The Inquirer-Home

Unpatched Linux still better than Windows

Honeypot's claim
Thu Jan 20 2005, 07:39
AN UNPATCHED Linux server was able to sit on the Internet for months before being successfully compromised while one running Windows was turned over in a few hours, according to a security report.

The report's writers from the Honeypot Project said they did not set out to show that Linux is more secure than Windows. Instead, the group set out to ask the question: "Why is no one hacking Linux anymore?"

They set up 12 "honeynets" internet servers in eight countries (the United States, India, the United Kingdom, Pakistan, Greece, Portugal, Brazil and Germany).

Data was collected during 2004, with most collected in the past six months.

According to the report, 24 unpatched Unix honeypots were deployed, of which 19 were Linux, primarily Red Hat. There were nine Red Hat 9.0, five Red Hat 7.3, two Fedora Core 1 and one each of Red Hat 7.2, SuSE 7.2 and 6.3 installations. In addition, the group deployed two Solaris SPARC 8, two Solaris SPARC 9 and one Free-BSD 4.4 system.

Only four Linux honeypots (three RH 7.3 and one RH 9.0) and three Solaris honeypots were compromised. Two of the Linux systems were compromised by brute password guessing and not a specific vulnerability.

According to data from the Symantec Deepsight Threat Management System Win32 servers in similar situations have a life expectancy of a few hours.

The report suggests that Linux distributions have become harder to compromise because newer versions have more secure defaults with fewer services enabled and automatically running firewalls.

They also suggest that as all operating systems, both Windows and Linux, become more secure, social engineering techniques like phishing attacks, which target users instead of systems are more likely to succeed.

They also point out that attackers are targeting Win32-based systems and their users, as this demographic represents the largest percentage of install base.

You can read all about it here. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?