Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Unprotected PCs Fall To Hacker Bots In Just Four Minutes
Techweb ^ | 11/30/2004 | Gregg Keizer

Posted on 11/30/2004 1:29:41 PM PST by zeugma

Unprotected PCs Fall To Hacker Bots In Just Four Minutes

By Gregg Keizer, TechWeb.com

The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.

In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.

The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.

Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.

"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."

Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.

The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.

The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.

"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.

"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."


TOPICS: Business/Economy; Culture/Society; Miscellaneous
KEYWORDS: computersecurity; exploit; freeware; getamac; hackers; internetexploiter; linux; lookoutexpress; lowqualitycrap; microsoft; patch; securityflaw; spyware; trojan; virus; windows; windoze; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-140 last
To: Swordmaker
Your comments regarding the hightened visibility of internet connections on dialup computers are well taken. It is generally much more obvious when your computer is attempting to connect to the internet than it would be on a broadband connection.

That's why I'd generally reccommend someone running windows who installs a firewall for the first time, to go ahead and reinstall from scratch after setting up the firewall just in case unless they are absolutely sure that nothing is on their box.

The sad thing about all this is that the vast majority of computer users are hopelessly lost and uninformed about anything running on their computers beyond the absolute basics of what they need to know to create an email, letter, or browse a website.

I can't say that I'm suprised by this, as it is the case with almost all modern devices. I would hope that some day basic security measures like separating your firewall from your working boxes will be as common knowledge as is the need to change the oil on your car regularly. The analogy with an automobile is actually quite apt for me as it illustrates several points quite well.

Let us consider two people, Alice and Bob. Alice is a computer wiz. She's a hardcore Linux user that makes a computer work for her not the other way around. She never gets infected by anything, runs a complex home network that connects her several PCs together with her PVR. She has regular backups of everything important, and she keeps up with everything in a way that practically guarantees smooth and easy computing for herself and everyone in her houshold.

Now let's consider Bob. He knows nothing about computers, but has a fairly inexpensive system he bought to "get connected with that internet thing", and because his son and daughter had been pestering him about it for long enough that he'd finally just bought the thing to shut them up. He uses it occasionally to check out NASCAR standings. He's running an unpatched copy of windows xp because that's what came with the computer. Guess what? Within a month his computer is running horribly slowly because of the 30 spyware programs have completely taken over his computer. It's also been spewing spam across the net daily because, unbeknownst to him, he's be hijacked. Is Bob an idiot? No. he's just uninformed of what it takes to keep his computer running smoothly.

Let's take another look at Alice. She drives a nice car, but it is not the most reliable thing in the world. Her brakes are kind of mushy because she hasn't had them looked at for the past 50,000 miles. She's also doing serious damage to her engine, though she doesn't know it, because it's been 15,000 miles since she last changed her oil. Her tires are also not in the shape they could be because they are under-inflated and her alignment is off, and it's causing uneven wear. Is she an idiot? No. She just doesn't know better. She knows how to put it in drive and put gas in to get it where she needs to go.

Bob's car runs like the day it was made. Better, in some respects because he's tinkered with it a bit and has kept on top of everthing that it takes to make the thing reliable, powerful, and well-maintained. He's been working on automobiles since he was a teenager, and knows everything that a good mechanic should.

What is the main difference between Alice and Bob? Well, Alice is a computer nerd who happens to also have a car that she uses as a tool. Bob is a mechanic who happens to have a computer to use as a tool to get information he wants. Neither are morons, they just have different interests, and different knowledge bases. Should Alice learn more about her car so it will run better? Probably. It would serve her well in the end to change her oil regularly, and have the alignments and other service done when reccommended to do so. The same can go for Bob. His computer is going to be an unreliable mess until he gets a firewall and virus scanner. He should probably learn a little about how things are organized on his PC so he can find the pictures of his daughter that he'd saved in some mysterious directory that he can no longer remember the name of.

The bottom line is that there is a lot of technology out there that we all use on a daily basis that we really don't know a whole heck of a lot about. Some of this lack of knowledge can be dangerous. For instance, it's not too terribly difficult to install a ceiling fan. It can be downright dangerous to do so while the power is still on. We don't all have to be computer professionals, mechanics, and electricians, but we really should learn enough about the basics to not hurt ourselves and others.

Wow. I got kinda long-winded there. Shame that it's the bottom of a post that probably won't be seen much anymore. Maybe I'll post it to another thread some other time.

Have a great day!

121 posted on 12/01/2004 7:43:31 AM PST by zeugma (Come to the Dark Side...... We have cookies!)
[ Post Reply | Private Reply | To 110 | View Replies]

To: zeugma

The article doesn't say if they enabled XP's personal firewall. It is off by default under SP1.


122 posted on 12/01/2004 7:55:21 AM PST by shellshocked
[ Post Reply | Private Reply | To 1 | View Replies]

Bump


123 posted on 12/01/2004 7:59:24 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Glenn
. If they were left wide open on the Mac, you'd have the same result as with the Pee Cee or any other platform

Not necessarily. For example, Microsoft's RPC is notorious for being full of gaping security holes just waiting for someone to access the machine and exploit them. Is there any OS X equivalent?

124 posted on 12/01/2004 9:28:51 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 59 | View Replies]

To: dhs12345
Firefox runs fine on my win98 computer. Takes a little longer to load than IE

That's only because Windows loads most of IE at startup.

125 posted on 12/01/2004 9:30:46 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 71 | View Replies]

To: Swordmaker
Which is worse? Not to have bought at all at 13... or to have bought and sold at 34, half of what it has reached today?

I wanted to buy really bad around mid-'98, but I had no money. Given a several grand back then, I'd be rich now.

126 posted on 12/01/2004 9:38:00 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 108 | View Replies]

To: AFreeBird

Could be that factors unrelated to Zone Alarm were messing up my WIFI. I did find the frequent pop up notices requesting access to be a pain, though I realize that's not an excessive price to pay if it prevents serious problems of various sorts.


127 posted on 12/01/2004 10:28:40 AM PST by governsleastgovernsbest (Watching the Today Show since 2002 so you don't have to.)
[ Post Reply | Private Reply | To 116 | View Replies]

To: antiRepublicrat

RPC is a standard. Are you telling me no one in the history of computing has ever tried to exploit RPC on the Mac?


128 posted on 12/01/2004 11:31:30 AM PST by Glenn (The two keys to character: 1) Learn how to keep a secret. 2) ...)
[ Post Reply | Private Reply | To 124 | View Replies]

To: avg_freeper

I was wondering if that would tweak you.


129 posted on 12/01/2004 11:50:57 AM PST by UseYourHead (Smith & Wesson: The original point-and-click interface)
[ Post Reply | Private Reply | To 117 | View Replies]

To: UseYourHead
I'm always game for good a tweaking!

It was more of a runtime machine-language manipulation / flag viewer tool than anything. It could also be upgraded to get some nice assembly functions too.

Not an interface to any kind of OS but you could still do some very bad things with it.

130 posted on 12/01/2004 12:01:08 PM PST by avg_freeper (Gunga galunga. Gunga, gunga galunga)
[ Post Reply | Private Reply | To 129 | View Replies]

To: Glenn
RPC is a standard. Are you telling me no one in the history of computing has ever tried to exploit RPC on the Mac?

Microsoft's implementation is notoriously full of holes, plus they use it in unneccessary places, allowing more exposure.

131 posted on 12/01/2004 12:48:38 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 128 | View Replies]

To: martin_fierro; fabian

Thanks for the links...


132 posted on 12/01/2004 6:06:19 PM PST by abigail2 (Budding terrorists...liberals)
[ Post Reply | Private Reply | To 8 | View Replies]

To: devolve; fabian

THanks for the ping devolve!


133 posted on 12/01/2004 6:07:40 PM PST by abigail2 (Budding terrorists...liberals)
[ Post Reply | Private Reply | To 69 | View Replies]

To: abigail2

thanks for the ping abigail2


134 posted on 12/02/2004 12:10:34 AM PST by fabian
[ Post Reply | Private Reply | To 132 | View Replies]

To: zeugma

Good comments.


135 posted on 01/18/2005 10:41:35 AM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 121 | View Replies]

To: Bloody Sam Roberts

I checked it out and want to go to that. However, it says that you can't run it with other firewall sotfware. Would that new Spyblaster from Windows be considered a firewall?


136 posted on 02/06/2005 8:06:11 AM PST by gopheraj
[ Post Reply | Private Reply | To 4 | View Replies]

To: gopheraj
Would that new Spyblaster from Windows be considered a firewall?

If you are talking about the Spyware cleaner software that MS just released (which used to be Giant Software) then, no. That is not a firewall. However, if you are using Windows XP, I believe that there is a built in firewall that can be enabled and disabled. I'm not certain. I don't use XP. Perhaps someone else here would know for sure.

I use Outpost along with SpywareGuard by JavaCool software. Both load at startup and run in the background nicely.

137 posted on 02/06/2005 10:55:24 AM PST by Bloody Sam Roberts (You may not think much of the Chinese....but you've got to admit, they've got great acrobats.)
[ Post Reply | Private Reply | To 136 | View Replies]

To: zeugma
At the risk of dozens of hostile replies, I will proffer the observation that it is interesting that no one even talks about terminal based systems as an alternative for casual surfing or emailing. Systems like the old webtv or MSN TV network don't duplicate PC capabilities, but allow secure Internet commerce transactions, FR posting, and email without having to worry about viruses, firewalls, etc.
138 posted on 02/06/2005 11:23:43 AM PST by Truth29
[ Post Reply | Private Reply | To 121 | View Replies]

To: Bloody Sam Roberts

Yes that is what I meant. Thank you for your reply.


139 posted on 02/06/2005 12:11:48 PM PST by gopheraj
[ Post Reply | Private Reply | To 137 | View Replies]

To: Truth29
I, too find it interesting that 'dumb' terminals have never really caught on even in places where they make a heck of a lot of sense. For instance, I was at a coffee shop today that had a few PCs available for internet surfing. The setup was basically 3 PCs networked together tied into a DSL/Cable internet.connection. All three of them were XP based, yet were essentially nothing more than browsers as far as other software available on them.

It would have made a lot more sense to me if the proprietor had set up a single server with three X-based thin clients connected to them. These terminals would be incredibly easy to hve operating in a kiosk mode, yet at the same time be completely safe for use in that it would be drop-dead simple to have a standard configuration availabl at login that is completely reset with each logout.

Instead, the owner is running 3 full-featured PCs with a virus tar-baby. I can't imagine what it is like trying to keep the systems from being constantly infected with every kind of spyware imaginable.

140 posted on 02/06/2005 4:33:57 PM PST by zeugma (Come to the Dark Side...... We have cookies!)
[ Post Reply | Private Reply | To 138 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-140 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson