An unpatched Linux operating system survives longer in cyberspace before compromise – up to two months and possibly longer – than an unpatched Windows system, according to a new report from the Honeynet Project.
“This life expectancy is all the more surprising when compared to vulnerable (Windows) systems,” the report said. “Data from the Symantec Deepsight Threat Management System indicates a vulnerable Win32 system has life expectancy not measured in months, but merely hours. The limited number of Win32 honeypots we have deployed support this, several being compromised in mere minutes. However, we did have two Win32 honeypots in Brazil online for several months before being compromised by worms.”
Honeynet president Lance Spitzner said two trends are likeliest in play. One is Linux default installations being far more secure than previous versions, he said, and the other involves attackers far more concentrated on Windows than Linux and thus on trying to trick desktop users most of whom still use Windows.
"Everybody is focused on Windows," Spitzner said, announcing the Honeypot report. "There is more money [for an attacker] to be made on the Windows systems."
The Honeypot report challenges a previous week’s report which said students of Daniel Bernstein, known as a somewhat iconoclastic University of Illinois computer scientist, found a large enough number of Linux software security flaws, about 985, but added that those were far fewer than those found in commercial software.
The Honeynet Project names itself for its “honeynets,” networks of computers put online to lure attackers whom project administrators then analyze and monitor heavily, using the data to research and analyze the attackers’ latest techniques and targeting attitudes.
Microsoft’s response to the Honeynet Project report was to say the latest Windows is more secure than the report allows. The Honeynet report didn’t say whether any Service Pack upgrades had been installed on the Windows systems it analyzed, though it stressed the survivability of unpatched operating systems.
"While it is not clear which version of Windows was used during the study,” Debbie Fry Wilson, who directs Microsoft’s security response product management, told CNET.com, “we feel that a Windows XP SP2 configuration with the Windows firewall enabled is the most resilient client operating system available in the market and can withstand attack much longer.
"We are pleased that the report indicates that two Windows-based honeynets in Brazil withstood attack for several months,” Wilson continued. “However, we are not certain that the report provides conclusive data based on a controlled and scientific study comparing the two operating systems."
