p2pnet - rss feed: Linux boxes and ‘hackability’
p2pnet.net News:- The average unpatched Linux system survives for months online before being hacked, but unpatched Windows PCs often, “are hacked within minutes of connecting to the Internet,” according to a story in TechWeb News.
It quotes a Honeypot Project study which gives results from research in which vulnerable systems were hooked to the Net in the hope that they’d draw attacks.
“To figure out the lifespan of a Linux system, the group set up a dozen ‘honeynets’ - the project’s term for a system that hosts numerous virtual honeypot machines - in eight countries, then tracked the time it took for those machines to be compromised,” says TechWeb
Honeypot deployed several Windows-based honeypots, but felt they were too to use in drawing conclusions.
However, “Late last month, similar ‘honeypot’ research done by AvanteGarde tallied the average survival time of several versions of Windows at just four minutes,” says the story.
Given that, “It did note that several of the Windows honeypots were compromised in mere minutes,” says TechWeb, although, “A pair of honeypots in Brazil … were online several months before being eventually compromised by worms.”
The older Linux distribution, the more likely it was to be hacked, said the project, attributing that to more secure default settings on newer versions, “a trait Windows, particularly Windows XP SP2 and Windows Server 2003, shares with Linux”.
And once a system had been compromised, it was more likely to be compromised again (and possibly again and again), says the story.
But, “The group also admitted the obvious, that Linux, by virtue of its small slice of the market, is a much less appealing target than Windows, adds TechWeb.
===================
See:-
hacked within minutes - Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months, TechWeb News December 23, 2004
December 26th, 2004 at 6:07 pm
I fix pc’s for a living and this is the greatest news I’ve ever heard. This even tops y2K.
December 29th, 2004 at 7:10 pm
First of all,
Your a fucking idiot if you run any box on the net that isn’t behind a firewall; I don’t care if it’s linux or windows. Many “hacks” can easily be prevented by securing the fucking box.
January 17th, 2005 at 4:59 am
There is a good study about this
You can see it (in pdf format) here:
http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux.pdf
The gist is that vulnerability of Linux is not entirely because it is in the minority. A comparison is made between IIS and Apache webservers.
Apache is by far the more popular, will run on Linux and Windows and has had far fewer comprimises that IIS and note, the problems it did have were worse when it ran on Windows than on Linux. The monolithic design of Windows made it more vulnerable because a flaw in one component could be exploited much further. By comparison, flaws running on any Unix type system, including Linux, were confined to the one application and generally could not be exploited to comprimise the whole system.
Many attacks are successful because of weak passwords; with modern cracking tools these can be successful against a theoretically invulnerable system at least to get into it.
One wonders what strength the passwords were for the honeypots.
I know one version of NT, for example, woud only allow 8 character passwords (to be entered) although internally they could be 16 characters.
I remember similar restrictions to Red Hat 5.2 (Ancient History now).
….Dave Dawson beagleseven7777(AT)yahoo.ca
.