1. Smaller audience
Let's start off with an easy one. There are less people using Linux and the people that do tend to be more tech savy. Therefor it is less profitable to write malware for Linux, hence there are less attempts. It had to be said and it is probably true, however it is by far the sole reason. For example; Mac OS X (being a UNIX type operating system also) has gained enormously in popularity but not in malware. Coincidence? Read on!

2. Software Repositories
The process of installing software on a Linux box is somewhat different then most people are used to. For example; on Windows one would go to the software manufacturers website and download a binary to install. Instead most Linux distributions maintain socalled Software Repositories. Almost all software (browsers, wordprocessors, ftp-clients, mail-clients, et cetera) can be installed by simply selecting it within a package manager. The applications in the repositories are specifically built and tested for your system, which ensures that they are legitimate and contain no malware. The repositories are filled with tons of software which you might need, only in rare occasions would you have to resort to other installation methods like a manual binary install or compiling from source. Getting your software from a secured and verified place, makes it less likely that you accidentally install malware on your computer.

3. System-wide security patches
Another big advantage of Software Repositories is that it also allows for system-wide security updates. It is your Linux distribution that decides which version of a particular program you can install. This sounds like a disadvantage at first, but the benefits definitely outweigh the drawbacks. For example; if a patch is needed for a specific piece of software (from kernel to browser) you would almost instantly be given the possibility to update. This way you can easily keep your system up-to-date without having to constantly keep track of new software versions and flaws. In a sense you outsource the entire software security issue to your Linux distribution, making even inexperienced users as safe as can be.

4. User privileges
By default you are an underpriviledged user on your own system. You can do make/edit documents and run most application on your system. But as soon as you want to reconfigure the system or install/update software you'd first have to prove (usually by means of entering a password) that you are authorized to do so. It's a very effective way of preventing a single software flaw in becoming a systemwide security breach.

5. Execute permissions
Generally speaking, files can be documents or applications. A document (picture, video, tekst) is something you can make by using an application. In Unix environments files are treated as documents by default. Meaning, you can't run them. Suppose you accidently download some piece of malware thinking it is the latest Britney Spears hitsingle. Even tripple clicking it won't make it run. In order to make the file behave like an application you'd first have to manually set execute permissions on it. And because nearly all malware is first activated by the user himself, this simple precaution makes it that much harder for malware coders to deploy their malicious software.

6. Open Source
The security through obscurity principle is flawed, I think most security experts would agree. Proprietary software isn't inherently less exploitable then Open Source sofware simple because the code can't be looked into. I would even argue the exact opposite. When Open Source software get's popular, the source code is inspected and tested by a global community of developers. Granted some with bad intensions, but also those trying to learn from it and better it. As a result the software tends to consist of clean and well maintained code, which is thouroughly security scrutinized and debugged freely by third party's. Collaboration leads to better software!

Is Linux infallible?
Nope, not even close. But conceptually better protected then some.

Which distribution is right for me?
There is not one "Linux". Literally hundreds of different flavors exist, picking the right one is something you'd have to find out for yourself. If you're interested in trying out something easygoing, I'd personally recommend Ubuntu or Linux Mint.

Network auditing is a tedious task and because it's not very stimulating work, you're likely more prone to error. I too, as your fellow computer enthusiast, like to automate just about anything (and as such my dog is never hungry, my teeth never dirty and my neighbor never under-greeted).
So here's how I did it this time.

1. Nmap 5 to the rescue!
Nmap is a "network exploration tool and security / port scanner", commonly used by sysadmins and unanimously considered (by me) to be an indispensable tool. Nmap version 5 was recently (july 16th, 2009) released - bringing some exciting new features. This article focuses on Ndiff, the scan comparison tool. It's the fruit of a Google Summer of Code project in 2008.

Your first task is to install Nmap 5. It happily runs on Windows, Linux, and Mac OS X, however this article is written with Linux in mind. Note: earlier releases won't do, on Debian Lenny I had to obtain version 5 through the backports repository.

2. Next, install the script
Make a directory somewhere only accessible by root and put the following bash script in it:

#!/bin/bash
# Simple cron-based network auditing scanner
# Requires Nmap 5+
# Related article @ http://blog.fili.nl/articles/audit-your-network-using-nmap-ndiff-and-cron/

MAILOUT=your@email.com
NETWORK=10.0.0.0/24

CWD=`dirname $0`
NMAP=/usr/bin/nmap
NDIFF=/usr/bin/ndiff
MAIL=/usr/bin/mail

if [ -f "$CWD/baseline.xml" ]; then
    echo "Scanning network $NETWORK..."
    $NMAP -n -oX "$CWD/current.xml" $NETWORK >/dev/null

    echo -n "Comparing Nmap scans using Ndiff..."
    $NDIFF $CWD/baseline.xml $CWD/current.xml >$CWD/last-result

    if [ $(stat -c%s "$CWD/last-result") -gt 70 ]; then
        echo "Changed!"; echo "$MAILOUT has been notified."
        cat $CWD/last-result | mail -s "Alert: Network $NETWORK changed" $MAILOUT
        mv $CWD/current.xml $CWD/baseline.xml
    else
        echo "Ok."
        rm -f $CWD/current.xml $CWD/last-result
    fi
else
    echo "First scan, generating baseline..."
    $NMAP -n -oX "$CWD/baseline.xml" $NETWORK >/dev/null
fi

Download: naudit-cron.sh

It's a quite straightforward script as you can see.
Here's what it does:

1. At the first run, it makes a baseline scan of your network to compare too.
2. At subsequent runs it makes a new scan and compares that to the baseline scan. When something differs in your network (like newly opened/closed ports or computers that have appeared/disappeared) it alerts an admin.
3. Finally it updates the baseline xml-file to reflect the change.

3. Configure the script
There are few settings to adjust, but they are important. MAILOUT obviously declares where to send the notifications to. With NETWORK you can define what you want to scan, this could be an entire subnet (in CIDR notation) or a single ip.

MAILOUT=your@email.com
NETWORK=10.0.0.0/24

Make the file executable and run it (a couple of times) to generate the baseline xml-file and to verify that everything works as expected.

4. Finally, cron it
The only step left is to automatically execute this script on a hourly/daily/weekly basis. This is kind of OS specific, on most Linux distribution you'd create a new file in /etc/cron.d/ containing:

# minute - hour - monthday - month - weekday - command
0 1 * * * root /root/naudit-cron/naudit-cron.sh >/dev/null

Tweak the cron settings and you're done!

Anti-Captcha as a WordPress Plugin
The aim of this plugin is to prevent automated attacks (by bots) on the following WordPress actions:

• Posting comments
• Logging in
• Registering for a new account
• Requesting a lost password

When a comment is posted without a valid Anti-Captcha token, it shall be instantly marked as spam. This way, you can always manually approve this comment in hindsight if it appeared to be sincere.

Download
You can download this plugin directly from the WordPress plugin repository:
http://wordpress.org/extend/plugins/anti-captcha/

Requirements
This plugin is written for Wordpress version 2.8.4 and has not been tested on lower versions then that. Because of the usage of the jQuery javascript library compatibility with all major internet browsers can be expected (including the dreaded IE6).

Note: the user does need to have javascript enabled for form submission to succeed. Generally, it's frowned upon if you don't write javascript in an unobstructive way. The reason for this is that some visitors don't support javascript but should still be able to get around your website.

AFAIK there are four types of user-agents not supporting javascript:

• Search-engine spider bots
• Users of a command-line browser (like Lynx)
• Users who actively disabled javascript in their browser
• Mischievous bots trying to spam or hack into your blog

Obviously, search-engines don't need to comment, register or login so they can be ruled out. Lynx users and users with javascript disabled are likely to be a very small percentage of the internet population, who have actively excluded themselves from certain webfeatures. Finally, badly behaving bots, is what the Anti-Captcha plugin is trying to block.

Changelog

=> 20090821

• First release

Until recently, image-based Captcha's have been a reasonable solution to combat this problem. However, with Object Character Recognition techniques getting better and better, Captcha's too have to continuously increase in complexity.

Just look at these gems and imagine yourself being color blind:

Ironically, it's come to the point that computers are better at deciphering Captcha's than humans are, simply because computers have infinite patience.

To illustrate: evildoers trying to beat your Captcha are probably satisfied with a success ratio of 1/100 – because in just a few hours of repetition this can add up to hundreds of successful passes. A typical human user on the other hand probably throws in the towel after three consecutive failed attempts – at which point they'll most likely leave your website altogether.

Who can blame them? The average user doesn't understand why they should enter a random string of letters in the first place. It's not their problem and they do not care what it is for. For them it's some sort of annoying puzzle that stands in the way of doing what they want to do. Not being able to pass it, makes them feel inadequate and frustrated.

I argue, let's keep the end-user entirely out of it,
I propose we rid ourselves of Captcha's as we know it,
I proclaim this the era of Anti-Captcha's... Hallelujah!

The Anti-Captcha challenge
The basic idea behind it is simple;

"Create a captcha solution which does not require any end-user interaction"

As a first attempt, I concocted a working Anti-Captcha based on the reasoning that only browsers can interpret javascript well. Making it a question of "Has a browser been involved at form submission?" instead of "Has a human been involved". In general the answer ends up to be equal (see "Caveats" section below).

How it works
Check out the online demo here

In the head of the html document an external javascript-file is called, this file is in fact a php file which is designed to:

1. Generate a random token
2. Store a checksum of this token in session
3. Generate some obfuscated javascript code which (when interpreted) adds a hidden input-field to every form element on the webpage using the token as a value

After form-submission, the checksum of the post value should equal the checksum stored in session. As a bonus, this technique should also provide adequate protection against XSRF.

Installation

1. Download Anti-Captcha and (if needed) the latest version of the jQuery javascript library
2. Put both scripts in the head of your html document (in the proper order):

   <head>
   <script type="application/javascript" src="jquery-1.3.2.min.js"></script>
   <script type="application/javascript" src="anti-captcha-0.1.js.php"></script>
   </head>
   

3. After form-submission match the input value with the sha1 checksum stored in session:

   <?php
   // Start session
   session_start();
   
   // Verify the token using the checksum stored in session
   if (sha1($_POST['anti-captcha-token']) == $_SESSION['anti-captcha-checksum']) {
   
   // Immediately reset and continue form validation
   unset($_SESSION['anti-captcha-checksum']);
   die('Captcha accepted');
   
   } else {
   
   // No Anti-Captcha checksum received
   die('Error, please enable javascript');
   
   }
   

Looking for the WordPress plugin? Click here

Requirements
The Anti-Captcha script is written to be PHP4 compatible and should run on most hosting platforms. Because of the usage of the jQuery javascript library compatibility with all major internet browsers can be expected (including the dreaded IE6). Note: the user does need to have javascript enabled for form submission to succeed.

Caveats
Obviously this technique isn't perfect, at some point bots might gain the ability to interpret javascript or simply read-out the obfuscated code instead. At that time a different approach, with a similar concept, would be needed.

It should also be possible to fool the Anti-Captcha with the use of “automated mouse-clicking software”. However this should be very hard to combine with botnets - thus making additional security layers (for example: maximizing form-submission on a per-ip basis) more feasible.

Another major drawback is the need for javascript to allow form-submissions, which is something you should ponder over yourself. Personally I feel it outweighs the disadvantages image-based Captcha's bring in, but this probably depends on the project at hand.

Credits
Part of the obfuscation technique used is based upon Dean Edwards JavaScript's Packer which is ported to PHP by Nicolas Martin, and made compatible with PHP4 by Mark Fabrizio Jr.

License
The Anti-Captcha is licensed under LGPL 2.1