Linux hacked more often than Windows?

[Aloone_Jonez]

This is the sort of thing that Viper normally posts: http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm

 

quote:
While Linux has long enjoyed a reputation for being more secure than closed source operating systems such as Windows, its rise in popularity has also made it a far more common target for hackers, a new study suggests.

An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more specific analysis of government servers also found Linux more susceptible, accounting for 57 per cent of all breaches.

Surly this can't be true.  :confused:

http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm

[WMD]

That report didn't count worm attacks.

[Aloone_Jonez]

Do you think they're MS biased?

Do you know where can I go to get more accurate information?

[Orethrius]

What a load of crap!  Shall we leave out the Downloader.Ject victims and count UNIX as Linux while we're at it?  Oh wait, WE DID.

EDIT: What does this prove, class?
"That more people need to learn BASIC SECURITY SKILLS before switching to Linux?"
Very good!

EDIT 2: Proof that ZDnet is MS-biased.  Read the headline, then read THIS excerpt:

"The swift adoption of Linux last year within the online government and non-government server community, coupled with inadequate training and knowledge on how to keep that environment secure when running vulnerable third party applications, has contributed to a consistently higher proportion of compromised Linux servers," mi2g executive chairman DK Matai said in a statement. -- Emphasis added.

ANY SYSTEM IS UNSECURE WHEN YOU DON'T BOTHER LEARNING BASIC SECURITY.

[ August 03, 2004: Message edited by: Midnight Candidate ]

[mobrien_12]

"The mi2g study concentrated on 'overt digital attacks' and didn't include more general forms of attack such as viruses and worms."

In short, Windows can be violated automatically and rampantly through viruses and worms while Linux requires an "overt digital attack."  

Perhaps Windows would be violated more frequently through "overt digital attacks" if it wasn't so overwhelmingly easy to compromise it with a worm or virus.

Anyway, you can harden Linux.  You can firewall, patch safely, restrict permissions, and enable SELinux.  What choices do you have for Windows?

[Orethrius]

quote:Originally posted by M. O'Brien:
"The mi2g study concentrated on 'overt digital attacks' and didn't include more general forms of attack such as viruses and worms."

In short, Windows can be violated automatically and rampantly through viruses and worms while Linux requires an "overt digital attack."  

Perhaps Windows would be violated more frequently through "overt digital attacks" if it wasn't so overwhelmingly easy to compromise it with a worm or virus.

Quoted for truth.

 

quote:
Anyway, you can harden Linux.  You can firewall, patch safely, restrict permissions, and enable SELinux.  What choices do you have for Windows?

Plenty.  The issue here, though, is that they're all HARDWARE, not SOFTWARE.  The end-user shouldn't HAVE to dump $200 into a broadband router just to shunt malicious traffic (even though that's what I did).

[savet]

I don't know what today's statistic is, but at one point I thought about 80% of web servers were running a Redhat/Apache combo.  If this statistic was true, and every server was compromised, 80% of the compromised servers would still be Linux.  That doesn't sound too impressive to me.

What would be more impressive would be the percentage of servers running a particular OS vs the number of servers running that OS that were compromised.  That's the only way these statistics will be helpful.

IMHO, this is like saying that 100 people died from gunshot wounds and we need more gun control....when 90 of those gunshots were suicide.  The statistics are correct, but the logic is flawed.