Linux lasting longer against Net attacks

Unpatched Linux systems are surviving longer on the Internet before being compromised, according to a report from the Honeynet Project released this week.

The data, from a dozen networks, showed that the average Linux system lasts three months before being compromised, a significant increase from the 72 hours life span of a Linux system in 2001. Unpatched Windows systems continue to be compromised more quickly, sometimes within minutes, the Honeynet Project report stated.

The results are probably due to two trends, said Lance Spitzner, president of Honeynet, which develops software for deploying computer systems as bait for online attackers. The default installations of new Linux systems are much more secure than previous versions of the open-source operating system, he said. Secondly, attackers seem to be much more concentrated on Windows systems than on Linux systems, and on attempting to fool desktop users, of which the vast majority use Windows.

"Everybody is focused on Windows," Spitzner said. "There is more money (for an attacker) to be made on the Windows systems."

The study is the latest data on the relative security of Linux systems versus Microsoft Windows. Last week, students found dozens of flaws in software that runs on Linux systems, and a research report stated that a thorough analysis of the Linux kernel turned up hundreds of flaws. However, in relative terms, those numbers are low compared to commercial applications.

Honeynets, a term coined by the project, are networks of computers that are placed on the Internet with the expectation that they will be compromised by attackers. The networks are heavily monitored, and the data is used to research the latest tactics of online miscreants.

While some of the Windows XP systems on the honeynets used for the latest study were compromised within minutes of being placed on the Internet, newer versions of the Linux operating system from Red Hat failed to be compromised by random attacks for more than two months.

Debbie Fry Wilson, director of product management for the security response center at Microsoft, told CNET News.com that the company's latest operating system is more secure than the report suggests.

"While it is not clear which version of Windows was used during the study, we feel that a Windows XP SP2 configuration with the Windows firewall enabled is the most resilient client operating system available in the market and can withstand attack much longer," Wilson said. "We are pleased that the report indicates that two Windows-based honeynets in Brazil withstood attack for several months. However, we are not certain that the report provides conclusive data based on a controlled and scientific study comparing the two operating systems."

Every Windows system compromised during the study had its security breached by a worm.

However, Spitzner stressed that the Honeynet Project does not have enough Windows systems deployed to offer meaningful data on that operating system's security. Moreover, the report does not specify what version of Windows XP had been running on the systems that had been compromised and whether any Service Pack upgrades had been installed.

The study did find that more recent versions of the Linux operating system lasted longer on the Internet without patching.

Of course, if you put an unpatched anything on the internet, you're an idiot to begin with.

I'm not big on Windows, I use it where I have to, but 200X server has been solid and if you keep everything patched and behind firewalls and proxy servers, you should be ok.

Ms has been making slow, steady improvement, and should be given credit for doing so. It always seems to be the case with them that when they take a step forward, they follow it up with half a step back. Why anyone would pay money for that when they can use linux or bsd for free confounds me, but there it us.

BTW, you see where SCO is paying Novell some sort of royalties even though they own unix? ;-)

you see where SCO is paying Novell some sort of royalties even though they own unix? ;-)

No, I missed that. I did that their stock price has plunged.

During their conference call - I only listened in to part of it, SCO said they made a 3 million dollar payment to Novell for royalties of some sort - Groklaw has good coverage of it.

They (and I am not sure whether it's SCO or Canopy) got rid of some executives, which considering the financial and legal prospects is an exercise in rearranging deck chairs on the Titanic.

Someone else is digging on it, but rumor has it SCO got a .5 mil payment for use of SCO's IP from a company with...wait for it...ties to MS. Of course, with Canopy's shell game, it might just end up being a shifting of money from one Canopy entity to another.

Even Laura Didiot seems to have lost her enthusiasm for SCO's case of late.

"No, I missed that. I did that their stock price has plunged."

Look at the 5yr chart; it's hilarious. It starts out above the top of the chart (over 120+) and drops to the bottom of the chart in a ridiculous looking freefall. Never gets above 20 or so again. The whole Linux/IBM thing makes the company one big pump and dump. I can't believe the SEC hasn't started investigating them yet.

6 posted on 12/23/2004 9:14:39 AM PST by NJ_gent (Crouch down and lick the hand that feeds you; and may posterity forget that ye were our countrymen.)

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.