LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

View Poll Results: What is the most hacked server OS today?
Windows NT/2000/XP 30 75.00%
Linux/Unix/BSD 11 27.50%
Novell NetWare 2 5.00%
Other 2 5.00%
Multiple Choice Poll. Voters: 40. You may not vote on this poll

Reply
 
Search this Thread
Old 04-12-2003, 09:21 PM   #1
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
So where are the hackers headed?


I recently had a discussion with the network administrator of our local community college about networking security. Because of our differing opinions, I am curious what others feel about the issue.

We were comparing security and stability in linux and windows. I argued that windows security is poor compared to linux. I said IIS was the "leaky bucket" that viruses seem to flow right through. He claims a patched IIS is just as secure and performs just as well as apache on linux.

The big question is hacking. We've all heard about the major viruses designed for windows, like "code red" and "nimda". He claimed that most hackers have given up hacking windows because of its superior security (particularly 2000) and have turned on linux.

I maintain a linux server that does web/ftp/dhcp/dns/file and it has yet to be infected with a virus or brought to its knees. Maybe I'm just uninformed, but I have yet to hear of a linux "virus scare" or major security compromise that would allow a "hacker to take over your computer" as you see with Microsoft.

He also thrashed Novell NetWare, which in my opinion is far superior to a Windows server. He's stuck on windows.

So I'm just curious what the general consensus is in the linux world.... What is the predominant "hackers" OS, and is windows really that secure?
 
Old 04-12-2003, 10:05 PM   #2
cuckoopint
Member
 
Registered: Feb 2003
Distribution: Debian
Posts: 797

Rep: Reputation: 30
Quote:
The big question is hacking. We've all heard about the major viruses designed for windows, like "code red" and "nimda". He claimed that most hackers have given up hacking windows because of its superior security (particularly 2000) and have turned on linux.
you're mixing questions.

Most really hackers (I daresay) have switched to *nix- to either get info, learn something, or code cool stuff (hackers made unix, let's not forget). So the real danger, is a minority of hackers with a dirty agenda (crackers), and script kiddies.

This is where the road divides, IMO. Script kiddies make windows the mos vulnerable. Not becomes more people hack it, but because more people with less knowledge can download scripts to "hack" windows, while few know how to hack *nixes (I'm imagining a bell curve when looking at these ratios).

OTOH, true hackers have switched to *nix to learn, code, and/or crack because it either offers them the knowledge to learn, new challenges, and/or the opportunities (big corps dont usually run all winbloze).

thats my story, and I'm sticking to it. (until further notice).

btw, i didnt vote; you didnt make it clear. are we looking at most vulnerable/most cracked (ie. windows b.c of script kiddies), or most occasions of creative/distinct hacks (ie. *nixes)

btw, code red and nimba belong to the most vulnerable b/c of the population (bell curve) of script kiddies.

cheers
 
Old 04-13-2003, 12:15 AM   #3
Whitehat
Senior Member
 
Registered: Feb 2003
Location: The Cold North
Distribution: SuSE 9.1
Posts: 1,289

Rep: Reputation: 45
Wink

Well....your network admin is partially right and you are mostly wrong.

Quote:
I maintain a linux server that does web/ftp/dhcp/dns/file and it has yet to be infected with a virus or brought to its knees. Maybe I'm just uninformed,
Well...you don't have to bring a server to it's knees to hack it. In fact, most hacks go unreported. Yours may have been hacked already and you don't know it.


Novell servers are awesome. I am a network engineer at a company that has about 1200 desktops and 53 servers. 10 of those servers are Novell. They rock.

I would venture to say that they are more secure than Windows and Linux both.

Windows servers are exploited more than linux because there are more out there. If linux was used as much as windows, there would be more holes revealed. I don't think there would be as many, but there would be more.

Windows and Linux both can be secure. It's the admin that is the problem. You don't just load a server up with any OS and put it on your network or on the internet without having someone with a LOAD of knowledge doing it.

The biggest problem with windows servers is the fact that there are MANY Windows server admins that are Paper certed MCSE's or only have a couple years of experience.

Security/Patching/maintaining is a full time job. Some companies can't afford someone who can do all that....especially when they are paying BIG BUX for microsoft software

Our company needs about 8 guys to do what needs to get done as far as network/server stuff. We only have 4. And it shows.

Finance is a big part.

Quote:
So I'm just curious what the general consensus is in the linux world.... What is the predominant "hackers" OS, and is windows really that secure?
Well...most "hackers" or "crackers" use linux and windows. You need a little of both.

Right now the more secure OS would be linux. Windows can be made very secure though. But it is inherently not secure.

A good firewall, an IDS system a properly setup DMZ can solve many issues.

People will exploit what is easyest for them....which is why Windows gets exploited.

Viruses also don't get writen for linux so much because lots of linux users don't run stuff as root. Most if not all "Home" windows boxes and a lot of windows servers run as admin or have an admin logged in.

Hope this helps.

Long live Novell. In fact I wish they would make a big come back.

Peace...
 
Old 04-13-2003, 12:44 AM   #4
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 936

Rep: Reputation: 49
What OS were intended to fall under the ``Other'' category?

My occasional perusings of CERT, CIAC, et al sites seem to mention Windows and Linux/UNIX exploits almost exclusively.
 
Old 04-13-2003, 09:09 AM   #5
2damncommon
Senior Member
 
Registered: Feb 2003
Location: Calif, USA
Distribution: Debian Wheezy
Posts: 2,838

Rep: Reputation: 48
Quote:
What OS were intended to fall under the ``Other'' category?
VMS?
 
Old 04-13-2003, 09:32 AM   #6
Shak
Member
 
Registered: May 2002
Location: Huddersfield
Distribution: Redhat (7.2, 7.3, 8.0), Debian, Slackware, Gentoo, FreeBSD
Posts: 169

Rep: Reputation: 30
http://www.oreilly.com/openbook/freedom/appb.html

Read that, you mean crackers?

Shak
 
Old 04-13-2003, 12:32 PM   #7
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 936

Rep: Reputation: 49
Quote:
Originally posted by 2damncommon
VMS?
Yah. Right. But that's nearly impossible if the system manager knows what s/he's doing. Of course, finding a good VMS sysmgr will be getting harder and harder to do. I wouldn't doubt that there are some that have set RWED permissions across the board or granted BYPASS to everyone in order to make it ``friendlier'' to users. And those will be the systems that get hit and fall under the ``Other'' category. (I've seen both things done at the behest of commercial application developers who didn't bother to take the time to understand VMS security. It sure is fun trying to explain to auditors that BYPASS is mandatory for general users because the trading floor app vendor wrote the software so as to require it. Former gwbasic programmers I'd bet.)
 
Old 04-13-2003, 01:16 PM   #8
nakkaya
Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
same argument took place with my cs teacher too he showed me the statistics and told me all hacker are turning to linux but thats not for security reasons most companies started to change their existing windows systems to linux based or unix based server thats because hacker attack to unix or linux based server increased. think about that.
 
Old 04-13-2003, 01:47 PM   #9
rnturn
Member
 
Registered: Jan 2003
Location: Illinois (Chicago area)
Distribution: Red Hat (8.0), SuSE (10.x, 11.x, 12.2), Solaris (8-10), Tru64
Posts: 936

Rep: Reputation: 49
Quote:
Originally posted by nakkaya
...most companies started to change their existing windows systems to linux based or unix based server thats because hacker attack to unix or linux based server increased.
I'd feel a lot better running a Linux/UNIX system that has been secured (and verifiably) than a Windows system where I have to trust the word of the vendor that it's been secured. Secured until next Tuesday, that is.
 
Old 04-13-2003, 01:50 PM   #10
nakkaya
Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
microsoft released 10 things to use windows an article on their site that was the 2nd or 3 rd thing they said like your teacher and they said when everyone sees open source code they can fnd bug and write exploits windows source code is closet but they have 1000 s of bug s virii s and other stuff what if it was open dont wanna think about it.
 
Old 04-13-2003, 08:27 PM   #11
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
Quote:
Originally posted by nakkaya
[...]thats because hacker attack to unix or linux based server increased. think about that.
Those are crackers.
Hackers aren't the "bad guys" that attack server and stuff, crackers do.
Forget everything the media tells about 'hackers', they're refering to crackers.
In fact, without a hacker named Linus Torvalds we would not be browsing this linux forum at all, and without Bob Scheifler you would not be able to see this in the X environment you're in right now.
 
Old 04-13-2003, 09:43 PM   #12
tisource
Member
 
Registered: Feb 2002
Posts: 322

Original Poster
Rep: Reputation: 30
Some 'hackers' are 'crackers' as one of you put it, but he was referring to 'crackers' in those terms.

Very interesting comments. Yes, I know many hackers have turned to linux for their own purposes. I mostly question which machines do hackers, or 'crackers' turn against? Yes, I agree most people use both windows and linux for all their work. This network admin I talked to thinks that most hackers are attacking linux, not that they use it. He thinks they are windows users hacking other linux boxes. I don't agree there.

Our linux server is behind a NAT, and firewalled, I don't suspect many problems, but keeping a suspicious eye is always important.

As far as Novell is concerned, I am actually finishing up my CNE for NetWare 6, and it is very secure and stable. I love NetWare. This network admin is dropping Netware in favor of Windows 2000. He said that NetWare was a "loser product doomed to die" and that Novell was going down the "toilet". The Microsoft monopoly is at play here, and I also hope for a Novell resurgence in the server market.

I made the argument in a later email that linux is supported and built by many hackers/crackers. They know the holes, and how to plug them. I also argued that the open source community really isn't concerned with the bottom dollar, but more for quality of the product. Microsoft, on the other hand, is mostly concerned with sales (bottom line: dollars) and that's why Windows is the way it is.

He also argued that IIS was just as secure as apache on linux. I also disagree there. Apache rocks.

Anyway, I wanted to know if my thoughts were off the wall. Even though my first post may have been less clear than I'd liked, I think my thoughts are on the right track.

'Other' on the poll was meant to be a catch-all for anything that wasn't on the list.
 
Old 05-02-2003, 09:35 AM   #13
attackc0de
LQ Newbie
 
Registered: Dec 2002
Location: Virginia
Distribution: Gentoo/Debian
Posts: 7

Rep: Reputation: 0
Statistically, linux is most often the target operating system of security compromises as far as web hosting goes. Most computer criminals look for easy targets. Unfortunately, most out-of-the-box linux installations are ripe for the picking.

Linux is a double-edged sword. On one hand, a knowledgeable linux user can tighten security controls down, and provide an ideal secure environment for his/her's distrubution of choice. Such tools as Snort IDS (http://www.snort.org), Netfilter/IPtables (http://www.netfilter.org), Bastille (http://www.bastille-linux.org/), NMAP (http://www.insecure.org/nmap/) amongst others definitely help.

If you want to see an example of an extremely secure linux kernel modification, check out SeLinux (http://www.nsa.gov/selinux/). If you've ever used SeLinux, you'll know what painful means!

On the other hand, you have a large user-base of less knowledgeable linux enthusiasts who run numerous unnecessary listening daemons on their linux machine. A good way to figure out which services you absolutely need, is to stop/kill as many listening daemons as possible (use 'netstat -p -l', sprinkle it with 'ps -fe' to find them), and add services one at a time until you have a usuable working environment. This would be the "zone alarm" approach -- building trust one program at a time.

Many installed linux distrubutions become prizes for the taking by script kiddies because of failure to update packages/source code in a timely fashion. Of course, this problem isn't only a newbie problem, many corporate linux servers suffer from this problem too.

Another problem, is the "driving a ferrari in first gear" anology. You have IPtables, but never created any rules. Or, you have decided to install a world-class security program you found on freshmeat, but left it at it's default settings.

As a security professional, I am always paranoid about all of my systems. Security updates, and vulnerbility assessments are cron'd, researched, and put into action daily. I am an OpenSource programmer in my spare time, with a linux clustered environment at home, who knows that keeping systems up-to-date is not difficult. Getting oneself into a routine (or automating it) makes it easy, and always works well.

I avoid MS Products as much as possible, mostly because of the dislike in being held hostage by their security patches that have little explaination, or install questionable "additions". MS updates its software based on a corporate-customer pressure and support call percentages. See http://www.pivx.com/larholm/unpatched/ for a regularly updated list of examples related to just IE. See http://www.securityfocus.com for many others. Of course, being a long-time veteren of various *NIXs might make me a little biased.

Sure, linux distributions as a whole might have more vulnerbilities that MS products. But which receives faster updates, and can be completely customized for security from the kernel up -- for free? Many people summarize all OpenSource projects and products as "Linux" which is wrong. This explains why certain MS statistics are incorrect, and make wild assumptions about linux in general.

Having a secure system will not completely protect you from network attacks (minus pulling the network cable). Good security practices (google: 'good linux security practices' are simply a means of making your computer/network less inviting to computer criminals.

Zone-H has an hourly updated list of defaced sites, broken down into various categories -- including by operation system. Check it out at: http://www.zone-h.org/en/stats
 
Old 05-02-2003, 10:39 AM   #14
tisource
Member
 
Registered: Feb 2002
Posts: 322

Original Poster
Rep: Reputation: 30
In response to your comment, I believe that any OS is naturally insecure if the administrator is either uneducated or unmotivated about security.

Linux vs. Windows. I think windows has the potential to be secure, but I think the product was put together so poorly that they've defeated the purpose -- such things as IPSec and Kerberos, don't do what they were intended to do. We all look at IIS, it seems no matter what admins do, some virus emerges that easily penetrates security measures. Other viruses penetrate windows shares, and some spread through Outlook Express like wildfire.

Linux may not have all the fancy security "features" that windows has, but what linux has works, assuming you know what you're doing. I also think that since Linux has a steeper learning curve than windows, it forces admins to be more involved in security.

Our entire lan is behind a NAT, which greatly increases security (but not fool-proof). We are running the typical setup, apache on linux/mysql, etc, and haven't had a single virus instance since we switched from Windows 2000+IIS. Some may argue since windows is more prominent that more viruses will be written for it, but I think it is just too easy to hack windows.

Everything also depends on usage...what is the server for, and does it serve its purpose? I wouldn't use linux on a large enterprise network as a file/print/login server, as linux really doesn't have a real directory service (I'd go Novell in that instance). So it all depends on what you need the box to do.

I don't think hackers are hitting linux more than windows. Sure, there are those linux newbies (even newer than I) that have a box running, open to all hackers out there, but most linux admins have developed into linux gurus, and they know better....perhaps some of them have had to learn the hard way. Windows claims it is secure w/out tweaking, and we all know that is definitely not the case.

I appreciate everyone's comments on this thread. It is interesting to see what everyone else has to say about a particular product. It is great that we have such a diverse linux community, and people are so willing to help each other out.
 
Old 05-02-2003, 03:49 PM   #15
lostboy
Member
 
Registered: Mar 2003
Location: Florida
Distribution: Slackware 9.1,10.1
Posts: 268

Rep: Reputation: 30
"Those are crackers.
Hackers aren't the "bad guys" that attack server and stuff, crackers do.
Forget everything the media tells about 'hackers', they're refering to crackers"

This seems to come up alot. It came up in my class at school as well. But I think that things have gotten a bit mixed up.

I myself am a cracker ( or reverser ). I'm not very active these days, as I am much more of a programmer now. And don't get me wrong, I was not a big time cracker. I cracked under 20 progs. But what got me into "cracking" in the first place was because I was facinated with assembly language. It was the only way to alter executables.

Crackers are not the default "bad people". Most crackers are just guys that wanted to know how things happen at the lowest level, so that they could have the power to change things. I say this because I have read over 50 tutorials on Win32 reversing, and none of them came from people who were cracking progs and selling/distributing them. Just guys who loved to dive into debugging assembly code, and loved describing what they were doing so that others could learn.

One of the reasons that I have come to Linux, is because I don't have to crack anything. The source code is right there for me to see. I can alter programs as I please, and I believe it will make me a better programmer. There is much more to see in Linux.

Anyway, it seems common these days that the public reffers to the bad guys as "crackers".

$.02


JC
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Double-headed (2 terminal) Mandrake System conn-fused Linux - Hardware 3 03-17-2006 03:19 PM
Who are hackers? cyto General 10 12-24-2004 11:17 AM
LQ May be Headed to LinuxWorld UK jeremy LQ Suggestions & Feedback 22 09-06-2004 07:55 PM
NVidia triple headed Desktop peter72 Linux - Hardware 0 08-28-2003 09:29 AM
Dual Headed Console sw1tchb0ard Linux - General 6 08-08-2002 12:06 PM


All times are GMT -5. The time now is 07:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration