The Debian Team has offered this explanation of the recent server comprimise. In related news, a recent update to rsync was posted to patch a security hole that recently affected Gentoo .
Debian Offers Updates on Server Compromise
About The Author
Adam Scheinberg
Technology Executive • Web Developer • Father • Foodie • Music Snob • OS enthusiast
Follow me on Mastodon @[email protected]
Looks like the sys admin failed to install patches… something that Linux zealots say is only an Microsoft problem.
No they don’t. Nobody has ever said it’s only an MS problem. Looks like you’re a zealot who’s trying to accuse Linux people for something they never did, trying to make them look bad.
Wow, after the Linux movement has been preaching for so long how secure and impenetrable their operating system is. I am shocked to see that someone broke in to it, very interesting. But this was NOT the first time, I can guarantee you that it was done before and they just happen to notice it. If someone disagrees with that then you are lying to yourself. But on the whole ‘scheme’ of things this is going to become second nature to Linux, with code written in China and who knows where else, one has to wonder what are the true intentions of those people. You are right no one knows, and what about patches who can tell you that the patch is secured…..
Wow, after the Linux movement has been preaching for so long how secure and impenetrable their operating system is. I am shocked to see that someone broke in to it, very interesting. But this was NOT the first time, I can guarantee you that it was done before and they just happen to notice it. If someone disagrees with that then you are lying to yourself. But on the whole ‘scheme’ of things this is going to become second nature to Linux, with code written in China and who knows where else, one has to wonder what are the true intentions of those people. You are right no one knows, and what about patches who can tell you that the patch is secured…..
When was the last time Microsoft gave you an analysis of a security breach? This further shows how much more *secure* open source is.
I would not say that Linux is more secure. I see way more security updates for Linux. It is what you *mean* by secure. I think MS gets attacked more and is in the publics eye because of it. Face it, if you are on 98% of the computers in the world and you have a security issue it becomes a big issue.
I would not say that Linux is more secure. I see way more security updates for Linux. It is what you *mean* by secure. I think MS gets attacked more and is in the publics eye because of it. Face it, if you are on 98% of the computers in the world and you have a security issue it becomes a big issue.
From the previous post, yes Windows has about 98% of the desktop market or so. Heck all computer come with Windows it is the worlds most popular operating system. When you are talking about Linux you have about 1-2% of the market place, now that is scary if they are already being hacked and they are still a drop in a bucket.
I would not say that Linux is more secure. I see way more security updates for Linux. It is what you *mean* by secure. I think MS gets attacked more and is in the publics eye because of it. Face it, if you are on 98% of the computers in the world and you have a security issue it becomes a big issue.
Yeah, it becomes a big issue when you leave all ports open by default.
Linux tries to make security flaws and updates as transparent as possible and get them out as quickly as possible where Microsoft tends to try to buy time for themselves when making a patch by keeping it on the down and low and then they take forever in producing a patch that works once the problem is exposed to the public.
Neither are perfect and one may push more patches than the other, but it’s the effectiveness of their patching and the way they go about getting them made and out to the public that makes Linux more secure. Afterall, Linux makes up a good portion of the servers on the web, yet you haven’t heard of hardly any worldwide compromises and down times that you have with windows servers.
Well, if MS does anything they are cast down upon. Meanwhile, there are Linux server intrusions, they are not as popular because everyone bashs MS all the time. Linux is NOT more secure, it is a myth. If it was why do they need patches, it has holes to. If you think it is a fortress then go ahead and put your eggs in one basket.
first of all, did anyone read the paper?
the frist stage of the attack came form a sniffed password,
ALL operating systems are vulneravle to this, aka keylogers and all sorts of sh*t.
2nd:
the brk() was a known issue and was found and fixed by andrew morton. but they did not think it was a big deal, so no security advisory was released.
the attacker, may have coded the exploit himself or knows the person who did as it was not public. this is way different then a “see they did not patch” type of silly ness.
how do you patch against something that is not yet here?
the attacker mostly likey was reading the change logs and saw andrew mortons fix and started playing with it. and saw that it really fixed some that could be attacked.
microsoft machines get hacked every day by the hundreds and a few linux machines get hacked and ppl are up in arms.
-Nex6
‘microsoft machines get hacked every day by the hundreds and a few linux machines get hacked and ppl are up in arms’
What facts do you have, ‘hundreds of Windows machines’ I need facts, numbers, website address something. This is nothing but hype and made up lies.
Linux has holes therefore it needs patches. If it was a fortress, no patches would be needed. End of story.
EOF
“Face it, if you are on 98% of the computers in the world and you have a security issue it becomes a big issue.”
No Windows runs on about 95% of desktop systems. The amount on servers running Windows is considerably less probably in the order of about 50%. The other ~50% being on some sort of *nix including Linux.
These machines have a lot more interesting stuff on them than your Windows desktop and thus are prime targets for elite crackers to try to break into.
you must be new to the IT field or to computers…….
maybe you have never heard of a virus? like deborm? that installs like 5 tojans?
and many others just google for virus…
and microsoft themselfs have been hacked a few times and access the the code safe as been gotten to.
so its an everyone problem, not just MS, all software is like that.
check the hacker/security sites how many websites with IIS get hacked every day?
and ALL software needs patches, the more complicated something is the more it needs to be maintained. ie pathed.
Linux is more secure by defualt and is able to be FAR more secured the any windows based OS, period.
(altho both OS’s are pretty bad on the defualt part)
-Nex6
But on the whole ‘scheme’ of things this is going to become second nature to Linux, with code written in China
Yeah, those “no-good chinese,” right? This borders on racism
and who knows where else, one has to wonder what are the true intentions of those people. You are right no one knows, and what about patches who can tell you that the patch is secured…..
Actually, since you’ve obviously been living under a rock for the past 11 years, you should know that Linux is Open Source, which means that the source is accessible. Everyone can look at it. In the case of the kernel, a lot of people look at the code before it’s included, and there is no “anonymous” contributions. So if someone was dumb enough to intentionally put a backdoor or other security liability in, it would a) be identified right away, and b) the contributor would be ostracized by the community.
BTW, there is no conclusive proof that Windows is on more than 90-92% of desktops. And security begins with the admin. Both Linux and Windows systems can be made very secure, or insecure, if they’re badly administered. Windows does suffer from a worse security record when it comes to viruses and trojans, though.
In the server market Microsoft Windows does not have the greatest market share, Unix and unix varieties do. Microsoft Windows does have a huge home desktop market.
Yes, Unix has been breached before but you will not see worms running rampant on Unix units. Most desktop Unix units turn off services that are not needed. Because of the security model of Unix, it is much harder breach and use a Unix unit. In the last week or so several breahes have been reported. Interesting enough, only the units that were broken into were affected.
Unix, Linux, and the BSDs may not have desktop market share, but they do have the server market. Servers are attacked quite frequently but you do not hear about a Unix worm causing thousands of units problems.
Microsoft Windows makes it too easy for criminals. Worms and virii can spread from Microsoft servers to Microsoft desktop units. Microsoft Desktop units can also be used to attack servers. When a worm hits Microsoft Windows, you here about thousands if not millions of units affected. It is not Microsoft’s dominance that makes a Winodwos unit more vulnerable. It is because Microsoft has not concerned itself with security when adding new features and releasing their software with services turned on.
Microsoft is going to get bashed for their bad decisions.
Maybe, maybe not. It’s hard to objectively say because of the vast difference in marketshare. One thing Linux currently has going for it, though, is that its users are generally more computer savvy. They don’t blindly allow scripts to be run in their email clients, nor do they leave all their ports open to attack while online. They will not run processes at root level unless they absolutely have to which makes it alot harder for intruders to do system wide damage if they happen to break in.
Also, I think it’s important to keep things in perspective. The Debian break-in was a big deal in Linux terms. It exposed a previously unknown kernel level exploit in the wild and compromised the server of a key player in the Linux world. Even so, this is NOTHING compared to the damage caused by just one of the many Windows worms that have made the rounds over the last couple of years. The propagation of these worms, caused by a combination of shoddy programming on the part of Microsoft and stupidity on the part of users, are so massive that the slow down the whole damned internet.
Meanwhile, a handful of Linux servers get broken into and zealot after zealot is proclaiming it as the end of Linux. Sorry, I just don’t see it.
It’s really something else. The Debian developers give you a full analysis of the security breach, of how this guy did what he did, and Microsofties read it and say, “Wow, Linux isn’t secure, after all.”
Microsoft never announces when its servers are breached unless it’s obvious. So we simply don’t know how many times Microsoft Windows Update has been compromised, or anything like that. The same goes for all major corporations, who see security breaches as an embarrassment and bad PR. They make sure their sysadmins cover everything up, so you just don’t know when servers go down, unless it’s immediately obvious to the outside world. Debian, on the other hand, is contractually bound (read their Social Contract) not to cover up security breaches, and it is in fact in their best interest to do so. But shortsighted Microsofties can’t understand how many breaches probably occur on Windows server boxes and aren’t announced, and how comparatively few occur on Linux boxes, but _are_ announced.
Case in point: I have a friend who works at a major corporation in NYC. The whole corporation’s network was infected with the Welchia worm, and it even spread to employee’s laptops and VPN-connected clients. The first thing that was done was the sysadmin sent an internal e-mail explaining that a couple of computers had been compromised and he was handling it (i.e., I’m gonna try to save my ass). Meanwhile, my friend knew it had hit more than a “couple,” and saw the symptoms on the “serious, secure” HP rackmount servers in the server room. The next e-mail was the President of the corporation, telling everyone that the sysadmins had taken Internet access down as to not possibly “let the cat out of the bag.” He then politely reminded everyone that they are “highly encouraged” not to speak of this “incident” outside the “office environment.”
Give me a break. I just helped out another friend who works at Reuters as a Win2000 Server sysadmin, and when he let me use his computer over his house, I quickly noticed he had strange processes running in the background and, without even blinking, noticed the symptoms of two viruses. When I ran Norton in safemode on his machine, it found 17 infected files. Give me a break.
This was not a trivial exploit to carry out.
The attacker had to sniff a password, retrive source code, compile it, protect and obfuscate the executable with Burneye, install a rootkit…. And that was just for the mailing list server.
It’s a little different from having your computer rooted because you clicked on an attachment in outlook.
While Linux is not immune to all attacks, at least only very determined crackers attacking a single target appear to have a chance. With some Windows security holes (eg Blaster) we see thousands of computers being compromised every *second*.
“In the server market Microsoft Windows does not have the greatest market share, Unix and unix varieties do”
Actually MS does have the greatest market share (about 60 %). Unix just accounts for the majority of cost.
There are aspects people are overlooking here.
If someone was able to inject their ‘trojan’ code into Debian, which by the way before people go on about it did not occur, but IT COULD have done. The breach was that bad.
Andrew Morton and the team decided that the root exploit was not that bad and would not cause a problem, which by the way is something people like MS get attacked for all the time, that being bugs that are assumed to be harmless. Difficult work. I won’t shoot them for it, but it would be nice to see better balance between all vendors and people reporting breaches issues and end customers.
If code is ever injected into core linux distributions on the back of this kind of break in, people need to stop crowing about being better or worse than microsoft. Microsoft have their own issues you can shoot them for, that does not excuse you from your responsibilities. Debian went ahead and released IMHO far too early to claim they were/are clean, but only they can make the benchmark and you have to trust them. If someone did write in something within the kernel or elsewhere, its a very very very serious matter.
Right now, Mandrake, Suse, Redhat all ship a product that has flaws in them as well known and publicised as any MS flaw. Any linux box at local level is not rootable at will (hostile local users are a night mare anyway, but more so if you present it to them on a plate). Only if the end user/company ensures that updating occurs can you define that Linux would not be the cause of an internet breakdown of some kind due to a work/exploit or widescale intrusion.
And looking around the web, I believe right now that any serious widespread use of linux would take an awful lot of looking after to maintain security. The number of bugs and problems is worse week on week and this in part is due to a growing popularity and wider scale use of the OS.
How many of you have fixed your kernel and your rsync issue via patching. Debian are going to be busy for a while yet, as is the kernel.org people after their recent issue and as are the core team at FSB which also had a breach.
One of the facts that actually hurts people is a silly belief that they are safe if they choose something more secure like bsd, linux, MacOS, and so forth and so on.
Unless you keep any system that is exposed secure, which is not the simplistic idealistic case many suggest, you are threatened with breach.
I’d really like to see a more grown up attitude to these things, I think people get bogged down in the idealistic arguments about who the vendor is and how one is better than the next. Go look at cert, or secunia or other sites to realise that its a serious issue, and one that should not be belittled into an argument about MS being the boogieman.
Linux is a multiuser, secure computer system. But it requires work and dedication to keep it that way.
Both MS and Linux distros, and other OS’s have methods of updating systems and trying to help keep systems secure. I applaud all methods and ideas even if they don’t quite work out.
AdmV
Your on target. Right on.
It sounds like to me, they are trying to make excuses for this episode. Like it is never going to happen again, yeah right. If someone was able to pull this off, someone will try to top them. Something about Linux brings out the worst in people.
This is not true, Linux is not more secure. It is like saying that it does not have applicatons crash with ‘segmentation faults’ like the orginal review stated.
“Actually MS does have the greatest market share (about 60 %). Unix just accounts for the majority of cost.”
That is due to the fact that a Unix box scales much farther than a Windows box. For what people used to use a single Unix box for, they use 5 Windows servers now. This gap is closing as MS is producing more stable, more scalable servers, but there is still a way to go.
Like robelanator said, Linux users tend to be a lot more computer savvy and security conscious. Most Windows users only update their systems once they get hacked, and generally tend to run anything that promises them nude pics of Britney Spears.
It’s like two neighbors – it doesn’t matter how secure your house is, if you leave your door unlocked and/or all your valuables out on the front lawn, you’re probably going to get ripped off.
Due to the forensics have pointed out this rsync vulnerability after the compromises, the vulnerabilities have been fixed. That is a Good thing imo, and well work from both parties as well as regarding the kernel.
Users who then whine about parts of the project(s) in question being down while not counting that these vulnerabilities have been found and solved (read about these processes, it’s a lot interesting and hard work) or flame “Linux” (rsync != Linux for one, for second this is a local vuln) is insecure have to view to the process of fixing too. That’s important too!
Btw, even the highly secure OpenBSD project runs both rsync mirrors _and_ had local vulnerabilities in the kernel et al recently. You do the math.
‘Like robelanator said, Linux users tend to be a lot more computer savvy and security conscious. Most Windows users only update their systems once they get hacked, and generally tend to run anything that promises them nude pics of Britney Spears’.
This is really stupid and uncalled for. How are Linux users more intelligent than Windows users? So a PHD that runs Windows is dumb and a Bestbuy employee that runs Linux is smarter….
Yeah right, that takes the cake for the dumbest statement on earth!
“Actually MS does have the greatest market share (about 60 %). Unix just accounts for the majority of cost.”
This is not correct because this is the figure for number of machines sold with operating systems installed on them. This does not take into account
(a) All of the servers sold by Dell and others with NO operating system installed on them. These machines are obviously going to have Linux or a BSD installed.
(b) All of the old Win NT boxes upgraded to Linux ( a lot more than you Win fans think – this comment is being written on one – now being used as a Samba server)
In all probability Windows based servers account for a lot less than 50% of the installed server base.
‘(a) All of the servers sold by Dell and others with NO operating system installed on them. These machines are obviously going to have Linux or a BSD installed’.
‘(a) All of the servers sold by Dell and others with NO operating system installed on them. These machines are obviously going to have Linux or a BSD installed’.
“If someone did write in something within the kernel or elsewhere, its a very very very serious matter.”
Obviously. The chances of this happening, though, are just as great with an open source as they are with a closed source. The difference is that with open source software the end users can 1) inspect the code before installing and 2) remove the offending code and recompile if such an exploit were discovered (i.e. they would not have to wait for an “official” patch to be issued).
So open source software lets say that comes from China you would bet your job that it would not contain a backdoor?
I think I would rethink that comment, second I want to see the data on All Dell servers without a operating system install Linux. Another lie, like I said earlier something about Linux brings out the worst in people….
“This is really stupid and uncalled for. How are Linux users more intelligent than Windows users?”
Actually, what I said was: “One thing Linux currently has going for it, though, is that its users are generally more computer savvy.”
“So a PHD that runs Windows is dumb and a Bestbuy employee that runs Linux is smarter…. “
Maybe if you think the word “generally” means “in all possible examples.” Though having a PHD is philosophy, for example, does not necessarily make someone smarter nor more computer saavy than a Best Buy employee.
If you can’t admit that the average Linux user is more computer literate than the average Windows user then there’s really no point arguing with you since we apparently exist in different realities.
“If someone did write in something within the kernel or elsewhere, its a very very very serious matter.”
Obviously. The chances of this happening, though, are just as great with an open source as they are with a closed source. The difference is that with open source software the end users can 1) inspect the code before installing and 2) remove the offending code and recompile if such an exploit were discovered (i.e. they would not have to wait for an “official” patch to be issued).
The key thing that makes this recovery possible was that Debian had copies of the MD5 sums for all the files on the rooted machines available on machines that were not compromised.
This is what enabled them to tell that no code was altered and that if it had been precisely which files would have been suspect.
“So open source software lets say that comes from China you would bet your job that it would not contain a backdoor? ”
You obviously have little understanding of the screening process that accompanies code conttributions.
Lets not forget about the backdoor attempt on the linux kernel a few months ago. A complete failure.
“So open source software lets say that comes from China you would bet your job that it would not contain a backdoor?”
The great majority of open source projects popular in the US are maintained by those living in North America or Europe. This means that there’s most likely some white dude checking each peice of submitted code to make sure there’s no virii or trojans in it so you can breath a sigh of relief.
In all seriousness, last I checked people from Asia weren’t inherently malicious. Did we start another cold war while I wasn’t looking or something?
Evidence from the Debian server compromise was used by GNU organization (who provides the much of the software packaged with Linux distributions) to determine their own servers had been hacked a month ago.
They have since taken those systems offline and one would imagine are now checking the host repositories for imbedded trojans.
Here is the only publicly available information so far:
http://savannah.gnu.org/statement.html
“second I want to see the data on All Dell servers without a operating system install Linux. Another lie, like I said earlier something about Linux brings out the worst in people….”
That was put forward as an estimate – Dell servers are sold with an option of WIndows, Red Hat Linux or No operating system preinstalled. Windows users are going to buy the machine with it preinstalled. While Linux users and you forgot BSD users are going to want to install a specific distribution and specificslly configure their installation which is why they are going to buy an OS less machine.
Few people (particularily corporate users purchasing large numbers of machines) are going to risk the BSA stormtroopers ransacking their business for the sake of saving a couple of hundred bucks per machine if they install a pirated copy of Windows.
And as for your final comment I suggest that you “First smite the mote from thine own eye”
PS Dell keep deadly secret how many OS less servers they sell.
Evidence from the Debian server compromise was used by GNU organization (who provides the much of the software packaged with Linux distributions) to determine their own servers had been hacked a month ago.
Yes, and I bet it had been hacked before without anyone knowing about. If it went for a full month, then they were probably in and out several times. I find it amazing the arrogance of the whole Linux community, saying that Windows users are dumb and they are so intelligent. Let me tell you something, if the mighty GNU Servers were hacked and no one had a clue that goes to show that Linux is NOT the almighty (mythical) fortress that it was once perceived. Just because you can key a few strokes at the command line and write a little perl script, does not make you some rocket scientist. In a way it is funny, when the facts come out and the links to verify the story. It is hard for the L$ Community to keep harping on the same old myths…
No Windows runs on about 95% of desktop systems. The amount on servers running Windows is considerably less probably in the order of about 50%. The other ~50% being on some sort of *nix including Linux.
Your numbers are way off. Check the table in this article where the most recent Gartner data shows Windows has ~3 times the total number of *nix servers:
Operating system
Windows 3.169 million
Linux 425,000
UNIX 484,000
Other 532,000
Total: 4.610 million
http://www.csmonitor.com/2003/1204/p14s02-stct.html
http://www.csmonitor.com/2003/1204/p14s02-stct.html
That was an excellent article and the numbers of Windows machines is unreal….
microsoft machines get hacked every day by the hundreds and a few linux machines get hacked and ppl are up in arms
Actually Linux hosts are by far the #1 rooted box on the internet. The website http://www.zone-h.com provides daily updates of defaced sites categorized by O/S, and is the defacto standard reporting group for these issues since attrition.org stopped monitoring these stats a few years ago.
Today’s stats on zone-h look like just about any other day when listed the percentage (%) of boxes owned by hackers:
109 single IP
1131 mass defacements
Linux (82.6)
Win 2000 (14.0)
Win NT9x (2.0)
Unknown (1.0)
FreeBSD (0.2)
SolarisSunOS (0.1)
IRIX (0.1)
That number will change throughout the day but Linux is always at the top.
In the server market Microsoft Windows does not have the greatest market share, Unix and unix varieties do. Microsoft Windows does have a huge home desktop market.
You might want to check the latest figures from IDC or Gartner before you continue to repeat that else others might think you have no idea what you’re talking about and begin to question all your comments. I provided you a link above that showed over 3 million Windows servers and less than 1 million *nix total, if you have something different by all means please share it.
*nix still brings in more total revenue than Windows Servers, but that is simply due some of the astronomical prices for Cray Unicos or 128 way boxes by SGI etc.
Firstly these are Gartner figures – no one believes them in the first place. At best they are just guesstimates like mine but with precise numbers put in the columns to look good. At worst they are skewed towards the interests of their customers.
Finally if you look at the body of the text they refer only to servers shipped with operating systems.
I would dearly like to know the figures for Dell and other server suppliers shipments of OS less machines.
Linux users tend to be a lot more computer savvy and security conscious. Most Windows users only update their systems once they get hacked, and generally tend to run anything that promises them nude pics of Britney Spears’.
Sorry but I really don’t think the links I provided above lend credence your theory. According to the most recent Gartner data, there are significantly more Windows servers currently online than Linux, yet most respected defacement monitoring site zone-h consistently reports the quantity of Linux hacks exceeds that of Windows. So it appears that even though are are fewer Linux servers online, they are actually successfully hacked more often than their Windows counterparts.
Your sheer lack of understanding is amazing. Debian was saved by the fact they had clean sourcs and servers to fall back on. Lets assume they were less lucky and all the servers were compromised (a possibility had the intruder not been found so early), and consider that if the GNU entire backbone is compromised (as it could be after being intruded for a month) there might yet be more to be seen on this.
Today you could be facing complete meltdown in the debian and GNU community due to security issues, and you have only escaped by the absolute skin of your teeth. If someone did breach MD5 from inside the core servers you might never ever know that you’d hacked.
You focusing so brightly on the aftermath and recovery does’nt give me comfort, and until people stop living in ivory towers things will not improve. Now as I said, I’d like to see a more mature approach instead of the silly finger pointing at MS. In the past few weeks open source has been posed a serious question over security and has clearly been found wanting.
And two more items relating to someone in threat who was braging about the openess in the OSS community:
1. Debian will not disclose or discuss the breach code. Not an elightened attitude given the attacks on closed source outfits. See their latest comments.
2. Andrew Morton released .22 knowing about this kernel exploit. Someone, somebody decided that this exploit/problem was not a problem, and gave you and I no chance to defend ourselves. Is this not similar to some behaviour we see from the closed source providers? I don’t blame anyone for this. I understand the process. But I think if the open source community places this charge in a blanket way on people like MS they must ensure they do not cause the same issues.
Your comments:
“The key thing that makes this recovery possible was that Debian had copies of the MD5 sums for all the files on the rooted machines available on machines that were not compromised.
This is what enabled them to tell that no code was altered and that if it had been precisely which files would have been suspect.”
Yes, and I bet it had been hacked before without anyone knowing about. If it went for a full month, then they were probably in and out several times. I find it amazing the arrogance of the whole Linux community, saying that Windows users are dumb and they are so intelligent. Let me tell you something, if the mighty GNU Servers were hacked and no one had a clue that goes to show that Linux is NOT the almighty (mythical) fortress that it was once perceived.
Exactly right, these recent Linux breaches aren’t just your average everday website where some guy is putting up pictures of his family over a cable modem, these are the freaking pillars of the Linux “community”, where their software is hosted for download and subsequent install and use on countless other systems. If those systems can’t be trusted the whole community can’t be trusted.
Firstly these are Gartner figures – no one believes them in the first place. At best they are just guesstimates like mine but with precise numbers put in the columns to look good. At worst they are skewed towards the interests of their customers. Finally if you look at the body of the text they refer only to servers shipped with operating systems. I would dearly like to know the figures for Dell and other server suppliers shipments of OS less machines.
Well Gartner is the most respected IT monitoring group that exists (hence their exorborant fees), you can ignore them if you want but that just leaves you further behind in obtaining the most relevant and recent knowledge. If what you’re saying is true, servers loaded with Linux but not bought that way still wouldn’t overcome the quanties of Microsoft boxes running pirated copies of Windows, which is sometimes estimated to equal the number of copies sold.
The Gartner and zone-h statistics are not compatible. The Gartner data ignores colocated sites and those outside the fortune top 500 of some western country (to increase the apparent share of MSWindows). The zone-h stats report colocated defacements as individual attacks.
When zone-h reported hits on individual ip (2002-01)-(2003-05)…
“The graph shows clearly that one of the most hit OS over the time was Windows”
(http://www.zone-h.org/winvslinux)
My comment “The key thing that makes this recovery possible was that Debian had copies of the MD5 sums for all the files on the rooted machines available on machines that were not compromised.
This is what enabled them to tell that no code was altered and that if it had been precisely which files would have been suspect.”
Is still valid I did not post it to excuse the failures that lead to this exploit being possible – but point why a rapid recovery was possible in the current situation”.
Yes a far worse disaster could occur – imagine if the were no indpendant MD5 sums available – the task of sorting out what files may be affected would have been herculean.
This was not a Panglossian apology but an evaluation of why a rapid recovery was possible.
How many of you have fixed your kernel and your rsync issue via patching.
I haven’t yet (I’m waiting for Thomas Backlund’s customized 2.4.23 kernel) , but my system is secure nonetheless for two reasons.
1 – my firewall box connected to the Internet has few services running, and the patches on these are all up-to-date.
2 – I do have an SSH connection to the Internet, but there are only one account that can use it (not root) and it has an insanely complicated password using upper- and lower-case letters mixed with numbers.
3 – I don’t use Rsync.
Is Linux more secure than Windows? Well, as far as hacking goes, it’s hard to tell. Good administration of services and permissions, intrusion detection systems such as Snort and other security tools (such as ManrakeSec) help. Keeping up-to-date with security advisories is also essential (again, in comparing with Windows, don’t confuse advisories for programs that are part of the distro with advisories on OS components).
So as far as actual hacking is concerned, Windows and Linux are roughly equal. But security is not only hacking: it also includes malware (viruses, trojans, spyware, etc.) In this department, Windows’ records is dismal. The argument that more Linux boxes would mean more malware for Linux has yet to be convincingly proven – after all, there are about 2,000 times more viruses for Windows than Linux (counting “proof-of-concept” viruses), even though Windows has but 40 times Linux’ market share on the desktop, and three times the market share on servers. The “proportional use” argument therefore does not stand under scrutiny, nor can it justify the very serious remote exploits using Internet Explorer.
So, the final tally is:
Hacking – equality (slight advantage to Linux because of default port configuration)
Malware – advantage Linux
So, overall, it is a pretty safe assumption to make that Linux is indeed more secure than Windows.
“still wouldn’t overcome the quanties of Microsoft boxes running pirated copies of Windows, which is sometimes estimated to equal the number of copies sold.”
For Servers this is only true outside of North America and Europe where there are no BSA stromtroopers and this situation is changing.
“The Debian break-in was a big deal in Linux terms. It exposed a previously unknown kernel level exploit in the wild and compromised the server of a key player in the Linux world.”
The security issue was fixed before the exploit, it was a known issue. Obviously the exloiter had seen it in the kernel changelogs or something.
Please disregard whatever this poster says. He likes to steal other people’s nicknames in puerile attempts to discredit them.
Personally, I see it as an admission of defeat: he can’t counter other people’s arguments, and so he steals their nickname and posts contrary viewpoints or simply garbage.
It would be nice to see the serious pro-Windows posters condemn this kind of behavior, which so far has been exclusively coming from their side (although, to be fair, it only seems to be the work of one or two individuals). Otherwise, we might start to believe that they condone such practices.
The Gartner and zone-h statistics are not compatible.
They may not be using the exact same scales but they are the most relevant of their kind. If you have any refuting claims from other organziations on either of these regards I’d like to see them. I also appreciate that link you provided, although your statment condeming Windows was obviously taken out of context and relates to the time during the Iraqi war which could have been skewwed for a variety of reasons. Here are the more relevant and overall conclusions from your link:
http://www.zone-h.org/winvslinux
“The direct result of Zone-H data organized in a chart graphically supporting MI2G statement is in fact showing that today Linux attacks are as 5 times higher than the Windows ones.”
“The results that came out is clear: Linux is in effect the most attacked Operative System, and this already since middle March 2003 as you can check by this graph:”
It goes on to say that Microsoft users are becoming more reliable in patching their systems due to awareness levels being raised re: Slammer.
So open source software lets say that comes from China you would bet your job that it would not contain a backdoor?
Well, if it’s open-source, then the backdoor would be at risk of being discovered. It’s much more profitable to put backdoors in proprietary software (a good example is the Promis database program at the root of the Inslaw scandal).
Please disregard whatever this poster says. He likes to steal other people’s nicknames in puerile attempts to discredit them. Personally, I see it as an admission of defeat: he can’t counter other people’s arguments, and so he steals their nickname and posts contrary viewpoints or simply garbage. It would be nice to see the serious pro-Windows posters condemn this kind of behavior, which so far has been exclusively coming from their side (although, to be fair, it only seems to be the work of one or two individuals). Otherwise, we might start to believe that they condone such practices.
I will quickly condem that sort of behavior, especially since my username has likely been the one most commonly impersonated/slandered. There are few Windows users posting on this board, mainly because of the amount of disinformation posted by the Linux users (not the OSNEWS articles of course, which shoot straight up and are great), and those Windows users that are here are typically well mannered despite the vile way in which they are treated.
So sure I will gladly condem that behaviour, but let’s just remember who is doing it the most.
“And two more items relating to someone in threat who was braging about the openess in the OSS community:
1. Debian will not disclose or discuss the breach code. Not an elightened attitude given the attacks on closed source outfits. See their latest comments.
2. Andrew Morton released .22 knowing about this kernel exploit. Someone, somebody decided that this exploit/problem was not a problem, and gave you and I no chance to defend ourselves. Is this not similar to some behaviour we see from the closed source providers? I don’t blame anyone for this. I understand the process. But I think if the open source community places this charge in a blanket way on people like MS they must ensure they do not cause the same issues. ”
HELLO!
Have you readed the article? The answer is in the article: they did not believe this could lead to a local root compromise thus they did not believe this was exploitable thus the word exploit is not appropriate. That’s the answer. Unless you can drive from there to this “””logic””” it is imo pointless.
I will quickly condem that sort of behavior, especially since my username has likely been the one most commonly impersonated/slandered.
Impersonated != slandered. Don’t confuse the two issues. We’re not taking about being slandered here. So, are you saying that your nick has been used by someone else a lot? Can you point to (numerous) examples?
So sure I will gladly condem that behaviour, but let’s just remember who is doing it the most.
Over the past week it has been done exclusively by anti-Linux trolls (though now I’m sure an anti-Linux poster will pose as a pro-Linux one impersonating a pro-MS one, just to prove me wrong), not by Linux advocates. But of course you’d try to recuperate this to support your own zealotry…
Meanwhile, there are 2000 times more viruses and trojans for Windows than Linux. There are remote root exploits with Internet Explorer. Slammer. Blaster. Etc.
As I’ve said before, Unix are hacked more often because they require human intervention, while Windows boxes are compromised using malware. Just thing of the major DDoS attacks that use Windows “zombie” boxes to pound web servers.
Something else to consider: all these recent hacks on Linux systems can’t be coming from OSS advocates – so, do they come from proprietary software advocates then? And they’ve really made a lot of anti-Linux folks happy here (as they were quickly running out of arguments).
So, are anti-Linux folks actually condoning these convenient break-ins? If not, will they officially condemn it?
maybe this will make them speed up that project.
http://www.theregister.co.uk/content/56/20545.html
Your sheer lack of understanding is amazing. Microsoft was saved by the fact they had clean sourcs and servers to fall back on. Lets assume they were less lucky and all the servers were compromised (a possibility had the virus not been so malicious), and consider that if the Microsoft entire backbone is compromised there might yet be more to be seen on this.
Unlike Microsoft, however, Debian’s code is readily available from sources apart from Debian’s own servers. Even if every server they were connected to was hacked and the building in which they house their offsite backups burned down, Debian’s source code would still be available from people and organizations all over the world.
I say it’s testimony to the security of Linux that it is hacked so infrequently and that such a big deal is made of it when it does happen. By contrast, when a Windows server is hacked, nobody thinks anything of it anymore. There cracker websites where they’ll all but tell you how to crack Windows machines. As it is, Linux being the talk of town these days, of course it will draw more attention. And when Longhorn gets here, it will be Microsoft’s turn again to see how secure their OS is. I imagine OS X will also be getting its turn soon, as well.
“(a possibility had the virus not been so malicious)”
Should read:
“(a possibility had the virus been more malicious)”
there are 2000 times more viruses and trojans for Windows than Linux
See, more BS. Check your own websites, lwn.net reports ~400 hacks for Red Hat alone, not even counting other distributions. According to you, there must be 2000 times 400 more holes in Windows. 800,000 huh. Of course not. But you spout this BS and then wonder why you get called on it.
Something else to consider: all these recent hacks on Linux systems can’t be coming from OSS advocates – so, do they come from proprietary software advocates then? And they’ve really made a lot of anti-Linux folks happy here (as they were quickly running out of arguments). So, are anti-Linux folks actually condoning these convenient break-ins? If not, will they officially condemn it?
Again what you post as fact is simply not true!
These hacks very well could be coming from OSS advocates and you have absolutely no way of proving otherwise. How do you know its not just further continuation of “the unix wars” which is migrating to Linux as well. Did you see Richard’s Stallman’s statement on the GNU notice I linked above? Even when he is supposedly working with Debian over these attacks, his statement above talks about “severe philosophical differences” or some other BS.
My position is never to applaud the work of hackers, and these hackers like all others need to be hunted down and brought to justice. And that is what the Linux people need to be doing instead of their usual finger pointing at Microsoft, who I can practically guarantee you will never be implicated in this case.
I’d say it’s testimony to the security of Linux that it is hacked so infrequently
You must not have read the latest posts on this thread before commenting. Here are the most recent figures from zone-h, who track server compromise (not worm propogation, but full defacement).
http://www.zone-h.org/static/gfx/winvslinux1.gif
There are more holes in Linux because it has not been as widely used on the desktop.
Here are the most recent figures from zone-h, who track server compromise (not worm propogation, but full defacement).
That could have something to do with the fact there are far more Apache webservers than Windows ones. A lot more people die every year in the US than in South Africa. That proves United States health care is worse! Wait, no, it just means there are a hell of a lot more people in the US.
Also, far more inexperienced hobby administrators running Apache servers. The average teenager can’t exactly pick up a Win2k server for free, with Apache they can. It’s not a reflection of the operating system’s security that an inexperienced person doesn’t know how to secure it.
There are so many factors to figure in a simple graph like that can’t begin to explain the real situation. I’m not claiming that Linux is more secure, only that the statistics you’re citing are near meaningless.
It’s not a reflection of the operating system’s security that an inexperienced person doesn’t know how to secure it.
Of course it is, how could you say otherwise? Whatever system is the easiest to configure securely is obviously the most likely system to be configured securely. The relationship is directly proportional, whether you understand what that means or not, either.
Look I don’t mean to come off as a snotwad but there is just an incredible abundance of BS being purported on here by Linux people. When you can find any refuting evidence other than your own bogus logic please let us know. Until then, continue your research in silence. Thanks.
“…who track server compromise (not worm propogation, but full defacement).”
Here you go:
Code Red has infected over 385,000 hosts as of 2002.
http://www.techtv.com/news/security/story/0,24195,3383775,00.html
“Millions of computers infected by Bugbear virus”
http://abc.net.au/news/scitech/2002/10/item20021004153210_1.htm
Blaster/LovSan infected over 200,000
http://www.ananova.com/news/story/sm_809108.html?menu=
Not to mention SirCam, Nimba, Klez, etc…
Windows users are incredibly lucky that these worms weren’t written with more malicious intent in mind.
Also, regarding Zone-H.org reporting, check out their Defacement Archive section:
http://www.zone-h.com/en/defacements
Apparently they count defacements of domains (including each subdomain) rather than the actual number of servers hacked. So if 1 Linux server hosting 200 sites, each with 5 subdomains, and a Windows2000 server hosting 10 sites, each with 2 subdomains, both get hacked then they report 1000 successful attacks against Linux and 20 successful attacks against Windows2000.
See, more BS. Check your own websites, lwn.net reports ~400 hacks for Red Hat alone, not even counting other distributions. According to you, there must be 2000 times 400 more holes in Windows. 800,000 huh. Of course not. But you spout this BS and then wonder why you get called on it.
Tsk, tsk. Let’s look at what I wrote, shall we?
there are 2000 times more viruses and trojans for Windows than Linux
Can you see where I mentioned “security holes”, here? That’s because I was talking specifically about malware, i.e. viruses.
Perhaps you should actually read what I write before you reply?
These hacks very well could be coming from OSS advocates and you have absolutely no way of proving otherwise.
Yes, but what would be the point? They have absolutely nothing to gain from this.
Did you see Richard’s Stallman’s statement on the GNU notice I linked above? Even when he is supposedly working with Debian over these attacks, his statement above talks about “severe philosophical differences” or some other BS.
Yeah, right. Stallman hacked Debian. And that would benefit him because…? Stallman has philosophical differences with a lot of people, but he deals with those differences in writing and in conferences.
And that is what the Linux people need to be doing instead of their usual finger pointing at Microsoft, who I can practically guarantee you will never be implicated in this case.
Why, do you work at Microsoft? After all, they have been guilty of other types of underhanded tricks before. This wouldn’t be past them – although they wouldn’t have done it directly…
I don’t really think this is the work of MS, really, but rather of a MS zealots. (Don’t worry, I know it’s not you, you don’t have hacking skills…)
About the Zone-H thing. That shows that Win95 is more secure than Linux… I have a serious feeling that its *not* a reliable statistic.
As for those counting security advisories — c’mon folks, statistics isn’t rocket science. Nobody in their right mind would believe that such a metric was reliable.
Same thing for those counting the number of viruses, again, not a reliable metric.
The only thing that would be a reliable metric would be a study that counted the number of compromised, publically acessible servers running each OS. The results would then be expressed as a percentage of compromised machines out of the total number of machines running each OS.
The study would have to do an analysis of the potential attractiveness of each site (the FSF is a much nicer target than, say, Joe’s Plumbing store), as well as take into account regional and national differences. Most current surveys are heavily US-biased, which is a problem given that a lot of the Linux community is international. Most importantly, it would *not* be a Microsoft or OSS advocate funded study.
To my knowledge, no such surey has yet been done. Until then, no statistic comparisons can be made comparing the security of the two OSs.
Lacking statistical metrics, the only ones we have available are analytical ones. There a few fundemental differences between the security model of Linux and Windows:
1) Windows gives users root by default. Linux does not.
2) Windows has a robust, but complex, system of permissions. Linux’s system is robust, but more simplistic.
3) Key Windows applications have incestuously close relationships with the internals of the OS. In Linux, there is a very strict seperation of OS and application components.
4) Microsoft has a large, dedicated, professional security teams. Linux has either either a small professional security team (RedHat, SuSE), or a large, volunteer security team (Debian).
5) Microsoft gets little to no external code review, Linux gets extensive external code review.
6) Windows includes a lot of code in kernel space, Linux includes much less.
From a design standpoint, Linux has the edge. Now whether this translates to more security in the code itself is up for debate.
Whatever system is the easiest to configure securely is obviously the most likely system to be configured securely.
By default, a Linux install is more secure than a WinXP install (port 135 is closed, among with many others). Mac OS X is more secure than both (all ports closed by default).
If you connect an unpatched WinXP machine directly to the Internet, it will get compromised by malware in about 15 minutes. That doesn’t happen with Linux.
There are 2,000 times more malware for Windows than Linux.
BTW, your ISP uses Linux. Aren’t you afraid for your security? 🙂
It’s a strange choice of words: ‘*in effect* the most attacked Operative system’, where the graph ‘Defacements by OS (Single IP)’ clearly shows more individual MSWindows running computers were compromised over the 16 month period they analysed.
The statement: “The results that came out is clear: Linux is in effect the most attacked Operative System, and this already since middle March 2003 as you can check by this graph:”, also only refers to a two and a half month period at the end of the sixteen, as the survey finishes in may 2003.
In statistical terms, that is known as a ‘prediction’.
You cannot just dismiss fourteen out of sixteen months worth of data just because does not fit the requirements of your report (or those of MI2G).
Whether the results are effected by the iraq war, Slammer, Blaster or CodeRed etc is not really relevent, it does not mean the attacks were any less successful, or that similar circumstances will not happen again.
The zone-h site is however, certainly a wake-up call to anyone who runs any kind of server on *any* os. I would love to see the same kind of graphs up to the present day.
We’re talking hacks here, which is what has just happened to GNU and Debian and Gentoo that we know of. High profile system repositories, that were owned by outsiders with real time outside control. Not some user propogated email worm like bugbear that spread to office desktops quickly but didn’t necessarily forfeight control of the box. There is a difference, not to diminish the damage of worms but they are a different beast, typically being more vandalistic than anything. And linux simply does not have a sufficient enough footprint to be a target for worms because they are primarily designed for widespread distribution.
Worms and viruses can install trojans, small programs that give remote access to your machine. This is how most DDoS attacks are perpetrated: machine gets infected with trojan horse through a virus, it “phones home” to the hacker who released the trojan in the wild, the hacker can then send commands to that machine (i.e. attack this IP address, etc.).
As I’ve said before, you should learn a little about computer security before spouting statistics at us in such an arrogant manner. You’d look less of a fool.
But hey, at least your ISP uses Linux…
That shows that Win95 is more secure than Linux…I have a serious feeling that its *not* a reliable statistic
With all respect if you had read more of the discussion before commenting you would realize those statistics show realtime stats over a 24 hour period, so apparently there was a website running PWS on 9X that got cracked and thus it made the current list.
The only thing that would be a reliable metric would be a study that counted the number of compromised, publically acessible servers running each OS. The results would then be expressed as a percentage of compromised machines out of the total number of machines running each OS.
That’s exactly what the zone-h statistics are, it is similar to netcraft and currently provides the most reliable statistics of this sort available.
‘Also, far more inexperienced hobby administrators running Apache servers. The average teenager can’t exactly pick up a Win2k server for free, with Apache they can. It’s not a reflection of the operating system’s security that an inexperienced person doesn’t know how to secure it’.
I am replying to yutt’s comment about a teenager that cannot correctly administer Apache on a Linux box because he is not skilled enough. This very comment ‘contradicts’ exactly what was stated about Open Source applications that they were more secure than Windows applications. If this is true then you do not have to be an expert in configuration and administration of Apache to secure it.
Second, not having Windows 2000 Server has nothing to do with it. We are talking about Apache and it sounds like the default setup is NOT secure. If you have to spend hours working with it to secure it and patching……
didn’t show any attacks whatsoever for Windows XP. I guess XP is impervious.
Well, Windows XP (Pro) does have a very impressive security layer. If it is locked down, it probably is impervious to attack.
Metrics, do not lie, they report on the facts.
This is how most DDoS attacks are perpetrated: machine gets infected with trojan horse through a virus, it “phones home” to the hacker who released the trojan in the wild, the hacker can then send commands to that machine (i.e. attack this IP address, etc.).
You’re the last one I need any seucrity lessons from, and despite your attempts to divert attention to other types of exploits I have been very clear that I am referring to premeditated attacks against Servers, not viruses primarily propogated by user interaction.
No doubt you’d love to change the subject from the recent compromises of GNU Debain Gentoo and who knows else (including any users of Linux software not just the distributors), but breach and control is the specific type of attack that zone-h tracks and which is directly relevant to this thread.
“Well, Windows XP (Pro) does have a very impressive security layer. If it is locked down, it probably is impervious to attack.”
As we see here, it’s the people using those facts to reach incredulous conclusions that are being dishonest.
Top speed has some good information and links on both operating system fronts. Also, he knows his stuff!
not viruses primarily propogated by user interaction.
Worms do not necessitate user interaction. You do need to learn more about this stuff.
“Well, Windows XP (Pro) does have a very impressive security layer. If it is locked down, it probably is impervious to attack.”
I was making a joke, but you’re serious, aren’t you? You really think that.
By all means, tell us about this impressive security layer.
“That could have something to do with the fact there are far more Apache webservers than Windows ones. A lot more people die every year in the US than in South Africa. That proves United States health care is worse! Wait, no, it just means there are a hell of a lot more people in the US.
Also, far more inexperienced hobby administrators running Apache servers. The average teenager can’t exactly pick up a Win2k server for free, with Apache they can. It’s not a reflection of the operating system’s security that an inexperienced person doesn’t know how to secure it. ”
That is pretty funny. Apache use only outnumbers IIS use about 2.5 to 1, while Windows OS use outnumbers Linux use about 98 to 1. Also, while you’d have to be a somewhat computer competent person to make a website and configure a webserver, owning and using an operating system has no prerequisites and is basically a requirement in this age. Yet, the reason that Apache gets hacked is due to incompetent owners, while Windows gets hacked because the OS “sucks”. Hmmm…. that is funny.
I just wanted to be the first to tell TopSpeed that the judge in the IBM-SCO lawsuit has ordered SCO to present IBM with the evidence IBM is requesting within 30 days.
To stay on topic – why haven’t you answered any of Raniyer’s very valid points that show that Linux has a better security model than Windows? Let me repeat them for you:
1) Windows gives users root by default. Linux does not.
2) Windows has a robust, but complex, system of permissions. Linux’s system is robust, but more simplistic.
3) Key Windows applications have incestuously close relationships with the internals of the OS. In Linux, there is a very strict seperation of OS and application components.
4) Microsoft has a large, dedicated, professional security teams. Linux has either either a small professional security team (RedHat, SuSE), or a large, volunteer security team (Debian).
5) Microsoft gets little to no external code review, Linux gets extensive external code review.
6) Windows includes a lot of code in kernel space, Linux includes much less.
Well? Since you’re the security expert, surely you can adress these points?
Yes, I should have check the current stats on what software has the greatest market share and I should have been a bit more clear on why I brought the stats up in the first place.
Some people say that Windows is insecure because it has a great market share. Or they imply that because Windows has such a great dominance that is insecure. Another phrase I see is that Linux would be just as insecure if it had dominance. This is why I brought up the stats. I believe market share only dictates the amount of damage that can be caused by a hack and not the vulnerability of the operating system.
Microsoft OSes are insecure because of bad programming and business practices. Microsoft has made it very easy to break into and use Windows. It is the design of the OS that makes it insecure. Not the amount of useage. Windows98 was very insecure by design. WindowsXP is a bit better but there are still some flaws. Another consideration is the services that are turned on by default. Microsoft has a bad habit of turning on services even if there are not needed.
Top Speed says Worms are not included in the discussion because they are not hacks. He is partially correct. Having the user install the Worm may not be a hack but the Worm hacks into the system once installed. A Virus uses hacks to propagate itself using address books or anything else connected to the internet.
Since there is not a 100 percent secured OS, then people should look at how hard it is to break into the OS. Once the OS has been broken into, what amount of damage can the criminal do and can the breached OS be used to attack other computers?
Then again, i could do that same comparison between linux and openbsd wich basically has the same security model as linux, and how many security alerts has openbsd had compared to linux? would you say linux is crap compared to openbsd?
As for Rayiner topics, they’re right except 6), the linux kernel is much bigger than the nt kernel and he knows that.
Nice to see microsoft zealots arguments… But:
1- We are talking about servers, not desktops, and windows is equivalent in numbers with linux, and stats don’t count how many distros are downloaded from internet and installed every day.
2- A virus for windows desktop infect a windows server.
(In linux too, but, as you like to say, only few people use linux as desktop)
3- Linux is by design more secure than windows, server and desktop, see: in windows we have same mail client, same browser, same applications in majority, virus and malware cause great disaster in windows thanks your lack of diversity. In linux are tons of different applications, selected by diferent distros, who apply different patches, make different modifications, who have diferent code, diferent security holes… a malware have only few chances to break half of internet.
4-Don’t make any difference if you choose to use anoter software who don’t are the default in windows. You have option to uninstall ALL internet explorer and your components?? have a options to use different kernel?? option for don’t have any type of GUI installed?? option for uninstall directx without break entire system??
Any type of monopoly is bad, that include Microsoft.
That’s why I said “kernel space” not “in the kernel.” The kernel is a small component of all the stuff in WinNT that runs in the kernel address space. While seperating other components from the kernel proper makes for more code modularity, it doesn’t enhance security or stability. If any of the components outside the kernel (say, the plug&play manager) crashes, kernel memory is corrupted and the OS has effectively crashed.
If you count the totality of code running in kernel space, NT (NT4+) has a lot more than Linux. Some things are:
– The window manager
– The GDI
– Plug & Play manager (the Linux equivilent, hotplug, runs in user mode)
– Parts of DirectX
Also, lots of things that are both in kernel mode in both OSs (security, RPC, etc) are much more complex on the NT side, and thus more susceptible to bugs.
– IIS HTTP listner