Unpatched Linux Lives 3 Months on Internet 56
Allnighterking writes "The Honeypot project Honeynet.org has released their study on the expected lifetime of an unpatched default Linux install. If some of you remember AvanteGarde recently did a study of its own with several versions of Windows products and found that the average lifetime was about four minutes. Internet Week has an article on the study and the PDF with the full details of the study is available on Honeynet.org. Needless to say, from my viewpoint this is a good reason to limit Windows installations in IT that any PHB and/or Smiling Man can understand. Have them put into a spreadsheet and see what this kind of security means to their bottom line."
It depends (Score:3, Insightful)
Actually no, (Score:2, Insightful)
The message isn't Linux > Windows, it's that not keeping up to date with your patches is dangerous, and Linux is less of a target than Windows at the moment. By the submitters criterion, you would be recommending Apple to your PHB, not Linux, as an unpatched box wasn't even hit with any OS specific exploits!
Another desperately bad spin on an otherwise mildly interesting article.
Re:Actually no, (Score:3, Insightful)
The relevant data here is that if you are going to set up an internet server, a computer that will connect directly to the internet, or a computer in an untrusted environment in general, that Linux and Mac OS X are statistically least vulnerable to remote exploits (with some caveats related to the configuations tested).
It's just another (and a very important, but not necessarily the *most* important) metric to use when choosing a server OS.
Duh. So actually, yes, this *IS* a potential reason to choose Linux over Windows (or Mac OS X over Linux and Windows, if you don't mind the single-vendor limitation).
To quote the story:
Looks right on the mark. "this is a good reason to limit Windows" that "any PHB
I think you've mistaken the story for one which says Linux is perfect for all situations, or something.
Re:This is senseless (Score:5, Insightful)
in the last 72 hours.. Where are all these IIS servers that are being targeted? Apache outnumbers them 2 to 1. Wouldn't it make more sense to target Apache?
Why unpatched? (Score:3, Insightful)
Re:4 Minutes, or never (Score:3, Insightful)
The assholes that release viruses, worms and other malware on the computing world are also well aware that the average Linux user is much more difficult to hoodwink than the average Windows user (your grandma, for example).
The past ~10 years of the popular web has exposed the best (altruism, open source efforts, education, anti-bullshit) and the worst (scammers, spammers, hate groups, SCO) of global society.
Have a great 2005 everyone.