Unprotected PCs Fall To Hacker Bots In Just Four Minutes

The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.

In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.

The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.

Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.

"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."

Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.

The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.

The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.

"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.

"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."

Your comments regarding the hightened visibility of internet connections on dialup computers are well taken. It is generally much more obvious when your computer is attempting to connect to the internet than it would be on a broadband connection.

That's why I'd generally reccommend someone running windows who installs a firewall for the first time, to go ahead and reinstall from scratch after setting up the firewall just in case unless they are absolutely sure that nothing is on their box.

The sad thing about all this is that the vast majority of computer users are hopelessly lost and uninformed about anything running on their computers beyond the absolute basics of what they need to know to create an email, letter, or browse a website.

I can't say that I'm suprised by this, as it is the case with almost all modern devices. I would hope that some day basic security measures like separating your firewall from your working boxes will be as common knowledge as is the need to change the oil on your car regularly. The analogy with an automobile is actually quite apt for me as it illustrates several points quite well.

Let us consider two people, Alice and Bob. Alice is a computer wiz. She's a hardcore Linux user that makes a computer work for her not the other way around. She never gets infected by anything, runs a complex home network that connects her several PCs together with her PVR. She has regular backups of everything important, and she keeps up with everything in a way that practically guarantees smooth and easy computing for herself and everyone in her houshold.

Now let's consider Bob. He knows nothing about computers, but has a fairly inexpensive system he bought to "get connected with that internet thing", and because his son and daughter had been pestering him about it for long enough that he'd finally just bought the thing to shut them up. He uses it occasionally to check out NASCAR standings. He's running an unpatched copy of windows xp because that's what came with the computer. Guess what? Within a month his computer is running horribly slowly because of the 30 spyware programs have completely taken over his computer. It's also been spewing spam across the net daily because, unbeknownst to him, he's be hijacked. Is Bob an idiot? No. he's just uninformed of what it takes to keep his computer running smoothly.

Let's take another look at Alice. She drives a nice car, but it is not the most reliable thing in the world. Her brakes are kind of mushy because she hasn't had them looked at for the past 50,000 miles. She's also doing serious damage to her engine, though she doesn't know it, because it's been 15,000 miles since she last changed her oil. Her tires are also not in the shape they could be because they are under-inflated and her alignment is off, and it's causing uneven wear. Is she an idiot? No. She just doesn't know better. She knows how to put it in drive and put gas in to get it where she needs to go.

Bob's car runs like the day it was made. Better, in some respects because he's tinkered with it a bit and has kept on top of everthing that it takes to make the thing reliable, powerful, and well-maintained. He's been working on automobiles since he was a teenager, and knows everything that a good mechanic should.

What is the main difference between Alice and Bob? Well, Alice is a computer nerd who happens to also have a car that she uses as a tool. Bob is a mechanic who happens to have a computer to use as a tool to get information he wants. Neither are morons, they just have different interests, and different knowledge bases. Should Alice learn more about her car so it will run better? Probably. It would serve her well in the end to change her oil regularly, and have the alignments and other service done when reccommended to do so. The same can go for Bob. His computer is going to be an unreliable mess until he gets a firewall and virus scanner. He should probably learn a little about how things are organized on his PC so he can find the pictures of his daughter that he'd saved in some mysterious directory that he can no longer remember the name of.

The bottom line is that there is a lot of technology out there that we all use on a daily basis that we really don't know a whole heck of a lot about. Some of this lack of knowledge can be dangerous. For instance, it's not too terribly difficult to install a ceiling fan. It can be downright dangerous to do so while the power is still on. We don't all have to be computer professionals, mechanics, and electricians, but we really should learn enough about the basics to not hurt ourselves and others.

Wow. I got kinda long-winded there. Shame that it's the bottom of a post that probably won't be seen much anymore. Maybe I'll post it to another thread some other time.

Have a great day!

I, too find it interesting that 'dumb' terminals have never really caught on even in places where they make a heck of a lot of sense. For instance, I was at a coffee shop today that had a few PCs available for internet surfing. The setup was basically 3 PCs networked together tied into a DSL/Cable internet.connection. All three of them were XP based, yet were essentially nothing more than browsers as far as other software available on them.

It would have made a lot more sense to me if the proprietor had set up a single server with three X-based thin clients connected to them. These terminals would be incredibly easy to hve operating in a kiosk mode, yet at the same time be completely safe for use in that it would be drop-dead simple to have a standard configuration availabl at login that is completely reset with each logout.

Instead, the owner is running 3 full-featured PCs with a virus tar-baby. I can't imagine what it is like trying to keep the systems from being constantly infected with every kind of spyware imaginable.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.