Grain of Salt Reloaded
feature is a 'technical advice' article. It is devoted to help consumer
advisors to make informed decisions about what product and technologies
can offer benefits to consumers. The issue treated is particular
and needs to be integrated in order to give complete assessments
on consumer products (ie. this paper debates some aspect in computer
security, but a computer product is 'much more' than its security
alone). This said, it needs to be remembered that we try to report
informed opinions to the public, but they are only opinions, and
nothing more. Use them for your benefit and remember that this feature
is open (as the rest of this magazine) to peer review. You'll find
our e-mail addresses reading www.thinkmagazine2.org.
A recent press release by Mi2g (http://www.mi2g.co.uk) UK security consultants again stigmatizes poor security of Linux (and to a lesser extent of Windows) giving statistics about overt attacks performed by crackers (cybercriminals) on machines connected permanently to the Internet. Since this kind of machines very usually are servers and since
is basing part of their research job relying on Zone-H.org databases"
archive defacements of web servers (very typical overt attacks)
we could focus on the server panorama...
now, here is the raw data (one year ending Nov.2004): on a total
of 235,907 successful digital breaches
accounts for 65.64 per cent
the total successful overt attacks.
can object that Apache does not mean Linux. It's true. Perhaps the
most valid contestant to Linux in the Apache arena is FreeBSD. In
fact a news release by Netcraft (June 2004) was saying:
This would place Linux around 60% of the total share of active hostnames (not parked domains). To resume briefly (please notice: VERY ROUGH ESTIMATES):
overt attacks 65.64%
not seems to be a clear difference between attacks to Windows and
Linux platforms, in terms of sheer probability. BSDs on the contrary
seem to fare rather well. However, weighing in the millions of hosts
compromised by Windows server worms like SQL Slammer and others
(see as reference our previous feature),
this could spell bad news for overall 'real world' security of Windows
notice: here we aren't discussing 'absolute security' of the various
platforms, just 'average security' in normal condition of use. This
includes human error (misconfigurations, etc). So don't take it
on the religious side.
One could object that since mass hostings usually happen on Linux and BSD platforms, these should be far more attacked than they are...after all if I was a cracker I'd go only after big providers with poorly administered free homepages. This is a good argument, and if proven true could place BSDs in the Olympus and Linux quite well off in this kind of analysis, but I have no reliable data to investigate further on this issue.
a later press release, Mi2g addressed the market share issue comparing
the overall market share of the various platforms, including desktops.
Since many manual overt attacks happen to webservers, I find the
present analysis more accurate. Mi2g continued stating that one
of the most valuable data about reliability of online platform is
uptime, and pointed to a Netcraft analysis stating that the longest
webserver uptimes are 'owned' by BSD platfoms. For reference see
But be sure to have a look to the following uptime FAQ, also on Netcraft (emphasis mine):
Linux kernel switched to a higher internal timer rate at kernel
version 2.5.26. Linux 2.4 used a rate of 100Hz. Linux 2.6 uses a
timer at 1000Hz. (An explanation of the HZ setting in Linux.)
Mi2g also periodically gives estimates about damages made by the various types of attacks. Since the amount of damage a compromise does depends widely on the importance of data contained in the compromised machine (ie. Government servers are usually more critical than mine), this seems not very related to the present article. Therefore I won't comment on this issue.
A final joke
Now, back to reality
per cent of home PCs infected - survey
found that nearly all Windows PCs are infected with some form of
Also remember that many widespread Windows worms open backdoors into compromised desktop and server machines, effectively r00ting them to benefit crackers for either manual or automatic, mostly covert, exploits.
of servers, a good advice would be to use good service providers,
regardless to the used OS. Servers are very exposed to many kinds
of compromises, and need competent staff to handle them. Prefer
paid contracts with some degree of service guarantee, if available.
of desktops, the simple fact of using alternative platforms seems
to restrict very much the chances to be infected or however compromised.
-Best practice, though, is to use the OS you prefer and know well (provided it's actively patched and updated by the manufacturer), patching and assisting it with attention. If all the systems deployed were patched and configured in a timely manner most exploits, either manual or automatic, simply wouldn't happen.