http://www.linuxworld.com.au/index.php/id%3B1616857056%3Bfp%3B2%3Bfpid%3B1 Phil Hochmuth Network World 23/11/2004 U.K. research firm mi2g generated a lot of heat for itself when it released a report last month on the most-hacked operating systems on the Internet. In its "deep study," the firm said it had analyzed almost 240,000 computers attached to the Internet that had been hacked over the last 12 months. It found Linux to be the operating system on 65% of the computers that were hacked, while Microsoft represented 25% of the systems. BSD and Mac OS X were deemed the "safest" systems as they represented about 5% of the systems hacked. Since the study's release, many Linux industry observers and experts have called into question mi2g's findings and methodology. What observers call the fatal flaw in mi2g's logic is that fact that its analysis of the 235,907 hacked systems it studied only reflects the market share of the various operating systems running on the Internet - not the technical strength of the systems studied. Since Linux and Microsoft are among the majority of operating systems running on the 'Net, this correlates with those systems being represented as "most hacked" in mi2g's report, since it only studied hacked systems. (That fact that Unix was left out of the report - when Netcraft research shows that Solaris runs 32% of the Fortune 100 Web sites - also brings into question how mi2g got its numbers, observers say). Research showing BSD and Mac OS X are the least-hacked operating system does not tell you if the code in those products is stronger or weaker than Windows, Linux or any other platform - it just shows how little they are used on the 'Net. Mi2g's response to this type of argument is this (from its Web site): "When applying the benchmark of uptime on the full sample of permanently connected 235,907 machines, the mi2g ... found that the only computing environments left standing without the need for a single reboot at the end of the 12 month period were either BSDs or Apple Mac OS Xs ... "On this basis, when it comes to the approach of relativistic safety and security in computing environments, we consider the market share safety and security debate to be looking through the wrong end of the binoculars. Instead of a bigger market share being a positive and smaller being negative, it has been shown that, bigger market share is a contributor to much higher risk profiles and small may be beautiful." By this logic, users are better off picking the most obscure operating systems on the Internet to ensure site safety and uptime. Will this lead the security gurus in the Fortune 500 to flock to OpenVMS and OS/2 for their Web infrastructure? Not likely. So, ultimately, does the mi2g study reflect any inherent or alarming weaknesses in Linux as a Web server platform? Not really. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Nov 23 2004 - 03:53:25 PST