The report's writers from the Honeypot Project said they did not set out to show that Linux is more secure than Windows. Instead, the group set out to ask the question: "Why is no one hacking Linux anymore?"
They set up 12 "honeynets" internet servers in eight countries (the United States, India, the United Kingdom, Pakistan, Greece, Portugal, Brazil and Germany).
Data was collected during 2004, with most collected in the past six months.
According to the report, 24 unpatched Unix honeypots were deployed, of which 19 were Linux, primarily Red Hat. There were nine Red Hat 9.0, five Red Hat 7.3, two Fedora Core 1 and one each of Red Hat 7.2, SuSE 7.2 and 6.3 installations. In addition, the group deployed two Solaris SPARC 8, two Solaris SPARC 9 and one Free-BSD 4.4 system.
Only four Linux honeypots (three RH 7.3 and one RH 9.0) and three Solaris honeypots were compromised. Two of the Linux systems were compromised by brute password guessing and not a specific vulnerability.
According to data from the Symantec Deepsight Threat Management System Win32 servers in similar situations have a life expectancy of a few hours.
The report suggests that Linux distributions have become harder to compromise because newer versions have more secure defaults with fewer services enabled and automatically running firewalls.
They also suggest that as all operating systems, both Windows and Linux, become more secure, social engineering techniques like phishing attacks, which target users instead of systems are more likely to succeed.
They also point out that attackers are targeting Win32-based systems and their users, as this demographic represents the largest percentage of install base.
You can read all about it here. µ
Sign up for INQbot – a weekly roundup of the best from the INQ