While I will certainly not state for sure as to why Windows boxes are more likely to be attacked under certain conditions than Linux boxes, I might venture to guess that it has something to do with it being easier?

The Honeypot Project ( http://project.honeynet.org ) has added fuel to the debate over which is more secure, Linux or Microsoft Windows. It found that unpatched Linux systems can be on the Internet for months before being successfully attacked, while Windows systems have been compromised in hours.

The international nonprofit security organization—with members from security companies like Foundstone Inc., Counterpane Internet Security Inc., and SecurityFocus—did not set out to show that Linux is more secure than Windows. Instead, noting a decline in “successful random attacks against Linux-based systems,” the group set out to ask the question, “Why is no one hacking Linux anymore?”

To explore this question, Honeypot Project members set up 12 “honeynets.” A honeynet consists of two or more “honeypots,” systems designed not to do any real work. Instead, their sole purpose is to detect and track any interactions with them, since any such interaction can be assumed to be a probe, scan, or attack. The honeynets were deployed in eight countries (the United States, India, the United Kingdom, Pakistan, Greece, Portugal, Brazil, and Germany) and consisted of a variety of systems accessible from anywhere on the Internet. Data was collected mostly during the latter half of 2004. [Read the rest]