This article talks about how Linux distributions have improved in the area of out-of-the-box security. From the tests a group of researchers ran, only 4 out of 19 Linux boxes were compromised while only one of the four Solaris systems was left standing secure. More details on the Honey Net project’s homepage and this PDF.
Brute password attacks were responsible for cracking two of the four Linux systems compromised. This points out the importance of having strong password protection.
The tests do seem a bit dated since they were using older distributions, but maybe that was part of the test. Anything before and including Red Hat Linux 9 doesn’t have official support from Red Hat and therefore should be considered insecure unless an alternative, such as the Fedora Legacy Project, is being used. Other distributions, such as Slackware and Debian, which have a good track record for security, were missing and probably would have fared even better.
Another thing I saw today. Someone turned “Linux” into one of those recursive acronyms: Linux Is Not UniX.