“Linux advocates often pride the operating system to be more secure than Windows but this claim could have attracted the unwanted attention of the hacking community,” Angus Kidman reports for CNETAsia. “An analysis of hacker attacks on online servers in January by U.K.-based security consultancy mi2g found that Linux servers were most frequently hit, accounting for 13,654 successful attacks, or 80 percent of the survey total. Windows came in a distant second with 2,005 attacks.”
“A detailed analysis of government servers also found Linux to be more susceptible, accounting for 57 percent of all security breaches… the sharp rise in Linux breaches probably reflects a lack of training and deployment expertise rather than inherent security problems within Linux, mi2g officials suggested,” Kidman reports.
“According to the study, the most secure OS turned out to BSD (Berkley Software Distribution) and Mac OS X,” Kidman reports.
Full article here.
Interesting article since it says that BSD Unix and Mac OS X are most secure. but I think it may add to the security through obscurity argument. I wonder how many server run BSD?
Buffy,
The article says that Linux may have drawn this “unwanted attention” because of it’s claims of being so much more secure than Windows. Since its release OS X has been touted as being just shy of bulletproof where security is concerned. I’m sure the attention is out there from the hacking community… they just haven’t been able to do anything with it.
I once came across an article long ago that put security hacks into perspective: Despite the “security through obscurity” argument, think of the reputation any hacker would get if they were to breach an insanely secure OS such as BSD/ OS X. In other words– who cares if you found a way to escape from any low-security prison? It’s the guy that escaped from Alcatraz that gets the glory.
Clearly they aren’t counting every worm that invades a Windows box as a breach! Maybe they should be!
Windows is “hacked” less because you don’t even need to hack it. It hacks itself and installs all the spyware/SMTP-relay software you ever need.
Isn’t it interesting that an article that could have just as well been written with the title, “MacOS X, BSD, mosts secure OS” was instead written to boost Windows and take Linux down a peg in the security arena?
David, read the article
“mi2g said its study focused on “overt digital attacks” and did not include other methods of intrusion such as viruses and worms.”
They aren’t counting them.
I had a server with BSD, unfortunately the hosting providers told me that there were more products for Red Hat Linux and of course there was better documentation on the product. For BSD I was told the documentation was scattered at best. I sometimes wish there was better documentation for BSD, where OSX is derived from and more products with better documentation for the BSD platform. I would have stuck with it.
I wouldn’t take anything mi2g says with a grain of salt. They are a bogus “security consulting” firm. You can find plenty of criticism of them on google.
Here’s a good article on them: http://www.theregister.co.uk/content/55/28233.html
I think Bill got it right. This seems to be a pro-Windows, even anti-Mac article– since what you gleen from the article is that Mac is up there only because it’s so obscure.
“I wonder how many server run BSD?” – Buffy
A lot. MacDailyNews for one. I have several sites running on FreeBSD.
The article is about servers. The email worms don’t affect servers, except by eating up bandwidth.
The article actually hurts the security through obscurity myth. The ratio of attacks to breaches does not support that theory. The only bit of the article that seems to support that theory is that hackers are drawn to claims that Linux is more secure; that hackers rise to a challenge. That actually has nothing to do with obscurity, though.
I’d like to see a breakdown of the types of breaches. Are most of the Linux breaches due to user laziness? How about the Windows breaches–same problem?
I haven’t read the article, but I notice that they mention Linux gets 57% of the breaches. How many does Microsoft get? The remaining 43% ?
Please,
If this was true; IT people would be using an Apple OS.
The fact is they rely on Windows.
This article is written by a firm that sells Apple products.
“For the first time, the number of recorded breaches against government servers running BSD or Mac OS X worldwide fell to zero in January 2004,” the analyst said
That is security as it should be
…”I wonder how many server run BSD?”…
Well the majority of the web runs on some kind of Unix flavor. BSD covers 3 flavors (OpenBSD, NetBSD, FreeBSD). Then you have Solaris, a BSD/System V variant, and then of course Mac OS X. Even Microsoft’s own hotmail servers are running some BSD flavored boxen.
BSD is well known for security and has a well known reputation that backs it up. Windows has never been secure because Microsoft didn’t make it a priority from day 1. Bell Labs on the contrary, made security a priority from day 1 and it shows (from BSD’s point of view)!
To Sputnik:
Read the website: http://mi2g.com/
They do not sell Apple products.
“If this was true; IT people would be using an Apple OS.”
Sputnik,
SMART IT people you mean. You’re obviously under the impression that IT people are all well-informed, not subject to petty human failings, and are ALWAYS motivated to do what’s best for their company. Many companies use Microsoft products because:
1) They already have a huge investment in Wintel hardware and simply don’t have the resources to start again from scratch, so they’re locked into it;
2) Much of their mission critical software simply doesn’t exist for Mac OS X;
3) IT people are well aware of the fact that their job security depends on them being viewed as indispensible (dealing with the myriad patches, updates, security emergencies, etc.).
I’ve heard many horror stories of clueless or cowardly CTO’s who are compelled to toe the company line through ignorance or fear for their employment. One friend of mine was explicity banned from bringing his TiBook to work because, he was informed, “Macs can’t connect to the Internet.” When he told them that this was patently false and offered to demonstrate, the replies were “Well, it can’t connect to our network,” “It can’t use Microsoft Office,” and his favorite, “Because I said it can’t!” Shortly afterward, he kissed them goodbye and went into his family’s small manufacturing business, which now runs on Macs at his insistence.
My friend by the way, learned to code in assembler and used to be programmer for IBM. He also has an MBA, and his favorite OS is still the Amiga (you think Mac lovers are fanatics?). He started using OS X a couple years ago and thinks it’s the most promising OS he’s ever seen. Now he’s an example of a SMART IT person.
Security through obscurity my *ss!!! Buffy – A VERY Large Portion of the web runs on BSD, check this out: http://uptime.netcraft.com/up/today/top.avg.html
A VERY Large Portion of the web runs on BSD, check this out: [url=http://uptime.netcraft.com/up/today/top.avg.html]http://uptime.netcraft.com/up/today/top.avg.html[/url]
hmmm, so what’s with the Japanese and Scandinavians dominating?
BSD’s not at ALL obscure. In fact, a couple years ago I read that even though Linux got all the attention in the media, FreeBSD was still the most widely-used open-source OS. Linux has presumably passed them by now (and OpenBSD and NetBSD are also open source) but still, add that to the commercial paid BSD versions and you have a big block of UNIX sitting alongside OS X/Darwin.
So, BSD is not obscure. Interesting.
Server Attacks:
Linux: 80%
Windows: 12%
Other: 8%
The author says that Linux’s security claims attracted hackers, but at least some of the attacks had to be against the organization, looking for some secret information. The fact that a Linux server was involved is beside the point in those cases.
It’s more likely that Linux’s security claims have attracted organizations who have sensitive data, so a very high portion of the servers containing the good stuff are using Linux.
In any case, I’d still like to have these numbers:
Successful breaches:
Linux: 57%
Windows: ?
Other: ?
static66, very interesting. I checked out the “most requested” link. Odd, “windowsupdate.microsoft.com” was listed as “unknown.” hmmmm. Maybe it’s too important to trust to the 2003 server they had for their other sites since it is supposed to protect m$ users from m$ itself?
“For BSD I was told the documentation was scattered at best.”
Your hosting providers lied to you. The FreeBSD Handbook is a great place to start. You can also find more doc links on their home page.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
NetBSD Documentation:
http://www.netbsd.org/Documentation/
OpenBSD FAQ:
http://www.openbsd.org/faq/index.html
The security through obscurity argument is a bunch of bs I think. What “hacker” would not want to be the one that cracked a box running the OS that claims “Only one remote hole in the default install, in more than 7 years!” That OS is OpenBSD.
“I wonder how many server run BSD?”
Nearly 2 Million Active Sites running FreeBSD
“FreeBSD … is the only other operating system that is gaining, rather than losing share of the active sites found by the Web Server Survey.”
Full story at Netcraft:
http://news.netcraft.com/archives/2003/07/12/nearly_2_million_active_sites_running_freebsd.html
It is really truly amazing all you people.
READ the article again, word for word VERY carefully this time.
SPSB
(Stupid People Should Not Breed)
What the hell was that all about UknOSXwhatever? I think the more appropriate would be:
SPSB: Stupid Poster Shouldn’t Bother
Maybe you would like to point out which posts prompted that rather childish reaction?
Linux is for consumers who have less money than stupidity.
BSD is for professional administrators who know what they’re doing. It is inherently secure and powerful.
FreeBSD, all the way!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />