Online servers running Linux were attacked more often in January than those running Windows, according to a security firm. Linux advocates often take pride in the operating system being more secure than Windows but this claim may have attracted unwanted attention from the hacking community.
An analysis of hacker attacks on online servers in January by UK-based security consultancy mi2g found that Linux servers were the most frequently hit, accounting for 13,654 successful attacks, or 80 percent of the survey total. Windows came in a distant second with 2,005 attacks. A detailed analysis of government servers also found Linux to be more susceptible, accounting for 57 percent of all security breaches. In a similar study last year, Microsoft Windows proved to be more vulnerable, accounting for 51 percent of successful attacks on government servers.
However, the sharp rise in Linux breaches probably reflects a lack of training and deployment expertise rather than inherent security problems within Linux, mi2g officials suggested.
View: The full story
News source: ZDNet UK
An analysis of hacker attacks on online servers in January by UK-based security consultancy mi2g found that Linux servers were the most frequently hit, accounting for 13,654 successful attacks, or 80 percent of the survey total. Windows came in a distant second with 2,005 attacks. A detailed analysis of government servers also found Linux to be more susceptible, accounting for 57 percent of all security breaches. In a similar study last year, Microsoft Windows proved to be more vulnerable, accounting for 51 percent of successful attacks on government servers.
However, the sharp rise in Linux breaches probably reflects a lack of training and deployment expertise rather than inherent security problems within Linux, mi2g officials suggested.
View: The full story News source: ZDNet UK
Sorry, but there's more to the story than that.
That to me would explain it right there.
Microsoft, 21%, down 6% from last year.
Sun 3%
You'd think they would at least mention that fact.
Anywho, all are relatively secure if you know what you are doing.... and at the same time, none are hacker-proof.
On a side note, ran across something interesting that I wasnt aware of... while Apache has a clear lead and is expanding it with webservers, Microsoft still hosts more SSL servers (MS 49%, Apache 36%, Sun 3.5%)
Windows 2000 does have very good certificate handling.
Anywho, all are relatively secure if you know what you are doing.... and at the same time, none are hacker-proof.
Your first statement makes me laugh. I have been saying this to all the people who claim "Linux is More Secure because there are not as many security vulnerabilities as Microsoft". I also agree with this.
With your second statement, you hit the nail right on the head. If you keep your systems patched, and secure them, you will have less security problems no matter what OS you are running.
I am not saying Linux is less secure then Windows, but I am also not saying Windows is not as secure as Linux.
Linux by default is much much more secure than windows - but these webhosts who have 25 servers leave all services online such as telnet, SSH on a normal port.
but these webhosts who have 25 servers leave all services online such as telnet, SSH on a normal port.
And that is how it should be. If you assume that by putting ftp on, oh, i don't know, port 1984 will make it more secure, you sir, are living in your world
Security through obscurity should never be even considered.
Microsoft has Linux beat in this department hands down. By telling users how to secure their computers (Baseline Security Advisor, Windows update, ICF, and so on), keeping the source code secret while doing extensive audits on it, etc, they make Windows more secure.
However, what we probably have here is MS admins suddenly having a Linux box pop up in their DMZ and beeing told - "keep this running", without being sent on any training, etc. I talk from first hand experience here...
BTW Red Hat's security documentation is excellent, the RHN can autoupdate machines, just like WU or SUS and the Linux kernel netfilter makes ICF look like a sad apology for a packet filter.
I disagree. When it comes to security, you are saying its the OS's fault b/c the admin doesn't educate themselves? While no doubt running a *nix server is a lil more complaticated of a task when it comes to securing/updating but it's not rocket science. Half start of with an improperly configured server from the get go... so no security update, firewall, etc is going to help them.... these same people would probably foul up their IIS server as well.
Overall, the successful hacks, according to the study, were fairly proportionate to market share... so it's hard to say MS beats Linux hands down in the educating process. This isn't a knock on MS by any means, it just goes to show that there are a group of people on both sides that don't have security as high as a priority as it should be.
Last edited by 10547 on 20 Feb 2004 - 14:19
I have to admit I needed webmin to get me started, which I think is a great tool. (No doubt I'll get flamed by a guru who believes text editor or nothing)
(No doubt I'll get flamed by a guru who believes text editor or nothing)
That... that's another story.
I am part of these "guru who swear by vi and disses config tools for his own use"
However, for the sake of configuration by non-gurus, a server SHOULD have proper "easy to use" config tools...
I'll never understand why gurus are dissing someone who uses webmin. I mean, it does the job, right? Perhaps it makes them feel 1337er.
Of course, you get to learn more by doing it by hand but still, you know... Nobody's born with knowledge, and graphical configuration tools were built for a reason.
"mi2g said its study focused on "overt digital attacks" and did not include other methods of intrusion such as viruses and worms. "
Just as well for windows! I don't think it'd be quite the "distant second" had those figures been included. Why don't we try comparing OS's by only looking at virus & worm infections, see which is the most insecure then.
HexJam
But then, it is still flawed. There is no doubt that more worms and virii are written W32; but then again, W32 is the dominant platform. If *nix was the dominant platform, we'd see the exact opposite of what we see today.
So at the end what? Linux too is insecure as any other OS, No OS will be secure unless users stay on top of security and updates period.
Just more FUD for the fire.
Honestly *all* OS's have good security.... the main/primary problem on most exploits/hacks/virii/etc is pebcak, no matter which OS you are talking about.
A dedicated server can be leased pretty cheapy nowdays. Many people that really shouldn't be administrating a dedicated server are going ahead anyways due to the prices... further adding to the pebcak problem.
There are tons more linux servers on the net then windows servers.
Also, dedicated servers are very inexpensive these days. They all come with a management system so you can web manage it.
Most servers getting hacked out there are people who are not admins buying dedicated servers cause its "cheap" and "cool" instead of buying managed hosting. They leave their box on and get hacked. These are the people who have no idea what security means and they are the ones getting hacked.
If you compared companies who have certified or highly experienced system/network administrators, you would probably see that those who run windows servers get hacked more then those who run linux servers.
Also IIS6 has a much better design and seems to be pretty solid.
IMHO IIS6 and Apache a both good webservers, I personally lean toward Apache - I'm just saying making an IIS box public isn't the suicide mission it used to be.
My original sentiment stands though - MS have improved IIS A LOT over the last couple of years.
Besides, an escalation of privilege exploit is the ultimate crack. It feeds their egos when they're successful.
These numbers are useless and mean nothing without information on the pool of machines we are talking about.
20%*4=80%
2,005*4=8,020
13,654>8,020
From a mathematical standpoint, Windows is more secure.
The ability and ease in which to compromise an OS is how it is determined whether or not the OS is more secure. Not the sheer number of machines in comparison. If you want to show us a comparison of something, you might as well grab an apple and an orange and tell us that not only are they the same color, but they taste the same, too.
For example, if we were to take the privilege escalation exploit away from Linux and give it to Windows, your formula would still show Linux as less secure. And this could be nothing further from the truth.
Even if Windows had 80% of the market, Linux would still be less secure, simply because of the exploit.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.