Ninety two percent of survey respondents indicated that their
Linux systems have never been infected with a virus, according to
Evans Data’s new Summer 2004 Linux Development Survey. Further, 78%
of Linux developers say that their Linux systems have never been
hacked and less than 7% were hacked three or more times. Of the 22%
that have been hacked, 23% of the intrusions were by internal users
with valid login ID’s. The main ways that Linux machines can be
compromised are: Inadequately configured security settings,
vulnerability in internet service and Web server flaws.Contrast those findings with data from Evans’ Spring 2004 North
American Development Survey where 3 in 5 non-Linux developers
reported a security breach and 32% experienced 3 or more
breaches.“It’s not surprising that Linux systems aren’t hacked to the
degree that Windows-based machines can be exploited. The reasons
for the greater inherent security of the Linux OS are simple, more
eyes on the code means that less slips by and the OS is naturally
going to be better secured,” said Nicholas Petreley, Evans Data’s
Linux analyst. “As also found in Evans’ recently released Security
Development Survey, the mechanism by which a Linux machine can be
compromised is by users inadequately configuring security settings.
Ironically, the other flaws that crackers use to compromise Linux
servers are flaws in applications which run on competing operating
systems, so those vulnerabilities are not specific to Linux.”