Linux hacked more often than Windows

[ibe98765]

Linux hacked more often than WindowsAngus Kidman, ZDNet AustraliaFebruary 20, 2004URL: http://www.zdnet.com.au/news/software/0,20...39116229,00.htmWhile Linux has long enjoyed a reputation for being more secure than closed source operating systems such as Windows, its rise in popularity has also made it a far more common target for hackers, a new study suggests. An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more specific analysis of government servers also found Linux more susceptible, accounting for 57 per cent of all breaches. In a similar analysis last year, Windows proved far more vulnerable, with 51 per cent of successful attacks on government servers made on some version of the Microsoft operating system. However, the rise in digital attacks probably reflects a lack of training and deployment expertise rather than inherent security problems in Linux, mi2g officials suggested. "The swift adoption of Linux last year within the online government and non-government server community, coupled with inadequate training and knowledge on how to keep that environment secure when running vulnerable third party applications, has contributed to a consistently higher proportion of compromised Linux servers," mi2g executive chairman DK Matai said in a statement. The mi2g study concentrated on "overt digital attacks" and didn't include more general forms of attack such as viruses and worms. Microsoft has been under fire for the past year for the lack of speed with which some patches to fix security holes exploited by these forms of malicious code have been made available and deployed. While Linux advocates may not welcome the new data, it should prove good news for fans of BSD and Mac OS X. Those operating systems accounted for a tiny percentage of successful attacks, and no government servers running other OS were breached.

[linuxdude32]

Slashot mentioned this article a while back (a week?). I can't find it right now but the discussion was quite interesting.The article doesn't mention if the study accounts for the fact that there are more Linux servers than in the past and therefore one would expect more breaches with a comparative level of security. It also seems to exclude worms and trojans which makes the Windows number of breaches conveniently much lower. And of course, as the article admits,

however, the rise in digital attacks probably reflects a lack of training and deployment expertise rather than inherent security problems in Linux, mi2g officials suggested.

[jodef]

Osnews carried the same article and while not dismissing the study or its accuracy the following disclaimer or qualifier was also carried in Osnews:

Without paying, there's not a lot of information about the methodology used, so the numbers should be taken with a grain of salt. It's not clear whether the low numbers for BSD and OSX breaches can simply be attributed to the fact that they're not as common as Linux servers. And as has been noted in the comments mi2g does not have a sterling repulation in the security industry.

Edited February 29, 2004 by jodef

[Guest LilBambi]

The mi2g study concentrated on "overt digital attacks" and didn't include more general forms of attack such as viruses and worms. Microsoft has been under fire for the past year for the lack of speed with which some patches to fix security holes exploited by these forms of malicious code have been made available and deployed.

Whether you are talking about the server arena or the desktop area, you can not leave out the viruses, worms and trojans when calculating security risks or vulnerabilities because they hit Windows computers at an alarming rate and contribute significantly to insecurity.I really think the analysis was lopsided by not including all the factors into what makes an OS secure.I do agree that folks did jump on the Linux bandwagon a lot last year and many are still playing catch up on learning something totally new to them, and definitely different than the Windows servers they were used to previously.