Posted on 11/30/2004 1:29:41 PM PST by zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.
In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.
The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.
The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.
"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.
"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."
bump for reference
Thanks for the tips. I'll run that defragmeter now, and talk to hubby about more memory. Of course, when I talk about more memory, I'll be setting myself up for a wise-crack from him....the joker.
It crashes on me from time to time, too. I consider the crashes minor since it is more secure and are easy to recover from. And each time it crashes, the info is transfered to the firefox programmers -- firefox will get better.
Also, I haven't completely abandoned IE. Some apps don't run correctly in Firefox.
Imagine....
Imagine no spyware - none, zilch, nada.
Imagine no adware - nothing, zero, not a single one.
Imagine no trojans.
Imagine no viruses - nothing to protect against. Imagine not even _running_ any anti-virus software on your computer.
Imagine computing for 17 years, online for 17 years, and never having had a virus, not once. Ever.
Imagine being able to read _any_ email, without fear. To download _anything_ you wished, and not even have to check it for infection, or worry about some hidden application buried within it, just waiting to attack your computer.
Imagine turning on your computer with the confidence that you can leave it online all day, walk away, and return to find it in exactly the same state - unmolested - as you left it in.
Now, STOP imagining. That's been my personal computing experience (really!) for the last 17 years online.
Impossible, you say? Not if you're using a Mac.
Granted, someone _could_ possibly concoct a virus or some other malaware for OS X. However, if it _does_ happen, it's going to be a "man bites dog" story. It'll be headlines not because it's another virus, but because there has never been an attack on OS X. And it will be dealt with quickly.
I'm writing this post on an older PowerMac 9600 running OS 9.2.2. Safe to say, there will probably _never_ be any new kind of attack on this OS, since all current development is with OS X. (In fairness, there were some Macintosh viruses released upon us 'way back in the 80's and early 90's, but they quickly faded from the scene). Yet OS 9 remains a solid operating system which I expect I'll be using for years to come. I _do_ run OS 10.3.6 on my g4 dual-processor.
As has been suggested by others in this thread, I, too, use a wired router for it's built-in NAT firewall protection. Just good practice, and I needed it to run the 2 Macs from my DSL connection, anyway.
I should admit that I just kind of blindly stumbled into the Macintosh years ago, coming from the Apple //. Otherwise, I probably would have ended up a Windows user like everyone else, with the same problems as most Windows users face.
I've got a friend at work who has used computers as long (longer?) than I have, but he came from the "PC side" of things. Two of his most memorable comments to me were "it took me ten years to learn DOS", and, "I hate computers!".
I've been fooling with personal computers since 1986 (the Mac since 1987) and I _enjoy_ computers! Why is that?
Cheers!
- John
Get ZoneAlarm. You will be amazed how many times you get your ports probed even on dialup.
Remember, your ISP assigns dialup accounts an IP address just like a dedicated line. The ISP has a pool of addresses that are randomly assigned to a user when he dials in.
All a hacker has to do is probe the range of IP addresses assigned to the ISP in order to hit home users. Just because you don't have the same IP address for long periods of time doesn't mean that you aren't at risk.
ROFL! :-)
Hi! :-)
It so happens I have a MAC (and linux machines) as well. However, it cannot run the software I need on my PCs.
I run Satellite Tool Kit and other custom PC stuff.
I have been messing with computers for a very long time. My first project was back in 7th grade. We built a decimal to binary converter (1970) and I built my very first computer (S-100 bus with and ASR-33 Teletype) in 1978.
I'm behind a hardware router/firewall, a few open ports to the world (113 and 22 being two of them). 22 gets probed ALOT. The router does NOT reply to a ping.
Oh, gee! I'm in hot water now!
Let's see- Martin Fierro has posted some good links a few replies after you, and I see a lot of good hints and commentary.
I really suggest that after getting all the MS updates ( and keeping the OS updated is the first line of security ) letting Internet Explorer lie fallow, except for the few sites that will accept no other browser, and using another browser like Firefox- you really get a lot less junk in ypir PC with an alternate browser.
A hardware firewall is a very good idea- software firewalls tend to slow older machines more than I care for.
Not all of us can ditch MS-- my wife uses Win2000 at work, brings a lot of stuff home, and went ballistic when I converted one machine here to Linux dual-boot, during the last hijacking we had. The best compromise I could get was Firefox on the home PC's!
Here's my "malware help" file:
I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try. I do like reading about all the Windows problems and wonder why it hasn't been fixed yet. Thre last I heard was Bill Gates said it could be fixed in the next few years. Right.
My only regret is not investing in Apple when it was at 13 not too long ago. It's now over 67.
bookmarked
In all fairness, many (but not all) of the problems are social engineering attacks that no current OS can protect against effectively. ("Hey, check out this cool program I found!"). These target Windows just because it's the most common. Still, that doesn't change the fact that your experience will likely to be much better on a Mac. When I read about Windows spyware and viruses, and how people are running detection and removal programs daily, I just can't believe that they're willing to put up with it.
My only regret is not investing in Apple when it was at 13 not too long ago. It's now over 67.
Heh, I sold at 34, convinced that would be the peak for a while. Whoops.
bump for later read
btt
Check out post # 8.
While that may be good advise. My comment still stands. You should have a hardware firewall between your computer and the outside world, in addition to anything else you may do..
Sorry about the late reply, and I haven't read down to see if anyone else has answered, but Mozilla will run quite fine on a Win98 box. Get FireFox if all you need is a browser. Mozilla includes and email client, (that is much more secure than outlook btw), and a webpage authoring program.
Read later
It's not true. Given how quickly computers can be compromised these days, especially if you run windows, even being logged on for a minute or two is enough to get infected with something. Also, folks on dialup connections are unlikely to wait the hours it takes to download some of microsoft's huge "service packs" or patches. I'd be willing to bet that many, many dialup users are infected and don't even know it. I would guess that connecting to the net through a firewall would be difficult on a dialup circuit though. I don't even own a modem anymore, so it's something I've not investigated.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.