Responses (from another site) on my recent, "Security Alert: They Should Have Used Linux" led me to explore the conclusion that hacking is really only for those seeking the low-hanging security fruit as their prey. These folks, who tout themselves as "Linux Experts" intrigued me so much with their comments that I'm compelled to write this post as an analysis of that dialog. One said that, "Hacking is a business. Windows is targeted because of the size of the target... combined still over 90%, and XP allegedly *still* 65%+." Still another asserted that, "Windows is the most attractive target for botnet crackers because of its ubiquity...." Could this be true? Could it be that hackers are simply hitting Windows because it is the biggest target?

I beg to differ.

I think Windows is an easy target because it has some pretty glaring insecurities. But it isn't the least secure out of the box OS.

One of the commenters said, "I myself recently changed from PCs running Linux to MacBooks for both work and home; though almost all of my work is via ssh to Linux or FreeBSD servers."

Want to know which OS (from Mac OS X, Windows Vista and Ubuntu Linux) was hacked first at two (that I know of) security conferences?

It wasn't Vista. It was hacked on the last day of the conference.

It wasn't Linux. It was never hacked.

Wait for it...

If you said Mac OS X, you're correct.

Some guy won a $10K prize by hacking it within two minutes of the start of the competition.

It isn't as my commenters suggest, that Windows is just so ubiquitous, that it's a target of more hacks. If hackers were simply low-hanging fruit grabbers, they'd grab Mac OS X first.

I believe that if Linux were in the Desktop use majority, it would still be the most secure and least vulnerable to hacks. Perhaps the true blackhat-wearing hackers would use their powers for good since hacking Linux would prove so unprofitable for them.

If ubiquity were truly the attraction for hackers, then Linux would be the most hacked OS because most Internet sites run on Linux with Apache.

What do you think? Is hacking just an exercise for those who seek the low-hanging fruit or is there more to it than that?

316 Views
About the Author
Member Avatar khess Practically a Master Poster

My new book, Practical Virtualization Solutions, is out.

Catch my radio talk show with co-host Jason Perlow[URL=http://www.frugaltechshow.com] The Frugal Tech Show[/URL], every Friday at 6:30pm Eastern. You can call in or just listen in. Live Interviews with Today's Technology Leaders (C-Level Executives) whose products and services save money for businesses.

And check out my columns, [URL=http://www.serverwatch.com/trends]Cover Your Assets[/URL], at [URL=http://www.serverwatch.com]ServerWatch.com[/URL] helps you with more money-saving tips for your IT infrastructure and Linux Magazine's Virtual Reality at linux-mag.com.

I suppose you must be right really. As a home user of Linux I feel acceptably safe using Ubuntu out of the box, but if I ran servers I might well look at Selinux or using OpenBSD. I take reasonable steps based on my assessment of how big a target I pose and I'm sure smart hackers reciprocate by weighing the likely profits against the estimated ease of the task. I guess it just isn't worth the effort of targeting a Linux home user, but it might be worth catching the odd "low hanging" badly configured XP box, even at home.