Page 2

By Steven Vaughan-Nichols  |  Posted 2005-01-19 Print this article Print

In the 2004 run, the Honeynet Projects researchers found that "only four Linux honeypots (three RH 7.3 and one RH 9.0) and three Solaris honeypots were compromised. Two of the Linux systems were compromised by brute password guessing and not a specific vulnerability," according to the report.

The organization found that "this life expectancy is all the more surprising when compared to vulnerable Win32 systems. Data from the Symantec Deepsight Threat Management System indicates a vulnerable Win32 system has life expectancy not measured in months, but merely hours."

Indeed, according to the Internet Storm Center this summer, an unpatched Windows system connected to the Internet will last, on average, about 20 minutes before being compromised. In December 2004, the average time, according to ISCs Survival Time History, was up to just short of a half-hour.

That said, while "the limited number of Win32 honeypots we have deployed support this, several being compromised in mere minutes. However, we did have two Win32 honeypots in Brazil online for several months before being compromised by worms," The Honeypot Project said.

Why the dramatic difference?

The researchers theorize that there are several possible explanations for both this and why Linux systems also became more secure in 2004.

The first is that Linux distributions have become harder to compromise because newer versions have more secure defaults with fewer services enabled, automatically running firewalls and so on. In addition, crackers have had more time to find the holes in older versions of Linux.

They also think that as all operating systems, both Windows and Linux, become more secure, there is a "growing trend toward social engineering, like phishing" attacks, which target users instead of systems.

Finally, the researchers believe that "based purely on economies of scale, attackers are targeting Win32-based systems and their users, as this demographic represents the largest percentage of install base."

Check out eWEEK.coms for the latest open-source news, reviews and analysis.

Steven J. Vaughan-Nichols is editor at large for Ziff Davis Enterprise. Prior to becoming a technology journalist, Vaughan-Nichols worked at NASA and the Department of Defense on numerous major technological projects. Since then, he's focused on covering the technology and business issues that make a real difference to the people in the industry.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel