Linux over Windows (or Mac OS X over Linux and Windows, if you don't mind the single-vendor limitation).

To quote the story:

Needless to say, from my viewpoint this is a good reason to limit Windows installations in IT that any PHB and/or Smiling Man can understand. Have them put into a spreadsheet and see what this kind of security means to their bottom line.

Looks right on the mark. "this is a good reason to limit Windows" that "any PHB ... can understand".

I think you've mistaken the story for one which says Linux is perfect for all situations, or something.

Re:This is senseless

[Curtman]

Meanwhile my poor Linux/Apache has had 293 requests of:

• "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02"... etc

in the last 72 hours.. Where are all these IIS servers that are being targeted? Apache outnumbers them 2 to 1. Wouldn't it make more sense to target Apache?

Why unpatched?

Why do they use unpatched boxes in these types of tests? It just doesn't make a good security test, IMO. Why don't they setup a Linux box and a Windows box, and patch them both. Set up automatic updates in Windows, and a cron job on Linux to download updates nightly. Maybe install a few server processes just for fun (mail, web, ftp, and file shares / samba services for instance). Open the ports for those services, and block everything else with the vendor's firewall. I bet both boxes would stay un-hacked for years.

Re:4 Minutes, or never

[pipingguy]

The assholes that release viruses, worms and other malware on the computing world are also well aware that the average Linux user is much more difficult to hoodwink than the average Windows user (your grandma, for example).

The past ~10 years of the popular web has exposed the best (altruism, open source efforts, education, anti-bullshit) and the worst (scammers, spammers, hate groups, SCO) of global society.

Have a great 2005 everyone.