Posted on 01/17/2005 10:56:25 PM PST by N3WBI3
A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002.
The 2004 results came after a team of researchers set up 19 Linux and four Solaris 'honeypots' in eight countries including the UK. Honeypots are unpatched internet-connected computers designed to be targets for hackers.
"Default installations of Linux distributions are getting harder to compromise," said the report.
"New versions are more secure by default, with fewer services automatically enabled, privileged separation in services such as OpenSSH, host-based firewalls filtering inbound connections, stack protection for common threats and other security mechanisms."
During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.
By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.
But there was bad news for Solaris users, with three out of the four honeypots running Solaris 8 or 9 hacked within three weeks. However, a fourth has been online for six months without being compromised.
Yeah, I know. I wasn't trying to imply that it is a bad distro--just that later versions (Fedora, etc.) have the latest patches/fixes/etc. which would make them less vulnerable.
This is also true. Another trade-off is that the older bugs/security issues are probably fixed, but new ones are found. I stick with distros that are as new as possible to avoid dealing with known issues, while expecting some new issues, and a few minor stability issues. And so far, it's paid off. I have no security issues exploited, and it is much more stable on my laptop than Windows ever was.
RH9, through the fedora legacy project does have the latest fixes, if youre talking out of the box than yes a newer version ( I might stay on FC1 as its is 2.4 ) but not the newest is better..
On another note (It mentions this article above), Groklaw has this interesting article posted:
You can read the news in English, French, or German -- French police ("la Gendarmerie Nationale française") will be switching to OpenOffice.org from Microsoft Office, according to the French industry news service Toolinux:
By the end of January some 35,000 PCs and workstations are to be equipped with the open source office suite; by this summer the number is to reach 80,000. The French police expect to be able to cut costs amounting to more than two million euros by this move.Maybe they are thinking about security issues, which you can read about in this article about how Linux is getting harder to crack (a new Honeynet Project study shows it now takes up to three months to compromise a default Linux installation, compared to mere hours for unpatched Windows, according to tests by Symantec last year), or in this Linux Journal article, "Linux in Government: How Security Exploits Threaten Government Infrastructures" by Tom Adelstein, which I found on Novell's website. They have been providing some fine antiFUD and informative material there. On their website today, for example, you can find the following:
- Migrating to Linux the Novell Way
- IE Flaw Threat Hits the Roof
- Novell, Mandrake Respond to Sun's Red Hat Claims
- Unbending the Truth -- Things Microsoft Hopes You Won't Notice, Novell's answer to Microsoft's Get the Facts page. You have to love the url: http://www.novell.com/linux/truth/
There is plenty more where that came from.
Unprotected PCs can be hijacked in minutes
Looks like we have a thread on FR here (posted 11/30/2004):
I will never run another windows server again.
I use IPCop firewall for my Firewall.
http://ipcop.org/
Is that what you use on the internet? Broadband?
I have a P200 gathering dust. Hmmmm
You mean more propoganda from foreign sites you take as the gospel.
Yep. And yep again. It really doesn't take a lot of CPU power to run an ethernet card. The CPU can handle a lot more bandwidth than any ethernet card on the market.
Keep in mind, though, that this is a dedicated firewall. It is not a desktop machine. In fact, it doesn't even have a monitor. The only reason it's got a keyboard is because the BIOS won't boot without it (It's an OLD machine :) )
I take nothing other than the Bible as gospel. I have worked enough with Linux over the past 3 years to see the improvement in the distros..
Linksys doesn't have a list of holes like this. 539 listed for the Red Hat distro alone.
http://lwn.net/Alerts/
What a crock! I know you guys worship your clone from Finland, but get real.
http://dmsweb.badm.sc.edu/mgsc890/firewalls/fire2.htm#history
I put Mandrake 10.2 on a computer that has WinXP on it. For security reasons, I'm thinking of doing my on line financial exclusively on Linux. It works great except for screen resolution, which I have to learn to properly adjust. It can "see into" my NFTS partitions.
My secondary firewall is a Pentium 75, 32MB RAM, running OpenBSD. No intrusion detection. It doesn't quite have the stuff to run Snort.
I run CARP between them. (CARP comes with OpenBSD) It allows the secondary to seamlessly take over in case there's a hardware failure on the primary.
Both of them are configured to filter out 95% of the spam aimed at my mailserver using spamd, a greylisting engine.
Neither one of them goes over 30% CPU utilization on my 3MB circuit.
Unix OSs work quite happily on hardware that won't even boot Windows 2000.
You can try to use Linux for online finance, but good luck finding any applications other than a basic browswer that banks will accept. For advanced features you're going to need Quicken, or Money, or forget it. At least that's the case with my two banks. I'd highly recommend Quicken, not only better but works with Apple as well.
*BSD is better for this than linux, I would definitely agree.
Unless you want to add to the list:
1. Office 2000 and WordPerfect Office
2. All of Microsoft and Borland development products.
3. Three more web browsers
4. Twelve more mail clients
5. And around 3000 other pieces of software.
And then your little list would be a real comparision.
Now, if you want to dig through that list and come up with the Linux kernel and the RedHat provided utilities and make that comparison, I won't complain.
Until then, until you figure out how to compare apples to apples and not apples to the entire Imperial Valley, go away and take your silly little list with you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.