Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
According to Zone H: http://www.zone-h.org/winvslinux The news appeared during the last days in which London based MI2G.com stated that Linux OS is now more attacked then Windows has been reported ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284

    Linux more attackable than Windows?


    According to Zone H:
    http://www.zone-h.org/winvslinux


    The news appeared during the last days in which London based MI2G.com stated that Linux OS is now more attacked then Windows has been reported by media and immediately criticized by the IT Security world.

    MI2G is basing part of their research job relying on Zone-H.org databases therefore they based their last press release using the data Zone-H is sending to all its mail subscribers regarding the daily attacks.

    Using such data MI2G was calculating that the amount of Linux attacks has stably overcome the Windows attacks.

    The direct result of Zone-H data organized in a chart graphically supporting MI2G statement is in fact showing that today Linux attacks are as 5 times higher than the Windows ones.

    The IT Security world has immediately attacked MI2G statement saying that when counting the attacks MI2G accounted all the mass-defacement (an attack that while hitting a single IP or host, generates multiple defacements like it usually happens to big hosting companies) as single hits.

    The Itsec purists argued that the mass-defacements should be accounted instead as 1 single hit therefore MI2G statement was either premature or inaccurate.


    The only organization that has enough authority to solve the dilemma is Zone-H as today is holding the most complete database having access to direct statistics.

    So, today Zone-H staff started to dig in the archives filtering out all attacks by SINGLE IP divided into the different OSs.

    The results that came out is clear: Linux is in effect the most attacked Operative System, and this already since middle March 2003 as you can check by this graph:

    The graph is showing the attacks trend during the last 16 moths.

    The graph shows clearly that one of the most hit OS over the time was Windows (red line). The interesting fact is that since middle-January 2003 Windows became for some unknown reasons less attacked (and less attackable) than Linux.

    Zone-H identified the reason of this strange phenomenon in what Zone-H calls the “Slammerworm effect”.

    In fact the Slammer worm ha produced since December 2002 a spike in the Windows 2000 statistics. Since then, the Slammer worm threat has been so much covered by the media that companies started to patch at a speed never seen before. The result of this process is that Windows OS has instantly become less attractive for crackers.

    If we also consider that the number of the worldwide Windows installations is presumably higher than the Linux installation it means that a properly weighted analysis would reveal that the Linux “hacker attractiveness” would be even clearer.


    The graph generated from Zone-H databases is also showing other interesting aspects: the web cracking phenomenon is transforming more and more into a social problem very much related to political issues.

    The September 11th anniversary and the Iraq war have been the reason why the overall number of attacks has increased 500%, hitting this year an amount of targets never seen before.

    If anybody before was under evaluating the web-cracking events, these graphs and numbers should be the reason of paying more attention to these facts as they are more and more configuring a sociologic problem.
    Jason

  2. #2
    flw
    flw is offline
    Linux Engineer
    Join Date
    Mar 2003
    Location
    U.S.A.
    Posts
    1,025
    Although j is holding back on his opinion I give you mine.

    Since unix/linux webservers (most of which are Apache) are so easy to setup in the past few years, the same type of users running IIS, have left Apache and other web based services with defualt settings on, configurations alone and no security. So they are becomming more vulnerable due to the type of users setting them up.

    The other factor is companies like Redhat and others installing by defualt all sorts of unneeded services leaving your box more vulnerable to the new user for the ability to make their product more friendly. As a example, then you no longer would have to install ftp if it is installed by defualt. But you would also be less secure if you used it or not.
    Dan

    \"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"

  3. #3
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    Exactly what I was thinking, flw. It doesn't take much to set up a linux box (with RH or some other distro w/ a nice installer) for a web server with all defaults. Laziness or lack of knowledge is the real problem here, not the OS.

    If you had two people of great skill with linux and windows set up a web server on their OS, I would put all my $$$ on the linux box.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jul 2003
    Posts
    1
    Quote Originally Posted by sarumont
    If you had two people of great skill with linux and windows set up a web server on their OS, I would put all my $$$ on the linux box.
    I once saw someone in alt.2600.hackerz who had set up an NT4.0 box with IIS 4, and claimed it was unhackable (no separate firewall or NAT... single box cold and alone in the world). For several weeks he'd send updates about stuff he'd logged happening, but as far as I know it was never hacked. I would say that if you have a linux and windoze security expert, they could probably both make a remotely secure box of the respective OS. I think time spent configuring would be another issue entirely though, as well I am certain that the Linux box would be more locally secure than the NT box.

    Ben.

  6. #5
    Just Joined!
    Join Date
    Jul 2003
    Location
    Palmyra, Pa
    Posts
    6

    Microsoft not telling the whole truth?

    This may not be in line but then again it may be. I had read a similar report in eweek (don't have the article for reference), but it basically stated that Linux systems had more vulnerabilities then windows. They did make a small comment that microsoft does not report all of its vulnerabilities also. Then I noticed that on my laptop, running xp, I had some updates ready. So I naturally looked at them and installed them. That day there were four updates and all of them were listed as critical and all dealing with security???? I think that microsoft has found a way to keep its dirty laundry out of the public eye more than anyone else and that may be why Linux is appearing to have more issues with hacks and vulnerablities.

    Just an opinion. I hope that it is not out of line.

  7. #6
    Linux Newbie
    Join Date
    Jun 2003
    Location
    55 (degrees) north 7 west
    Posts
    126
    linux would defently be easyer to hack.
    i think anyway, first of all there is the 'root' login name which is on any linux box which would instantly provide a login name to someone then all the hacker has to worry about is the password but there is loads of password crackers out there which can exploit passwords easyily. also the way the linux file system is i think its easyer to get around then the ntfs file system. but i would agree that it comes down to the person who set up the box.
    also there are tones of linux hacking texts whic were written years ago but which have been forgotten about but which are now surfaceing again.
    Thanks v much

    \"Anything bigger than my ego i want it caught and killed\"- Zaphod Beeblebrox

    Multi boot:
    Win xp home, SuSE 8.2 and Slackware 9.1

  8. #7
    Just Joined!
    Join Date
    Oct 2003
    Location
    Glasgow. Scotland
    Posts
    9
    From my experience of linux and other OS's [ and I aint no expert ], its down to the person who sets the system up. Linux is secure if you know how to shut off services and secure file permissions [ not instantly understood by Linux new-comers ] Windows is not in the same league as Linux as far as OS's go, Linux is a powerful tool when windows is just convienient. But to be fair either system can be locked down as tight as a knats a**, coz if you are not offering the services to the world then u can not be exploited. Different security problems arise at an alarming rate in both linux & windows but there is a better support network [ community ] with regards to linux. Microsoft regard their security issues as, its none of your business buddy & be thankful were telling you about them. I may be biased, and its only my opinion, but Linux wins hands down. Even though it may be "the most attacked OS" I still feel it is the more secure of the two [ Linux v NT XP 2000 ] Its flexibilty and most of all FREE'ness [ including all software, Firewalls, Web servers, IDS's "the list goes on and on" ] appeals the most and makes it a better all round OS. [ only my opinion ]

    All criticism welcome

  9. #8
    Linux Engineer kriss's Avatar
    Join Date
    Jun 2003
    Posts
    1,113
    1.

    If you are serious about security, you have an IDS installed, you run checks for rootkits and generally keep vital software up to date and turn off all unused services. Firewalling and chrooting is not bad either.

    2.

    GNU/Linux is more atackable than windows becuase its more used in the servermarked than windows is. Remember when the ptrace flaw came out? IIRC Alan Cox released an patch in some hours. Microsoft suck at releasing pathces, take inernet explorer and word 97 as some examples. Security through obscurity doesnt work.

  10. #9
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    I think that any 1/2 decent sysadmin should be able to configure both OS's to a reasonable level of security.

    Linux is much more powerful, so it takes a bit more skill to do, where as the average windows (l)user just wants convienence, so its partly to do with the mentality of the users of a particular operating system (IMO)

    Jason

  11. #10
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    Agree it doesnt really come down to OS it comes down to the man who configures it.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •