[ISN] Linux lasting longer against Net attacks

InfoSec News isn at c4i.org
Thu Dec 23 04:13:44 EST 2004


By Robert Lemos 
CNET News.com 
December 22, 2004

Unpatched Linux systems are surviving longer on the Internet before
being compromised, according to a report from the Honeynet Project
released this week.

The data, from a dozen networks, showed that the average Linux system
lasts three months before being compromised, a significant increase
from the 72 hours life span of a Linux system in 2001. Unpatched
Windows systems continue to be compromised more quickly, sometimes
within minutes, the Honeynet Project report stated [1].

The results are probably due to two trends, said Lance Spitzner,
president of Honeynet, which develops software for deploying computer
systems as bait for online attackers. The default installations of new
Linux systems are much more secure than previous versions of the
open-source operating system, he said. Secondly, attackers seem to be
much more concentrated on Windows systems than on Linux systems, and
on attempting to fool desktop users, of which the vast majority use

"Everybody is focused on Windows," Spitzner said. "There is more money
(for an attacker) to be made on the Windows systems."

The study is the latest data on the relative security of Linux systems
versus Microsoft Windows. Last week, students found dozens of flaws in
software that runs on Linux systems, and a research report stated that
a thorough analysis of the Linux kernel turned up hundreds of flaws.  
However, in relative terms, those numbers are low compared to
commercial applications.

Honeynets, a term coined by the project, are networks of computers
that are placed on the Internet with the expectation that they will be
compromised by attackers. The networks are heavily monitored, and the
data is used to research the latest tactics of online miscreants.

While some of the Windows XP systems on the honeynets used for the
latest study were compromised within minutes of being placed on the
Internet, newer versions of the Linux operating system from Red Hat
failed to be compromised by random attacks for more than two months.

Debbie Fry Wilson, director of product management for the security
response center at Microsoft, told CNET News.com that the company's
latest operating system is more secure than the report suggests.

"While it is not clear which version of Windows was used during the
study, we feel that a Windows XP SP2 configuration with the Windows
firewall enabled is the most resilient client operating system
available in the market and can withstand attack much longer," Wilson
said. "We are pleased that the report indicates that two Windows-based
honeynets in Brazil withstood attack for several months. However, we
are not certain that the report provides conclusive data based on a
controlled and scientific study comparing the two operating systems."

Every Windows system compromised during the study had its security
breached by a worm.

However, Spitzner stressed that the Honeynet Project does not have
enough Windows systems deployed to offer meaningful data on that
operating system's security. Moreover, the report does not specify
what version of Windows XP had been running on the systems that had
been compromised and whether any Service Pack upgrades had been

The study did find that more recent versions of the Linux operating
system lasted longer on the Internet without patching.

[1] http://www.honeynet.org/papers/index.html

More information about the ISN mailing list