How secure is your computer?

Denver Post ^ | Monday, February 28, 2005 | Ross Wehner Denver Post Staff Write

[Ernest_at_the_Beach]

The Denver Post

How secure is your computer?

“Honey pot” experiment shows unprotected Windows SP 1 at risk

By Ross Wehner
Denver Post Staff Writer

Monday, February 28, 2005 -

A Windows computer without the latest security patches is in big trouble.

That's the conclusion from a "honey pot" experiment conducted by StillSecure, a Louisville network security firm.

StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software.

The results show the Internet is a very rough place.

Over the course of a week, the machines were scanned a total of 46,255 times by computers around the world that crawl the Web looking for vulnerabilities in operating systems.

Once the vulnerabilities were identified, the remote computers launched 4,892 direct attacks with a staggering variety of worms, Trojan Horses, viruses, spyware and other forms of malware.

The test examined only what happens when computers are turned on and connected to the Internet. The test didn't evaluate additional dangers that computer users face when they use e-mail, surf the Web, click on Internet links or use file-sharing programs.

The good news is that none of the up-to-date, patched operating systems succumbed to a single attack.

The Windows Service Pack 2, or SP 2, system is the most up-to-date Windows operating system. It received 16 direct attacks.

The Macintosh system received three attacks. Two of the Linux systems received eight attacks each, though Red Hat's version of Linux received no attacks at all.

But in the end, none of the attacks were successful.

The Linux and Macintosh sytems were installed out of the box without any additional security patches. Windows SP 2 automatically downloads the latest security patches from the Microsoft website.

Windows Service Pack 1, or SP 1, however, was another story. It's an older version of Windows that was sold in computer stores until a few months ago.

SP 1 was attacked 4,857 times. It was infested within 18 minutes by the Blaster and Sasser worms. Within an hour it became a "bot," or a machine controlled by a remote computer, and began attacking other Windows computers.

Microsoft responded that the tests prove that any operating system is vulnerable when not patched.

"The results don't surprise me at all," said David Brandt, principal technology architect at Microsoft in Denver.

Microsoft stopped shipping SP 1 in August and replaced it with the more secure Windows SP 2. Most computers with SP 1 had been sold from stores by Christmas, said Microsoft spokesman Sean Sundwall.

SP 2 comes with a firewall and automatic security updates, said Sundwall. These features had to be manually turned on in SP 1, which meant that some users missed out on computer patches.

Many computers around the world are still running Windows SP 1, though exact numbers are hard to come by. Gartner research director Michael Silver estimates that by the end of 2005, half of the world's desktops used in businesses will still be using SP 1.

"But most companies are pretty good about keeping their PCs patched, and most have corporate firewalls," said Silver.

Large companies are switching to SP 2 slowly because they have to make adjustments to thousands of different software programs first.

The honey pot test is a good indication that many small-business and home computers are still using older versions of Windows, according to StillSecure chief technology officer Mitchell Ashley.

"Why are we getting hit by Blaster?" asked Ashley. "Because there are infected machines out there. Why are they infected? Because they don't have the updated patch."

Microsoft is concerned about security issues surrounding Windows and Internet Explorer, and the resultant surge of Linux, which can be downloaded for free from the Internet. Most companies, however, chose to pay a Linux vendor in order to receive security patches.

Experts also consider Linux less prone to viruses.

"(Security) is a huge pain point for Microsoft," said Silver. "Microsoft takes the threat of Linux very seriously."

Over the last nine months, Microsoft has gone on the offensive with a "Get the Facts" campaign that argues that Windows is cheaper and more secure than Linux.

Microsoft's leadership position means that more viruses are written for Windows, said Silver, who estimates that 96 percent of all desktops and laptops worldwide used Windows at the end of 2004. Macintosh has 2.5 percent of the market, while Linux is at 1.3 percent, Silver said.

"There are going to be security holes in just about any operating system," said Silver.

Silver predicts that Linux will climb to 3 percent of the market by 2008.

As of this month, 25 million people around the world have downloaded a free Web browser, Mozilla Firefox, which a variety of security experts have trumpeted over Microsoft's Internet Explorer.

Microsoft is racing to roll out its new Longhorn operating system in 2006.

But for the moment, it's sticking with Windows, for which it rolled out a new patch Tuesday.

"SP 1 is not a current operating system," said Sundwall. "It doesn't surprise me that it only took 18 minutes to get infected." Staff writer Ross Wehner can be reached at 303-820-1503 or rwehner@denverpost.com .

---

Operation Honey Pot

StillSecure, a Louisville-based network security firm, connected six computers - with six operating systems - to the Internet for a week without any virus protection. The results: 4,892 direct attacks by viruses, worms and other types of malicious code, and 46,255 scans by remote computers looking for weaknesses.

Here's what happened: Windows XP Service Pack 1

Attacks: 4,857

Results: Attacked successfully within 18 minutes by the Blaster and Sasser worms. Within an hour, the computer was taken over and began attacking other Windows machines. Windows XP Service Pack 2

Attacks: 16

Results: Survived all attacks

Apple Mac OS X Jaguar

Attacks: 3

Results: Survived all attacks Linux, Suse Professional 9.2

Attacks: 8

Results: Survived all attacks Linux, Fedora Core 3

Attacks: 8

Results: Survived all attacks Linux Red Hat 9

Attacks: 0 Source: StillSecure

---

Protecting your PC

Computers are vulnerable to viruses unless three basic protections are in place: a patched operating system, anti-virus software and a firewall for blocking viruses.

1. Patched operating system. Windows users should visit www.windowsupdate.com , a Microsoft website that will scan your computer and suggest updates. Linux vendors and Apple also offer patches.

2. Anti-virus software. Windows SP 2 automatically alerts users if they don't have a working anti-virus software program.

Experts say spyware programs are also necessary for Windows users. Microsoft is offering a free beta version of its spyware program at www.microsoft.com/athome , and Webroot is offering its spyware program free to Colorado residents through April 15 at www.webroot.com Free spyware programs are available at www.download.com

3. Firewall. Windows SP 2 comes with a firewall, as does Symantec's Norton Internet Security 2005 and other security software packages. Zone Alarm firewall can be downloaded free at www.zonelabs.com

- By Ross Wehner

---

Viruses vs. Spyware

There are many types of malware, or malicious software. Experts often divide them into two groups: Viruses

Viruses are a form of computer vandalism that often have no other purpose than to prove the prowess of the virus' author. Viruses are classified by how they spread:

Trojan Horses hide themselves within an apparently innocuous computer program.

Worms take over a machine in order to attack, and spread to, other computers. Spyware

Spyware, unlike a virus, has a financial driver. The most lethal forms help identity thieves gather information from computer users without their consent. Spyware gets on computers in the same way viruses do. Apart from making a computer run slowly, it rarely announces its presence. Some forms of spyware:

Key loggers record keystrokes and then transmit credit card numbers and other sensitive information to identity thieves.

Cookies are used by online companies to track user preferences.

Adware causes annoying pop-up ads but often harvests information like spyware.

The best way to know if your computer has spyware is to run an anti-spyware program.

- By Ross Wehner

[Ernest_at_the_Beach]

fyi

[A CA Guy]

I run the free Zone Alarm firewall and I have no problems or patches.

[kingattax]

great thread.....but the biggest problem is which browser a person is using.

use Mozilla Firefox 1.0 for better security

Internet Explorer is like the southern border of the US

[backhoe]

 

Things you need--(all FREE)
Anti-Virus
AVG Anti-Virus version 7 (free) release available...

 Avast
Firewall
Kerio(Direct Download) Zone Alarm

 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/ both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 

  I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D

SpywareBlaster
MS MVP Hosts file

Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.

 

The best forum for malware removal:

-SWI Forums-

 

 
http://www.freerepublic.com/focus/f-news/1315720/posts

 Microsoft Releases Anti-Spyware Beta 1 To Public Today.
Microsoft.com ^

 

=================================================

 

 

Browser Wars, take two various FR links | 12-22-04 | The Heavy Equipment Guy http://www.freerepublic.com/focus/f-news/1306815/posts ...and let your compiler of links drop out of Lurk & Link mode for comment and advice: Ditch IE. Honest to God, almost anything else will give you fewer problems. Try and compare- use IE, then run Ad-Aware and Spybot Search & Destroy... then try another browser and repeat. You will be stunned at the garbage IE attracts. Keep your OS updated & patched. Run a hardware firewall-- with today's LAN's, it's easy. You need a hardware firewall. Use a software firewall, too-- if you don't, you'll never know how many times your PC is trying to "phone home" and send your info across the web.

[Ernest_at_the_Beach]

Check this out:

Windows Media Player Update Fails Spyware Infection Test

*******************************************

Nearly two months after promising to update its media player software to block the threat of malware infection, Microsoft Corp. on Tuesday admitted that users of its Windows Media Player 9 Series remain at risk.

More at the link

EWeek also has this:

[Ernest_at_the_Beach]

Something new here:

Watchdog-attacking Bagle ramps up

********************************************************

Watchdog-attacking Bagle ramps up

By Dan Ilett, ZDNet (UK)
Published on ZDNet News: March 1, 2005, 3:53 PM PT

• Forward in
• EMAIL
• Format for
• PRINT

• Viruses and worms
• Security threats

A new variant of Bagle is spreading rapidly, security companies have warned.

Rather than a mass-mailing worm, BagleDl-L is a Trojan horse that damages security applications and attempts to connect with a number of Web sites. It has been sent via spam lists to millions of addresses in the past 12 hours, said security company McAfee, which has upgraded it to a "medium" risk. The new variant could also have boosted overall Bagle traffic, which has increased five times in the past 24 hours, e-mail security vendor Postini said Tuesday.

The attempt to disable security protection could expose systems to a variety of threats. "Any Trojan horse which turns off your antivirus or firewall can open you up to further attack, even by very old viruses," Graham Cluley, senior technology consultant for Sophos, said in a statement.

Unlike a mass-mailing worm, the Trojan does not self-propagate, but the security companies have highlighted it because a high number of e-mails containing it have been detected.

According to antivirus companies F-Secure and Sophos, the Web sites linked to by the new Bagle currently contain no malicious code. However, Trojan and worm writers have been known to add malicious code to a Web site after the initial attack has calmed down, said Craig Schmugar, a senior virus research manager for McAfee.

For this Trojan to work, a certain amount of naivete is required on the part of victims because the e-mails contain a ZIP-file attachment that must be opened to display the programs "doc_01.exe" or "prs_03.exe," which must be run manually to infect a computer.

"This Trojan horse is aiming to take advantage of people's reflex reaction when they receive an executable file via e-mail," Cluley said in his statement. "Users who want to install software on their computer should be receiving it from their IT department, not from friends at other companies or potentially dangerous spam mailings."

Variants of Bagle, which surfaced more than a year ago, continue to proliferate.

The detection of BagleDl-L comes just days after Send-Safe.com, which offered spamming tools, was kicked off Internet service provider MCI's network. Send-Safe is said to use PCs that have been compromised by Trojan horses to propagate spam.

Dan Ilett of ZDNet UK reported from London. CNET News.com's Dawn Kawamoto contributed to this report.

[Allegra]

How secure is your computer?

Mine's got low self-esteem problems and sometimes acts jealous.

We're thinking of going to counseling.

[A CA Guy]

I hardly use Media Player, but do rely on my firewall.

[backhoe]

Thanks for the link... some around here claim "Windows is a virus," and I'm inclined to agree.

But until the wife-unit stops dragging Win2K files home from work to work on, and Linux becomes more Ready for Prime Time, we are stuck with it.

[polymuser]

Rootkits, too -- nasty buggers that get into the kernel, get full control, and can mask themselves from administrative tasks. Sometimes only noticeable by looking at a machine from an uninfected other. Full reformatting and OS reload is often necessary to eliminate them, as they bind to the 'core' of the operating system (any OS).

A small company I know has precious little funds for IT, and they're getting ticked at the time/$ lost keeping safe on the Internet and the constant annoyances while trying to get work done. They're considering a) reverting to snail mail, fax, FedEx, b) replacing ethernet with physical file sharing, and c) having one shared Internet pc as a kiosk for unavoidable e-mail, transactions, updates and research, with only necessary apps and only scanned files coming off it on physical media.

I now trust the Internet as far as I can spit a monitor. As for computing, W98SE era software does most work just fine, especially on newer/faster hardware.

I see three paths: 1) pay to regulate and police the wild, wild Internet and block the proliferating bad guys, 2) pay ever higher costs for protection at the user level, or 3) unhook from the machine.

[Bloody Sam Roberts]

I use Outpost free firewall (a gem of a product), AVG Anti Virus (another gem) and do daily spyware scans with 3 scanners after a good surf. I'm running Win XP SP1 by the way and haven't had a lick of trouble.

[Ernest_at_the_Beach]

I'm running Win XP SP1 by the way and haven't had a lick of trouble.

According to the Denver Post article you are living dangerously, or you are very meticulous at running scanners, firewalls, anti-virus products etc....

[Bloody Sam Roberts]

According to the Denver Post article you are living dangerously

I am very concious of my shields capabilities and status.

I just recently loaded Win XP on my PIII-866mhz 384mb RAM system that was running Win ME. What a difference!
After seeing all the horror stories about SP2, I am a bit leary about loading it. It ain't broke, so I ain't a gonna fix it.

[A CA Guy]

I haven't known anybody to really get spyware problems unless they were on nasty sites from my experience.

I am the one among a bunch of folks that is the computer wiz, and I've fixed a lot of stuff in my time with computers.

Spyware is the worst, if I wasn't pretty good in finding my way around the registry, to fix computers would be tough.

Sometimes it is just easier to save work product to disk, F-disk and reload rather than try and find ways to uninfest a computer.

[Bloody Sam Roberts]

I am the one among a bunch of folks that is the computer wiz, and I've fixed a lot of stuff in my time with computers.

You and me both. I have a T-shirt that says "No. I will NOT fix your computer" on the front.
On the back it says, "But for Beer, I WILL consider it."

For my friends, I work for beer. Everybody else pays cash.

With XP and NTFS...wipe and reloading is actually a timesaver. Any other attempts to find and fix usually means blunt force trauma.

[A CA Guy]

If people don't wait weeks before calling me, or can tell me the exact day the computer slowed down or saw some strange change, I can fix it quick.

Next, usually going to processes, I've done so many that I can spot unusual ones and can query the net about a name I don't know.

Next I deal with the situation, wipe out the bad files, registry lines and then wait for the next problem to come along.

[Golden Eagle]

The good news is that none of the up-to-date, patched operating systems succumbed to a single attack.

Which is to be expected. The moral of the story is, only use operating systems that can be automatically patched by the vendor, without you having to manually upgrade the systems periodically through archaic commands.

[N3WBI3]

The other big thing to note is that Linux and Mac out of the box are as secure as windows when its set to patch daily ;)

[Golden Eagle]

The other big thing to note is that Linux and Mac out of the box are as secure as windows when its set to patch daily ;)

Except that you can't set "Linux" to patch daily. Some versions maybe, but not many when you consider the hundreds of different ones available.