Linux security breaches at all time high
Posted by Daniel Fleshbourne on 04 June 2003 - 12:48 · 27 comments & 905 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by fdiaz2day on 04 Jun 2003 - 12:51
- Nobody is perfect...
-
#1.1 Posted by rob.derosa on 04 Jun 2003 - 13:02
- But some are more perefct than others
-
(1 reply)
#2 Posted by okidoki on 04 Jun 2003 - 13:02
- ...lack of a "trustworthy" computer initiative...
R O F L
that is all
was it sponsored by ms?
-
#3 Posted by leebobs on 04 Jun 2003 - 13:13
- So MS come out on top.... and still people bicker
-
(2 replies)
#4 Posted by Spectre on 04 Jun 2003 - 13:30
- that's hilarious. ignorant linux fanboys bash windows for its security even though their "own" operating system is much worse
oh, and guys: if every windows-supporting statistic is microsoft-funded then obviously every linux-backing statistic is linux-funded
-
#4.2 Posted by Whip-lash on 04 Jun 2003 - 14:24
- I agree with Vlad.
The Linux "fanboys" as you put it are in most ways correct about how much more secure Linux is compared to Windows. That doesn't mean that every single person that has a web server set up with Linux (or Windows) knows how to secure it. Should they? Yes, probably. Not everyone with a web server, however, is able to work on it full time. People do for the most part what they can with what they have. That's why most webservers out there are Linux based, because they are affordable. But since you have a lot of web servers run by, in many cases, inexperienced users, you will have many servers that are open to attacks.
As for the security between Linux and Windows, Linux has proven over and over again that it is a much more secure and reliable OS, IF it is properly secured. Most "out of the box" systems are not completely locked down, and neither are most Windows servers either. If you compare a properly secured Linux box to a properly secured Windows box, Linux still comes out on top. Their is no question about it. Try and back up what you say next time, Spectre.
And what the heck are you talking about "... obviously every linux-backing statistic is linux-funded"?
If you're going to do any sort of bashing, on either side, at least have valid points and some evidence to back up your claims, otherwise you make yourself look like a fool.
-
#5 Posted by Vlad on 04 Jun 2003 - 13:42
- Of course, there are practically zero linux-funded security audits, since no one company controls it. I'd be curious to see how much lower those numbers are if you attribute the stupidity factor of people. Software doesn't just magically make itself secure -- administrators have to ensure that their software is properly configure; this goes for any operating system.
Ignorant linux fanboys? You do realize how stupid you sound, don't you? Imagine if this pole included compromised desktop systems. The number of "security breeches" for windows would be astronomical. Is that the fault of windows? Not really. Is it the fault of stupid users? Mostly. I'd still put money that a properly secured IIS box is more insecure than a properly secure linux box.
-
#6 Posted by zivan56 on 04 Jun 2003 - 13:57
- Well its not surprising as it is the most used OS for web servers.
-
#7 Posted by SomeDork on 04 Jun 2003 - 15:18
- There's one thing surprising about it, actually: the Inquirer posted it, and it remotely smelled of a pro-MS stance!
Vlad: your money bet ... be careful! You are being somewhat hypocritical. It is conceivably possible that an intelligent admin can make both a IIS and an apache (since that's really what we're talking about here right?) system equally as secure.
You said it a different way but I'll illustrate my point differently. Take IIS5 and Apache. Turn everything off, so that neither are listening on any port. Voila, they are equally as "secure" right? Now, knowledgeably turn on ports based upon services you need and can support well, and have patched to the latest known secure ...
You see my point? IIS has more features but that doesn't inherantly make it less secure. It does give it more "girth" so to speak for attack space. But if you notice I didn't include IIS6 (win2003) since it does all this Secure by Default stuff, where absolutely everything is off by default.
-
(2 replies)
#8 Posted by Ely on 04 Jun 2003 - 15:26
- If Linux was the most widely used OS in the world then its security problems and flaws would be FAR beyond what they are now and would also be ASTRONOMICAL, but of course it ISNT and WONT be for quite long time, Windos is
-
#8.1 Posted by Spectre on 04 Jun 2003 - 15:58
- good point.
fact of the matter is, you have no evidence whatsoever that this report is microsoft-funded. so stop acting like every positive windows report is a huge advertisment sponsored by microsoft. there have been more linux breaches, please learn to deal with it.
there are no stupid computers, just stupid users. that is correct. but if you consider that the linux security breaches outweigh windows breaches 5:1, you start wondering how smart linux users really are. -
#8.2 Posted by JaggedFlame on 04 Jun 2003 - 16:15
- Even if a report is Microsoft-funded, it still doesn't damage its validity. I doubt a company would lay its reputation on the line just to support Microsoft.
If a company publishes results that aren't favorable to Microsoft, Microsoft wouldn't publicize them. It doesn't mean that the ones they do publish are wrong.
-
(1 reply)
#9 Posted by DrAwesome on 04 Jun 2003 - 15:27
- If you want a "trustworthy computing initiative," try OpenBSD.
-
(1 reply)
#10 Posted by macrosslover on 04 Jun 2003 - 16:16
- god forbid stupid admins are the problem on both sides
-
(2 replies)
#11 Posted by Prelude76 on 04 Jun 2003 - 16:19
- It has been estimated that the cost to U.S. businesses for only four Windows-based infections, Nimda, Code Red, SirCam and Love Bug, was about $13 billion. These infections were possible because of the unusually poor security design of Microsoft Windows. No other operating system has had such vulnerability.
don't read into this report about linux vs windows hacks. statistics can prove anything. 80% of people know that. truth lies in pudding: viruses/worms infect microsoft-based systems only. in linux, as long as you stay away from r00t login, you're 100% safe. -
#11.1 Posted by JaggedFlame on 04 Jun 2003 - 20:28
QUOTE in linux, as long as you stay away from r00t login, you're 100% safe.
Not at all. If it were that simple, would we need six-figure Linux administrators?
-
#12 Posted by DrunkenMaster on 04 Jun 2003 - 16:25
- Of course incidents are on the rise: more Linux systems are being installed. I
Funny. MS is claiming their "trustwortthy initiative" but I don't recall giving FREE system security advice as part of the support contracts. So MS systems are no better than Linux in this respect: you have to pay $$$ if you want outside expert advice for system security.
-
(1 reply)
#13 Posted by JBElemental on 04 Jun 2003 - 16:37
- Theres also a whole lot more linux servers than windows servers..
-
#13.1 Posted by Daybreak on 04 Jun 2003 - 17:40
- Well actually, I do believe the increased figure would primarily stem from hosting companies using Linux. Not actually having the report to read so I can't actually determine, but the company most probably took a single website defaced as a system.
Hence, if you compromise a Linux server from a hosting company putting up dozens of sites, and if the company counts each site cracked, then the number of Linux systems broken into rises rapidly.
So accounting for that effect, the number would probably be the same on both sides...
-
(1 reply)
#14 Posted by puredeath on 04 Jun 2003 - 19:01
-
-
#15 Posted by nacs on 04 Jun 2003 - 19:51
- Why is it suprising that there have been more Linux-powered sites being cracked than MS-powered websites if the majority of internet servers are Linux powered?
Also, many virtual hosting companies put hundreds of websites (literally) on the same box. Did this statitistic count each physical server as one 'cracked server' or each one of those sites as cracked?
It issued figures saying that the reason for the vulnerabilities was down to improperly configured systems, lack of a "trustworthy" computing initiative, and corporations choosing Linux because of its cost but not costing in technical support overheads.
In May this year, 19,208 successful breaches were recorded against Linux based systems, compared to 3,801 against MS Windows based systems, it claimed. Both the USA and the UK were most attacked during the three months which included the Iraq war.
During first stage of V5 beta, we will be concentrating on two major issues:
WU Web Site beta testing - including gross and detailed site functionality, site UI, and site text
- WU content Beta testing - all content delivered through the WU site (with the exception of Security Updates, there is another channel for those) will have a specific beta release/test period. This includes driver update content.
- After the initial beta period, the WU V5beta program will continue to be involved in Beta update testing of software and driver content prior to their RTW ('going live') on the v5 site.
- Platform - current plans for V5 Beta are that all beta testers will require a platform of windows 2000 SP2 and later, for a testing platform.
- No one in either WU Beta or Office Beta groups have been enrolled in the V5 beta program, yet.
Neowin Note: This is probably the reason for the previous questionnaire on betaplace asking "Which Operating systems do you want to see on Windows Update" so if you haven't completed the questionnaire yet now might be a good time to do so.