|
Hi Eric,
I'm not sure I see how this can be as big a deal to
a Linux installation or user.
Most Windows users, especially in the home, use
Admin accounts. That's great and unrestricted, but very dangerous, since there
is no restriction for a virus or worm to unleash
full havoc.
Linux users, OTOH, use restricted accounts (or at
least they should be). Most of us don't log in as root, except for major
maintenance or updates, and that means the OS itself is far less easily
compromised. Sure, a well designed worm can still make life miserable for a
while, but the odds of a total mess are greatly reduced. Also, most of us who
have been around computers for a while know not to use stupid-simple passwords
for accounts, especially not for root.
I guess I don't see how this kind of thing
is a greater threat to Linux, which tends to be a more secure architecture
in the first place -- if not because of its design, then because of
its more knowledgeable user base.
Comments?
-Gary
----- Original Message -----
Sent: Friday, June 27, 2003 4:07 PM
Subject: [RLUG] The Slammer Worm Effect:
Why Linux OS is More Attackable than Win dows OS
Hmmm...
The following security advisory is sent to the
securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - - - - - - - -
The Slammer Worm Effect: Why Linux OS is More Attackable than Windows OS
A very interesting analysis of the amount of attacked hosts (Linux vs.
Windows) has been created by Zone-H. It shows that taking into account such
worms as Slammer, reveals that Linux is currently the most attacked host on
the Internet.
The news appeared during the last days in which London based MI2G.com
stated that Linux OS is now more attacked then Windows has been reported by
media and immediately criticized by the IT Security world.
MI2G is
basing part of their research job relying on Zone-H.org databases therefore
they based their last press release using the data Zone-H is sending to all
its mail subscribers regarding the daily attacks.
Using such data MI2G
was calculating that the amount of Linux attacks has stably overcome the
Windows attacks.
The direct result of Zone-H data organized in a chart
graphically supporting MI2G statement is in fact showing that today Linux
attacks are as 5 times higher than the Windows ones.
![http://www.zone-h.org/static/gfx/winvslinux1.gif]()
The
IT Security world has immediately attacked MI2G statement saying that when
counting the attacks MI2G accounted all the mass-defacement (an attack that
while hitting a single IP or host, generates multiple defacements like it
usually happens to big hosting companies) as single hits.
The Itsec
purists argued that the mass-defacements should be accounted instead as 1
single hit therefore MI2G statement was either premature or inaccurate.
The only organization that has enough authority to solve the
dilemma is Zone-H as today is holding the most complete database having access
to direct statistics.
Therefore, today Zone-H staff started to dig in
the archives filtering out all attacks by SINGLE IP divided into the different
OSs.
The results that came out is clear: Linux is in effect the most
attacked Operative System, and this already since middle March 2003 as you can
check by this graph:
![http://www.zone-h.org/static/gfx/winvslinux2.gif]()
The
graph is showing the attacks trend during the last 16 moths.
The graph
shows clearly that one of the most hit OS over the time was Windows (red
line). The interesting fact is that since middle-January 2003 Windows became
for some unknown reasons less attacked (and less attackable) than Linux.
Zone-H identified the reason of this strange phenomenon in what Zone-H
calls the "Slammerworm effect".
In fact, the Slammer worm ha produced
since December 2002 a spike in the Windows 2000 statistics. Since then, the
Slammer worm threat has been so much covered by the media that companies
started to patch at a speed never seen before. The result of this process is
that Windows OS has instantly become less attractive for crackers.
If
we also consider that the number of the worldwide Windows installations is
presumably higher than the Linux installation it means that a properly
weighted analysis would reveal that the Linux "hacker attractiveness" would be
even clearer.
The graph generated from Zone-H databases is also
showing other interesting aspects: the web cracking phenomenon is transforming
more and more into a social problem very much related to political issues.
The September 11th anniversary and the Iraq war have been the reason
why the overall number of attacks has increased 500%, hitting this year an
amount of targets never seen before.
If anybody before was under
evaluating the web-cracking events, these graphs and numbers should be the
reason of paying more attention to these facts as they are more and more
configuring a sociologic problem.
Additional Information:
The original article can be found
at:
http://www.zone-h.org/winvslinux
The information has been provided by SyS64738 of http://www.zone-h.org/.
================================================================================
This bulletin is sent to members of the SecuriTeam mailing
list.
To unsubscribe from the list, send mail with an empty subject line
and body to: [EMAIL PROTECTED]
In order to subscribe to the mailing list and receive advisories in HTML
format, simply forward this email to: [EMAIL PROTECTED]
================================================================================
================================================================================
DISCLAIMER:
The information in this bulletin is provided "AS IS"
without warranty of any kind.
In no event shall we be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages.
---
Outgoing mail is certified Virus Free.
Checked
by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.493
/ Virus Database: 292 - Release Date:
6/25/2003
| 