Nearly two-thirds of Web sites that were hacked or defaced last year were running on Windows NT or 2000, according to recently released figures.
A survey by hacker site Attrition.org showed that between August 1999 and December 2000, 59 percent of defacements were carried out on Web sites running on Windows NT or 2000, compared with eight percent on Sun Microsystems' Solaris, three percent on open source operating system BSD and 0.12 percent on Suse Linux servers.
Windows' statistics do not compare well with its share of the server operating system market, which is significantly less than 59 percent. Analyst firm IDC estimated that in 1999, Windows NT accounted for 29 percent of server operating systems worldwide.
IDC reports that 24 percent of servers are currently running on Novell NetWare, 16 percent on Unix and 12 percent on Linux. No figures are available for Windows 2000. A similar survey published by Internet consultancy Netcraft covering December 2000 found Microsoft servers running 19.6 percent of Web servers worldwide.
Despite the difference between the proportions of market share and defacements, some analysts said the figures do not show an inherent security weakness in the Windows NT operating system.
Dan Kusnetzky, vice president of system software at IDC, said: "Since Microsoft's Windows has the largest [installed base], it's clear it's the best target for attack. I doubt anyone would try to crack an OS/2-based server. It would be difficult and the cracker wouldn't get much publicity. When anyone finds a way to break into a Windows-based system, it is immediately front-page news."
Kusnetzky added that as Windows 2000 starts to replace NT, the situation could change. "Windows 2000 appears to be better in many ways than its predecessor. We'll have to see whether smart people will find ways to break it," he said.
The figures come at a time when Micro-soft has teamed up with 18 other firms to share information about hackers and vulnerabilities and improve security. Firms such as Oracle, Cisco and IBM are backing the project, called the Information Technology Information Sharing and Analysis Center.
