I'm not certain I understand why Linux was brought up here (it doesn't appear in the parent article), but I doubt the poster has much historical experience on which to base this claim.

I've run Linux firewalls and servers for nearly a decade now, and the distribution of attacks has changed markedly over the past few years. If you looked at my firewall logs from, say, five years ago, you would have seen that most attacks targeted services like FTP, telnet, rsh, DNS, and the like, nearly all of which at that time were provided by *nix servers.

A quick glance over one of last week's logs from a client's firewalls shows a very different picture. Most attackers now target the netbios ports, MS SQL, and MS directory services. Sure I still get a few probes for broken FTP and DNS servers, as well as for proxies like Squid or Socks, but they are *much* fewer in number than the probes for vulnerabilities in Microsoft products.

Of course, as the poster argues, the relative market shares of MS and *nix servers plays a role here, but I also believe that Internet server software for *nix machines is much more "battle-tested" than equivalent MS software for two reasons.

One is simply that, for most services, *nix software, e.g., wu-ftpd, has been around a lot longer than the equivalent MS products. Second, and nearly as important in my view, is that the source code for most common *nix applications is freely available. While I don't subscribe to the theory that all open-source products are, per se, more secure, I do believe this argument applies to the best-known and most widely-used products (compare, e.g., Apache and IIS, or PostgreSQL and MS SQL-Server).



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/152/19199#19199