According to a study the British security firm mi2g, Linux is the world's "most breached" OS and is exploited more frequently than Windows. The company recently analyzed more than 235,000 successful attacks against computers that were permanently connected to the Internet during the past year and concluded that Linux was responsible for most of the successful exploits.
"For how long can the truth remain hidden, that the great emperors of the software industry are wearing no clothes fit for the fluid environment in which computing takes place, where new threats manifest every hour of every day?" DK Matai, mi2g's executive chairman, said in a statement. "Busy professionals ... don't have the time to cope with umpteen flavors of Linux or to wait for Microsoft's Longhorn when Windows XP has proved to be a stumbling block in some well-chronicled instances."
According to mi2g, Linux-based computers accounted for more than 65 percent of all successful electronic attacks during the past year, whereas Windows-based systems were responsible for only 25 percent. Attacks against Berkeley Software Distribution (BSD)-based systems were successful less than 5 percent of the time. However, it's worth noting--although mi2g didn't--that BSD-based machines make up a small percentage of the installed base of permanently connected machines. In all probability, those machines weren't attacked simply because there was little incentive to do so, not because of any inherent superiority over Linux- or Windows-based systems.
The mi2g study also analyzed the impact of malware during the same time period and found that most malware attacks--about 60 percent--successfully targeted small businesses, whereas about 33 percent successfully targeted home users. Only 6 percent of malware attacks successfully targeted midsized businesses, whereas 2.5 percent successfully targeted enterprises, government agencies, and similar firms. According to the company, 459 successful malware attacks occurred during the past year, most of which targeted Windows-based systems. Malware rarely targeted BSD-based and Linux systems.
These electronic attacks are taking an economic toll. The firm says that electronic attacks such as Distributed Denial of Service (DDoS) attacks caused as much as $123 billion in damages during the past year. Malware attacks were responsible for $202 billion in damages during the same time period.
End of Article
Stupid bloody Americans with no security and buggy software
Anonymous User November 04, 2004 (Article Rating: )
Nice spin, Paul.
Let's quote directly from the mi2g study:
"London, UK - 2 November 2004, 02:30 GMT - The most comprehensive study ever undertaken by the mi2g Intelligence Unit over 12 months reveals that the world's safest and most secure 24/7 online computing environment - operating system plus applications - is proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin."
Yeah. How about some HONEST reporting, Mr. Thurrott?
WinThose November 04, 2004 (Article Rating: )
C'mon, let's anylize this information realistically here. The majority of "permanently connected" systems are what? Web servers, right? So, Linux in this context is the largest attack surface, the frontline if you will, so they will inevitably be the hardest hit. Then you notice that medium and large businesses are the least hit. That's because they have people who know what they're doing. I can't tell you how many times I've gone to a site to see the default Apache "congratulations" page come up. I'm not a hacker, but that is basically a welcome mat that says "hey, come on in, the door's open."
So, it's not the OS that's to blame here, it's the people who don't know what they're doing.
Everybody and their mother knows that Windows is vulnerable, and, without having read the report, I'd guess that those malware attacks that caused "$202 billion in damages" were primarily directed against the Windows systems.
I too am sorry to see this spun in such a way to try and make Windows look more secure than Linux.
greglara November 04, 2004 (Article Rating: )
For a writer to seriously claim such false evidence, for the sake of face, in one word is- appalling. Good reporting is reporting the truth. It is this kind of reporting that the UNIX and UNIX-Like communities look down on Microsoft and it’s supporters.
To counter your claims: My family for the most part is largely Linux savvy. But, for school, the sisters must use Windows. IBM’s new laptops come with a OEM install of Windows XP Professional, this is fine - no work on my part. Within ONE DAY of use at school, for about four hours, the sisters’ laptops were infested with over 200 ad-ware infestations and two viruses, one of them being a “Trojan horse.”
I have a default install of Gentoo 2004.2 and have been running it completely exposed to the Internet and it has not once been “infected” or compromised. Please, for he sake of you and your already-damaged reputation, bake your findings with REAL facts and perhaps some real personal experiences.
Anonymous User November 04, 2004 (Article Rating: )
I've been running a default slackware 10 install connected 24/7 to internet without problems for months. But if you connect a windows 2k without firewall and antivirus it can last about 5-10 minutes without being attacked and infected by any worm/trojan
Anonymous User November 04, 2004 (Article Rating: )
Hey Mr slackware 10 install, Try running a slackware install from 4 years ago and see how long it lasts.
Install XP w SP2 and you're all set. Quit comparing yourself to old software to try to make yourself feel good.
Anonymous User November 04, 2004
Firstly people: Paul is just reporting the news, he didn't create this report. Next: Why is it impossible for this report to be true? Obviously the people releasing this knew they'd be the brunt of slashdot type venom and you would think they checked and rechecked their findings before releasing them. Lastly: Get over it.
DrestinBlack November 04, 2004 (Article Rating: )
Hey Greglara, you are obviously not a programmer but that's not important. My comments: It doesn't matter if linux has a "bigger attack surface", it's either more vulnerable or not. If it's in vulnerable than being attacked 10 times or 10 million times won't make it less vulnerable.
Your comments about Apache don't really add up to help your side either. You are indicating you believe that default installs of apache are vulnerable to everyone and his mother out of the box. Wow, I'll bet apache would be bumed to know that. (small note: It has not been recorded anywhere that IIS6 has been exploited since it's release, can any other web server make that claim). Lastly, Paul didn't "Spin" anything, he just reported the findings of another companies research. Go talk to mi2g and complain to them with proof of the flaws in their methodology - I suspect you'll need more than anecdotal evidence.
DrestinBlack November 04, 2004 (Article Rating: )
To Annonymous with the linux savy family: Good for you! TOo bad your sisters are too stupid to turn on the built-in firewall (or have SP2 with it turned on by default) and have ignore all windows reminders to do so. However, something more important to note: you provide anecdotal evidence. You, one user. mi2g tested hundreds of thousands of events; do you think your 1 report can overturn the results of thousands of reports? Think again.
DrestinBlack November 04, 2004 (Article Rating: )
There is some spin going on here, but then again, who helps this magazine pay its bills? Who will pull back the toys from the writers if they cross the line in evaluating the software? Any of us who read these articles or who subscribe to this magazine should already know that.
As for MS v. Linux, let me advance this to you all. Stop the brand-whoring, okay. The bottom line here is causality. Ask yourselves what causes these security breaches to happen on either platform in the first place? Is it a case of one type leaving vulnerabilities for the sake of ease-of-use? Is it the case of another brand being based on open-source thereby allowing shoddy and and careless programming to take place? In general, is it the fact that the PC world is so diverse that in order for all of this diverse hardware and software to work, that vulnerabilities are inherent? Are corporate intersts sacrificing security as a cost-savings measure? Finally, have corporate interests invented and perpetuated a problem so that a solution could be sold to the public; the "Make a Need to Sell a Better Mouse Trap so You Should Provide the Better Mouse" Theory.
Some of these may seem crazy, but as a whole, all of these questions are not far-fetched. In the end, it all boils down to this computer stuff being a faily new technology and minds and social habits need to catch up.
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...
An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...
Free CDs Offer Fundamental Content for IT Pros Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
)
)
)
)
Register
Anonymous User November 04, 2004 (Article Rating: