[afnog] FW: Deep study: The world's safest computing environment

[Brian Longwe]

Deep study: The world's safest computing environment
http://www.mi2g.com/

news alert 

London, UK - 2 November 2004, 02:30 GMT - The most comprehensive study ever
undertaken by the mi2gIntelligence Unit over 12 months reveals that the
world's safest and most secure 24/7 online computing environment - operating
system plus applications - is proving to be the Open Source platform of BSD
(Berkley Software Distribution) and the Mac OS X based on Darwin. This is
good news for Apple Computers(AAPL) whose shares have outperformed the
benchmark NASDAQ, S&P and Dow indices as well as Microsoft (MSFT) by over
100% in the last six months on the back of revived sales and profits. The
last twelve months have witnessed the deadliest annual period in terms of
malware - virus, worm and trojan - proliferation targeting Windows based
machines in which over 200 countries and tens of millions of computers
worldwide have been infected month-in month-out.

Sample size and breakdown

The latest mi2g Intelligence Unit study analyses 235,907 successful digital
breaches against permanently connected - 24/7 online - computers across the
globe. The nearly quarter million digital breaches carried out by hackers
span twelve months from November 2003 to October 2004. Global proliferation
data from over 459 malware species since the start of 2004 has also been
analysed.  

The sample of breached computing environments is holistic and possesses some
anti-virus protection and basic security at the very least. It consists of
micro entities - homes and small offices without a separate firewall unit;
small entities - organisations with a turnover of below $7 million with a
separate firewall unit; medium entities - organisations with a turnover
between $7 million and $40 million with a separate firewall unit and basic
intrusion detection; and large entities - organisations with a turnover in
excess of $40 million with firewall layers, intrusion detection systems and
dedicated computer security staff.

In 2004, 32.7% of all digital breaches were carried out against micro
entities including home-based individuals with 24/7 online computers; 58.8%
of all digital breaches were against small entities; 6.1% of all digital
breaches were against medium size entities; and only 2.5% of all digital
breaches were against large entities - businesses, government agencies and
non-government organisations inclusive.

Most breached computing environment - Overall

The study also reveals that Linux has become the most breached 24/7 online
computing environment in terms of manual hacker attacks overall and accounts
for 65.64% of all breaches recorded, with 154,846 successfully compromised
Linux 24/7 online computers of all flavours. The number of successful manual
hacker attacks against Microsoft Windows based online computers has remained
steady and accounts for 25.19% of all breaches recorded, with 59,419
successfully compromised Windows targets of all versions. In sharp contrast,
the number of successful hacker attacks against Mac OS X or BSD based online
computers has demonstrated a declining trend and accounts for just 4.82% of
all breaches recorded, with 11,370 successfully compromised BSD targets of
all flavours including Apple.

Most breached computing environment - Governments

In a remarkable switch in top rank within the Government computing
environment over the last twelve months, the most breached Operating System
for online systems has now become Windows (57.74%) followed by Linux
(31.76%) and then BSD and Mac OS X together (1.74%). This is in stark
contrast to the situation six months ago, when Microsoft Windows was
significantly lower in terms of recorded government server breaches in
comparison to Linux. The number of recorded breaches against government
online computers running BSD or Mac OS X worldwide remains very low.

Malware proliferation

The recent global malware epidemics have primarily targeted the Windows
computing environment and have not caused any significant economic damage to
environments running Open Source including Linux, BSD and Mac OS X. When
taking the economic damage from malware into account over the last twelve
months, including the impact of MyDoom, NetSky, SoBig, Klez and Sasser,
Windows has become the most breached computing environment in the world
accounting for most of the productivity losses associated with malware -
virus, worm and trojan - proliferation. This is directly the result of very
insignificant quantities of highly damaging mass-spreading malware being
written for other computing environments like Linux, BSD and Mac OS X.

Global economic damage estimate

In 2004, the overall economic damage from hacker perpetrated overt, covert
and DDoS digital attacks worldwide is estimated to have been between $103bn
and $126bn by the mi2g Intelligence Unit. These figures exclude malware
attacks through viruses, worms and trojans which account for an additional
estimated damage of between $166bn and $202bn worldwide.

Economic damage is calculated by the mi2g Intelligence Unit on the basis of
helpdesk support costs, overtime payments, contingency outsourcing, loss of
business, bandwidth clogging, productivity erosion, management time
reallocation, cost of recovery and software upgrades. When available,
Intellectual Property Rights (IPR) violations as well as customer and
supplier liability costs have also been included in the estimates.

Conclusion 

"More and more smart individuals, government agencies and corporations are
shifting towards Apple and BSD environments in 2004," according to DK Matai,
Executive Chairman, mi2g. "For how long can the truth remain hidden that the
great emperors of the software industry are wearing no clothes fit for the
fluid environment in which computing takes place, where new threats manifest
every hour of every day. There is an accelerating paradigm shift visible in
2004 and busy professionals have spotted the benefits of Apple and BSD
because they don't have the time to cope with umpteen flavours of Linux or
to wait for Microsoft's Longhorn when Windows XP has proved to be a
stumbling block in some well chronicled instances."

Important note 

For the record, neither mi2g Ltd nor the mi2g Intelligence Unit have a
business relationship with Apple Computers and we do not own any shares in
that corporation. Previously, the mi2g data for one month was considered to
be too small a sample and not representative of the global environment
within which different types of entities - micro, small, medium and large -
exist. We have addressed those concerns in the new study. The critics were
against the previous study which also came out in favour of Apple and BSD,
because the entrenched supporters of Linux and Windows felt that mi2g was
guilty of 'computing blasphemy'. In subsequent months, mi2g's reputation was
damaged on search engines and bulletin boards. We would urge caution when
reading negative commentary against mi2g, which may have been clandestinely
funded, aided or abetted by a vendor or a special interest group.

Digital Risk Specialists
mi2g pioneers enterprise-wide security practices and technology to save time
and cut cost. We enhance comparative advantage within financial services and
government agencies.

Specifically we seek to secure the interface between stakeholders so as to
mitigate the risk of cyber crime, digital attack, identity theft, financial
fraud and the unlawful use of technology.

D2-Banking is mi2g's latest project and delivers combined digital banking
and data vaulting services with guaranteed security.

The award winning mi2g bespoke security architecture, digital risk
management and D2-Banking rely on our family of underlying toolsto deliver
scalable infrastructure that brings together people, processes and
technology. 

Our real time intelligence is deployed worldwide for contingency capability,
executive decision making and strategic threat assessment.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserv2.cfi.co.ug/mailman/private/afnog/attachments/20041104/cc52bbbe/attachment.htm