|Recent Virus Attacks on Windows Vs. Linux|
Who's keeping count?
I'm doing a little marketing schmooz and need to know the number of Major Virus attacks in the recent past that effected Windows (NT, IIS) type machines only, as opposed to Linux machines only.
Maybe try cert.org for that kind of info. At the very least you could do a "straw poll" -- they list all the major viruses there.
It's not entirely virus and worm attacks that are the issue, though. It's the security issue in general. Code Red is a very nice non-destructive virus. The same technique could be used to log into foreign machines and wipe their hard drives clean as a whistle.
To further confound matters, nearly all Linux attacks are specifically attacks against Red Hat Linux, which is infamous for it's sloppy security defaults. If you really wanted to make your sales pitch have weight, compare Debian Linux security problems to Windows NT security problems. I bet you're looking at a ratio of 1000 to 1.
I think it's fair to compare red-hat to windows nt, sure they are both sloppy with security, but both are among the most widely used versions of their platform for servers.
Of course the real problem with most viruses is the bandwidth consumption, such as with those that automatically email themselves (and being distributed they are ignorant of where other copies of the virus had sent things, which piles up fast)
nearly all Linux attacks are specifically attacks against Red Hat Linux
Hmmm....I'm not so sure about this. The two that come to my mind quickly, telnetd and bind, affected many different flavors of *nix, not just Red Hat. Red Hat, simply, has a large dispersion, it's in use many places. So, while there may have been a disproportionate number of Red Hat systems being hit, they certainly weren't alone. Red Hat installs a lot of stuff by default (such as telnetd and maybe ftp..can't remember) that is, by its nature, rather insecure.
As was said beforehand, I can see the following:
Attacks against Windows Systems mainly are VBScript (or other Windows Scripting) attacks targeting sloppy scripting settings (what do I need the ability to automatically execute a script sent to me by EMail for? - when will we see so-called signed/certified content and a security model like Java's in Win32?)
Attacks against UNIX/LINUX Systems are mainly exploits in services (like buffer overflows, or other Denial of Service Type attacks). By their very nature they target all systems running a certain service.