Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

More Attacks on Linux than Windows 412

the special sauce writes "This vnunet.com article discusses the trend of attacks this year as compared to last. Over all, according to mi2g, attacks are on the rise. However, though attacks on Linux systems are up, attacks on Windows based systems have actually dropped dramatically when compared to last year. If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems."
This discussion has been archived. No new comments can be posted.

More Attacks on Linux than Windows

Comments Filter:
  • by 1010011010 ( 53039 ) on Saturday July 13, 2002 @01:00PM (#3877947) Homepage

    Which are more successful? The attacks on Windows machines, or the attacks on Linux machines?

    Maybe the attacks on Windows are falling off, because there's enough back doors already. Between Microsoft and Kazaa, I'd say things are good-to-go, from a back-door point of view.
    • Perhaps it's the inverse?

      More attacks on linux could be occuring because it's more likely to succeed?
      • by 1010011010 ( 53039 ) on Saturday July 13, 2002 @01:12PM (#3878023) Homepage
        Perhaps more attacks on linux could be occuring because it's more likely to succeed?

        Anything is possible, even if not it's not probable. It could also be a result of Linux displacing windows in the server space. If there's 100 attacks/second, and windows' market share falls by 2% at the same time the Linux market share increases by 2%, then there will be a decrease in the number of attacks on Windows, and an increase in the number of attacks on Linux.
        If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.
        • I wonder what's considered an "attack." With the relatively low numbers they site, I assume they're talking about relatively sophisticated attacks, not old IIS worms. Any decent black hat will do an OS fingerprint before they try anything.
        • interesting hypothesis, but unfortunately it's not based on fact. netcraft statistics show linux replacing Sun on the server, windows usage is rising, too.
        • If this trend continues, then it logically follows that there will be no more Windows servers at some point in the future.

          Also if current trends continue, the number of transistors in a microprocessor will exceed the number of subatomic particles in the universe in 360 years.
    • by stubear ( 130454 ) on Saturday July 13, 2002 @01:13PM (#3878026)
      Or perhaps the rise of Linux has correlated with the increase of "noobs" using Linux leaving many security issues unchecked. A perusal of bugtraq will show a long list of security issues for Linux (as many, if not more, than Windows).
      • by $carab ( 464226 ) on Saturday July 13, 2002 @01:23PM (#3878094) Journal
        Hmmm.....maybe. But as I recall, somebody had a hacking contest with default installs of Mandrake and SuSE, and nobody rooted the servers. I think that noobs would have to go out of their way a little to make their system insecure.

        Contrast that to.....IIRC Extremetech [extremetech.com], which set up a Win2k and IIS server, and had it infected with Code Red Twice within like 26 minutes of connecting it to the web and downloading updates from Microsoft.
        • I'll second that 26 minutes with win2k/IIS. I have a friend that insists on serving with that ill combination, and he got rooted/cracked/whatever within 25 minutes of connecting to the net. I couldn't stop laughing.
        • Perhaps you haven't been following the remote Apache worm that's been going around lately?
        • It's been my experience that the skill of the admin for the box (and management's willingness to let the admin do his job) has much to do with the security of the box. A good Windows admin (if you can find one) will have a more secure box than a lousy *nix admin. (If both admins are equally good, I'd bet on the *nix over windows any day.)

          IMHO, Mandrake has a good idea for their install. At the end of the install, before any servers are turned on, it prompts you to update if you have an internet connection. This feature adds security relatively painlessly.
      • by md17 ( 68506 ) <[james] [at] [jamesward.org]> on Saturday July 13, 2002 @01:29PM (#3878125) Homepage
        Why do people continue to point to bugtraq as the measure for "Which OS is more secure?" That is so far from the truth... The key thing you are forgetting is the "bug severity" factor. I would say that in general Windows has less bugs than Linux (On bugtraq) but those bugs are more servere. Thus in my opinion, Linux is still more secure. You are also forgetting that hardening a Linux box is much easier than haddening a Widnows box. I can make my Linux box very secure with very little effort. Example:
        Turn off all services except ssh.

        Please stop pointing to buqtraq and saying:
        Windows has less security issues than Linux, therefore Windows is more secure than Linux.
      • by Anonymous Coward
        Nice troll. http://online.securityfocus.com/cgi-bin/sfonline/v ulns.pl [securityfocus.com] Shows approximately 5 times as many vulnerabilities for Microsoft than for Red Hat.

        How this reached +5 is beyond me.
      • a long list of security issues for Linux (as many, if not more, than Windows)

        The Linux kernel has more issues? No. Applications that run on Linux? Possibly. Now compare the number of apps on each platform. Linux is more secure than Windows if you:

        a. do not install tons of server programs that you are not going to run

        b. use tcpwrappers to initiate programs that can use it and use hosts.[allow/deny] to control access to those programs.

        c. use Bastille [bastille-linux.org] to harden the box

        d. use ipchains/tables to control access to your PC or network - don't feed me crap about a personal firewall; this is an actual firewall.

        just my $.02
        • I will agree with you that ipchains/iptables are great firewall apps. However, I do not agree that win32 personal firewalls are bad.

          My laptop is equiped with a winmodem. As such, I have a choice between no internet access, purchacing an external modem, using win32 unfirewalled, or using a win32 firewall. My choice, based mostly on convenience, is to use Norton Firewall. It detects and logs a lot of attacks. All the attacks are sorted and identified by the port that was probed. It even tries to identify the attack that is associated with that port.

          For a non-technical user, it is a great program. It has charts, graphs, and logs that are easy to understand. It will even provide nonintrusive popups for attacks in real time. I think that, from a desktop POV, linux developers could learn a lot from taking a look at it.

      • So then you admit, that it is not that Linux is any better than Windows, it is only that its user base is willing to spend all of there time updating there OS?
    • Comment removed (Score:4, Interesting)

      by account_deleted ( 4530225 ) on Saturday July 13, 2002 @07:13PM (#3879252)
      Comment removed based on user account deletion
  • The Difference... (Score:2, Insightful)

    by Jester998 ( 156179 )
    Yeah, but the difference between attack counts between Linux and Windows are how many of those attacks are successful...

    - Jester
    • by Anonymous Coward
      Even though alot of people try to seperate the script kiddies from the hackers, the people who do the most attacking are the script kiddies, who then get labeled as 'hackers' by the media. There is a thin line between an unsuccessful attack and a root compromise these days, especially with all of these tools that scan for vulnerabilities and automatically run the exploit on the vulnerable hosts.

      Think about the hacker mindset for a minute. Most of these attackers are using Linux, because that's what their scripts were written for, and because they think Windows is lame - to use, and to hack. Even most of the ultra-successful defacers out there will only attack Unix systems and network devices/appliances these days, because bragging about hacking into a Windows system isn't elite in the eyes of their peers; they will catch shit from their buddies for attacking such an easy target.

      If anybody out there is as clueless as this troll, please e-mail me [mailto] your questions. I'm in the trenches with these kiddies 24/7 and can give you a better idea of what's going on than most nerdy bugtraq subscribers who think they know shit because they read some mitnick autobiography and they run an unstable kernel.

    • The real difference is that up until recently you were more likely to get fake Natalie Portman porn breaking into a Linux box than anything useful. :)
  • Is this including all the viruses, script kiddies, etc. etc. that tend to fill up logs?

    If it's only sentient attacks, then it makes sense. Windows isn't a challenge, Linux is.

    Otherwise, I beg to difer. There are countless sites out there dedicated to shameless display of nimda/code red, and script-kiddie attacks in their logs.

    -Sara
  • And yet... (Score:3, Funny)

    by Anonymous Coward on Saturday July 13, 2002 @01:02PM (#3877958)
    the attacks on amiga boxen where at record lows
  • by IronTek ( 153138 ) on Saturday July 13, 2002 @01:04PM (#3877966)
    Is that Linux has grown in popularity over the past year, taking even more market share away from windows... ...do you think the script kiddies have any idea what OS the server they're "attacking" is running?!

    And, as someone already pointed out...who had more successful attacks...Windows, I'm sure...
    • Right. I'll go out on a long limb here and claim that the mi2g 'study' was financed by an unnamed corporate monopoly.

    • It may also mean that many of the really interesting systems are running linux rather than windows - defacing a govt web server may be more interesting than hitting Joe Schmo's windows box
    • do you think the script kiddies have any idea what OS the server they're "attacking" is running?!

      They clearly don't - I get many automated IIS exploits against my public facing box.

      If it were me doing the cracking I'd first fingerprint the machine so I could narrow down attacks that were sensible and only apply those. (eg. Unix -> ssh exploit, Solaris rpc.statd exploit, windows IIS/SQL exploit).

      Clearly either the script kiddies are clueless - or, worse, are actually exploiting so many machines clandestinely that they don't need to worry about wasted failed attempts..

  • Yay!! (Score:5, Funny)

    by SEWilco ( 27983 ) on Saturday July 13, 2002 @01:04PM (#3877967) Journal
    We're Number One! We're Number One! We're Num... oh. Never mind.
  • by www.sorehands.com ( 142825 ) on Saturday July 13, 2002 @01:04PM (#3877969) Homepage
    I wonder how many of these attacks come from Redmond or from Microsoft employees?

    The real question to ask is, "how many of these attacks are successful as compare to attacks on Windows?"

    • by Anonymous Coward on Saturday July 13, 2002 @01:27PM (#3878118)
      Oh, good grief, get a grip. I have 3 friends that work at MS. Two are software engineers, one is a test engineer. Both of the developers have Linux boxen at home because they really freaking like the OS and it's a fun break to code and configure a Unix-like system. They tell me they have many coworkers who see it the same way. MS pays their bills and Linux is their hobby because they're smart nerds. It's not perfect, but it's better than them going home brainwashed and only eating their own dogfood.

      Microsoft is not nearly as "one-mind" and Borg-like as many would like to believe. That makes it harder to spread your flavour of hatred. Hate the company's practices, sure. But don't believe that the majority of people there really give a fsck enough to care one way or the other. It's a job. Just like clearcutting, oildrilling, and running a slaughterhouse.
      • Really? I know one person that works at Microsoft, and he runs Linux as well. As a matter of fact, he keeps a Tux in his cubicle.

        Are there actually any coders that *like* Windows at MS?
  • by Latent IT ( 121513 ) on Saturday July 13, 2002 @01:04PM (#3877975)
    Of how the phrase "and if this trend continues" can pretty much turn otherwise useful statistics into a big mess.

    You know, watching a puppy grow, you could say, "And if this trend continues, this will soon be a super-dog the size of Godzilla, and will devour Tokyo."

    Funny, that never seems to happen.
  • If the trend continues.

    That's an important (and perhaps incorrect) assumption to make.
  • Our firewall in the office gets four or five sniffs a day from script kiddies so, unless we're a special target, these numbers are orders of magnitude too low.

    TWW

    • Right. There are a lot of flaws with this article, starting with the numbers. First of all, they don't define what they consider an "attack" to be. That's a big gaping hole you could drive a truck through (note lack of a link here).

      They also don't define what constitutes a "box" in this context. Even if it were servers only, the numbers are incredibly low. My little development web server got several thousand code red attacks last fall. Luckily, I was running Apache on Linux, so all it did was fill up my logs.

      If they are talking about pure number of attacks, as they appear to be, this is actually pretty good news. Apache webservers outnumber IIS webservers approximately 2 to 1 according to Netcraft (and by the way, has anyone noticed that Apache has been gaining the past couple of months). Assuming on a small percentage of people run Apache on Windows, we could assume that the attacks on Linux servers should be twice that of attacks on Windows servers, but the numbers are not that far apart.

      So this article appears to be pretty fluff piece with no real meaning. Like most news stories.
  • by clump ( 60191 ) on Saturday July 13, 2002 @01:13PM (#3878029)
    Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*. This is something that was fixed over a year ago, and it still fills my logs. About that 'chunked' Apache vulnerability? Twice. I have seen it 2 whole times within the weeks its been out. Lets not forget about this CodeRed bug, because it surely is an attack (a full "root" attack) and I have *never* been attacked with anything else so often. I doubt any study that doesn't take this into account.
    • Looking through my Snort and Apache logs, I see about 5-10 CodeRed attacks *daily*.

      This makes me wonder even more about those statistics. Many people already have noticed that the stat only talks about attacks, not successful attacks. But it doesn't even speak about properly targeted attacks either... Could it be that our statistician apprentices were counting those Code Red probes as attacks against Linux if they happened to show up in a Linux boxes logs? Even if these "attacks" have no chance of succeeding against such target?

    • Only ten? Man, can I switch to your ISP?
  • From my point of view.. "so?" Theres tons of Linux vendors. If we dont fall in love with one and get all biased, then we can just assume that the better ones will float to the top over time. (That regarding that people would actually stop buying an OS cause its insecure). People get all religious over this stuff, and to some end it is kind of fun, trying to advocate this little OS towards your friends and such... but in the end, isn't it really a matter of us having the advantage of all the time in the world? What magic event is going to occur that will stop linux dead in its tracks? I guess "chill out" is a bad retortion to an article I didnt read, but, oh well :)
  • to find that Micro$oft marketing is behind this.
  • I don't care. (Score:2, Insightful)


    I don't really care about the number of attacks (unless it escalates to DOS), it's the number of successful attacks that is important.

    And since Linux is much more heterogenous than Windows, a "linux" attack directed at me is less likely to succeed since it is less likely I have the exact hole that is being exploited.
  • Propaganda (Score:5, Insightful)

    by dh003i ( 203189 ) <dh003i AT gmail DOT com> on Saturday July 13, 2002 @01:19PM (#3878073) Homepage Journal
    Firstly, I question the source on these studies. We are given no real details, only "the number of attacks is up from ~5000 all of last year to ~7000 half of this year". This is completely meaningless, as we don't know what kind of attacks, or anything about the sampling method.

    Here's some critical questions of this study:

    1. How was this data taken? What was the sampling method? What was considered an attack?

    2. Of those attacks on Linux, how many were successful? What's important isn't the number of attacks attempted -- that is irrelevant -- but ratio of the number of attacks that succeeded over the number that were attempted: in other words, the probability that an attack will be successful. I bet on Linux, that number is way below 50% and on Windows -- '95, '98, 'ME, 2000, and XP -- its way above 50%.

    3. Of the attacks that were successful, how many of them were because of Linux itself, and how many because of some poor application? Same question to Windows. This is a minor point. The OS should have control and prevent security lapses, despite how crappily third parties code.

    4. What kind of attacks were these? Attacks is a very general word; there may be many successful minor attacks (i.e., crashing a system), but that's not as bad as a few successful major ones (i.e., wiping the entire hard drive of a system, stealing a credit card number, etc etc). In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?"

    5. There's a lot of different "brands" or "flavors" of Linux. This matters. You'd expect Corel Linux to have much weaker security than the NSA's release of Linux, or than (for example) RT Linux. Different releases of Linux ship with different security by default, and different extra security features.

    6. What is being done about the problems?

    Relating to 6, we can rest somewhat assured in terms of security for Linux, as its Free Software and/or Open Sourced Software. Well-known bugs will be fixed by someone, and if they aren't, an annoyed individual could always take the initiative.

    What separates Linux from MS isn't just that its more secure, its also that bugs, security flaws, stability flaws, performance pitfalls, etc, are usually fixed much more rapidly than they are in MS.

    Also, no one has mentioned the attacks on other stable OSS/FS software, such as OpenBSD. Somehow, I doubt there's been much success in attacking OpenBSD.
    • Re:Propaganda (Score:2, Interesting)

      by Shant3030 ( 414048 )
      I agree with you views on this. A source of study has to be carefully scrutinized. A great example of this happened a few years back at my university (University at Albany).

      Princeton Review, a college prep company that has SAT classes and provides college information and rankings, questioned students at various campuses as to what is the number one party school. They decided to come to Albany on the day of Kegs and Eggs (a rather large bar opens at 8am one Saturday morning and kids get drunk and pour beer all over each other.). They polled the drunked students as they were leaving the bar and naturally, they voted for U at Albany. This, however, is not the main contributing factor to Albany's dubious ranking... A few representitives of Princeton Review had come down to the campus and began soliciting Princeton Review prep classes for graduate exams (MCAT, LSAT, GMAT, etc). Well, the university, having an affiliation with Princeton Review's rival, Kaplan, kicked them off campus. It is a strong belief among administration, that we were given this ranking out of spite.

      As with anything in the media, you must take information with a grain of salt and look deeper into the true meaning, sources and objectives of the survey, artiles, etc. It is our responsibilty to question companys or groups that put forth this information, because it could very well be jaded by propaganda.
  • by ciurana ( 2603 ) on Saturday July 13, 2002 @01:22PM (#3878084) Homepage Journal

    These statistics make sense. More and more people are adopting Linux now. There are two main drivers for this trend: People hear that Linux is better and organizations don't want to pay Microsoft's draconian licence fees.

    The real question is whether these attacks are successful. Unfortunately, while the number of Linux servers is going up, so is the number of people who own or administer these systems and who aren't security-aware.

    I think it's in the best interest of our community to assist the newbies when they have questions about setting up their systems, particularly when it comes to security. I've seen too many newbies laughed at in the IRC #security channels or the newsgroups. We should welcome them and try to help them; otherwise, The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.

    There is no doubt that Linux is now a mainstream alternative. Remember, though, that the hard part is not to arrive, but to maintain a leadership position. That's the difference between the Rolling Stones and the one-hit wonders. In order to maintain our leadership, we should work together toward making the community aware of the pitfalls, and the distro vendors should probably come up with a policy of "all services closed" and forcing the users to open them, not the other way around. Other people will probably add better ideas to these suggestions.

    The real measure is not whether the attacks are on the rise; it's the number of successful attacks that we should be concerned with.

    Cheers!

    E
    • The real question is whether these attacks are successful.

      First of all, a lot of comments in this thread comes from people who seem to assume that is some kind of viscious attack on their favorite OS instead of an announcement of a simple fact: there are more attacks on Linux now than before. Nobody said anything about this suggesting that Linux is less secure than it used to be.

      The Forces of Evil will start using the statistics of all the h4x0red and 0wned systems (due to ignorance on the part of the users) as FUD.

      It's true, so how, exactly, could it be FUD? Oh, you mean that MS would start saying things like: "look how many hax0red boxes you have, this must mean that Linux is rotten when it comes to security!" But isn't this exactly what the Linux community has been doing for years? Why do we always hear "Windows/Outlook/both suck because a gazillion boxes were infected by the ILoveYou virus" instead of "Windows users suck when it comes to security related issues, as a gazillion of them opened unknown attachments and got infected?"

      Doublespeak, I say. And I'm no troll.
      • Re: (Score:3, Insightful)

        by ivan256 ( 17499 )
        It's true, so how, exactly, could it be FUD?

        Saying "There are more attacks on linux systems" becomes FUD when you imply that this is bad. More attacks doesn mean more successful breakins. Truth can be FUD in the right context.

      • Why do we always hear "Windows/Outlook/both suck because a gazillion boxes were infected by the ILoveYou virus" instead of "Windows users suck when it comes to security related issues, as a gazillion of them opened unknown attachments and got infected?"
        First, I agree that security ultimately rests with the individual user and system administrator. Security is not a shrink-wrapped product or a final destination. It is a process. Users are often the weakest link in any system and must use some judgment to avoid endangering the systems they rely on. And system administrators must remain vigilant to keep the systems in their care properly maintained and up to date. But there are systems that are exceptionally difficult to use and maintain due to architectural mistakes in their design.

        The combination of Windows and Outlook is riddled with issues. Attachments shouldn't appear to be one data type but actually be malicious executable code (due to Outlook's desire to hide file extensions and how it handles conflicts with MIME types and extensions). But say our users treat all attachments as plague-infested rats and refused to touch them. Past vulnerabilities have meant that simply READING a malicious email (and/or having it displayed in the preview panel) executed malicious code. Yes - the age-old joke about "don't read email called 'fun time'" became reality. Outlook, and its incorporation with Windows, has created a very virus/trojan friendly environment. If it weren't for the excellent scheduling features of an Outlook/Exchange combination, it would likely be dropped from any security-conscious corporate desktop.

        Windows systems themselves are an interesting challenge. We'll ignore the fatally flawed Win9x architecture and focus on the industry favorite NT/2k/XP. The very tools that should help an administrator keep his/her system safe has gained a certain degree of fear over the years - service packs and hotfixes have been known to cause more trouble than they fix. WinNT administrators tend to delay rollout of new service packs until they feel comfortable all bugs have been discovered by early adopters. Any system configuration (adding or removing system software components) often reverse changes by service packs, hotfixes, and administrator configurations and requires re-application of those changes. The infosec standard of hardening a host by removing all unnecessary components is foreign to the Windows environment. Windows system components are rarely designed to be removed and attempting to remove them means traversing a minefield of illogical dependencies - thankfully there are a few good minefield maps in the form of hardening guides. Of course, keep the guide close at hand. Any addition or removal of system components, hotfixes, or service packs will mean re-applying the hardening process.

        In short, Windows was not designed with good security principles in mind - and it shows. It IS possible to configure a secure Windows host (assuming vulnerabilities are patched in an expedient manner). But its a pain.
  • by robolemon ( 575275 ) <nertzy&gmail,com> on Saturday July 13, 2002 @01:22PM (#3878090) Homepage
    How many Windows attacks go unreported and unnoticed? All this can show really is that Linux attacks are increasingly easier to notice and report, while Windows attacks either are actually lower or (more likely) go unnoticed and perhaps even persist over a long time.
  • by interiot ( 50685 ) on Saturday July 13, 2002 @01:25PM (#3878103) Homepage
    The article claims that the number of attacks on windows system last year were 11,828.

    What counts as an attack? So worms don't count, or the number would be in the millins. Reported attacks? Those shouldn't count much because there is "little incentive for a company to report computer attacks [usatoday.com].

    Here's another story [mi2g.com] by the supposed source, but again, they don't at all define what they mean by "attack".

  • Windows [alldas.org] has been successfully attacked over twice as often than Linux since 4/2000. Looking at today's list [alldas.org], 17 Win, 12 Linux, 15 other.
  • by sloth jr ( 88200 ) on Saturday July 13, 2002 @01:32PM (#3878136)
    We run hosted web services for customers that between two datacenters aggregate about 50 million web hits a month.

    Snort and logsurfer snippets from our firewall logs go off all the time. Though I would say that we have seen more attacks targeting linux services (we're a linux shop, btw) than we've seen in the past, the majority of our attacks do seem to be against windows-based services.

    From an overall security point-of-view, the last three to six months have not been great ones from a linux vulnerability point-of-view: zlib, BIND, ssh, apache, Tomcat (not that some of these problems haven't affected Windows boxen also). It's kept us hopping patching our servers. We've been lucky, so far - no successful intrusions (that we're aware of, of course!).

    In general, it seems much easier to social engineer one's way into a Windows network via email attachments than directly attack it.

  • Wouldn't Doub It (Score:2, Informative)

    by Ashcrow ( 469400 )
    But the trend of Linux boxes that get 0wn3d comapred to the Windows boxes that get 0wn3d probably show a difrent story.

    Check out Alldas.org [alldas.org] ffor some numbers.
  • Successful attacks is one, but what about re-infection/compromise?

    For instance compare some of the Win2k boxes to a RedHat 7.2 box I had compromised.

    The Win2k box (not mine, un?/fortunately) had been caught by nimda or some other vulnerability and after being formatted was *again* bit by nimda/code red when trying to get the updates.
    (a cd or local machine with the patches never crossed the dude's mind until the second time around).

    My box was compromised by a user running a trojaned IRC bot (eggdrop? was the trojan).
    I know, I know, that was my fault for slacking off/being caught up in other things, but the next go around was wipe, install the data, kill services that are not needed (chkconfig, nice tool) and edit the hosts allow/deny to hell and back.
    I was *P.O'ed*. FTP/SSH/HTTP is the only thing running currently with large ranges of IP's blocked if I see even *one* probe I don't like.
    (no complaints, yet).

    The large difference was the "state" of the admin.
    The win2k dude thought it was the "cost of doing business", mine was "those fscking tools + idiot user I'll do everything I can to keep it from happening again.

    Sigh vs GRRRRRR, is what I call it.

    That reminds me, it has been a day or so since I grepped the logs...

    Gotta go.
  • I remember the day that Code Red hit, when the Internet started running slow and my webserver got repeatedly hit by Code Red attacks from all over the place. If and when I see the same effect from a Linux worm, I'll know we've hit the same point.
  • Ahhhh so we are counting how many times a script kiddie hits enter. You know this article doesnt shock me at all. Wow big suprise that the OS with the most servers is getting hit more and more. I dont see how this could shock anyone. What I am curious about is how many of these attacks were major attacks or organized attacks. That would be interesting reading.

  • by fanatic ( 86657 ) on Saturday July 13, 2002 @02:04PM (#3878273)
    This is another article by James Middleton, who is not a trustworthy source on this issue.

    I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.

    I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.
  • mi2g (Score:5, Informative)

    by doom ( 14564 ) <doom@kzsu.stanford.edu> on Saturday July 13, 2002 @02:15PM (#3878331) Homepage Journal
    Evidentally, this story is a re-typing of the press release from "mi2g", so you might as well look at the original: Digital attacks on Open Source systems soar [mi2g.com]. It includes a bunch of pointers to pdfs of graphs of their data (none of which I can read because of some sort of "can't find colorspace cs8" error). But they don't appear to include any additional information, they're just graphs.

    The source of the data is supposed to be the "mi2g SIPS database", about which they say:

    The mi2g SIPS (Security Intelligence Products and Systems) database has information on over 6,000 hacker groups and maintains a record of over 60,000 individual hacking events since 1995. The SIPS intelligence citations include the 2002 Computer Security Institute (CSI) / Federal Bureau of Investigation (FBI) Computer Security Issues and Trends Survey [Vol. VIII, No. 1 - Spring 2002]

    (Do you need me to toss in some editorializing about how this is evidentally a company that specializes in publishing alarmist press releases to encourage people to buy their products? Oh, and take a look at key clients [mi2g.com]... yup, includes Microsoft).

  • by karlm ( 158591 ) on Saturday July 13, 2002 @03:07PM (#3878550) Homepage
    The number of detected attacks is rising sharply for linux and slightly falling for Windows. What percentage of Windows houses install an IDS solution? What about Linux houses? What percentage of Linux break-ins get reported to someone? and Windows break-ins? There very well may be a point this year when attacks against Linux outnumber attacks against Windows, but I think it's more likey that the vast vast majority of attacks againt Windows machines go unnoticed.

    Also, nimda and code red scans are attacks. If those got counted, allong with every virus email, the story would be very different.

    If you were given the IP address or a vulnerable WinXP box, a vulnerable Linux box, and a vulnerable OpenBSD box and your life depended on owning one of the boxes without getting detected, which one would you chose given no other information? Only the suicidal would pick OpenBSD... the probability of there being another OpenBSD dedicated IDS box nearby is pretty high.

    Let's not forget that a Linux shop can do a minimal install on a retired PII (or maybe even a 486) server and use it as a dedicated IDS box... no MS liscence fee. MS isstill goingto charge you for every running x86 box, regardless of OS, if you have an MS site liscence, so no negligible-cost dedicated IDS boxes for Windows shops.

    I'm biased. I sure am... but it's mostly due to experience... I was a residet computer consultant for my fraternity for 3 years. Sure we had the one guy that talked another guy into trying out Mandrake and didn't bother to tell him to keep it up to date, but for the vast majority of the Brothers, the Linux guys could hold thier own. Several of the Windows guys were accidently running "Are you sure? What is IIS? Why is that bad?". And then there were the windows alerts popping up once per minute on all of the Win32 boxes in the house because one guy decided to test his UPS. These are very smart guys, but they gave me a vey bad impression of Windows users. I doubt the general populace can do better than my fraternity.

    (Yes, the house GPA was in the 75th percentile fr fraternities and the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring... very very tiring... especially comming from people that can't integrate thier way out of a paper bag.)

    In summery, let's not forget that Linux and Windows often get deployed in very different environments.

    • (* the average fraternity GPA is above the on-campus GPA at MIT. Even the management and bio majors could kick your ass in diferential equations, so no "stupid drunk frat boys" comments. They get tiring..... *)

      The actual "stupid drunk frat boys" will probably end up being your boss somewhere, I hate to say it.

  • on the community here at /. I expect the following opinion to be unpopular, but you never know.

    No matter how disgusting MS's business practices are, they are still not the evil side in this story. The script kiddies are. So why are we spending so much time blaming MS for this story? I could care less if MS financed this story. I could care less if I am still getting Code Red attempts daily on my machines. What I do care about is that everyone on the internet, even those people running MS products, is secure.

    The biggest problem we have on the internet from a security standpoint is ignorant users. The fact that we still get code red attempts shows that this is a huge problem.

    MS seems to be a bit more ahead on the curve when it comes to this (somewhat...I'll say more about this in a minute). In Windows XP, the OS will check for critical updates automatically, and will either download and install it by itself, or let you know that it is available. (This depends on how you set it up. You can also have it not do this behavior, and are given the choice to decide when you get on the internet for the first time.) I personally think that the default behavior should be to autocheck and notify, with options to turn it off buried somewhere. This would help protect the ignorant, while giving the choice to those of us who know more and are willing to do more with our OS to make our own choice.

    Of course, MS is also very slow at putting out security patches, and there is NO excuse for that.

    We will see more problems like this in the future. No matter what anyone says, Linux is not exactly as user friendly to the average Joe as Windows is. So while it may be more secure OOTB, as new exploits are discovered we will run into more and more problems because average Joe will not know that there is a new security hole on his Linux box. I can imagine quite a few of you will try and blame this coming problem on the average Joe, but remember....the customer is always right. If average Joe doesn't feel like subscribing to a security mailing list and sifting through a tone of email a day, he shouldn't have to. And we shouldn't expect him to want to do that, anymore then average Joe should expect us to like Celion Dion.

    So we should do something about this now, before it gets out of hand. Make the default action for a desktop Linux setup check for security patches and notify, with a dire warning that will scare the bejeebus out of average Joe. Make it pretty easy to turn off for those of us with a bit of knowledge. Keep pumping out patches. But make sure your average mouth breathing computer user can install the patch, without worrying about dependencies and without having to type anything. Point and click is their friend, even if it isn't necessarily ours.

    That is what we should be doing. Let's clean our own side of the street first, and worry about blaming MS for another thing later.

    BTW, I still see attempts by rootkits from Linux boxes daily, and these are (like the Code Red attempts) caused by boxes that are unpatched against security holes that have been fixed for a very looong time.

  • Stupid, stupid article. No one knows how many attacks there are. The numbers are entirely nonsense. My guess is that whoever wrote that saw some way to make money by saying it.

    mi2g [mi2g.com] is a company that makes more money if you think the sky is falling.

    Many more stories like that, and Slashdot will stop being popular.

    The article says, "But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404."

    My guess is that attacks occur about 20 times per hour for each IP address. That's how computers are rooted within 25 minutes of connecting to the Internet; there are continuous attacks to find weaknesses. That's how many I see, anyway.

    That number cannot be the number of successful attacks, either. Most people who are rooted do not report that fact to anyone. Many Windows users would not even know they have been successfully attacked. How could they report it?

    Change in subject: At the top of every article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."

    This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service [osdn.com] says at section "4. CONTENT", paragraph 6,

    "In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."

    The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.

    This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.

    I don't know about Internet attacks, but we are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.

    EULA: I've been studying their methods, and I have a sneaky contract of my own. I agree to VA Software Corporation's sneaky contract if they agree to mine: At any time of my choosing, VA Software Corporation will give all managerial and financial control of the company to me.
  • by Detritus ( 11846 ) on Saturday July 13, 2002 @03:19PM (#3878588) Homepage
    It's rather sad to see two octogenarian, congenitally deformed lepers, who think perfume is an adequate substitute for hygiene, arguing about who is more sexy. "Oooh, but I've still got both of my ears and most of my fingers, unlike that tramp."

    We have two operating systems, and their associated applications, implemented in unsafe languages, with broken and/or archaic security models, competing for how many weeks they can run before getting rooted by a new exploit.

    How pathetic.

  • Maybe the attacks on Linux machines are increasing, because there are more Linux machines running or supporting critical IT infrastructure. IT engineers may be replacing old NT boxen with Linux machines.

    Unfortunately this puts Linux in the security spotlight. More exploits will be found and patched (which is a good thing), and the public nature of linux security information may be exploited and used against the Linux community.
  • by Jugalator ( 259273 ) on Saturday July 13, 2002 @03:48PM (#3878695) Journal
    Topic: "More Attacks on Linux than Windows"

    Content: "If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems".

    Anyone more than me that thought that Linux had more atacks than Windows?
  • In another "survey" I wrote on the toilet today, statistics suggest honeypot servers running Linux are significantly more likely to be attacked than IIS servers!

    Sorry, but this report is so lacking in facts or sources that it might as well have been a conversation overheard in a pub. In my server logs here, the number of IIS exploit attempts is absolutely overwhelming! In other server's I've administered this is also the case. Sorry, I smell FUD...
  • In 10 years when all servers are Linux there will be more attacks on Linux than anything else. Or something like that.

    So what?

    How many are successful?
  • by toby360 ( 524944 ) on Saturday July 13, 2002 @04:24PM (#3878804)
    Alright, aside from the facts the following statments people are making:

    A) Linux use is growing
    B) How many of these were really successful attacks?
    C) What counts as an attack?
    D) Studies from the group which conducted this one are questionable.

    Clearly people are neglecting to give MS credit for some of it's accomplishments over the last year. One of the largest changes was the speed at which updates were made available and most of these through the windows update site. Now when new holes in their products were found, MS responded for the most part almost immediatly and patched up their code within hours/days and posted it up on for everyone to download. Also, they're working on making these updates even easier than before, anyone with windows 2000 who keeps on top of patches will notice that the interface has changed, you can set it to automatically apply security patches. Also another point is that people are finally realising that their computer will be far more secure if they just apply the latest patches.

    Holes in Linux are not always patched up right away and lets face it, Linux code warriors can't always respond to a patch for each distro when ones found like MS can or distribute it as easily. Because they're a single entitiy, they have quite the advantage when it comes to communication and distrobution.

    In the last year Microsofts efforts to patch up their software were far and beyond anything they have done in the past, and that is something Linux buffs won't easily admit to. Now, Palladium is a whole nother ball game mind you =)
  • Never been hacked... (Score:2, Interesting)

    by rmpotter ( 177221 )
    I've been running IIS -- and unix-based web servers for about 5 years. Our IIS boxes have NEVER been hacked. We had disabled .htr and other mappings long before Code Red emerged -- as MS had advised. The fact is, 90% of all of the Windows vulnerabilites have been fixable with permissions and registry modifications. Keeping patches up to date is a pain, but not impossible.

    Without a doubt, MS has a lot to learn about security, but tools such as URLScan and the like have made it much easier to lock down an IIS server.

    It's also worth remembering, that as an application server, IIS has the ability to do a LOT out of the box (COM, ASP, ISAPI (and outdated vulnerable technologies using HTR). In any case, can not compare IIS with Apache -- you must compare it with Apache + Tomcat + Turbine, etc.
  • I see a lot of post here, and hear a lot of apache admins go on about their logs filling with attacks from CodeRed, Nimda, etc (which obviously get no where)

    So my thought is could the increase of attacks on linux box be beacuse most(all?) the MS boxes are infected drones, all attacking every IP they see?
    and thus more linux boxes get attacked.

    I know it an extreme view, but a Nimda drone attacking an apache box, although pointless, is still adds to the statistic of more linux boxes being attacked
  • Maybe that's because there are MORE Linux boxes out in production than there were a last year and people are starting to drop IIS because of the security nightmare it is?

    Think about what happened last year....Code Red abused IIS servers to death and sysadmins started realizing that Linux/Apache was a viable alternative, what with the kernel networking code improvements it got in 2.4.x, (or was that 2 year ago?) not to mention the publicity Linux has been getting increases every year.

    Not exactly a profound leap of logic to make this deduction.

  • More Attacks on Linux than Windows
    AND
    If the trend continues, by the end of the year, attacks on Linux systems may surpass attacks on Windows systems.
    is FALSE

    I can't see the correctness of the subject line. It should say "More Attacs on Linux than Windows... um, maybe... in the future.."

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan

Working...