Ninety two percent of survey respondents indicated that
systems have never been infected with a virus, according to Evans
Data's new Summer 2004 Linux Development Survey. Further, 78% of Linux
developers say that their Linux systems have never been hacked and less
than 7% were hacked three or more times. Of the 22% that have been
hacked, 23% of the intrusions were by internal users with valid login
ID's. The main ways that Linux machines can be compromised are:
Inadequately configured security settings, vulnerability in internet
service and Web server flaws.
Contrast those findings with data from Evans' Spring 2004
American Development Survey where 3 in 5 non-Linux developers reported
a security breach and 32% experienced 3 or more breaches.
"It's not surprising that Linux systems aren't hacked to the
that Windows-based machines can be exploited. The reasons for the
greater inherent security of the Linux OS are simple, more eyes on the
code means that less slips by and the OS is naturally going to be
better secured," said Nicholas Petreley, Evans Data's Linux analyst.
"As also found in Evans' recently released Security Development Survey,
the mechanism by which a Linux machine can be compromised is by users
inadequately configuring security settings. Ironically, the other flaws
that crackers use to compromise Linux servers are flaws in applications
which run on competing operating systems, so those vulnerabilities are
not specific to Linux."