The problem is not itself the system we use ( Win, Unix, etc.)
People use computers and , as we know, computers are blind.
System's administrators must have vision.

It has been long known that Microsoft succssfully
Brainwashed the UK govt. That's why they so openly embrace
Windows with loving arms.

I wouldn't be surprised if Microsoft funded that study.
Any time I hear/read stuff like that I can just smell the
stench of Microsoft nearby.

Let's compare to robbery and banks.
If we use the same type of investigation, we will discover
that banks is one of the most attacked for robbery. So of
course banks are less secure than the grocery down the
corner, because they are almost never robbed.
And what about hospitals ? Since so many people die there
it must be a very dagenrous place ??

I think this is an administration problem. Within the company I work, they have migrated to Linux and we don't have enough technical staff that really understands Linux. On many occasions patches have not been applied on time.

To editors of Linuxworld: Your posting FUD without checking sources AGAIN.

If you had even bothered to google news the source of the press release, MI2G
http://news.google.com/news?num=100&hl=en&scoring=d&q=MI2G
http://www.google.com/search?q=MI2G
You would have either discovered the slashdot story
http://slashdot.org/article.pl?sid=04/02/21/142239
Or other pages serously questioning the reliability of MI2G
http://www.attrition.org/errata/charlatan/mi2g-history.html
http://www.theregister.co.uk/content/55/28233.html
http://www.nwfusion.com/news/2002/1107msfoul.html

Even if you refuse to trust the above, just to put some balance in the posted article...

The MI2G study of servers "did not include other methods of intrusion such as viruses and worms

"The same firm mi2g also wrote the following

http://www.mi2g.com/cgi/mi2g/press/190204.php

QUOTE
London, UK - 19 February 2004, 13:30 GMT - mi2g Intelligence Unit datashows that partially as a result of the growth of the MyDoom family ofmalware, lingering effects of Mimail, Dumaru, Sobig, Swen, Klez, Sober,Yaha, BugBear and Fizzer, and also as a result of new strains of Bagle,February 2004 has already become the worst month for malware proliferation on record with 10 days to go. As of today, the total economic damage from all malware epidemics in February is estimated to lie between $43.8bn and $53.6bn worldwide, two thirds more than the record breaking previous month of January.
UNQUOTE

Symantic also predicted the following in its September 2003 Internet Threat report.

http://downloads.securityfocus.com/library/InternetThreatReportSept2003.pdf
QUOTE
Blended Threats
BLENDED THREATS INCREASING IN SPEED AND FREQUENCY
Blended threats, which use combinations of malicious code to begin, transmit, and spread attacks, are increasing and are among the most important trends to watch and guard against this year. By using multiple techniques, blended threats can spread to large numbers of hosts, causing rapid and widespread damage. During the first half of 2003, blended threats increased nearly 20% over the last half of 2002. One blended threat alone, Slammer, disrupted systems worldwide in less than a few hours. Slammer s speed of propagation, combined with poor configuration management on many corporate sites, enabled it to spread rapidly across the Internet and cause outages for many corporations. Companies hit by Slammer were not harmed as badly as they might have been, because it was designed to propagate quickly, degrade networks, and to compromise vulnerable systems rather than cause destruction or steal confidential data. Corporations that had updated firewalls, updated patches, and virus protection throughout the enterprise were prepared for this attack.

Blended-Threat Targets
MICROSOFT IIS VULNERABILITIES
Microsoft IIS is one of the most widely deployed Web servers throughout the world. Symantec has documented several high-severity vulnerabilities affecting it. Their characteristics render these vulnerabilities attractive targets for future blended threats. Given Microsoft IIS s susceptibility to past blended threats such as Code Red and Nimda, Symantec believes that it may again be hit by highly destructive malicious-code attacks.

MICROSOFT INTERNET EXPLORER VULNERABILITIES
Several vulnerabilities allow attackers to compromise client systems through Web pages containing embedded malicious code. Others can enable the easy and almost undetectable installation of spyware, which allows attackers to extract confidential data.

THEFT OF CONFIDENTIAL DATA
The release of Bugbear and its variant Bugbear.B (discovered in early June 2003) were good examples of theft of confidential data. Once systems were infected, confidential data was extracted such as file names, processes, usernames, keystrokes, and other critical system information, and delivered to a third party, potentially compromising passwords and decryption keys. Furthermore, it appears that the creator of Bugbear specifically targeted banks. During the first half of 2003, Symantec saw a 50% increase in confidential data attacks using backdoors. By granting access to compromised systems, backdoors allow data to be exported to unauthorized individuals. For example, entire sessions can be logged, and passwords for systems and applications can be taken. Companies need to implement controls that make it difficult for malicious code to steal confidential data, such as updated firewalls, patch management policies, intrusion detection, virus protection, and so on.

ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS
Once a system is compromised, an attacker can install malicious code known as a bot that allows the attacker to use the system for future scanning or as a launching point for future attacks (such as planned, distributed denial-of-service attacks). Once a system has become infected, the attacker can maintain a running list of the entire botnet (network of infected systems) by simply issuing commands through Internet Relay Channel (IRC is a common communication channel used by bots). Afterwards, all listening bots (sometimes numbering in the thousands) will execute any command issued by the attacker. Symantec examined an automated tool like this, which accounted for supposable Nimda (blended threat) traffic, after it was captured in a Honeypot network3.

CONCLUSION
The evidence in this report clearly shows that the risk of blended threats and attacks is rising. Understanding how to budget for security and what products and services are needed will involve some of the most important decisions that every corporation faces in the 21st century. The trends that we discuss in this report help executives understand some of the threats faced by their systems administrators every day. Symantec carefully monitors other potential threats such as the rise in peer-to-peer attacks (including instant messaging), mass mailers (like SoBig), the general trend toward theft of confidential information, and the rapid increase in the number of Windows 32 (Win32) threats.
UNQUOTE