Data from 12 honeynets showed that the average "life expectancy" of an unpatched Linux system has increased to three months from 72 hours two years ago.
In other words, a Linux system with commonly-used configurations, such as server builds of Suse 6.2 or RedHat 9.0, will last three months online before being successfully compromised.
Reasons behind this trend include the fact that the open-source operating system has become dramatically more secure in the past couple years, said Lance Spitzner, president of the Honeynet Project, which released the report with the Honeynet Research Alliance, a forum of other honeynet research organizations.
Also, economies of scale mean attackers are targeting the larger number of Windows systems and their users, he said. But mostly, with all the security in place now in corporate networks, it is easier to attack users than machines.
"A lot of attackers target the people, not the computer," Spitzner explained. "That's mainly social engineering via phishing, getting people to click on a trojan or follow a bad link that will compromise the browser."
Paul Rohmeyer, COO at security-services firm Icons, agreed that the shift to a human-focused target is likely to be the cause behind the drop in Linux attacks, especially in light of the continuing stream of software vulnerabilities.
"For the average attacker, the human element is clearly the weakest link," he said.
But Jim Kelton, president of consulting firm Software Unlimited, said the report does not offer much new insight. "Default installations of Linux are harder to compromise, but the real reason is that it's been around so long," he said.