Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
12/23/2004
02:53 PM
50%
50%

Honeypot Project Finds Unpatched Linux PCs Stay Secure Online For Months

Study says the average unpatched Linux system survives for months on the Internet before being hacked. Another report sasy Windows PCs last just minutes.

The average unpatched Linux system survives for months on the Internet before being hacked, a report recently issued by the Honeypot Project claims.

The life expectancy of Linux has lengthened dramatically since 2001 and 2002, the project said, from a mere 72 hours two and three years ago to an average of three months today.

Honeypot Project is a non-profit that, as its name suggests, connects vulnerable systems to the Internet in the hope of drawing attacks so that they can be studied. To figure out the lifespan of a Linux system, the group set up a dozen "honeynets" -- the project's term for a system that hosts numerous virtual honeypot machines -- in eight countries, then tracked the time it took for those machines to be compromised.

"What's surprising is that even though threats and activity are reported as increasing, we see the life expectancy of Linux increasing against random attacks," said the group's report.

In comparison, unpatched Windows systems often are hacked within minutes of connecting to the Internet. Late last month, similar "honeypot" research done by AvanteGarde tallied the average survival time of several versions of Windows at just four minutes.

Although Honeypot Project deployed several Windows-based honeypots, it felt they were too few in number to use in drawing conclusions. It did note that several of the Windows honeypots were compromised in mere minutes. A pair of honeypots in Brazil, however, were online several months before being eventually compromised by worms.

The group also spotted several interesting facts about Linux's lifespan.

The older the Linux distribution, the more likely it would be hacked, said the group, which attributed that to more secure default settings by newer versions, a trait Windows, particularly Windows XP SP2 and Windows Server 2003, shares with Linux.

And once a system had been compromised, it was more likely to be compromised again (and possibly again and again). One honeypot running Red Hat Linux, for example, was hacked 18 more times in just one month after its initial compromise. Again, that's not uncommon in the wider world of Windows, where previously-compromised PCs are often "updated" with the latest worm to take advantage of an even new vulnerability.

Although the data was somewhat of a surprise, particularly the huge increase in life expectancy even as Windows' continues to shrink, the group had several explanations for the results.

Default installations of Linux are, the report said, "becoming harder to compromise" thanks to changes such as fewer services automatically enabled and host based firewalls filtering inbound connections.

More important, however, is that hackers are now using tactics to target users, not the systems they work on. The best example is the flood of phishing attacks cranked out by criminals this year that need nothing more than an enticing e-mail message, an easily-duped consumer, and a bogus Web site to haul in dollars and steal identities.

The group also admitted the obvious, that Linux, by virtue of its small slice of the market, is a much less appealing target than Windows. "Based purely on economies of scale, attackers are targeting Win32 systems and their users, as this demographic represents the largest percentage of the installed base," the report stated.

"[You'd] expect that a greater threat could exist to Windows than Linux," the group concluded.

And from the results of this honeypot experiment, you'd be right.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll