From Bruce Schneier’s “Linux Security“:
I’m a big fan of the Honeynet Project … Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them.
They just released a report about the security of Linux:
Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. …
This is much greater than that of Windows systems, which have average life expectancies on the order of a few minutes.
… That’s the real story: the hackers aren’t bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months.
Why? My guess is a combination of two reasons. One, Linux is that much more secure than Windows. Two, the bad guys are focusing on Windows — more bang for the buck.