Skip to comments.Unprotected PCs Fall To Hacker Bots In Just Four Minutes
Posted on 11/30/2004 1:29:41 PM PST by zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.
In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.
The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.
The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.
"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.
"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."
The main point that should be taken from this, even though it is not explicitly stated is that if you are going to be connected to the internet, especially if your are nailed up with a broadband connection, it is critcal that you have a hardware firewall to hide your PC from the hackers.
Also, if you're browsing, don't use IE unless you absolutely have to. Mozilla or Firefox will help keep a lot of nastiness from your computer.
bump for later...
I always appreciate your point of view, backhoe.
For the sad truth is that a hardware firewall/router will NOT protect your PC from attacks initiated from behind the firewall. Such attacks are initiated by spyware that has already infected the PC. Without something like Outpost, you're a sitting duck.
Get Them Shields UP!
And lo...100% of them are Windows.
Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.
|FREE PC PROTECTION:
(Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)
(Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection")
While I've been running some sort of firewall since I first got DSL 5 years ago, I still think the companies that provide broadband service and sell their hardware are completely irresponsible, in that they don't provide any sort of firewall built into the hardware they supply.
This is the relevant useful statement in the whole post. At least for today.
Very true. Ultimately we're going to need some sort of OS-enforced sandboxing, so the fluffy bunny animation doesn't get to read your address book or make network connections.
I bought a new laptop a few months ago. At the time, there was a worm in circulation causing computers to shut down. Sure enough, within an hour, my computer got infected and started shutting down, etc. I was astounded and outraged.
I run Firefox rather than Windows on my computers now, and seem to encounter fewer problems. I did use Zone Alert, but found it was too intrusive and also interfered with my wi-fi system so have deleted it.
In only 2 or 3 months since I installed my updated Zone Alarm, it's detected and stopped 27,190 intrusions!
(Gee, I wonder why my dial up connection is running so slow?)
Four minutes? That's nothing. I have a group of like machines at work. In 2001, I got them and installed 2000 SP2(I think) on all of them. I turned one off and kept it as a cold spare. In July 03, one died. I took the cold spare, and turned it on. By the time it finished booting (90 seconds), it was hacked by the RPC virus, and rebooted just before the login screen came up. If I were a cracker, I would have beamed at the beauty of the creation. As a Sysadmin, I was seriously horked off.
I replaced the whole lab with OS X boxes this year, and haven't been happier.
Agreed. The Linksys firewall/router is down to about $49.00, and there's no excuse for not having one (or something similar).
I've been on DSL for 4 years and not been hacked or even touched once beyond the outside of the firewall, which is under constant and unsuccessful assault.
Finally, honeypot tests I saw years ago agreed with the above story, and in one instance a scripted attack found the machine, installed a trojan horse (remote control) program, and disconnected within 10 *seconds*.
And that's on the expensive side. I got a Netgear wireless router/firewall about a year ago for $30 after rebate. I'm surprised that ISPs don't include firewall functionality in cable and DSL modems.
I got hit with this one earlier this year. I had to wipe out my hard drive and reinstall the OS.
I use Armor2Net firewall, which has a stealth setting making my computer invisible while on the net.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.