Risk: Informational
Linux systems are getting tougher for hackers to crack, security experts have reported.
A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002.
The 2004 results came after a team of researchers set up 19 Linux and four Solaris 'honeypots' in eight countries including the UK. Honeypots are unpatched Internet-connected computers designed to be targets for hackers.
The report stated: "Default installations of Linux distributions are getting harder to compromise.
"New versions are more secure by default, with fewer services automatically enabled, privileged separation in services such as OpenSSH, host-based firewalls filtering inbound connections, stack protection for common threats and other security mechanisms."
During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.
By contrast unpatched Windows systems exposed in a similar way in tests in 2004 by Symantec lasted a few hours, or in some cases minutes.
But there was bad news for Solaris users, with three out of the four honeypots running Solaris 8 or 9 hacked within three weeks. However, a fourth has been online for six months without being compromised.