Hi
Gary,
The article
focuses specifically on web site defacements as a
measurement of OS vulnerability. How users login, whether using root accounts or
more restrictive ones, does not
matter much in this case, does
it?
--Eric
Hi Eric,
I'm not sure I see how this can be as big a deal
to a Linux installation or user.
Most Windows users, especially in the home, use
Admin accounts. That's great and unrestricted, but very dangerous, since there
is no restriction for a virus or worm to unleash
full havoc.
Linux users, OTOH, use restricted accounts (or at
least they should be). Most of us don't log in as root, except for major
maintenance or updates, and that means the OS itself is far less easily
compromised. Sure, a well designed worm can still make life miserable for a
while, but the odds of a total mess are greatly reduced. Also, most of us who
have been around computers for a while know not to use stupid-simple passwords
for accounts, especially not for root.
I guess I don't see how this kind of thing
is a greater threat to Linux, which tends to be a more secure
architecture in the first place -- if not because of its design,
then because of its more knowledgeable user base.
Comments?
-Gary
----- Original Message -----
Sent: Friday, June 27, 2003 4:07
PM
Subject: [RLUG] The Slammer Worm
Effect: Why Linux OS is More Attackable than Win dows OS
Hmmm...
The following security advisory is sent to the
securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - - - - - - - -
The Slammer Worm Effect: Why Linux OS is More Attackable than Windows OS
A very interesting analysis of the amount of attacked hosts (Linux vs.
Windows) has been created by Zone-H. It shows that taking into account such
worms as Slammer, reveals that Linux is currently the most attacked host on
the Internet.
The news appeared during the last days in which London based MI2G.com
stated that Linux OS is now more attacked then Windows has been reported by
media and immediately criticized by the IT Security world.
MI2G is
basing part of their research job relying on Zone-H.org databases therefore
they based their last press release using the data Zone-H is sending to all
its mail subscribers regarding the daily attacks.
Using such data
MI2G was calculating that the amount of Linux attacks has stably overcome
the Windows attacks.
The direct result of Zone-H data organized in a
chart graphically supporting MI2G statement is in fact showing that today
Linux attacks are as 5 times higher than the Windows ones.
![http://www.zone-h.org/static/gfx/winvslinux1.gif]()
The IT Security world has immediately attacked MI2G statement saying
that when counting the attacks MI2G accounted all the mass-defacement (an
attack that while hitting a single IP or host, generates multiple
defacements like it usually happens to big hosting companies) as single
hits.
The Itsec purists argued that the mass-defacements should be
accounted instead as 1 single hit therefore MI2G statement was either
premature or inaccurate.
The only organization that has enough
authority to solve the dilemma is Zone-H as today is holding the most
complete database having access to direct statistics.
Therefore,
today Zone-H staff started to dig in the archives filtering out all attacks
by SINGLE IP divided into the different OSs.
The results that came
out is clear: Linux is in effect the most attacked Operative System, and
this already since middle March 2003 as you can check by this graph:
![http://www.zone-h.org/static/gfx/winvslinux2.gif]()
The graph is showing the attacks trend during the last 16 moths.
The graph shows clearly that one of the most hit OS over the time
was Windows (red line). The interesting fact is that since middle-January
2003 Windows became for some unknown reasons less attacked (and less
attackable) than Linux.
Zone-H identified the reason of this strange
phenomenon in what Zone-H calls the "Slammerworm effect".
In fact,
the Slammer worm ha produced since December 2002 a spike in the Windows 2000
statistics. Since then, the Slammer worm threat has been so much covered by
the media that companies started to patch at a speed never seen before. The
result of this process is that Windows OS has instantly become less
attractive for crackers.
If we also consider that the number of the
worldwide Windows installations is presumably higher than the Linux
installation it means that a properly weighted analysis would reveal that
the Linux "hacker attractiveness" would be even clearer.
The
graph generated from Zone-H databases is also showing other interesting
aspects: the web cracking phenomenon is transforming more and more into a
social problem very much related to political issues.
The September
11th anniversary and the Iraq war have been the reason why the overall
number of attacks has increased 500%, hitting this year an amount of targets
never seen before.
If anybody before was under evaluating the
web-cracking events, these graphs and numbers should be the reason of paying
more attention to these facts as they are more and more configuring a
sociologic problem.
Additional Information:
The original article can be
found at:
http://www.zone-h.org/winvslinux
The information has been provided by SyS64738 of http://www.zone-h.org/.
================================================================================
This bulletin is sent to members of the SecuriTeam
mailing list.
To unsubscribe from the list, send mail with an empty
subject line and body to: [EMAIL PROTECTED]
In order to subscribe to the mailing list and receive advisories in HTML
format, simply forward this email to: [EMAIL PROTECTED]
================================================================================
================================================================================
DISCLAIMER:
The information in this bulletin is provided "AS IS"
without warranty of any kind.
In no event shall we be liable for any
damages whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages.
---
Outgoing mail is certified Virus
Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version:
6.0.493 / Virus Database: 292 - Release Date:
6/25/2003
