Linux hacks hit all-time high

Security analyst mi2g has released research claiming that hack attacks against Linux are exploding, while attacks on Windows-based servers are dropping off.

May saw the highest number of attacks ever, according to mi2g, with 19,208 successful breaches worldwide recorded against Linux based systems.

Just 3,801 breaches were recorded against Windows, with other operating systems suffering from 2,275 attacks.

The US and UK were among the most attacked countries, partially as a result of the war with Iraq.

During the heat of the Slapper worm epidemic in January, Windows was accounting for 53 per cent of attacks, with Linux soaking up 34 per cent.

Data gathered by web defacement archive Zone-H over recent months also shows the line between Linux- and Windows-based web server defacements blurring to a point where it is hard to tell which is being hit harder.

DK Matai, executive chairman at mi2g, suggested that that there are three reasons for the recent increase in successful attacks against Linux.

First is configuration management. "As automatic attack tools scanning for vulnerabilities become ubiquitous, the online system security is heavily dependent on settings and when the last patch was applied," he said, citing out-of-the-box and un-patched installations.

Next up is the lack of a coherent trustworthy computing initiative such as that run by Microsoft.

Owing to the nature of open source there is no single point of reference for information about the dos and don'ts of online server management and security, according to Matai.

The third issue focuses on common misconceptions about the Linux operating system, which is being increasingly selected by companies and government agencies to cut costs.

Matai warned that the "cost-effective choice" of non-proprietary software does not stand up to scrutiny if there is inadequate technical experience deployed in protecting the systems, and if training costs are not factored in at the start.

"There are plenty of instances where the administrator assumes that just because they are running open source they are somehow going to be more secure," he said.

Get the latest news, views and technology updates in a weekly round up of the Penguin's unstoppable march by signing up to vnunet.com's FREE Linux newsletter here.