Small study of unpatched Linux systems suggests that fewer attacks, and better default configurations, means less risk.
By Robert Lemos CNET News.com
Unpatched Linux systems are surviving longer on the Internet before being compromised, according to a report from the Honeynet Project released this week.
The data, from a dozen networks, showed that the average Linux system lasts three months before being compromised, a significant increase from the 72 hours life span of a Linux system in 2001. Unpatched Windows systems continue to be compromised more quickly, sometimes within minutes, the Honeynet Project report stated.
The results are probably due to two trends, said Lance Spitzner, president of Honeynet, which develops software for deploying computer systems as bait for online attackers. The default installations of new Linux systems are much more secure than previous versions of the open-source operating system, he said. Secondly, attackers seem to be much more concentrated on Windows systems than on Linux systems, and on attempting to fool desktop users, of which the vast majority use Windows.
"Everybody is focused on Windows," Spitzner said. "There is more money (for an attacker) to be made on the Windows systems."
The study is the latest data on the relative security of Linux systems versus Microsoft Windows. Last week, students found dozens of flaws in software that runs on Linux systems, and a research report stated that a thorough analysis of the Linux kernel turned up hundreds of flaws. However, in relative terms, those numbers are low compared to commercial applications.
Honeynets, a term coined by the project, are networks of computers that are placed on the Internet with the expectation that they will be compromised by attackers. The networks are heavily monitored, and the data is used to research the latest tactics of online miscreants.
While some of the Windows XP systems on the honeynets used for the latest study were compromised within minutes of being placed on the Internet, newer versions of the Linux operating system from Red Hat failed to be compromised by random attacks for more than two months.
Debbie Fry Wilson, director of product management for the security response center at Microsoft, told CNET News.com that the company's latest operating system is more secure than the report suggests.
"While it is not clear which version of Windows was used during the study, we feel that a Windows XP SP2 configuration with the Windows firewall enabled is the most resilient client operating system available in the market and can withstand attack much longer," Wilson said. "We are pleased that the report indicates that two Windows-based honeynets in Brazil withstood attack for several months. However, we are not certain that the report provides conclusive data based on a controlled and scientific study comparing the two operating systems."
Every Windows system compromised during the study had its security breached by a worm.
However, Spitzner stressed that the Honeynet Project does not have enough Windows systems deployed to offer meaningful data on that operating system's security. Moreover, the report does not specify what version of Windows XP had been running on the systems that had been compromised and whether any Service Pack upgrades had been installed.
The study did find that more recent versions of the Linux operating system lasted longer on the Internet without patching.