Linux hacked more often than Windows

An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more specific analysis of government servers also found Linux more susceptible, accounting for 57 per cent of all breaches.

In a similar analysis last year, Windows proved far more vulnerable, with 51 per cent of successful attacks on government servers made on some version of the Microsoft operating system.

However, the rise in digital attacks probably reflects a lack of training and deployment expertise rather than inherent security problems in Linux, mi2g officials suggested.

"The swift adoption of Linux last year within the online government and non-government server community, coupled with inadequate training and knowledge on how to keep that environment secure when running vulnerable third party applications, has contributed to a consistently higher proportion of compromised Linux servers," mi2g executive chairman DK Matai said in a statement.

The mi2g study concentrated on "overt digital attacks" and didn't include more general forms of attack such as viruses and worms. Microsoft has been under fire for the past year for the lack of speed with which some patches to fix security holes exploited by these forms of malicious code have been made available and deployed.

While Linux advocates may not welcome the new data, it should prove good news for fans of BSD and Mac OS X. Those operating systems accounted for a tiny percentage of successful attacks, and no government servers running other OS were breached.

• Related stories

• Alerts

Add your opinion

"running other OS were br ...Anonymous -- 20/02/04

"running other OS were breached", it's "neither"

• Reply to comment
• Reply to story
• Report offensive content

Okay, maybe it should be " ...Anonymous -- 20/02/04

Okay, maybe it should be "either".

• Reply to comment
• Reply to story
• Report offensive content

linux is unhackable Anonymous -- 27/06/08 (in reply to #120103238)

NO DAMNIT! This can't be happening! My linux machine can't be attacked! THIS IS A LIE THIS IS A LIE THIS IS A LIE!!!!!

• Reply to comment
• Report offensive content

Open-Source is more hackable Anonymous -- 05/07/08 (in reply to #320105220)

yes, you can look at source code and find security bugs that linux team(s) havent found yet and take advantage of it

source: experience and my own eyes

• Reply to comment
• Report offensive content

Let these "new study peop ...Anonymous -- 20/02/04

Let these "new study people" suggest a bit less and substantiate their claims a bit more with hard evidence. Otherwise I'm going to publicise some piece of crap too, earn a lot of money with it and afterwards look like a fool like that other analyst ms. Laura D. But I still would have my money.

• Reply to comment
• Reply to story
• Report offensive content

The MI2G study of servers &quo ...Anonymous -- 21/02/04

The MI2G study of servers "did not include other methods of intrusion such as viruses and worms"

The same firm mi2g also wrote the following
http://www.mi2g.com/cgi/mi2g/press/190204.php
QUOTE
London, UK - 19 February 2004, 13:30 GMT - mi2g Intelligence Unit data shows that partially as a result of the growth of the MyDoom family of malware, lingering effects of Mimail, Dumaru, Sobig, Swen, Klez, Sober, Yaha, BugBear and Fizzer, and also as a result of new strains of Bagle, February 2004 has already become the worst month for malware proliferation on record with 10 days to go. As of today, the total economic damage from all malware epidemics in February is estimated to lie between $43.8bn and $53.6bn worldwide, two thirds more than the record breaking previous month of January.
UNQUOTE

Symantic also predicted this in its September 2003 Internet Threat report.

http://downloads.securityfocus.com/library/InternetThreatReportSept2003.pdf
QUOTE
Blended Threats
BLENDED THREATS INCREASING IN SPEED AND FREQUENCY
Blended threats, which use combinations of malicious code to begin, transmit, and spread attacks, are increasing and are among the most important trends to watch and guard against this year. By using multiple techniques, blended threats can spread to large numbers of hosts, causing rapid and widespread damage. During the first half of 2003, blended threats increased nearly 20% over the last half of 2002. One blended threat alone, Slammer, disrupted systems worldwide in less than a few hours. Slammer s speed of propagation, combined with poor configuration management on many corporate sites, enabled it to spread rapidly across the Internet and cause outages for many corporations. Companies hit by Slammer were not harmed as badly as they might have been, because it was designed to propagate quickly, degrade networks, and to compromise vulnerable systems rather than cause destruction or steal confidential data. Corporations that had updated firewalls, updated patches, and virus protection throughout the enterprise were prepared for this attack.

Blended-Threat Targets
MICROSOFT IIS VULNERABILITIES
Microsoft IIS is one of the most widely deployed Web servers throughout the world. Symantec has documented several high-severity vulnerabilities affecting it. Their characteristics render these vulnerabilities attractive targets for future blended threats. Given Microsoft IIS s susceptibility to past blended threats such as Code Red and Nimda, Symantec believes that it may again be hit by highly destructive malicious-code attacks.

MICROSOFT INTERNET EXPLORER VULNERABILITIES
Several vulnerabilities allow attackers to compromise client systems through Web pages containing embedded malicious code. Others can enable the easy and almost undetectable installation of spyware, which allows attackers to extract confidential data.

THEFT OF CONFIDENTIAL DATA
The release of Bugbear and its variant Bugbear.B (discovered in early June 2003) were good examples of theft of confidential data. Once systems were infected, confidential data was extracted such as file names, processes, usernames, keystrokes, and other critical system information, and delivered to a third party, potentially compromising passwords and decryption keys. Furthermore, it appears that the creator of Bugbear specifically targeted banks. During the first half of 2003, Symantec saw a 50% increase in confidential data attacks using backdoors. By granting access to compromised systems, backdoors allow data to be exported to unauthorized individuals. For example, entire sessions can be logged, and passwords for systems and applications can be taken. Companies need to implement controls that make it difficult for malicious code to steal confidential data, such as updated firewalls, patch management policies, intrusion detection, virus protection, and so on.

ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS
Once a system is compromised, an at

• Reply to comment
• Reply to story
• Report offensive content

Continued... ATTACKERS EXECUTI ...Anonymous -- 21/02/04

Continued...

ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS
Once a system is compromised, an attacker can install malicious code known as a bot that allows the attacker to use the system for future scanning or as a launching point for future attacks (such as planned, distributed denial-of-service attacks). Once a system has become infected, the attacker can maintain a running list of the entire botnet (network of infected systems) by simply issuing commands through Internet Relay Channel (IRC is a common communication channel used by bots). Afterwards, all listening bots (sometimes numbering in the thousands) will execute any command issued by the attacker. Symantec examined an automated tool like this, which accounted for supposable Nimda (blended threat) traffic, after it was captured in a Honeypot network3.

CONCLUSION
The evidence in this report clearly shows that the risk of blended threats and attacks is rising. Understanding how to budget for security and what products and services are needed will involve some of the most important decisions that every corporation faces in the 21st century. The trends that we discuss in this report help executives understand some of the threats faced by their systems administrators every day. Symantec carefully monitors other potential threats such as the rise in peer-to-peer attacks (including instant messaging), mass mailers (like SoBig), the general trend toward theft of confidential information, and the rapid increase in the number of Windows 32 (Win32) threats.
UNQUOTE

Conserning the rest of the Mi2g study...
How was this data taken? What was the sampling method? What was considered an attack?

In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?". Did the attacker just replace the webpage?

Lastly, were the vulrabilities exploited an inherent part of the OS and Webserver or an addon such as PHP-Nuke?

Read "A Grain of Salt: dealing with Operating Systems security debate"
http://www.thinkmagazine2.org/versione_layer/security.html

• Reply to comment
• Reply to story
• Report offensive content

This article smells of SPIN. I ...Anonymous -- 23/02/04

This article smells of SPIN.

I am sorry but this article reeks... and the basis of the statements not including vulnerabilities related to worms etc make the entire article irellevant.

A person could really come to the conclusion that someone is trying to muddy the waters.

• Reply to comment
• Reply to story
• Report offensive content

Rather typical of Linux zealot ...Anonymous -- 24/02/04

Rather typical of Linux zealots (read: neo-communists) - the MyDoom virus is released and coagulations of Linux Penguin Heads cheer gleefully at sites such as Slashdot; howbeit, one study critical of their beloved Penguin O/S and they revert to apologist mode, finding any excuse possible to discredit the study (read: cover-up). This is not the first time the penguin has left its droppings about:

http://www.theinquirer.net/?article=9845

http://news.netcraft.com/archives/2003/12/03/gentoo_linux_server_compromised.html

• Reply to comment
• Reply to story
• Report offensive content

How would they know ? Did they ...Anonymous -- 26/02/04

How would they know ? Did they lauch the attacks. As far as I know most companies will not report succesful attacks, and I would assume the most success full attack would be the one that has not even been discovered. At least the method of obtaining the data should be clarified as well as the nature of the servers in question and what they consider to be a succesful hack.

• Reply to comment
• Reply to story
• Report offensive content

No computers that weren't on r ...Anonymous -- 02/03/04

No computers that weren't on reported any succesful attacks. All computers which were powered down had flawless security records and have promted a branch-wide policy that no computer containing sensitive government data will be turned on for any reason. Since this policy was put in place, adult content sites experienced a slow in traffic

• Reply to comment
• Reply to story
• Report offensive content

Iahh, I know it. Anonymous -- 12/05/04

Iahh, I know it.

• Reply to comment
• Reply to story
• Report offensive content

What a dumb conclusion. Linux ...Anonymous -- 30/03/05

What a dumb conclusion. Linux has more market share in server than perhaps any other OS (I just read it has half the blade server market!) and therefore, there are a lot more Linux servers. And therefore the servers that get hacked are much more likely to be Linux servers! What an enlightening conclusion!

Also, when Windows gets hacked, you can do a LOT more than if Linux gets hacked... the equivalent of root access in Linux.

• Reply to comment
• Reply to story
• Report offensive content

yes, but Solaris is for servers John Orgthingy -- 05/07/08 (in reply to #120115143)

seriously, Solaris has made a great success as closed-source OS! Linux for Desktops, Solaris for servers

• Reply to comment
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials