Schneier on Security: Linux Security

Schneier on Security: Linux Security
http://www.schneier.com/blog/archives/2005/01/linux_security.html

***********************************************************
Quote
***********************************************************
I'm a big fan of the Honeynet Project (and a member of their board of 
directors). They don't have a security product; they do security 
research. Basically, they wire computers up with sensors, put them on 
the Internet, and watch hackers attack them.

They just released a report about the security of Linux:

===========================================================
Recent data from our honeynet sensor grid reveals that the average 
life expectancy to compromise for an unpatched Linux system has 
increased from 72 hours to 3 months. This means that a unpatched 
Linux system with commonly used configurations (such as server builds 
of RedHat 9.0 or Suse 6.2 ) have an online mean life expectancy of 3 
months before being successfully compromised.
===========================================================

This is much greater than that of Windows systems, which have average 
life expectancies on the order of a few minutes.

It's also important to remember that this paper focuses on vulnerable 
systems. The Honeynet researchers deployed almost 20 vulnerable 
systems to monitor hacker tactics, and found that no one was hacking 
the systems. That's the real story: the hackers aren't bothering with 
Linux. Two years ago, a vulnerable Linux system would be hacked in 
less than three days; now it takes three months.

Why? My guess is a combination of two reasons. One, Linux is that 
much more secure than Windows. Two, the bad guys are focusing on 
Windows - more bang for the buck.
***********************************************************
Unquote
***********************************************************

-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/