Interesting phenomena goes against popular "wisdom".
|
| Author | Content |
|---|---|
| PaulFerris Jan 19, 2005 9:30 AM EDT |
The popular "wisdom" is that as Linux gains more popularity, it will become less secure. The general noise is "Well, Windows is just getting all the exploits because it's so popular". This is one of those speculations, actually. Without a doubt, someone is going to go for the biggest bang for the buck, and I can see that. But to state the above as if it tells the whole story is really missing the obvious possibility that it's more than a one-dimensional problem -- that it's popular _and_ extremely insecure in conceptual and theoretical areas. Going against the simple theory are things like this story. Linux has gained popularity -- yet somehow it's not getting hacked as quickly. Gee, that surprises the crap outta me :) It adds insult to injury that our government did next to nothing to halt Microsoft's violation of anti-trust law -- their circumvention of the free market allowed this horrible situation to brew to full fledged disease. Now people would love to have more secure choices, but where are they? Darn good thing Microsoft made the world a better place for them, isn't it? --FeriCyde |
| tuxchick Jan 19, 2005 9:56 AM EDT |
This "wisdom" has been spread by the tech press because it sounds reasonable, and saves them the trouble of actually doing some homework. Though to be fair, most reporters and journalists do consult experts and try to get the facts. Unfortunately the F/OSS world and real security experts who understand both Windows and Linux architecture have not done a good job of getting their stories out, and are outtalked by the carefully-cultivated-by-M$ "experts" and "analysts." I imagine most folks here are well-acquainted with Gartner and Yankee group, and those vendor-sponsored "studies" that get so much exposure. |
| Glimmung Jan 19, 2005 11:37 AM EDT |
Did you read the article? I advise you skip to the end of page two. This article is just a repeat of the same rubbish. It is good in that they have shown an improvement in the security of Linux, but that is all they have shown, at this stage. The researchers still think the reason is poularity, and nothing to do with mankind's natural bent towards the path of least resistance. Crooks are lazy otherwise they would work for a living. There is no way they are actually going to work hard when there are systems out there that even when properly secured are a piece of cake to get into. No...the researchers here have not fully considered the implications of what they have discovered. The question was asked but not answered. Why are Linux systems not being attacked? I would like to know what kind of cracking happened on these systems, that would provide a better picture of why Linux systems are not cracked as often even when vulnerable. What was the aim of the crackers. Did they get root access, or only a user access. What did they try to do. Steal data, turn the machine into a spam zombie, hijack the website. Was it real unadulterated criminal activity or people hoping they found an open system with something useful. Another consideration is that several reports came out last year (or 2003) stating that Linux servers got attacked more often than Windows (not cracked only attempted). So the popularity argument has to be dead if those reports are true. In which case why are Linux systems not being cracked with the same enthusiasm as Windows. Because they are harder to break and far far more secure, perhaps? This research has made a start but it is far from proving the researchers final statement, and may in fact only prove that security is constantly improving in Linux, which was already far more secure than Windows. |
| tuxchick Jan 19, 2005 11:54 AM EDT |
"They also think that as all operating systems, both Windows and Linux, become more secure, there is a "growing trend toward social engineering, like phishing" attacks, which target users instead of systems. " Definitely true, we've all seen this. "Finally, the researchers believe that "based purely on economies of scale, attackers are targeting Win32-based systems and their users, as this demographic represents the largest percentage of install base." " Without any real evidence, this is arguable. From a purely hypothetical standpoint it makes sense for identity theft and other organized crime activities who rely on viruses/Trojans horse and other malware. Windows merely assists by both having the largest installed desktop base, and being easy to compromise. But everyone is vulnerable to phishing. Truly amazing how shortened the time has become from first discovering the pretty new pristine pool, to pissing in it and thoroughly fouling it. |
| phsolide Jan 19, 2005 12:24 PM EDT |
I have a deep suspicion of the "market share" argument about Windows security problems: the "Witty" worm, and more recently, the "Santy" worm both targeted extremely small installed bases. "Witty" seems to have compromised 100% of the installed base. "Santy" didn't do very good searching, relying on Google, so it seems to have only infected a fraction of the installed base of phpBB2 population. Also, Apache has an installed base 2 or 3 times that of IIS, yet the only Apache worm (slapper) had a very small, brief existance. I have to draw two conclusions: 1. The "market share" theory comprises special pleading for the use of MSFT products 2. No phenomenon like "herd immunity" exists for internet worms |
| TxtEdMacs Jan 19, 2005 12:51 PM EDT |
Glimmung: "Another consideration is that several reports came out last year (or 2003) stating that Linux servers got attacked more often than Windows (not cracked only attempted). So the popularity argument has to be dead if those reports are true. In which case why are Linux systems not being cracked with the same enthusiasm as Windows. Because they are harder to break and far far more secure, perhaps?" Perhaps yes or perhaps not regarding the OS, but for certain the average system admin. on Linux/Unix boxes is more knowledgeable. |
| tuxchick Jan 19, 2005 3:21 PM EDT |
"the average system admin. on Linux/Unix boxes is more knowledgeable." Not only that, Linux/Unix is easy. Yes, you heard me right, easy. Or at least easier than Windows. I do system and network administration on both platforms. I started out in the days of MS DOS-5 and winderz for workgroups 3.11. I know I'm preaching to the choir here, but there is no comparison. Windows hides all the wrong the stuff and exposes all the wrong stuff- hence the trivial ease of writing exploits without access to the source code. Every Windows release introduces insane new complexities- good gosh, the service packs alone are bigger than a basic Linux server - and for a long time a parade of goofy new networking protocols that were based on standards, but different enough to drive us poor admins trying to communicate with other platforms totally insane. And poor mangled services like DHCP and DNS (I dare you to look at MS DNS in the eye without turning to stone.) And WINs and all these weird little secret services like Messenger and Alerter than the black hats always find and exploit, but escape the notice of most windows admins. When I discovered Linux (RH 6, I think) it was like a breath of sanity. It made sense. Everything was in plain view, and not morphed into some gawdawful mess designed to keep users chained to M$. Windows is far more complex to administer and secure than Linux/Unix, yet it it has been promoted from day 1 as easier. No wonder things are the way they are. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!