A Grain of Salt Reloaded
This feature is a 'technical advice' article. It is devoted to help consumer advisors to make informed decisions about what product and technologies can offer benefits to consumers. The issue treated is particular and needs to be integrated in order to give complete assessments on consumer products (ie. this paper debates some aspect in computer security, but a computer product is 'much more' than its security alone). This said, it needs to be remembered that we try to report informed opinions to the public, but they are only opinions, and nothing more. Use them for your benefit and remember that this feature is open (as the rest of this magazine) to peer review. You'll find our e-mail addresses reading www.thinkmagazine2.org.
A recent press release by Mi2g (http://www.mi2g.co.uk) UK security consultants again stigmatizes poor security of Linux (and to a lesser extent of Windows) giving statistics about overt attacks performed by crackers (cybercriminals) on machines connected permanently to the Internet. Since this kind of machines very usually are servers and since
"MI2G is basing part of their research job relying on Zone-H.org databases"
http://www.zone-h.org/en/winvslinux (Year 2003)
which archive defacements of web servers (very typical overt attacks) we could focus on the server panorama...
For now, here is the raw data (one year ending Nov.2004): on a total of 235,907 successful digital breaches
Linux accounts for 65.64 per cent
of the total successful overt attacks.
One can object that Apache does not mean Linux. It's true. Perhaps the most valid contestant to Linux in the Apache arena is FreeBSD. In fact a news release by Netcraft (June 2004) was saying:
This would place Linux around 60% of the total share of active hostnames (not parked domains). To resume briefly (please notice: VERY ROUGH ESTIMATES):
Linux overt attacks 65.64%
There not seems to be a clear difference between attacks to Windows and Linux platforms, in terms of sheer probability. BSDs on the contrary seem to fare rather well. However, weighing in the millions of hosts compromised by Windows server worms like SQL Slammer and others (see as reference our previous feature), this could spell bad news for overall 'real world' security of Windows server platforms.
Please notice: here we aren't discussing 'absolute security' of the various platforms, just 'average security' in normal condition of use. This includes human error (misconfigurations, etc). So don't take it on the religious side.
One could object that since mass hostings usually happen on Linux and BSD platforms, these should be far more attacked than they are...after all if I was a cracker I'd go only after big providers with poorly administered free homepages. This is a good argument, and if proven true could place BSDs in the Olympus and Linux quite well off in this kind of analysis, but I have no reliable data to investigate further on this issue.
In a later press release, Mi2g addressed the market share issue comparing the overall market share of the various platforms, including desktops. Since many manual overt attacks happen to webservers, I find the present analysis more accurate. Mi2g continued stating that one of the most valuable data about reliability of online platform is uptime, and pointed to a Netcraft analysis stating that the longest webserver uptimes are 'owned' by BSD platfoms. For reference see http://uptime.netcraft.com/up/today/top.avg.html
But be sure to have a look to the following uptime FAQ, also on Netcraft (emphasis mine):
The Linux kernel switched to a higher internal timer rate at kernel version 2.5.26. Linux 2.4 used a rate of 100Hz. Linux 2.6 uses a timer at 1000Hz. (An explanation of the HZ setting in Linux.)
Mi2g also periodically gives estimates about damages made by the various types of attacks. Since the amount of damage a compromise does depends widely on the importance of data contained in the compromised machine (ie. Government servers are usually more critical than mine), this seems not very related to the present article. Therefore I won't comment on this issue.
A final joke
Now, back to reality
(From 'The Register')
"80 per cent of home PCs infected - survey
(...)They found that nearly all Windows PCs are infected with some form of malware(...)"
Also remember that many widespread Windows worms open backdoors into compromised desktop and server machines, effectively r00ting them to benefit crackers for either manual or automatic, mostly covert, exploits.
-Speaking of servers, a good advice would be to use good service providers, regardless to the used OS. Servers are very exposed to many kinds of compromises, and need competent staff to handle them. Prefer paid contracts with some degree of service guarantee, if available.
-Speaking of desktops, the simple fact of using alternative platforms seems to restrict very much the chances to be infected or however compromised.
-Best practice, though, is to use the OS you prefer and know well (provided it's actively patched and updated by the manufacturer), patching and assisting it with attention. If all the systems deployed were patched and configured in a timely manner most exploits, either manual or automatic, simply wouldn't happen.
From Mi2g site