Linux Most Attacked Server? 815
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Hmm... (Score:4, Funny)
Re:Hmm... (Score:5, Funny)
Article headline (Score:5, Insightful)
Re:Article headline (Score:4, Insightful)
Re:Article headline (Score:4, Insightful)
Re:Article headline (Score:5, Insightful)
Check the logs.
It was SCO (Score:4, Funny)
Re:Hmm... (Score:5, Informative)
From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...
Not funded by MS, this is a security consulting group of dubious integrity.
Some of my favorite quotes in reference to their press releases -
"Mathmatical Masturbation" Richard Forno (InfoWarrior.org).
"Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".
"Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.
"mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."
and
"Fearmongers" Rob Rosenberger, Vmyths editor.
Read more at Vmyths.com [vmyths.com]
Globe and Mail (Score:5, Informative)
The Globe and Mail is the older and generally more respected newspaper. The National Post is a recent upstart. It is generally considered much more right-wing and a bit downscale.
Re:Globe and Mail (Score:5, Interesting)
A trivial demonstration of the problem is to take the number of reported virus infections with Sobig and friends. Compare with the mi2g figures about proven break ins. Note weird difference in size of windows numbers.
As to web sites they *appear* to count each web site affected. So a single linux breakin on a big hosting site scores 10,000 while nobody hosts 10,000 sites on a windows box.
One of the problems with a lot of these metrics is the lack of a fair, formal and neutral third party methodology for analysis of such data that can handle the way proprietary vendors forget to reveal most bugs but just roll them quietly into updates, the difference between vendors in quantity of material and remove overlaps.
Unfortnately that isn't likely to change. There is a marketing game being played by many vendors and security is simply another buzzword and another set of statistics to "optimise". Customers are expendable.
I guess the final thing we all should notice. The number isnt zero. That only emphasizes the need to get more stuff like SELinux out and equivalent other OS products. Preferably before the bad guys mix something like Sobig or slammer with something that does actual damage, potentially hardware damage.
mi2g masturbation (Score:4, Funny)
Yeah... (Score:3, Insightful)
Re:Yeah... (Score:3, Insightful)
Re:Yeah... (Score:4, Insightful)
Anyway, I'm highly suspect of this report. It may turn out to be true, but until we see the data, we are unsure.
Um, check your facts sport... (Score:4, Informative)
Re:Um, check your facts sport... (Score:5, Interesting)
Re:Um, check your facts sport... (Score:4, Insightful)
I have heard of VERY few people running Apache on Windows. What's the point?
It would be stupid and reckless to tell a bunch of MCSE's to scrap a Windows server and replace it with Linux. If your organization doesn't have any Linux experience, the next best thing to moving away from Windows is using Apache instead of IIS.
Re:Yeah... (Score:5, Informative)
OS
% of Total Hacks
% of Servers running OS Hacked
Re:Yeah... (Score:4, Insightful)
OK, who's going to pay for the survey that shows the "most attacked" desktop OS? What? MS doesn't want to pay for that?
Re:Yeah... (Score:5, Insightful)
ZoneAlarm? Please.
Re:Yeah... (Score:5, Interesting)
Needless to say, the regular server administrator for that site is in an uncomfortable spot now.
Re:Yeah... (Score:5, Funny)
Needless to say, the regular server administrator for that site is in an uncomfortable spot now
"You mean like the backseat of a Volkswagen?"
Re:Yeah... (Score:5, Funny)
Well, I'm sure the end result will be the same. :-)
Re:Yeah... (Score:5, Insightful)
I know many admins who are not worth two cents and I know others who are so swamped with tasks that they don't have time to patch much less check logs on a regular basis.
Blatant innumeracy (Score:5, Insightful)
This statement clearly states that less than 2 percent of the BSD servers on the net were attacked. Yet that is not what the numbers show. The numbers state that less than 2 percent of the attacks were against BSD servers. That is a very different thing indeed.
As such, there are a number of pieces of information that are needed to make this article useful:
Re:Yeah... (Score:5, Insightful)
The ratio of Windows workstations to Linux workstations has never stopped us from divining that the reason there are more viruses for Windows because of its ubiquity, not necessarily its security record.
Why should this be any different?
Re:Yeah... (Score:3, Funny)
This is /. Obviously you meant to write "denying" in place of "divining".
Re:Yeah... (Score:5, Interesting)
First, In the Windows case, shit might happen because it takes longer for a proper fix to appear (though, on the last DCOM-related vulnerabilities, we should give credit to MS for the quick response to the problem). If a patch does not exist, the admin can not do as much (unless he has a proper firewall).
In the Linux case, patches are generally avilable quicker, and upgrade functionality like Debian's apt-get makes it fairly easy to update the systems. I would guess that most holes that lead to the attacks mentioned in the article have long been patched, and it was merely the admin's fault for not watching his system.
So, I would say (though it's a subjective opinion) that Linux systems can be much more secure, even if attack _attempts_ on Linux systems were to occur more often than on Windows systems. But it all depends on the administrators. Windows systems, on the other hand, might let you get in a situation where you depend solely on Microsoft to respond to the security problem -- not a very nice situation.
Oh, and yes, there are more viruses for Windows, but that includes the 'dumb end-user' type such as SoBig, which are purely unrelated to server attacks. And those, I'm more than sure, will _not_ appear an Linux systems since I do not know of an email client that makes it so easy for a user to execute incoming garbage straight away.
I really wonder whether there are more known attacks to Windows _server_ systems than to Linux systems if you exclude all those Desktop-user viruses. Anybody know?
Re:Yeah... (Score:5, Interesting)
I call bullshit. Most Windows problems are patched long before they're exploited. See Code Red, Nimda, Blaster, etc. All of these were fixed long before they were exploited, and yet long after the worms first appeared people were still being hit. While I will agree that there is a possibility of patches taking a while to appear from closed-source software (and that it has happened, usually regarding Internet Explorer), that has been the case only in a very minority of important patches. As well, though you call out Debian's apt-get for making it fairly easy to update systems, Microsoft has Windows Update (and they freely-available provide software to run your own Windows Update site, so that you can verify patches before pushing them out to your site). Therefore, your argument is a red herring.
Bingo! 99.999% of all of the problems with both Linux and Windows being insecure have stemmed not from late patches, but from administrators not keeping on top of security for their machines.
It's false to say that Linux will not ever be affected by such viruses, because it's quite possible. Even with proper separation of user rights and administrator rights, a user can still royally screw himself and his data. More, all it takes is one unpatched local root exploit ("I'm not too worried about local exploits, because they're local" is an attitude that will get you in trouble if you have users ...), a malicious binary that exploits it, and a dumb user. As well, with more users wanting to use Linux, the need will come for user-friendly desktop apps (what do users want to do? easily open e-mail attachments. Better code that properly, our you're going to be as bad as Outlook Express ...). Users will also want to be able to easily install software (see Lindows, and how at least initially it suggested you not only run as root, but without a password!). There's work to do on Linux before it will be acceptable to Joe Sixpack or Bettie Secretary, and unless developers keep their wits about them they can (and will!) fall into the same problems seen in Windows.
Re:Yeah... (Score:5, Insightful)
- Security is a relative measure, there is no absolute security.
OK, fine, we're past that. Now, from an architectural point of view, MS has no hope of being as secure as a BSD, or even a Linux. The reason is the tight coupling between components within not only their OS architecture, but also the server-side software as well.
The problem is that creates an environment where undue damage can occur due to the compromise of what should be an extraneous service. An example was a flaw in IE which allows a "root" type exploit. Another is Biztalk requires a number of software packages which should not be needed (i.e. Visual Studio) on the machine. This is both a security and stability issue.
Linux and Tomcat or Apache require exactly that, the kernel, network libs, and Tomcat / Apache. The issue IMHO as to why so many Linux boxes are getting hammered is beacuse of vendors like Red Hat which include a number of unneeded services and have them active by default. They've gotten BETTER, but they still have garbage on there that is ABSOLUTELY not needed. Example, we've drunk the RH "kool-aid" at my company. Fine, I like Linux, but in hardening our servers we have to pull out TONS of sh!t from what was a CUSTOM install!!! (now using kickstart) I hate to admit, this is a sore spot with me
In essence they're created a Windows-like system in that regard. The only difference is that you can remove it post-install. Regardless, my point stands.
The de-coupled nature of Linux and BSD create an environment where one can create a "more" secure environment then what Windows can provide. Stupid vendors can undo this, but for the most part...
The other point is that this "survey" did nothing to point out what kinds of attacks these were? Were these hitting the OS, or a service that ran on top of it (i.e. Apache or IIS)? This article seems like flamebait to me... I agree with your points on desktop users. I disagree on one minor point - Blaster. My Dad keeps his machines patched and has anti-virus (McAffee - I know, I know...) and he was still hit. My company pushes updates as well and so were we.
A Step Farther (Score:3, Funny)
But consider this: Do people attack the server because it's running Linux, or because it's hosting the SCO website?
I think the CONTENT drives far more hacks than the OS it's on...
Re:Yeah... (Score:5, Insightful)
Re:Yeah... (Score:5, Insightful)
You are right. I've read a lot of anti-MS babble here that has me a little spooked. Evidently, when Linux is more secure than Microsoft, the impression is generated that you can install a Linux based webserver and you're instantly secured. That's what I did. Being a Linux newb, I set up a Redhat/Apache server and within 2 weeks it was rooted. We had to have our sysadmin build us a new one. (It was a project for me to grow...)
It only takes one exploit to destroy your server. Vigilance is absolutely necessary on either platform. Maybe it's time to end the anti-MS pissing contest and focus on good practices in general for whatever OS you're using.
Re:Yeah... (Score:5, Interesting)
Not that you know of anyway.
When I was a linux noob I had two boxes rooted(one was set up to email bomb mirablis, who blocked my IP and ended up reversing the bomb on my box because of returned mail which is how I noticed the problem...pretty damn funny when you think about it). I traced it back to security hole in wu-ftp. I have sinced learned
Re:Yeah... (Score:5, Funny)
I honestly can't remember if we ever reported him to anyone or not, but we reinstalled right quick (I think he'd used an nfs exploit and then backdoored one of our other services, can't remember which). In any case it was obvious what had happened - the logs we so full of "help! someone's trying to hack me!" type messages that it was even funny at the time. Especially since nobody ever went to our webpage and we just used the machine as a local quake server anyway...
Well, well, well (Score:4, Insightful)
I post often about how Linux is no less insecure than Windows or any other OS. And constantly, I get bashed, downmodded, told that there are more Linux servers but are less hacked, etc.
And yet here is a study that shows otherwise. Now look at all those people try to dismiss it. Try to dance around it, making excuses, and so on. If this study had shown that Windows was the most breached, people would take it at face value and we'd have the requisite hundreds of "I told you so" posts, heresay, anecdotes from idiots who don't patch their servers, and so on.
I'm sorry, but I just wanted to say, I told you so. All operating systems are as secure as their admins. Microsoft has millions of dollars and some of the top programmers in the world. They're damn secure. So is Linux. So are all the others, reasonably speaking. Linux is not the end-all of secure systems, and this just makes people who act that way look like idiots (especially when they're making ridiculous excuses to try to diffuse the study).
Re:Yeah... (Score:5, Insightful)
From MI2g website [mi2g.com]:
So if a single ISP box gets hacked, they may count that as 100 linux sites hacked because of virtual hosting.
But even more important than their actual counting methods are where they get their data. Again, according to the same paper:
mi2g is principally reliant on data for SIPS and EVEDA from a number of sources:
reinsurance industry in Europe, North America and Asia. We have been involved in
pioneering cyber liability insurance cover for Lloyd's of London syndicates which has
given us access to case history since the late 1990s.
hackers who we use for penetration testing and developing our bespoke security
architecture that feed digital risk information through to us on a continuous basis
including vulnerabilities, exploits and the latest serious attacks they are aware of.
hacker groups.
So their highly informed executive manager friends seem to know when their linux systems get hacked versus their windows systems, they browse the web, looking at defacement sites and they converse with script kiddies via email. Umm, does anyone else see an issue with their data collection methods besides me?
If you don't yet, then let me give you a simple example. Let's say that I wanted to bias the results. Mmm
You can show me analyst reports by people like this all day long. In the end, this report bears no relation to what I see day to day in the real world.
Re:Yeah... (Score:3, Informative)
All in all the stats are fairly accurate. Microsoft is not very loved as a server.
Re:Yeah... (Score:3, Insightful)
Woo! (Score:4, Funny)
Er... wait, what? Is this a good thing?
What? (Score:5, Funny)
Interpretations... (Score:5, Insightful)
Re:Interpretations... (Score:4, Insightful)
I'm going to go out on a limb and say a lot of these probably happened inside cut-rate shared-hosting environments, where Linux is uber-popular and security is often kept lax to keep customer questions at a minimum. Let's face it, it's easier to clean up a defaced homepage than try to explain chmod to folks...
Re:Interpretations... (Score:5, Insightful)
ITs possible to make a secure windows system. Its possible to make a secure linux system.
ITs possible to make an insecure windows system.
Its possible to make an insecure linux system.
Re:Interpretations... (Score:5, Insightful)
Those are four facts leading to interesting quesitons :
Those probabilities should be pondered by the frequency of default installations, frequency of having an expert rather than a novice as the administrator, etc.
Thus, could someone not knowing which one to choose, and not knowing whether he is hiring an expert or not, rely on those statistics ?
Canadan Newspaper != The BBC (Score:5, Informative)
This clearly came from Canada's Globe and Mail newsmapaper, which is clearly has nothing in common with the British Broadcasting Company
Active or passive attacks? (Score:5, Interesting)
Re:Active or passive attacks? (Score:5, Informative)
Uhm... slow
Re:Active or passive attacks? (Score:4, Interesting)
Re: (Score:3, Informative)
How do they relate (Score:4, Interesting)
Well, they don't say that, but if you include the number of infected Windows desktops this year, I have a pretty good feeling it would be a LOT more than 12,000, even if you only include infections designed to give control to an outside party (as opposed to simply spreading).
Staying uptodate costs money... (Score:5, Insightful)
It's ironic that Microsoft provides that service for free, whereas Linux requires paying money. But it's good because at least here there's a clear way to make money off Free Software and keep programmers like me from going hungry.
John.
Re:Staying uptodate costs money... (Score:5, Informative)
Finding updated packages isn't a big deal. Harder is finding what software has an announced vulnerability that hasn't been patched by it's respective distribution yet. Red Hat uptodate has the same problem, if Red Hat hasn't patched the vunerability yet you won't know about it.
Of course in the Open Source world the updates come pretty quick after the annoucement anyway, but if there were some software app that had a real old version with no maintaniner as the default it could present a problem.
Re:Staying uptodate costs money... (Score:5, Insightful)
Above it says that it costs 30 pounds to read the report and discover their methodology. Not worth it to me. But before I took it seriously I'd need to know their target populations and their sampling rates. It makes a big difference, for instance, if they only sample people who know and admit that they have been hacked, or whether they have some independant way of checking. And it also makes a big difference if they are counting servers in Fortune 5000 glass houses, or whatever is connected to the web, or (...what are the alternatives?).
I've seen too many bogus news stories to start taking one seriously just because it says that there are a lot of Linux machines out there.
(P.S.: staying up to date doesn't cost MUCH money. I normally run Debian, and once a day I usually run apt-get update/apt-get upgrade. This does sort of depend on a broadband connection, as some days the amount of upgrades would choke a dial up connection. OTOH, most days nothing significant to me has changed.)
Re:Staying uptodate costs money... (Score:4, Informative)
I don't know about Linux vendors in general, but Red Hat has offered such a notification service for years. You don't even have to pay them for it, just sign up for their security mailing list. I've been getting such notifications for a long time; I probably get a dozen a week.
Re:Staying uptodate costs money... (Score:5, Informative)
Apt-get doesn't explicitly notify you when updates come in, however it is trivial to write a script to automate the process of checking for updates. For the super-lazy, you can even continue to use the free version of Red Hat's up2date notification icon to alert you when updates come in, and then use apt-get to actually fetch them.
Of course, there are probably other reasons you pay for RHN, such as technical support, a desire to give back to Red Hat, etc...
Just thought I'd make sure you know about an excellent free alternative.
Re:Staying uptodate costs money... (Score:4, Informative)
No it doesn't. Tried Debian security advisories [debian.org]?
Re:Staying uptodate costs money... (Score:3, Informative)
1. You are confusing "free as in beer" with "free as in speech".
2. It's pretty easy to set up a cron job to automatically download the patches from a mirror ("wget -m
3. Mailing lists, mailing lists. Gentoo has a mailing list for announcements that is very quiet and seems to have only security announcements. I'm sure the
Re:Staying uptodate costs money... (Score:4, Informative)
http://www.microsoft.com/technet/treeview/defau
http://www.pcworld.com/news/article/0,aid,63784
As Steve Jobs once said, "Every security scheme that is based on secrets eventually fails."
Re:Staying uptodate costs money... (Score:5, Insightful)
As Steve Jobs once said, "Every security scheme that is based on secrets eventually fails."
Well, he's got it wrong. He probably meant obscurity, not secrets. Then he would be right. Your gpg private key is a secret. Not telling how the encryption works is obscurity. There's a big difference between the two.
Security through obscurity (as you correctly show is Microsoft's way of working) is bad for security, because it gives the people the feeling that they're safe, while they're not. That means that the end result can be worse than no security at all (in which case the user would perhaps choose not to put sensitive data on the device).
Re:Staying uptodate costs money... (Score:5, Insightful)
That's a bit misleading. With Linux, you don't have to pay anything up front for the OS, and you can take whatever support strategy works best for your particular situation, from building updated sources yourself (free), downloading RPMs (free), using Red Hat's limited trial up2date (free), or getting one of the Red Hat Network subscription packages ($60+).
With Windows, you pay $300 or so up front for the OS plus whatever an office suite, developer tools, a DBMS, and the other types of apps that would have come free in the Linux distro cost you. Part of this cost goes to support, so you can use Windows Update all you want... you already paid for it. Unlike up2date and its counterparts in the other distros, however, Windows Update just updates the base OS, so you have to take additional steps to update your word processor, C++ compiler and such.
I'd say the Linux way isn't such a bad deal after all.
stats? (Score:5, Interesting)
Re:stats? (Score:3, Insightful)
RTFParent and learn a little bit about statistics.
If there were 100 successful attacks, 67 got through Linux servers, 23 got through Windows servers, and the other 10 are through other types (OSX et al).
However, this says nothing about how easily eac
Corresponds with Netcraft (Score:4, Informative)
Statistics are dumb.
Re:Corresponds with Netcraft (Score:5, Insightful)
That's not the point.
The point is that this report handily debunks the myth that a Linux server is inherantly more secure than a Windows server.
The more rational among us here have tried to get the message out that no server is secure if there's an idiot at the helm.
Good admins make secure servers, not an operating system, despite what the zealots would have us believe.
Most attacked server? (Score:5, Interesting)
Re:Most attacked server? (Score:5, Funny)
Jesus... (Score:5, Insightful)
So while these "attacks" on servers totalling about the same damage amounts as usual there was quite a new record high obtained by the RPC vunerability...
So they are attacking an OS that is known to be running on more servers around the world and the "damage" from these attacks is holding steady, yet we don't mention in the article title that because Windows is MAJORLY vunerable, there was nearly 30 BILLION dollars in damage done!
Interesting spin.
What about Attacks from Venders? (Score:3, Interesting)
But what about vender attacks, like patches that crash the server, or the DoS attacks that happen when a server is taken off-line for patching? And surely a precautionary disconnect when there is a MS virus storm has to count as a successful DoS attack.
Simple explanation: (Score:3, Insightful)
Also, it has gained something of a reputation as a secure system, at least compared to IIS, and this may be undeserved in installations where best security practices are not followed (most of them). This is perhaps a wakeup call that it's important to patch, only set up services that are necessary, and use a firewall and intrustion detection system, but most people know that already.
More credit than they deserve (Score:4, Insightful)
The only way they've reduced the _proportion_ of attacks on their servers is by losing market share. The total number of attacks against Windows servers is still increasing, so it's a little premature to give them any compliments.
These aren't good statistics (Score:5, Insightful)
I think it's time to break the statistics down application by application at that point. Show me some Apache vs. IIS numbers or MySQL vs. SQL Server numbers or exclude third party applications altogether please. For the record, I run both Windows and Linux for clients and servers and am pretty neutral in the whole OS wars thing. Each has their merits and uses, both need regular security maintenance and I am pretty much happy with both for very different reasons. I'm not a Linux zealot, but I know bad numbers when I smell them. And then...
So MS is shoring up third party applications then? They even go on to cite Sobig and MSBlast as the reasons for the high MS numbers. This is shifting over to a very FUD-like smell now.Your login request (Score:5, Funny)
That would be WilliamGates.
What about worms? (Score:3, Insightful)
Well, yea, if you ignore most of the breakins (Score:3, Insightful)
Well, that's sensible if you ignore the half million or so infections by Blaster - which clearly this article does.
I think that any analysis of digital attacks that filters out malware is missing a huge part of reality. Certainly you'd have to be nuts to call August a good month for Microsoft servers.
looks like marketing to me (Score:3, Interesting)
mi2g disclaims all warranties as to the accuracy, completeness or adequacy of the information. mi2g shall have no liability for errors, omissions or inadequacies in the information intelligence offered or for interpretations thereof. mi2g disclaims itself of any sales lost or damages incurred to other parties as a result of this information.
Doesn't seem like this company is too confident in any of the claims made in these reports..
Their monthly intelligence [mi2g.com] has a quote that makes their "reseach methods" look shady:
The Monthly Intelligence analyses and collects data from over 7,000 hacker groups worldwide and provides detailed monthly and year-to-date information on:
Seems a little far fetched to me, I doubt many "hacker groups" are open to research companies doing data collection.
Well, it's probably because (Score:4, Insightful)
I think a much more meaningful statistic would be how many fully patched Windows and Linux servers are successfully hacked. With Windows, you are always vulnerable, because the rate at which vulnerabilities are discovered far surpasses the rate at which patches are issued. With OSS, OTOH, a patch is usually issued a few hours or days after the vulnerability is discovered. Hence, the amount of time a successful Linux exploit is usuable is usually much lower than an exploit for Windows.
I would guess that most Linux machines that get hacked are due to unpatched/deliberately insecure configurations - like using a dictionary word for a root password.
mi2g (Score:5, Informative)
Security always depends on the admin (Score:5, Insightful)
Number (or percentage) of successful attacks against servers maintained by professionals, sorted by operating system.
Of course there are a lot of non-secure Linux systems on the net. Lots of amateurs use Linux. After all, it's free! Notice how much the statistics in the article changed when they leveled the playing field and looked only at servers in one industry: government? Keeping to one industry caused them to look at systems maintained by sysadmins with much more equal skill levels.
From the article: Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.
Mi2g (Score:3, Interesting)
And now it's the other way around?
Study done by media whores at mi2g (Score:3, Interesting)
Gotta consider the source of this study: mi2g. They haven't been totally reliable [theregister.co.uk] in the past, and mi2g seems to be more interested in generating press [vmyths.com] rather than doing anything.
Of course, nobody in The Media will consider the source: the sound bite is just too good.
Linux-based systems not as simple as the buzz (Score:5, Insightful)
Sure they can get Apache webserver serving pages, they can get Tomcat doing "something", and they can certainly run XMMS quite well on their workstation, but they really have no clue how to properly use these technologies in a production environment.
They see switching to Linux-based systems as being a simple fix.
They aren't willing to extensively review their configuration or product documentation. They aren't willing to put in the significant amount of time that is in fact required to become experts with the technologies.
Yes, they certainly do get a kick out of telling their friends that they have "Linux boxes running their shop", but security suffers due to their naive incompetence.
These techs should be fired.
Open source development may be a "we'll get that feature done when we feel like it" affair, but deploying Linux-based systems in a production environment must not be.
If anything, effectively and securely deploying Linux-based solutions requires more training and knowledge than does deploying Microsoft.
Let's stop pretending otherwise.
No Challenge to Breaching Windows Security (Score:3, Insightful)
Seriously, I suspect that difference comes into play when you look at where the servers are used. You'll find that Linux is used in more servers that are much more worthwhile targets (ie credit card transaction processing) than Windows. So going back to the original comment, not only is it less of a challenge to break into Windows, but I suspect that there is also less reason to want to attempt to break into Windows servers.
myke
Re:No Challenge to Breaching Windows Security (Score:4, Informative)
In the book Repelling the Wily Hacker there is an amusing story about a Unix box getting rooted, and the script kiddie starts typing DOS commands.
Just to give an example that it does not take a real hacker to get into a Linux box as such. Other factors are also quite important.
mi2g Intelligence Unit (Score:3, Informative)
67% and 23% of How many in the Data Set ? (Score:4, Insightful)
Did they sample 20000 Servers ? 20,000 servers or 200,000 servers ?
Linux 67 Breached Linux Servers 12892 73.59%
Windows 23 Breached Windows Servers 4626 26.41%
90Total Cracked ? 17518
Well the percentile is only 90% of the figures. Which servers were in the missing 10%.
Did the survey compare windows to linux boxes alike e.g.
1 Linux Server examined to 1 windows box. for 20,000 boxes ?
I dont see any figures here for accuracy or qualification of the figures.
What I do see is a suggestion that Linux is very popular. If this is the case and we suggest that 80% of the net is unix to 20% microsoft. then 67% of 80% of the network being interupted seems very unusuall and rather high as a figure.
So I keep coming back to wondering where the figures have actually originated and been compiled.
Im fairly sure Microsoft can be secure, but unlike Unix it tends towards insecurity. Ive often compared running Microsoft boxes to herding sheep. You spend all your time keeping them alive and free of viruses. Unix on the other hand is the sheep dog, consistent , loyal and dependent.
They can bandy these figures all they like but unless they can flatten the survey and show a clear scope of investigation and comparison then I dont think we should be worrying about the quote.
Well, Of Course (Score:3, Insightful)
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by...
All the Windows boxes that are 0wnZ3r3d are not verifiable!
MjM
Groovy. Gear. Mod.
A quote and personal experience (Score:5, Interesting)
I must confess that the first linux server that I set up was hacked for the very reason mentioned: my ambition exceeded my knowledge.
Imagine my chagrin when I got email from a couple of companies stating that an attack had been launched on their servers from my system! Let me tell you, I fixed that right quick!
I find it interesting to note the low number of Unix boxes that the article mentions as attack victims. Based on the experience of my own personal ignorance, I figure Unix operators are probobly more savvy, ergo tighter security and fewer successful attacks. Personally, I haven't been able to figure out how to configure a Unix server in a usable manner (having tried FreeBSD and failed miserably). I find Linux easier to work with, which, perhaps, invites disaster when someone with limited savvy (such as I, once upon a time) decides to roll out a server and expose it to the wild west Internet.
[For those who wonder, the incident involved someone setting up an IRC server app on my system, which then attempted to install itself, apparantly, on other systems that were better-secured than my own. Thereafter, I put everything behind a linux firewall that was locked down tighter than a nun's dainty underthings. I hope this humble and frank admission of ignorance will learn y'all to lock those ports down TIGHT!]
mi2g - computer security hysteria specialists (Score:5, Informative)
Vmyths [vmyths.com] appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK [ntk.net] and The Register, [theregister.co.uk] (when its search engine is working) for mi2g are as enlightening as they are amusing.
Verifiable is the key... (Score:5, Interesting)
The key word here is 'verifiable'. It is much easier to detect and validate that someone has hacked a Linux box, than a Windows box. We don't know the following that would lead more credence to any claims:
1. What is the ratio of M$ to Linux boxes that were attacked that we don't know about? (undetected and still infected - I would argue this number is much larger on the M$ side)
2. How were the percentages arrived at? If there are more Linux servers on the network than Windows servers, then we can not quantify 'percentage of total servers' and have it mean anything useful in terms of total numbers of attacks because, statistically, Linux attacks will outnumber Windows attacks given a standard distribution; since most script kiddie tools run on, and target Winblows machines, a 21% of total attacks on a few windows machines is more significant than a 67% of total attacks on a much larger group of Linux machines.
Social science numbers have no intrinsic value, except to the uninformed.
"Figures never lie, but liers tend to figure." - Longfellow
This is some FUD (Score:5, Insightful)
From NetworkWoldFusion [nwfusion.com]
The Blaster worm - also known as MSBlast or LoveSAN - has spread rapidly since it was first noticed on Monday. It has infected an estimated 188,000 systems running Microsoft operating systems, including Windows XP, Windows 2000, Windows 2003 and NT, that are unpatched for the so-called RPC vulnerability discovered last month, according to a security firm tracking the worm.
They didn't count them. Why? Most of them aren't servers, right? Well how did they differentiate Linux servers then? I bet they didn't -- did they check and only record RH Advanced Server and disregard all the RH Workstation. I doubt it. This is pure FUD by a place that has trouble with math.
Ehhr, oookeeey? (Score:4, Interesting)
So, its like, here we have an organisation that manage to track 7900 hacker gruops?
Riighht...
That should make echelon pretty jelauos. The numbers are spewed out with no explanation whyatsoever wich makes someone as paranoid as me very suspicious. I have a hard time imaging a hacker giving numbers that easily. Smart hackers tend to shut their mouth. We only see the stupid scriptkiddies who brags on irc. I hope they havent used IRC logs as a measurement even if it wouldnt surprise me at all.
"Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August."
Why arent the numbers for this accounted for? I interpret this sentence as if Windows Servers was infact more attacked at govts. Why isnt those numbers revealed? Was there like, 100 000 Windows attacks or 10? The difference is also quite amusing between the number of successfully attacked systems. It seems like the govts is better at securing their servers than comercial online shops are.
And again Riiighht...
"The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.)."
"The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion"
If im right here server attacks from hackers cost 707 million. Attacks from viruses/worms (Windows since how many has even seen a linux worm let alone experienced one?) cost about 27 billion.
In that retrospect its kind of annoying if mi29 pats Microsoft on the shoulder since they account for almost all lost productivity and loss of income. Since the Microsoft attacks costs so much more or are so much more expensive i find it very hard to come to no other conclusion than that the linux attacks are no more than supercicial breaches easy recovered from. Either that or the numbers just dont add up.
As i side note, yes i think linux need better security but to gain real security on cheap intel/amd there need to be some better memory protection and more belts and straps. If one security mesurement fails there should always be a backup system to catch what slips through the first line of defense. This is my strong belief drawn from my view that no system can be whitout faults. We should try and mimik the way airplanes are built and used.
The SE Linux kernel patch is the answer (Score:4, Interesting)
selinux.copilotconsulting.com
user: root
pass: root
Help me with the math here (Score:5, Insightful)
Re:Help me with the math here (Score:4, Interesting)
*scratches head*
I don't get it. I mean really, WTF is "6.5% of the total of 1% of their sample"
1% of their sample = 2,800
The total of 1% of their sample = ??? what value are you totalling?
6.5% of 1% of their sample = 182
I don't really see how your math works...
For those who you know actually care about math and stuff, 18,000 is 15.6% of 280,000... which is certainly quite a large figure for a single month out of the 80+ months in which this sample data was collected...
Re:Help me with the math here (Score:4, Informative)
What is a successful breach? (Score:4, Insightful)
Re:Article Text (Score:3, Informative)
ha ha.... making good of their rapidly shrinking server market share... oh this is classic. Those figures almost exactly match the market shares for Apache and Microsoft
news.netcraft.com [netcraft.com]
Apache 64.52% ... Microsoft 23.54%...
so just who is trying to kid who with the figures???
Re:"Linux Most Attacked Server?" (Score:3, Informative)
"A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Re:Software or Sysadmin probelm? (Score:3, Insightful)
Almost all software is insecure, if run poorly.
What is the life expectancy of a Redhat 7 default install not behind a firewall?