The World's Safest Operating System

fredrikr writes "UK-based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80 percent of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks."

Fun and games with statistics

[erick99 (743982)]

From the article: "The group discounted the recent wave of worms, viruses and other attacks that have affected Windows systems worldwide. It confined the study to overt digital attacks by hackers."

This is not the best way to conduct research. When I was doing research at NIH we would say of this sort of thing, "After discarding all data to the contrary, the hypothesis was proven."

While this research may show that Linux servers are over-represented in overt acts of hacking, this does not statistically make the Linux OS the least secure. Attacking a particular system simply makes it popular for attack. In order to characterize Linux, or any other OS, as the least secure, there would need to be evidence that an equal amount of other OS's were unsuccessfully attacked or the success rate was lower. Other variables that would required controls would be the hacker, level of sophistication of attack, etc. etc.

To say that "...while Linux servers were the most vulnerable,,," only means that they may have been the most targeted. I am not saying that the conclusions of this research are incorrect, I am saying that from what I have read, they cannot come to those conclusions.

Keep Smiling!

Erick

Re:Fun and games with statistics

[by Anonymous Coward]

I agree with this comment whole-heartedly. It seems like what they have proven is that hacking Linux actually requires human intervention while Windows can by hacked automatically. I guess that shows why Windows is the easiest to use :) Can anybody else envision a world where clippy offers to crack a box for you when you have "forgotten" your password?

Re:Fun and games with statistics

[Kierthos (225954)]

No it doesn't. It reads as shades of grey. "Here, let's discount all the big problems/hacks that are affecting Windows. My, now it looks much more secure then Linux."

Furthermore, given how quickly a potential problem can be fixed in Linux, as opposed to the "wait, and wait, and wait some more" approach to the MS Service Packs, I'd have to say that the methodology used to reach at least some of the conclusions in the article is seriously flawed.

Kierthos

Re:Fun and games with statistics

[by Anonymous Coward]

It sounds like you are missing the point or trolling. What this study shows is that Linux can often be cracked if somebody takes the time to target it. As opposed to Microsoft Windows, where a single person can take over millions of systems at once with a worm or virus.

Re:Fun and games with statistics

[Frambooz (555784)]

To say that "...while Linux servers were the most vulnerable,,," only means that they may have been the most targeted.

We all know the average Linux user is more likely to tamper with his setup and run non-model-user applications, like their very own webserver. They are likely to know few things about proper server security, and therefore their servers are more vulnerable.

Windows users are less likely to run a webserver, simply because they're not as eager to play with their system as Linux users. Therefore there will be less insecure Windows servers. The same goes for Mac-OS users.

What I want to know is the percentage of professionally installed and maintained servers that was actually vulnerable.

Re:Fun and games with statistics

[by Anonymous Coward]

It also characterizes linux as one big O.S. instead of a kernel...for all we know it could be counting people who install distributions that leave remote shell escapes wide open.

Re:Fun and games with statistics

[Mad Marlin (96929)]

First off, as a FreeBSD user, I must quote the venerable Nelson: "Ha, haaa!"

What I want to know is the percentage of professionally installed and maintained servers that was actually vulnerable.

Now, on a more serious note, my belief as to why Linux fared worse than your average BSD is this: Linux is often the first foray into the world of Unix for people these days, including a lot of people not particularly qualified to run a server. BSD is generally viewed as less friendly to new users (a not entirely incorrect view) and therefore sees a lot less MCSE's looking to pad their resume. Given a good administrator, there should be no real difference between a Linux and a BSD server, since most of the stuff past the kernel level is exactly the same anyway.

Re:Fun and games with statistics

[mojowantshappy (605815)]

To say that "...while Linux servers were the most vulnerable,,," only means that they may have been the most targeted. I am not saying that the conclusions of this research are incorrect, I am saying that from what I have read, they cannot come to those conclusions.

Then again, what this also means is that linux machines are the most likely to be overtly hacked into.

Re:Fun and games with statistics

[gbjbaanb (229885)]

So they discounted the viruses and email crap that require some user to click the attachment called 'Im a virus, click me now'.

That actually sounds like a fair attack vector to ignore in compiling these, otherwise you couldn't derive any meaningful stats - eg. if I posted my password on to my monitor, and someone hacked my workstation (by using that password), would you be able to say 'that workstation OS is inherently insecure'? If you couldn't, then you can't allow similar user stupidity to feature in these statistics.

I don't think that runnign updates fall into this 'stupid user' catageory, especially as Windows boxes are more likely not to be admin-ed by clued up admins.

Re:Fun and games with statistics

[miu (626917)]

While this research may show that Linux servers are over-represented in overt acts of hacking, this does not statistically make the Linux OS the least secure.

Linux is over-represented as a target of hacking because there is so much low hanging fruit out there, same reason that Windows is over-represented in the malware depart.

The study chose to not consider malware because that is really a UI and social engineering problem, this study was about attacking servers without an inside patsy and Linux came up short. It is dishonest and dangerous to ignore these sorts of results.

Re:Fun and games with statistics

[Oriumpor (446718)]

Well, I wouldn't say that, there isn't enough data there for a professional security expert to determine anything worthwhile out of the study....

What were the majority of attacks? How many were exploits that took advantage of underruns? How many were due to running apache? Did they do any analysis of UML based systems which are built around the eventual breach of security?

I'm at a loss. Whether or not the Linux servers or hell even the Windows servers followed a good security model (rings, single ring, regular auditing etc.) You can secure an operating system only so far, which is why you only portfw certain ports through the firewall.. Did they attack things like NFS and portmapper which shouldn't be on the outside world anyways?

A step by step analysis of THEIR analysis is needed to understand what they did to come to these results.

IMO FUD.

Why there's more overt...

[sterno (16320)]

You know why there's more overt hacking of Linux boxes than BSD boxes. Because there are far less BSD boxes out there to be hacked.

You know why there's far more Linux boxes that are being overtly hacked than windows? Because if you are a hacker, what the hell are you going to do with a Windows box? It's just not as interesting or powerful to remotely control a windows box.

I'm not a hacker, but if I was one, I would not waste my time on trying to 0wn windows boxes. I'd go after Linux boxes. Not because they are easier to breach, but because they are more fun to play with when you do.

Re:Fun and games with statistics

[Curien (267780)]

You're kidding, right? The main /problem/ with Windows is the number of (often hidden) servers that are running by default. UPnP, DCOM, Windows Messenger, etc, etc, etc.

Re:What if Windows were found most vulnerable?

[kfg (145172)]

I'm guessing the hypocrite in you would have reared it's ugly head.

And this is a good example of discarding all the data, coming to any conclusion you wish, and then putting the onus on others to debunk your unsupported premise, which, as it happens, has no logical bearing on the argument you are attacking.

A very popular methodolgy, but not a valid one.

For purposes of bias I will point out my posting history will show that I use Windows 98, Mac System 7, Mac OS8 and various flavors of Linux at the moment, but have a very strong preference for Linux for explicitly stated reasons, some of which relate directly to the deleted data in this study, some of which do not. You'll find that my position is at least unbiased enough that I have been accused of being both an MS lackey and a Linux zealot, although I don't recall that I've ever been accused of being a Mac head. I have never so much as sat at a BSD terminal or an OSX box, although I would have no particular objection to doing so, it would be fun, and I am inclined to believe that BSD is more secure than the majority of Linux distros at the moment.

If you wish to debunk this you will have to do your own homework in finding evidence to the contrary.

Ad hominem strawman arguments will be promptly and cheerfully ignored.

KFG

Overexaggerated

[DarkHelmet (120004)]

I tend to think that Linux machines are more vulnerable simply because there are lots of people who pretty much have the system installed, and fail to do anything in order to make sure the system is updated.

For all the servers out there, I wonder how many people actually run up2date or apt from time to time. I imagine more people run windows run windows update than any linux equivalent.

Let's face it. Linux isn't for just the uber-geek anymore. So logically, more systems are going to be hacked into when people with no security sense are managing systems.

Don't blame the operating system. Blame everyone who thinks they're a competent sysadmin, but really aren't.

Not to mention that this article doesn't weigh in percentages. There are a *LOT* more linux servers out there than there are BSD, Windows and Mac OS X servers. When one factors in percentages, Linux really isn't *that* bad.

Re:Overexaggerated

[gbjbaanb (229885)]

isn't this the exact same argument people have been saying (on /. too) why Windows appears less secure than Linux?

Seems all those old posts were just flamebait, either that or all the Windows security patches really have made a difference.

Re:Overexaggerated

[chill (34294)]

Because the majority of problems with Windows stemmed from system-level vulnerabilities and problems. Linux, however, seems to suffer more from application level vulns (SQL injection, misconfigured or sloppy PHP.

In short, with Linux, most vulns are due to misconfiguration of apps and NOT an inherent flaw in the system.

Windows has, so far, had a bad track record of SYSTEM LEVEL flaws and not necessarily inherent flaws.

-Charles

Re:Overexaggerated

[by Anonymous Coward]

While I tend to agree that some statements made about Linux security are overblown the fact reamins that when a Linux box is properly configured it *is* more secure than a Windows box. Discounting "the recent wave of trojans, virues", etc. does seem to me to skew the data. I think most Linux advocates are basically trying to say that Linux is resistent to these tyes of attacks therefore making it slightly safer than Windows out of the box, but the ability to lock it down yourself and keep it up to date are the important part. I've hardened both Linux boxes and Windows boxes and felt pretty comfortable about their security. But I have to say that Linux made me feel a bit better because I really do beleive that if you have the knowledge, time and ability to "see what's under the hood" then you are in for a more secure environment. I just can't get that kind of warm fuzzy with Windows. As a final word; to me the various OS are like hammers and screw drivers. They all have advantages and disadvatages depending on the job you need it for.

All of these studies miss the point

[leerpm (570963)]

We should not be concentrating on which operating is more secure than another. This just promotes the myth that people can 'choose' the most secure operating system and then they are secure. No operating is secure, if you do not keep it up to date and patched.

Everytime I see an article like this, I wonder how many users and administrators will get the false impression that if they just switch to another platform they will have done their job.

Security is a process. It is not all about the technology, and it requires educating users and managers to be effective.

Re:Overexaggerated

[Ogerman (136333)]

Let's face it. Linux isn't for just the uber-geek anymore. So logically, more systems are going to be hacked into when people with no security sense are managing systems. .. Don't blame the operating system. Blame everyone who thinks they're a competent sysadmin, but really aren't.

It's true, Linux is not just for geeks anymore. But because of that, we need pre-hardened distros (including ACLs, IDS, and stack protection) and automated security updates for systems run by idiots. The ultimate answer (educating people) is unfortunately not feasible. As much as possible, security needs to be idiot-friendly on every OS.

Re:Overexaggerated

[DrEldarion (114072)]

I tend to think that Windows machines are more vulnerable simply because there are lots of people who pretty much have the OS installed, and fail to do anything in order to make sure the system is updated.

For all the desktops out there, I wonder how many people actually run Windows Update from time to time.

Let's face it. Windows has never been for the uber-geek. So logically, more systems are going to be hacked into when people with no security sense are managing systems.

Don't blame the operating system. Blame everyone who thinks they're a competent sysadmin, but really aren't.

You know your argument is invalid when you can make the exact same point for the other side.

What do they mean by "Linux" anyway?

[Great_Jehovah (3984)]

Different distributions vary greatly in how secure they are out of the box and in how easy it is to apply security updates once they are deployed. Also, talking about absolute numbers of breakins is completely uninformative without knowing the number of systems deployed for each.

This is not news, it's a troll

[26199 (577806)]

To be news, they need to say what proportion of computers use each OS, and what apps were hacked. It even says third party software accounts for a lot of the Linux hacks.

Nothing to see here except some meaningless statistics. Yawn.

Lies, damn lies, and statistics...

[LostCluster (625375)]

Somebody needs to take some basic statistics. The fact that Linux is most often the operating system involved in server compromises is not surprising since Linix is the is most often the operating system involved in servers in the first place. If you normalize out for server market share, you'll find things are more or less even.

When it comes to servers, selecting a bad choice of a password or forgetting to properly set file permissions is still the easiest way to get hacked, and that will always be operating system independent. And, that accounts for the majority of security weaknesses. Worms and viri are a client-side issue, servers don't often get hit with those.

So, good work OSX fans. You finally found a metric by which having the fewest number of servers in actual use makes you look good...

Re:Lies, damn lies, and statistics...

[Cereal Box (4286)]

The fact that Linux is most often the operating system involved in server compromises is not surprising since Linix is the is most often the operating system involved in servers in the first place.

So how come every time there's an article/rant about how insecure Windows is and someone says the exact same thing about Windows (i.e., "Windows has more viruses/attacks because it is the most widely used desktop operating system"), it's considered nonsense or a copout by so many Slashdotters?

it makes sense

[by Anonymous Coward]

::puts on flame-proof suit::

Linux is made up of _many_ distributions, who hack together systems out of many disparate apps. Each is slightly different. This diversity means none can Q.A. their systems as well as a unified project like FreeBSD does. I've seen some unbelievable bugs in a very well-known Linux distro, there for no reason there than their resources are stretched too thin.

Linux is also a Unix. People who put up *BSD servers are Unix hacks. People who put up Linux servers are oftentimes ordinary people who are trying to cut costs from not going with Windows. Unix is powerful, if you don't know how to handle that power, you put your systems at real risk.

From Greg over @ OS-News

[}InFuZeD{ (52430)]

Looks like mi2g doesn't have the best reputation:

"And yes, every time an mi2g story has come up, an ugly flamewar has started. The funny thing is, it's the security equivalent of an Adequacy troll.

Some links:

http://www.attrition.org/errata/charlatan/mi2g-h is tory.html

http://www.theregister.co.uk/content/55/28233.ht ml

http://www.nwfusion.com/news/2002/1107msfoul.htm l"

Absolute numbers do not absolute truth make

[Space cowboy (13680)]

How many linux servers are there in the wild, how many bsd ones, and how many windows ones. I'd be tempted to guess that the geeks favourite OS is by far the most popular server OS...

In other words, it's the same story as Windows on the desktop - there are more attacks because there are more servers. Since they don't give us percentages of installed vs breached, the data is essentially useless. Rule #1: Normalise your data before comparison....

Simon.

Re:Absolute numbers do not absolute truth make

[Billly Gates (198444)]

Out of the box BSD is more secure.

Thats what I love about open and FreeBSD.

All the file permissions are set to maximize security while most Linux distros are setup to maximize usability.

Remember guys we are talking about 2 different unixes. We can make Linux just as secure.

Its just that BSD is more minimalist by default and super secure before its given the go ahead to declare the distribution stable. Linux by default has more services running. The ports tend to install the most secure options when installing things like apache.

What this means is that Linux distro's and users need to make things more minimal and secure by default. Many admins are too lazy or incompetant to properly lock down a Linux box. Unix is hard and a pain to setup which is part of the problem.

I think having more linux servers is part but NOT THE WHOLE reason for this.

Not to surprising

[Mork29 (682855)]

Linux is secure... out of the box. However without a skilled administrator, it's very easy to open up LOTS of holes. I think that linux is a great operating system for power users, but lets face it, the average desktop user or the new sys admin, doesn't belong on a powerful distro right now. Perhaps lindows, but not Red Hat Enterprise. One thing I found interesting was this:

"For the first time, the number of recorded breaches against government servers running BSD or Mac OS X worldwide fell to zero in January 2004," the analyst said.

I'm in the army in Europe and we're not allowed to run BSD or OS X. Only non-windows I'm authorized is AIX or um... (I'm really sorry to admit this) SCO. So I'm sure alot of other government agencies (besides DoD), don't allow BSD and OSX.

let me just be the first to say

[ashot (599110)]

they forgot a very important piece of information: the percentage of total servers accounted for by these systems.

armed with this statistic and the age old mathematical operation of *division* one could make these results meaningful.

in other news, a new study finds that red heads are much less likely to commit violent crimes. Data for left-handed people is also encouraging.

Do you google?

[PerpetualMotion (550623)]

Mi2g [google.com]
Second link leads to this page [attrition.org] which shows what a crock this (company/report) is.

Terribly, blatantly flawed study

[UVABlows (183953)]

The group discounted the recent wave of worms, viruses and other attacks that have affected Windows systems worldwide.

"When we ignore most of the break-ins that windows had, it had less than linux!"

followed by BSD and Mac OS X with 555 breaches

This completely ignores the proportion of these OS's that got hacked. If there are only 556 of them deployed, then this is a terrible break-in rate. Obviously there are more than 556, but there are fewer BSD servers than linux servers.

Can you say "liars"...

[The Irish Jew (690798)]

The first red flag I noticed was that they want you to pay for the results.
Thats not how it works. There are also many [attrition.org] other [theregister.co.uk] reasons [nwfusion.com] not to believe them. Boy, it must be nice to be able to make a living just making up statistics.

Why is MI2G given air to breathe?

[rjamestaylor (117847)]

Suffocate this crock of a "security company" once and for all!

Read Why is mi2g so unpopular? [theregister.co.uk]

Then read this complete debunking [vmyths.com] of the scam^Wfirm.

Slashdot is trolling us -- did I wake up in Soviet Russia??

mi2g love to FUD

[dan dan the dna man (461768)]

as seen here last year [slashdot.org]

What about normalized numbers?

[starseeker (141897)]

Absolute numbers are fine, but what about normalizing it for the total number of BSD, Linux, and Windows servers in use in this study? That's the more meaningful number. Then, what constitutes a successful attack?

Also, a useful study would look at how machines are maintained, password policies, etc.

Now before I come off sounding like a Linux apologist, it is quite possible there are some serious weaknesses that need to be addressed. If so, I hope they give us full info on the attacks so we can fix the problems. But these numbers as they stand don't tell us a darn thing.

If a dedicated admin configures Selinux and heavy duty firewalls, and puts Klingon password policies in place, I'd personally still be confident to match that system against anything out there. Default Redhat installs, on the other hand, are something else again. So again we need more info. It's all in how things are set up and maintained. The question actually being asked here - which OS is strongest, all other things being equal - is a really really tough one to answer. There are many other issues that must be addressed first.

So, as far as any useful information is concerned, this article doesn't appear to have any. What if the Linux machines simply had the best intrusion detection in place? (I'm not saying they did, but it's a fair question.) Need More Information!

Wrong conclusion

[ljavelin (41345)]

mi2g analysed 17.074 successful digital attacks against servers and networks. It states: "With Linux accounting for 13,654 breaches, Windows for 2,005 breaches followed by BSD and Mac OS X with 555 breaches worldwide in January 2004."

They say how many attacks they analyzed, but they didn't mention the pool of hosts that these attacks were taken from.

Were there 1000000 linux hosts, 200 Windows hosts, and 6 Mac OS hosts? If so, that would radically change the conclusion that is implied.

Also, it's interesting to note that they did NOT count automated attacks by viruses, etc.

I'm sure there are interesting conclusions in their study of attacks, but given the lack of data, this study doesn't provide enough data to conclude that one OS is safer than other.

Oh, not again

[Cally (10873)]

For god's sake, how many more times will Slashdot fall for crap from this bunch of cowboys? mi2g are the archetypal media whores, they have no clue, no idea what they're talking about but they have the uncanny ability to tune a press release for maximum meaningless security. These 'surveys' they put out every do often are utterly meaningless, based on nothing. They're nothing more than a bunch of bullshitters who should be ignored. Five minutes with Google will turn up all the proof you need, failing that go search www.ntk.net.

mig2 security company = charlatans

[rxed (634882)]

I don't know about the results but this 'security company' has been in the news before and as far as I know it was labeled as bunch of charlatans by real security experts at security focus. Read more about mig2 at: http://www.attrition.org/errata/charlatan/mi2g-his tory.html

No, VMS, Multics, and VIC-20 are more secure

[plcurechax (247883)]

With no reported vulnrenabilities according to mi2g, these OSes are far more secure than that run of mill *BSD stuff.

They are wrong...

[Bull999999 (652264)]

My Play Station 2 has never been hacked so it makes PS2 the most secure O/S.

What's in an OS?

[cpghost (719344)]

A lot of software is shared between BSD and Linux installations. Stuff like sendmail (qmail, postfix, ...), apache, bind, etc... is exactly the same on both OSes. Most security breaches involve a buffer overrun in one of these server programs. So obviously, Linux and BSD systems should be equally vulnerable (or safe) w.r.t. remote exploits...

As many have pointed out in other threads, the ratio of competent/incompetent Linux admins is higher than the competent/incompetent BSD admins ratio. This is sad, but true. It is not because Linux is bad or hard to manage, it's simply because Linux is much more popular than BSD. Newbie admins will seldom start with BSD, so they make their mistakes on Linux boxes first. Some of them may grow up tried of all the different idiosyncraties of Linux distros, and try BSD. A few may even like it and stick to it. But the point here is that your average BSD admin is already experienced with Linux systems, whereas the bulk of Linux admins won't.

Linux or BSD are both great systems, but they can be really dangerous in the hands of the inexperienced.

DISCLAIMER: I'm a senior FreeBSD sysadmin since 2.0, but I'm also managing a farm of misc. Linux variants since kernel 0.99 in high risk secure environments. I like both systems very much, so I tend to dislike stupid over-generalizations a la BSD is more secure than Linux (even if it is true, for the reasons explained above).

I say this

[ducomputergeek (595742)]

As I finish setting up out newest FreeBSD server retiring our last Linux box from operations. We run now 100% off some kind of BSD in our company. Some are OpenBSD servers, other FreeBSD, and we have one NetBSD running on an old 486DX with no real purpose other than we wanted to play with NetBSD.

We are 100% Macintosh on the desktop because I can then spend time on billable hour projects, not internal stuff. But generally speaking, I really just like how BSD, especially the ports system, is organized and managed. Linux has always been scattered brained with more distros that you can count, where as I like the core development teams in both Free & Open BSD.

When I used to run an online browser-based game system, we often had more people trying to beat the system than the game. Led to problems under Linux and since it was a hobby site that I maintianed on my spare time, I didn't have time to mess with keeping everything 100% uptodate. So I reset up the game on an OpenBSD platform. Sure it didn't scale as well, but had no sucessful breaches from the script kiddies.

Now that I work as a consultant with small and medium sized companies in this area, security has become a staple of my business. Most of my work is in Policy advising because we still see a lot of network breachs, a vast majority, having some kind of internal proceedure issue. Aka, someone calls saying they are from branch y and forgot a password and someone gives it to them or a disgruntled employee sells information to a competitor. Or worse yet, employee fired/let go and no one removes accesss to the system until after they're gone if at all. I have seen some companies that still have user accounts for people that haven't worked there in over 3 years.

Still these are mainly small businesses with less than 10 people that are in real estate or some service business where they might have a website, POS, Email, MS Office, and Quickbooks more than larger companies that have an actual IT guy or department (even then...I am amazed at the total lack of intelligence of some of the people with MSCE at the end of their business cards)

Still, the biggest threats are comming not on the server side, but client side with viruses and trojans galore. Its the average joe blow that opens every attachment they are sent that causes the bulk of problems from my perpective.

Linux != single OS

[IntergalacticWalrus (720648)]

Great, yet another brain-damaged research that considers Linux an OS, and talks as if all Linux distributions were identical in terms of out-of-the-box security and ease of applying security updates. Hell, if we ever asked those morons what Linux distro they used to compute their Linux results, I bet they would say "uh... Linux 9.0 ?"

Conclusion

[pasv (755179)]

You are as safe as you make your server/system to be. If you don't patch you will get hacked and will not be safe. Same goes with windows, linux, Anything. Unless you have you're own OS that doesn't have patches :P. Can't stress how stupid it is NOT to put up a firewall blocking ports you really dont need open. Anything out of the box and kept that evil "default" setting Is bound to get h4x0r'd (hehe)

Numbers, Numbers, Numbers...

[rmpotter (177221)]

Here I go burning Karma again... Since we can't know the full details of this report unless one of us actually buys it, it is probably pointless to speculate on their methods. However... if you assume they didn't try to stack and that the following is more or less true:

* that most of these 17,074 were web servers
* that all or most of these servers were production boxes (worthy of being investigated after a break-in)
* that at least 20% of these were running Winodws/IIS (Netcraft

then all things being equal, there SHOULD have been at least 3400 Windows break-ins. Since there were about 2005 successful Windows attacks, MS and Windows admins must be doing something right. Many Windows admin ensure their boxes are patched. They follow NTBugTraq. They run lockdown tools or subscribe to security monitoring services. They are aware of potential breaches and most importantly THEY ARE NOT AS AROGANT AND SMUG as some of their Linux counterparts.

Mmmm -- nothing like the sweet smell of Karma burning on a cold February afternoon!

Re:easy way to fix linux

[LostCluster (625375)]

Nope. This isn't going to fix all of the hacks this report is talking about. Simply pick a root password of "password". up2date won't scream about that... but you're sure to be hacked rather quickly.

Stupidity runs on any OS...

Re:Longest uptimes, too

[Dobob (701740)]

Sorry, but :

As seen in the netcraft FAQ :

Additionally HP-UX, Linux, NetApp NetCache, Solaris and recent releases of FreeBSD cycle back to zero after 497 days, exactly as if the machine had been rebooted at that precise point. Thus it is not possible to see a HP-UX, Linux or Solaris system with an uptime measurement above 497 days.

Since the last server of the top 50 have an uptime of 1073 days, there's no way a Linux box could be in the list.

Re:Automatic Update

[gordguide (307383)]

" ,,, Mac OS X has a dumb little icon that leaps and jumps and bounces and begs for attention any time an update is ready. ..."

Doesn't do that on mine. Turn off automatic updating.

" ... When the update applies itself and wants a reboot, your only options are "shutdown" and "restart." There's no "cancel" option. ..."

There's no "cancel" option because it's unnecessary. Just keep working. You can "re" boot tomorrow, like I do. (most updates dont' require a reboot at all, by the way. But if they do, fuggetaboutit. Get some work done).

I suppose you could sit there and watch the update progress. I don't; I launch all my apps first thing; one of them is software update. If one is available, I click to install, enter my password, and then do something else (there's one installing right now. Or maybe it's done. Who knows? Who cares? Use the damn computer, SW Update doesn't need any attention from you).

A check for security-relevant update should probably be part of a Linux admin's daily routine. Kernel updates can be ignored; there's no need to update a perfectly good Linux install just because you can. Rookie error.

As for Windows update, I did a clean install of Win98SE about 2 weeks ago. 61 updates required, though mercifully only about 24 were "critical". And yes, you do need to stop everything and reboot every time with that OS.

I use Linux, Windows 98 & XP and OSX every day. It gives you a little perspective.