Unpatched Linux, 3 months; unpatched Windows, 20 minutes

From Bruce Schneier’s “Linux Security“:

I’m a big fan of the Honeynet Project … Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them.

They just released a report about the security of Linux:

Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. …

This is much greater than that of Windows systems, which have average life expectancies on the order of a few minutes.

… That’s the real story: the hackers aren’t bothering with Linux. Two years ago, a vulnerable Linux system would be hacked in less than three days; now it takes three months.

Why? My guess is a combination of two reasons. One, Linux is that much more secure than Windows. Two, the bad guys are focusing on Windows — more bang for the buck.