TechWorld.com - Attackers are no longer bothering to attack average Linux systems, apparently because there's so much more money to be made from invading Windows, according to security researchers.
The Honeynet Project, which sets up Linux networks in order to observe attack activity, found that the life expectancy of such systems has dramatically increased from two years ago. Its 2004 findings, published recently, found that an unpatched Linux system lasts, on average, three months before it is compromised. That's compared with about 72 hours for 2001-02.
Some of the project's systems were exposed to the Internet for nine months without a successful attack.
The project's "honeynets" -- networks of two or more "honeypots" -- are designed to detect random attacks on the Internet. Such attacks are carried out on targets that are detected through random searching, scanning and hacking systems such as worms and autorooters, rather than particular attacks focused on specific targets. A honeypot is a system set up for the purpose of attracting random attack activity.
Since overall Internet attacks don't seem to be going down, the project's researchers theorized that the focus of hacking activity has shifted to Windows systems, simply because the platform is so widespread that it presents an irresistible target.
"It's now easier to hack the end user than hacking the bank," said Lance Spitzner, president of the Honeynet Project. "Banks are well protected; end users are not. Hack enough end users, and you can make as much, if not more, than hacking the bank."
While the project didn't carry out comparative research using Windows, Spitzner pointed out that research from security organizations such as Symantec Corp. and the Internet Storm Center (ISC) has found no shortage of attacks on Windows honeypots. For example, an ISC project involving Windows systems measures survival time in minutes rather than hours.
The average survival time for the systems the ISC tests has declined from about 55 minutes in the autumn of 2003 to just under 20 minutes at the end of 2004, although those figures are an improvement from a low of 15 minutes in the spring of 2004. Microsoft says survival rates for Windows should decline as Windows XP Service Pack 2 becomes more widely used, because the update is designed to make Windows' default configuration more secure.
The project deliberately focused on average systems that didn't present any particular attraction to attackers -- in the real world, the equivalent would be home networks or small and medium-size businesses. The project deployed 12 honeynets in eight countries --
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
