Report: Linux ‘the most-attacked operating system’; BSD Unix the least ‘successfully breached’

“Linux, not Microsoft Windows, remains the most-attacked operating system, a British security company reports. During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report,” Jack Kapica reports for The Globe and Mail. “Just 360

21 Comments

  1. More interesting than writing to the congressman will be
    seeing whether this article gets a link from slashdot or not. ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  2. Maybe its because most of the servers were running Linux? These were not attacks against Linux as much as they were against applications running on Linux. I quote Mi2g themselves from 2002:

    “The sudden rise in attacks on systems running Linux earlier this year was due to several easily exploitable vulnerabilities being uncovered in open source third party applications such as PHP scripts and bulletin boards. Bad or default configuration of Linux and the applications running on it were also determining factors for the success of the overt attacks.”

    With a good Systems Administrator running the server, I’d still take Linux over Windows everytime.

  3. “With a good Systems Administrator running the server, I’d still take Linux over Windows everytime.” – Jeff

    Yes, well, thankfully there are options other than those two.

  4. I would suggest that you write your congressman regarding the rare penetration of BSD servers and the number of OS X viruses. There is a tremendous amount of discussion going on right now regarding these issues and at least one congressman plans to ask the Dept. of Homeland Security some questions with regards to their selection of Windows as the platform.

  5. Did anyone notice that while the article went to great pains to paint Linux as the most insecure op system and praise Microsoft for their laughable efforts to increase op system security, BSD was given a quick nod and then passed by… while carefully ignoring Mac OS X which is not only a variant of what they admitted to be the most secure op system mentioned, is also the most secure version of BSD.

    I wonder who paid for this study?

  6. Note that this is just about servers–which would be why other counts rate Windows as more vulnerable: other counts include actual personal computers too. (Which for home and office users, is relevant.)

  7. The article (maybe the report does) doesn’t say what is the total percentage of online servers for each platform, therefore I dont think it is wise to reach conclusions, however based on other statistics I have seen, I do believe OS X is the safest platform.

    If they had said that 80 % of the total percentage of Servers online, are running Linux, and that the percentage of successful attacks, 67% is against Linux, THEN we might say that Linux has a lower percentage of attacks given its percentage of use. Something that could be interpreted as good, if for example the % of windows servers is 20% and has 30% of the attacks.

    Therefore if less than 2% of attack were against BSD, I dont know what it means, is it lower just because there are less BSD servers? or because it is safer (I know the answer, but not from this article).

  8. What I want to know is the ratio of number of successful breaches to number of attacks for each OS. If it takes 4,626 attempts to gain access to 4,626 Windows servers, I’d say that Windows is as good as swiss cheese even if 12,892 Linux servers are breached (assuming that it takes more than 12,892 attempts, of course). Then, you still have to consider how the computers are breached, i.e. the skill required to breach them. Then, you have to consider who the administrators are, i.e. did they open up the system by mistake or by lacking a clue?. Then, you have to break down the percentages of servers running each OS.

    The numbers alone do not mean a thing. Remember the quote about lies and statistics.

  9. Yes Statistica, you are very right. Those numbers alone don’t say much and not much can be inferred out of them.
    They need additional supportive data (which undoubtedly do exist somewhere).

  10. Borborygmus wrote:

    “…while carefully ignoring Mac OS X which is not only a variant of what they admitted to be the most secure op system mentioned, is also the most secure version of BSD.”

    I think this can be disputed, but Mac OS X is relatively much more secure than all of the “desktop” operating systems out there. Keeps me coming back. ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  11. Apple provides both server and desktop versions of MacOS X. So one could easily argue that Apple Computer provides the most inherently secure combination of server and desktop computers.

    Apple Corps, on the other hand, does not make computers. But perhaps Apple Computer should sue them for USING computers?? ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  12. I’ve been following a discussion on security in OSX Classic over at Macintouch which appears to be a little worrying. Basically, if you run the default installed Netscape 4 via Classic on OSX, you can type file:///Macintosh HD/ and not only browse your entire OS (including other users’ home directories) but copy files out of directories that can then be opened or executed. It appears that Classic can therefore bypass all OSX file security, meaning OSX _isn’t_ as secure as regular BSD.

    Which leaves me with the following questions:- If Netscape can exploit this, can a trojan horse hidden on a website do the same? If so, is the only way to prevent it to remove Classic from the computer?

  13. Dave H – Classic doesn’t run by default. It is like an emulation program. It has to be launched in order to do anything. Of course, I got rid of Classic on all my Macs a long time ago – and have NEVER used Netscape on my machines. Another issue you are overlooking is that even if one were to try to exploit the supposed insecurities you point out, it would be FAR more difficult than anything done on Windows. You would have to launch Classic AND launch Netscape without the user knowing. Good luck.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.