UK based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80% of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks. “Read more” for our take.Without paying, there’s not a lot of information about the methodology used, so the numbers should be taken with a grain of salt. It’s not clear whether the low numbers for BSD and OSX breaches can simply be attributed to the fact that they’re not as common as Linux servers. And as has been noted in the comments mi2g does not have a sterling repulation in the security industry.
This is the SECOND study to come out showing Linux as the top insecure operating system on the Internet.
Isn’t it funny how the first study was made by the very same group? Isn’t it also funny that there hasn’t yet been a major security breach in Linux that has caused a large loss of money? The same can’t be said for Windows. Troll all you like but Linux is not the OS that is repeatedly showing up in the headlines with the words “millions lost” in it.
GNU was hacked twice, and Debian, GNOME, and Gentoo were all hacked–all within the span of six months.
I’ve corrected you on this once before but I guess you don’t actually care about the truth. Gentoo WAS NOT HACKED. I guess you have nothing better to do than spread FUD because you obviously don’t research anything.
A Gentoo rsync server was hacked but it was a mirror for many things not just Gentoo. It was not even running Gentoo. It had nothing to do with gentoo.org other than being a mirror for a portage tree. It was not even the main tree. They synced up the main tree afterwards and all was well. You seem to be one of those trolls that just reads headlines and nothing else. Gentoo made the headlines because they reported it before anyone else. They were watching out for their users.
Get your facts straight before you post.
We run some Windows servers and workstations on a network that is connected to the Internet through a Microsoft firewall and we have never had a single successful attack (that we know of). So, am I going to say that it dosen’t happen? Off course not. We have had some machines infected of crapy malware because of users stupid enough to install them. I guess we could have avoid it with some effort on our part. Microsoft is improving by trying to make their products configurations safe, and by patching their OS’s a lot.
Anyway, BSD has always been the security role model, even for well informed Linux zealots, so why the surprise?
Anyway, BSD has always been the security role model, even for well informed Linux zealots, so why the surprise?
You have uttered the words “Linux zealots”, thus breaking the newest incarnation of Godwin’s law. Congratulations, you lose!
“It would take at least a whole article to proof this thoroughly. At http://www.securityfocus.com/bid/title/ it’s possible to get a quick impression by counting and comparing vulnerabilities for “kernel”, “FreeBSD”, “OpenBSD” …”
Like i said, i have already counted that on the timespan of a year and came up with Net/FreeBSD 4, Linux (with the recent 1 included) now also 4. Local vulnerabilities IN the kernel. OpenBSD at 2. And FYI Sendmail, Apache and such are all not counted _ofcourse_. 3 years is a better timespan? I don’t know.
I’ll leave my opinion about chroot aside, but it i have to say W^X and such cannot make vulnerabilities in the kernel’s system call less worse while various similair security measures exist for “Linux”. It’s just not included for most distributions; the fact i use it and my system is more secure does not mean my Linux distribution is as unsecure as yours. Thus, it is unfair to talk in a general way about “Linux” in such way. “Linux” != “Linux”.
Also it makes me wonder what your definition of “common Linux distro” you mean and which non-kernel, Linux specific software is so highly insecure…
“How do 50 vulnerabilities for linux, or ~70 for the *BSDs compare to 3 for OpenVMS (since 1999-06-01,none of the 3 is remotely)?”
You have a point here. When comparing the Linux kernel, the *BSD’s with MS Windows they’ve done a Good job while when comparing with OpenVMS they’ve done a Bad job.
Is this anything new? Not at all. The same was true a year ago. And 2 years ago.
If “script kiddies” can hack just about any OS, that doesn’t say much for any of the OS makers, does it? Is it so hard to make a secure one out of the box?