“A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002…” Complete Story.
Was the fact that most machines on the Internet are Windows based factored into this study?
There is nothing to “factor in.” The study said that it takes longer than it used to to hack an upatched RedHat box, and longer than it takes to hack similar boxes with other OS’s. Window’s market share is irrelevant to those numbers.
If it had gone on to conclude that Linux had less actual vulnerabilities than other OS’s, then it ought to have factored in market share, since market share is important in uncovering vulnerabilities. But it didn’t.
What has changed so much in linux for this to be the case? I mean this isn’t using SELinux (this is an assumption, did they?) which is the biggest deal for security that I’m aware of.
This article said that Linux had less actual vulnerabilities than WINDOWS, Solaris 8 & 9. They don’t test OpenBSD, FreeBSD, NetBSD, MacosX, Solaris 10 or anyone else.
Don’t interpret the results please…
The main reason for this improvement is probably:
1) Way less enabled services by default in newer distributions.
2) More mature software packages
Distributions a couple years ago (anyone remember the horror that was Redhat 7.2?) had a ton of unnecessary services enabled on a default install, therefore providing more avenues for attack. Vendors got smarter and these results show it.
They say Windows lasted only hours, or sometimes minutes. I wonder which windows version they mean, and whether Win2k3 is any better in this respect.
In any case, good news all around! My Debian installation is at 3 years with no compromises.
Leo
Less default remote services running on newer distributions.
Interesting results i would have figured solaris would stand up longer however on second thought its not that surprising when you take a look at inetd.conf on a Solaris install. I would like to see the BSD’s entered into the honey pot. I know for a fact that you can’t crack a default NetBSD install externally.
I know for a fact that you can’t crack a default NetBSD install externally.
Yes, NetBSD does not enable any service by default (not even ssh). But that way it would make a poor honeypot, eh? ๐ So at least you would have to install some servers on it (mail, ftp, web, …), to make the test interesting.
With Linux hackers gone, who is gonna keep development on the system?
To be fair, I think that the Windows problems illustrated briefly in the report are understated. I run both Windows and Linux machines (about 50/50) in a small office environment, and I have to say that my Windows boxes are causing very real problems. When I come to do an install, machines are getting attacked and exploited before installs are finished, and before Windows Update can download all the current patches to prevent it. For reference, these are XP Pro and NT 4 boxes.
It’s getting to be such a problem, in fact, that I’m looking to master my own XP discs with the service packs included so that I can have everything settled before these machines touch a network.
Maybe I was just unfortunate and people were scanning the networks at the time I went to install, but this has happened a number of times now, and to be honest, I do worry when machines on my networks are owned by people, even for a short length of time before I can get patches, anti-virus software updates and spyware removers for them.
1. Disconnect computer from internet
2. Install Windows
3. Install the autopatcher stuff that you’ve previously burnt to a CD
http://www.autopatcher.com/index.html
4. Connect machine to internet.
Now you don’t have to be online to update to the newest patch level.
this active been around for just a little while, it sounds like good news for Linux, and IMHO i would trust Linux more than Windows for an Internet connected computer however even Linux patched or unpatched can be compromised if a sufficiently knowledgeable and determined cracker/BlackHat-hacker wanted in, maybe they can not change system files or maybe they can (who knows) but i would be willing to bet they could certainly read them if they can crack thru the firewall, that said i would surely encrypt any critical information or just not keep it on the local harddrive…
“can be compromised if a sufficiently knowledgeable and determined cracker/BlackHat-hacker wanted in”
Or if the user didnt know what they were doing and allowed spyware and such to be on their computer. Seriously, I would wager that most of the problems on Windows comes from the users. Put those clueless users on Linux and we will see the same problems start to crop up on Linux as well.
Yes, NetBSD does not enable any service by default (not even ssh). But that way it would make a poor honeypot, eh? ๐ So at least you would have to install some servers on it (mail, ftp, web, …), to make the test interesting.
But then what would you be testing the strength of NetBSD or
mail, ftp, web, …
Well, “other OS’s” wasn’t meant to mean “all other OS’s”. I think I could have guessed that they didn’t test SkyOS. I just meant the other OS’s they tested.
And no, it doesn’t say that Linux has fewer actual vulnerabilities. It said that fewer Linux machines were compromised via vulnerabilities, which could mean that less Linux vulnerabilities are known, or less are exploitable, or maybe just that there are less people looking for Linux machines to hack. That’s why I was saying that market share was irrelevant to their report: it didn’t include the sorts of interpretations of the data that would require market share to be factored in.
I’m not a fan of windows, and even I have to say that this is a bogus report. If I’m reading this correctly, they are testing current linux distros, and then using those benchmarks against windows benchmarks from as many as several years ago. I’ll be the first to say that I think unpached linux vs. unpatched windows tests will show linux to be more secure, but (again, if I’m reading this right) this article does not display this.
How current are Redhat 7.3?
Yes, they also tested Redhat 9, which is also a little old.
the sad part is that they tested a RedHat product….
//To be fair, I think that the Windows problems illustrated briefly in the report are understated. I run both Windows and Linux machines (about 50/50) in a small office environment, and I have to say that my Windows boxes are causing very real problems//
Er … you run your Windows boxen behind an internal proxy server, and good hardware firewall, right?
If not, I’d suggest you do. Then, the “hacked before patched” problems will likely disappear.