Slashdot Mirror
Clean System to Zombie Bot in Four Minutes
Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.
So this is why my new Dell tried to eat my brain this morning!
First Post from a Bot!
I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user.
I know it works well enough for me, but I am not a typical user -- even my Windows box is locked down tight.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
Suddenly that cheapo NAT router from WorstBuy seems like a good deal!
Come on, it saves you from a lot of all these weird evil packets!
Online backup with Mozy, sounds like Ozzie, but more!
I still run SP1, but I have all of my up-to-date security patches done, and I am behind a hardwae firewall. No issues as of yet...
DAMN YOU OCTODOG! DAMN YOU TO HELL!
this is news?
...
Next up: People who see a dollar bill on the sidewalk will pick it up and put it in their pocket. See our analysis
I wasn't expecting this to get Slashdotted. Kevin and I set up the honeypot machines and monitored the network during the test. If anyone has any questions, I'm happy to answer.
Does that mean I have to install XP, download SP2. Burn the SP2 archive onto a CDROM, reinstall XP with the network cable disconnected, and then patch? Geez that'll get old fast
We built an XP box maybe a year ago and forgot to turn on the firewall before we started downloading patches. The machine was infected with Sasser in well under five minutes.
Fortunately the machine didn't have anything important on it since it was freshly built...
Denver Isuzu Suzuki
Is it just me or do WinXP users remind you of a bad movie.....
...statistics for all the other versions of windows in common use, particularly Windows 2000, as well as XP SP2. Last time I looked XP machines could only account for a maximum of ~50% of all the potential zombie bots in the world.
Moderation Total: -1 Troll, +3 Goat
Considering my firewall blocks an average of one intrusion attempt every 5 minutes (on a dial-up none the less), I am not surprised.
.. considering that most people won't upgrade to SP2 for a long time yet, since most users don't know how/why to use Automatic Updates...
2b || !2b =?
Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean
Yes, yes, we know this is not surprising, since the exploits in question target Windows specifically, and therefore obviously will not affect Macs.
But the larger points you should take away from this is twofold:
1. The simple fact of the matter is that, for whatever reason, Macs are clearly affected far less than PCs by all types of exploits. This is not because of just marketshare. But whatever the reason, it is true nonetheless. But this brings be to:
2. Even a completely unpatched Mac OS X 10.0.0 machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be. The fundamental and intrinsic security design and considerations of Mac OS X are just better, period. Even local exploits, such as might travel freely and easily on Windows via email, aren't as possible or practical on Mac OS X (e.g., a potential Mac exploit of this nature that spread via email would have to have its own MTA or a lot more complexity than a simple script on Windows where Outlook and the OS does all the work for you). Yes, marketshare, i.e., the chances of the next host encountered being a Mac, certainly doesn't hurt, but that is not the sole or primary reason Macs aren't vulnerable. No effective automatic vectors of infection or spread, either local or remote, exist, period. When external ports are opened, they usually represent open source services such as apache and OpenSSH, which as a matter of course are usually updated long before theoretical exploits become reality because of the intense scrutiny and peer review such products receive by the community.
When will people learn, that after three and a half years of Mac OS X, with the market growing, it's not just because of "marketshare" that Macs are rarely affected by these types of issues? Can people admit that it's possible that security decisions that were simply and fundamentally better than those of Microsoft were made? I get a kick out of articles that trumpet "MACS JUST AS INSECURE AS WINDOWS" when a text shell script is "discovered", one that must be run by someone with root or physical access no less, with no worthwhile vector or method of automated propagation of any kind![1] This is in the face of completely remote and automated exploits that can hit a Windows machine in minutes of being on the network, or exploits that own your machine by simply visiting a web page, or viewing an email message in Outlook (yes, these have continued to exist, some even very recently).
[1] For the nit-pickers out there, copying itself to other remote Mac OS X system volumes to which the local user has root-equivalent access and has manually connected to doesn't exactly rise to the level of the unprivileged, automatic propagation we see in the Windows world.
from the takes-five-minutes-to-download-patches dept
Yeah right...
[n8.r0n] http://petesweb.spymac.net/
At a customer site, an employee recently installed a backup program which included SQL server 2000. It took 10 minutes for it to become infected with Code Red.
Our experience with operating system maintenance costs has been that Windows systems typically are the most expensive in terms of total required hours. Linux boxes initially are difficult to set up, but are more difficult for novice users necessitating frequent support, Windows boxes are easy for novices to use and recently have become much more stable, but have malware issues. Solaris and IRIX boxes are somewhere inbetween in terms of ease of use but require "privileged" knowledge in how to deal with certain issues, leaving us with OS X.......
OS X/Macintosh has proven to be the absolute most productive environment for us to date, least susceptible to malware/hacking has the lowest support costs and is why we have been in the process of replacing most machines with OS X boxes.
Visit Jonesblog and say hello.
I'm using my new unpatched XP system right now and it works gre45h3@#$!dd11f
NO CARRIER
Our gateway box is a Win2k machine. It hasn't been patched in months upon months because it would tie up the connection for a long time. (Downloading patches over 28.8 is slow and we have eight computers in the house sharing that connection.) That gateway machine is totally clean. No spyware, no worms, etc. This is confirmed by proper antivirus and anti spyware software.
I'm just posting this an in interesting observation. This makes sense because a zombie on a dialup line is pretty damn worthles anyway.
Many IT-people brand the persons that get these bots / infections as clueless lusers who get their comeuppance. I don't.
A machine isn't supposed to act this way. It is very simple, but we forget that proper behaviour for the machine is to NOT get infected in seconds. I have abandoned windows some time ago, but still help friends with their machines. But it is a battle they're losing. Nothing seems to help, mostly due to the extremely bad security paradigms. They now think its normal having to run 2 - 3 different anti-adware programs, virusscanner, be on eternal vigilance at every corner of the internet.
It is not supposed to be like this. Don't forget that.
Did you try this with the XP service pack 2? If so did it help at all?
This kind of news kind of makes me wish for white knight virus's that run out there and plug the wholes (carefully) before the bot net virus's attack. Possibly even faking a Microsoft message requesting the use download all the newest patches from windowsupdate.com
With the recent news that lycos has publicaly released a DDOS (mince words if you want to, that's what it is) tool to use on spammers, I wonder if a corporate sponsored virus of this type is far off.
paul reinheimer
My advice to anyone with Windows XP SP1 planning a clean install - get the SP2 CD (free from Microsoft) and install it before connecting to the internet.
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
ARG! The patches! They do nothing!
Erm, if you look at the article summary and the article itself, it says that Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. Windows XP SP2 is what many would consider a collection of patches, so yes, it seems to have done something.
The pain was excruciating and the scarring is likely permanent, but that just means it's working.
Last night I installed Windows 2000 SP4 onto a machine (not mine) connected to an NTL (British ISP) Cable set-top-box by ethernet.
Windows came up, I chose a username, and it froze due to gaobot infection.
I hasten to add that normally I unplug modems but I was under the impression that Set top box Cable access uses NAT and is thus secured against this sort of thing... I'll be recommending a Motorola Surfboard and router to my friend !
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Zone Alarm and Firefox get on the system from a flash drive before ethernet cable is ever pluged in.
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
When I was working for a large university, I could do a fresh install of XP SP1 and it would get infected before I even got a login prompt, about 10 seconds. I then learned the value of unplugging the network cable
Bah, that's a load -BUYVIAGRANOW2FOR1!- of BS. I haven't patched my PC since I bought it -FREEMORTGAGEQUOTES!- and it's running just -TIREDOFCONSOLIDATEDDEBT?- fine. No viruses, no trojans, -TIREDOFSPAM?BUYTHISCRAP!- nothing.
I installed a fresh Windows XP (SP2 integrated) box with internet connection. The firewall was enabled by default so I didn't get any worms or viruses. :) Windows can be quite, I don't want to say safe, but at least it is now safer than without SP2
At least at the moment (and if you have at least a certain amount of brain in your head
"The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks."
They act like how often it's attacked is a detractor from how secure it is ("it's not exploited because no one ever attacks it!") In fact, I'd say the systems that are attacked the least is *because* they are so difficult to exploit. Well, that and they only are about 2 or 3 out of every 100 systems you'll ping.
If you've installed any programs from Download.com, Cnet.com or ZDnet.com, beware.
I started getting reports of malware being attached to a program I work on and discovered the affected parties had obtained their copies of the program from Download.com. I had never submitted the program to them, but someone else had -- and they'd contaminated it with malware while they were at it. I complained, and the program was removed. (Actually, they first switched the links to the official server, but removed it when I complained further that they needed to tighten up their submission procedures.)
While Download.com is no longer distributing my program, they are still distributing malware attached to other programs (just went to their site to confirm it) via xeol.net and probably others. They don't seem too interested in fixing the problem. I also sent a complaint to the FBI's cybercrime division, and they apparently weren't interested, either.
Of course an unpatched XP machine is going to be "compromised" quickly - look at how many worms have been going around exploiting remote vulnerabilities in the past year or two! Anyone who's installed XP on a machine that wasn't firewalled from the internet properly has had to deal with this.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Here are some mirrors courtesy of mirrordot:
Their abstact(pdf)
And their homepage
http://shit.slashdot.org/article.pl?sid=04/11/30/1 932245
Why is this still an issue? Come on, yes, we know XP out of the box is vulnerable. This is old news.
Buy a $30 DSL/cable modem router. I tell everyone I know to do this, it's worth it. 99% of all problems are solved with the DSL router. Once you have that in place, then the only thing you have to worry about is malicious web sites and email viruses.
I would like to see the comparison of viruses/trojans written for windows vs. viruses/trojans written for Mac and Linux desktop. The ratio is probably something like 100:2:1
was the default XP firewall turned on at all???
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
If only a fraction of all these people running unpatched windows systems would simply download a distributed computing client or something else to help the computing world instead of acting as a zombie on the internet...
ItWasFree.com - Take the mystery
My shit-hole apartment would be cleaned out in about 4 minutes if I didn't lock the door, too. So what does this prove? That there are nasty things out there? That shouldn't be news to anybody, especially not the Slashdot crowd. Lock down your computer the same way you'd lock your car doors and you'd lock your house.
I don't respond to AC's.
...as well. Without a firewall, no computer is safe and with one, no computer is safe (just slightly safer...)
Loading...
What me worry.. I use Windows ME which in reality has no reason to be zombied! Just kidding... The fact that 99.9% of winXP users do not even know what a shell script is and would not even know how to run one certainly helps. It is not a case of stupid windows users not patching the system, instead it is a case of Microsoft creating an os that is a can of worms (pun intended) and not paying attention to the fundamentals of internet security. Seems like a major selling point for Longhorn, and planned obsolesence as a business model!
For the average user, what tools are available to let them know what their computer is doing (spamming etc). By the same token, what can they use to find out what their firewall is stopping?
Task Manager seems pretty useless for that, since any system is going to be running a bunch of cryptically-named tasks about whose purpose the user is largely unaware.
What does netstat tell me? What does it mean?
The tools available for the average user to figure out what might be going on aren't well-known.
I do work in a test lab using several standard DOCSIS cable modems. Since the PCs used need to have fresh OS installs with various patch levels, they are ghosted frequently.
The 2000/XP boxes will often get infected before the software being tested ever finishes installing. (a small/simple software firewall being one of them)
The does not occur when behind a consumer NAT router, but is rather alarming that a typical PC on an unprotected cable modem does not even have enough time to download/install a small soft-firewall.
Look up and contact your local Attorney General and demand that they start prosecuting the criminals that break into PCs. These activities have been felonious crimes since day one of the Internet. Even if our OSes were more secure, it doesn't excuse the blatant illegal activities that are continuously perpetrated that cause untold amounts of wasted bandwidth, time and other resources that our leaders in the criminal justice system should be doing something about. Contact your local AG and demand they start prosecuting these cases and this stuff will be dramatically less prevalent.
Duh. They arn't testing how fast someone can install a firewall. They're testing how prone a typical user is to T3H H4X0RS - the same typical user will turn on and go which is why SP2 is a good thing (tm).
...that it's clearly not, even now.
There have been numerous exploits that have affected XP post-SP2.
And Microsoft's new, extremely belated focus on security notwithstanding, this does not change what I said.
Nice try, though.
You think because AV finds nothing, your box is clean? Not necessarily. If you're rooted, you're rooted, and you'll never know unless you boot from trusted media. Once your box is not your own, the OS will never tell you the truth again.
Virus and Spyware detection will fail, because a root-kitted kernel will lie to it about what files are there, what processes are running, and what network traffic is flowing.
This is why operating systems should use delta compression for distributing security patches. You're never going to have a perfectly secure operating system; you can, however, make sure that you can fix the security flaws before they are exploited. Put another way: Size matters!
For the record, using FreeBSD Update and my binary diff tool, downloading all existing security patches for FreeBSD 4.8 (released April 2003) only requires 568kB of files to be downloaded -- which takes under 3 minutes even with a 28.8kbps modem.
Tarsnap: Online backups for the truly paranoid
It wouldn't need a firewall if it didn't default to having so many ports open listening for traffic.
feh. stuff.
I never really needed a reminder for why I run Linux, and yet, here it is =P
guess you better learn to type faster, huh.
12:50 - press return.
... it's time for Folding @ Home to hire a script kiddie?
Yes, but it is worded to sound more sensationalist by not specifying that it's baby seal crawling through a sea of baseball bats...
Loading...
We all know Windoze is bad enough pathech or unpatched. Having said that... where is my penguin to stop the bad packets? iPCop anyone??? I mean I used iPCop to protect more than 2000 pcs in a college, why can't MicroSnot do the same??
===== "Every head is a different world so don't invade mine you FREAK!" smartSAGA said
To me this just seems like non news. All new copies of windows come with sp2 integrated... What else is MS supposed to do? So they made a less than secure OS a while ago, that can't be changed. They offer SP2 on cd for free AFAIK, so if you have an old copy of XP, you can patch it up before connecting to the net. Microsoft doesn't want you running windows unpatched, and they'll help you patch it...
I think this is somewhat akin to complaining about a product after a company has had it recalled. This problem is annoying, but hardly news, and certainly not a valid comparison of the relative security of different OS's
All Rights Reserved. All Wrongs Avenged.
I mistakenly installed XP on a new box on the unprotected end of my network.
Time for infection? Not two minutes.
FIRST BOOT.
And I knew I was screwed the moment that I saw the NIC's green lights flash upon reboot.
I did that once. Never again! There's nothing wrong with having to wipe and reload after....wiping and reloading! Er...yeah!
I now make sure ALL installs are done off line, even with my XP SP2 disk. Why take the chance?
26 - 1
vodka, straight up, thank you!
Indeed, but a default linux installation is also extremely vulnerable w/o a firewall. Not 4 minutes vulnerable, but who cares who loses first if everybody loses ;).
Loading...
We should develop a program (if one doesn't already exists) that look for an attack on SP1 vulnerabilities. If an attack is detected then the IP address is logged and automatically sent to the server provider (or if possible email address of the user) to inform them that their machine is compromised. I'm sure people would be VERY happy to know they have a virus/trojan on their system and would be more than willing to get rid of it. Heck if someone sent me an email saying, "hey bud you're system is a zombie and tried to attack me", I'd fix my system pronto.
It seems to me that the problem isn't so much that idiots make software which zombie machines, but that we have no way to contact the users of those machines to fix them!
and how many users out there actully do patch? Thats great that the OS auto does, but what about the thousands of pirated copies of windows that can be patched?
I am that much more enlightened and proportionally disillusioned
and this is news because?
It's obvious this is not going to help Microsoft out very much with their continued sales. Made me laugh the article the other day on slashdot where MS decided to replace anyones pirated version of Windows with a genuine copy. They must be S**ting bricks ;)
"Invation of the Win Snatchers".
I have a few questions.
1. How do you count attacks? The number of attempted attacks differs between the various systems. Does that mean some machines actually were attacked more often than others, or do you simply not count certain attempts? (E.g. malicious packets sent to closed ports)
2. Wouldn't it be fairer to run every machine with the firewall off (including those that have it on by default)? Obviously, if no traffic gets through to a machine, it can't be compromised no matter how insecure the software.
Please correct me if I got my facts wrong.
Boot knoppix...
I work tech support in one of the departments at my school, and we frequently have to reformat professor and grad student's computers that get hit by viruses. I was testing out an unattended install disc I made on one of the machines and it failed to install all the latest SP1 service packs. Needless to say, within 3 minutes of plugging it into the campus network, it was hit with lsass. Maybe I should submit my story so I can be a record holder or something...
Hello? (knocking on your head)
It's not like the testers just let LSASS and DCOM exploits through; they put the machines on the net and checked which ones got owned and how long it took.
I understand what your saying, but two points:
1. All users should be patching, or letting the OS do it. We do want patched systems, right? So we have to educate users, and they have to follow through, or the OS has to be allowed to do it for them. To a degree I blame MS for taking so long to make auto-update the default, but frankly if they had it set to auto from the start everyone would be screaming bloody murder about privacy concerns and such. Can't have it both ways.
2. As for the pirated versions, I think if MS is smart they will let the pirated versions update as well regardless. I think that's better for everyone. I think they should separate out the patches from the updates. Patches should always be allowed no matter if the copy is legit or not (and it shouldn't even be checked), but updates, things like a new version of Movie Maker or Media Player (that doesn't involve security fixes) should require validation of your copy. I'd be OK with that.
But, that being said, the pirates shouldn't be pirating, so I don't have much sympathy for them. In fact, I could give a shit if their systems gets hosed by a virus or worm or whatever else, if it wasn't for the fact that it could harm ME if they get zombified, I wouldn't care at all. But, since they CAN affect me, MS should allow them to be patched, security-wise, but that's it. If they don't, I'm against the policy.
But in the end, the update mechanism, certanly for legit users, is there, and they need to be taking advantage of it, whether it's automatic or not.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Guess what, there's millions of Windows users out there who don't know what an "SP2" is, or why they should care about it, or have a clue how to download such a behemoth over their 28.8 AOL dialup.
Come to the University of Mars! Classes starting soon!
Umm... What "Windows Firewall" in XP SP1?
First I've heard of it
But that's not addressing the point I made, which is that comparing this to a Mac isn't fair because those services don't exist on a Mac.
I'm not at all trying to deny there are security problems with Windows. What I AM saying is that the situation is far from dire when the system is properly patched. I am also saying that the comparison to a Mac, based on those two services, is completely bogus because OF COURSE the Mac isn't going to be affected.
I'm just saying compare apples to apples (pun intended). If the study was between the systems listed and a fully-patched WINDOWS box, the results would have some validity in telling us that not patching is a Bad Thing (like, uh, DUH). This comparison however is just stupid.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Hmm... did you read the article, where it pointed out that in addition to the XP SP1 machine, we also tested SP2, and SP1 with a firewall?
Awhile back when I was naive, I didn't really think worms could affect me on XP as long as I didn't download any funky programs. After a reinstall of Windows, my computer was continually rebooting and gave me around a 30 second warning. I was owned by the blaster worm. Typing the warning message into google I got my machine quickly patched up... But that gets me thinking about the common user. What are they supposed to do? If they have a single computer they probably won't have a router with NAT. And downloading updates probably won't be the first thing they're doing. (Even if it is, it's quite possible to get infected before they're installed). Most don't even know what a firewall is. So what are they supposed to do?
www.kerio.com/dwn/kpf2-en-win.exe
Note: the lastest version of Kerio Personal firwall is 4.x, however that version isn't as good and has too many extra unuseful features that can't be turned off, therefore I'm linking to version 2. As far as I know there is no direct link on Kerio's web site.
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
Should any of these updates cause unexpected issues, then please contact your vendor for additional support.
DISCLAIMER: This message has been prepared with great care by our customer support department. Despite our efforts, we cannot guarantee full accuracy of this notice. Our company assumes no liability for any loss of data, damages or lost revenue resulting from the use of this information.
If you can't baffle them with brilliance, dazzle them with bullshit.
Does being a NAT box or behind a firewall help? Studies never seem to mention being a NAT box...
I'm suprised that ISP's don't provide some kind of firewall on their side, and charge people for it.
Like imagine when you sign up for compnay's X DSL
they offer a firewalled connection, or a non firewalled.
For the simple users ( my mom ) you could have a default firewall that just blocks windows ports that have know exploits. Does 445 really need to come in from the outside world
For the more advanced user you could have an interface that allows them to choose which ports.
How hard would it be to setup a dynamic firewall solution like this? People would pay 5 to 10 bucks a month extra for it. Even someone like me so I don't have to use a router. I just don't trust a desktop firewall.
The availability of compilers has nothing to do with script kiddies! The difference between 86 assembly and VB scripts is light years. I am currently learning the real fundementals of C and find that the bad use of memory and the fundamentals of programming are the biggest problem. This begs the question: if the user and even the reseller has no access to the original source code how can one justify tech supporting the program?
If the program works and leaves exploits then it is responsibility of the vendor to shoot the programmers. Not to chastize the user for using the program unpatched! Microsoft must be deliberately releasing crap so that users are forced to "upgrade". Certainly they must have extensive testing and code checking. How the H do they manage to miss so many exploits. It can only be deliberate.
You can go to microsoft.com and order a CD, free of charge.
The write up did not cover the story very well, and the article is slashdotted, but when/if it comes back up you will be able to note that the study was on a whole series of machines, including patched and unpatched ones subjected to an unfiltered internet connection. Also the study was on machines that were not doing anything. It is significant as a security benchmark for common systems. Most importantly, this was a study commissioned by USA Today, a mainstream news source. As much as you would like to think otherwise, most people (think USA Today readers) do not know how bad Windows security is or how vulnerable their machines are. Most do not know that their machine runs like crap because of spyware, and most do not know there are alternatives. This is probably not news for Slashdot, and not very significant, but some of us read these articles looking for good summaries to send to obtuse management.
On first boot my computer was extremely slow and I had IE popups all over the place for gay porn and viagra.
Ok sure it wasn't the smartest thing to forget that this MAC address was in DMZ but damn!!! Shouldn't Windows be more secure by default?
So I decided to get myself a mac but still ask everyone to please sign the petition to get world of warcraft on linux. I'm not sure it will do much but at least it will show that there is a desire there. Not everyone can afford a Mac and some people don't want Windows on their machine for what are now obvious reasons to me anyways.
how.
All you can answer for sure is the last question.
A.G.s are bound by jurisdiction (country and state or province or depertement or prefecture or...)
There is very little they can do. Most of this crap is flying around and over their territory. Its up to us to protect our machines.
Spammers should have their CLIENTS sued. Get an ad for Viagra(, or PenileExtenders or whatever,) and whoever the RETAILER is should be the one to get smacked.
Follow the $. Whover you were going to pay is the one who should get sued. Make it an international arrangement/agreement that the fines should be collected by the sender's country of origin.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Yes I did read it, and I probably should have pointed out the worst offense of this...
NO SUCCESSFUL BREAK-INS OF THE UP-TO-DATE PATCHED XP BOX.
So, what exactly is this article trying to prove anyway? Here's the only conclusions I can see drawing from the article...
(1) The Internet is an unsafe place. Attacks happen at an alarming rate.
(2) An UNPATCHED and UNPROTECTED Windows box is quite vulnerable indeed.
(3) A fully-patched Windows XP box is JUST AS SECURE as a Mac (Unix-based, so it's probably fair to use this as a Windows vs. Unix comparison) and a Linux (Linspire) box.
I quote directly from the article:
"While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server. There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls. That pattern was not surprising, as Windows PCs make up 90% of the computers connected to the Internet, and the vast majority of automated attacks are designed to locate and exploit widely known Windows security weaknesses."
This says it all folks. SBS had one break-in, which definitely isn't good I admit, but that's the bad news as far as Windows goes.
Let me reiterate: WE KNOW AN UNPATCHED WINDOWS MACHINE IS BAD NEWS. Move along, no news here folks. But, the fact that there were ZERO intrusions amidst a TON of attempts, the same result as the Unix-based and Linux-based OS's, should prove once and for all that a properly-maintained and CURRENT Windows box, like any other OS out there, is as safe and secure as one can hope for in an unsafe world.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
"This is not because of just marketshare"
Fine, not "just" but when you outnumber your competition by several million boxes, only a fool would completely discount that fact as much as you have. If it was worth a hackers time and money to turn a MAc box into a bot in under 4 minutes, it's a done deal, no questions asked. Market share, with all those Windows boxes and their CD keys, credit card numbers and personal information make a much much much more inviting target to specialize in.
No, I'm no saying one is any better than the other, or that even the point you make is irrelevant, just the incentive to crack OS or Linux is SO much less on average.
You need a FREE iPod Nano
Is that why I keep getting 503 errors when reloading /.
CARRIER LOST
As to your sentiments. Sorry but as long as you can BUY an unpatched PC, you can STFU.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Since it only takes one successfull attack to compromise the system, I'd say that impenetrable is impenetrable.
Does Linux get fewer attacks because it is impenetrable? Does it get fewer attacks because 100% of the Linux boxes is less than 10% of the Windows boxes? Why should I care? Fewer attacks is a good thing, and the data gives no reason to think that more attacks would change the situation, anyway.
Fewer attacks on Linux. None of them work. Keeping fully patched is trivial, even via modem. With Linux, the computer portion of life is good. I was never able to say that when I had a Windows box, years ago.
See what I've been reading.
We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician.
I'll pick this example, but the critique applies to the whole post.
We *DO* educate people about electrical outlets - from a VERY early age, we tell people "Mess with this outlet and you'll die." And we let any curious person who wants to perform as an electrician, and the people who decide to do that without the proper training cause themselves property damage and sometimes die.
The problem is that if you put a computer on the internet and it causes havok (by getting infected with whatever), unlike mucking with electrical outlets, the user doesn't die. If you want computers to work like electrical outlets, you'd have to make people who own computers liable for any damage caused by their computer, just like someone who connects poor electrical work to the electrical network is liable if they manage to blow out the local power substation. Then users will have a financial incentive to not put computers on the network unless they are reasonably sure they're not going to cause the network problems.
Of course, that will never happen, so we'll just have to deal with idiots ruining the network, much like we have to accept bad drivers on the road.
paintball
"The MD5 checksum of the file named WindowsXP-KB835935-SP2-ENU.exe is 59a98f181fe383907e520a391d75b5a7"
p pro/maintain/sp2top.mspx.
Taken from this site: http://www.microsoft.com/technet/prodtechnol/winx
Found with this Google Search (first link).
And the muscular cyborg German dudes dance with sexy French Canadians
From the article: Each was sold without an activated firewall.
...hence no successful attacks.
Perhaps I'm mistaken but I was under the impression that OS X ships with the firewall on by default.
I can't remember... I think it defaults to Off, but I was just curious. I suppose it's not too egregious to have a default of Off since all the services are also Off by default. Mostly I was wondering if it would have made a difference in the number of attacks sent to the machine if the firewall had been (or was) active.
This is a flame for everybody who keeps making these assnine comparisons and believes that they're OS integrity is somehow extra special or that Windows M$ is extra bad.
Well, I hate to break it to you, but Windows security is extra bad. Popularity aside, Windows does some really dumb things from a security perspective, both historically and currently, and and security professional will tell you that Windows needs some serious changes to their underlying system if they ever want to make it reasonably secure.
No system is bulletproof, but some of them at least put the bulletproof vest on their chest and the helmet on their head. Windows puts them both on it's ass.
Just because Windows is popular, you should not excuse the designers their crappy security decisions.
P.S. Get a spellchecker.
Prove it.
So only Linux only was only targetted by only .26% of all attacks, only. Good to know.
So... is your point that it's not good to remind people to patch and have firewalls, or that we shouldn't have bothered with the patched and firewalled boxes for comparison?
You owe double me? That's a lot.
Zombie bots generally don't know the difference between dialup and broadband.
Perhaps you don't "have" any spyware or viruses is because your line is too slow to update your scanners?
Seriously, install a squid proxy so you can download the patches on one machine and all the other machines can just use the cache.
I bet if you let it go overnight it would be done in the morning.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Yes, Linux will be exploited more often than Windows once it gets popular. Just like Apache gets exploited more often than IIS!
But part of the reason they have bad security models is because people need to be able to quickly leave them in case of emergency (fire for example). Otherwise they could be designed with complex locks on each entry/exit point.
Windows XP, SP1 does include a firewall that is off by default. Google will give you plenty of instructions for enabling it. SP2 merely enables it by default.
Right on brother. Apparently the /. crowd thinks fighting FUD with FUD is a good idea though. Too bad it leads to zero credibility for them.
What the hell is the point of this article to begin with? How many MS users you think you will convert with this so called study?
"At first, we thought it was just another snake cult."
But seriously. If Linux ever becomes as popular as windows, I guarantee malcontents will find any and every way to comprimise your system in under 4 minutes.
This is like the New Pig Times reporting that if brick ever becomes as popular as straw then wolves would just start blowing them down as easily. In other words you are arguing under the Fallacy of the General Rule; namely that all platforms have exactly the same vulnerabilities, if only someone would bother to look for them.
Windows has large, exploitable holes that other platforms don't. Period. End of sentence. It is the height of tunnel sighted arrogance to think today's hackers wouldn't each love to be the one that finally writes the mighty virus that gets through OS X or Linux.
Yes, a large percentage of problems are from copy cats. But you will not convince me there aren't those who take pride in their hacking that wouldn't love to be the one to break the OS X/Linux barrier and aren't working at doing so just to show it can be done.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
A question on the OS X box - doesn't it come with Samba (filesharing) off by default? I assume by "firewall by default" you mean "comes with firewall running by default", which should be fine if there are also no services running...
Thanks for the interesting tests and good followups.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Windows firewall was one of the "New features" of windows xp, but you have to turn it on first - no need for service pack 1.
You can get an unpatched windows 2000 machine to connect to the internet [without being comprimised] to download updates just fine, (from my experience, your milage may vary) Just enable TCP/IP filtering in advanced networking and set TCP to permit only (nothing). Can do this on XP as well.
At least let's take the known drive-by shooters off of the information superhighway.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
like the right lane, or in the larger picture basically assuming the entire road is there to serve as some form of entertainment.
The issues with extreme traffic congestion and high insurance rates are only another sign of the degree to which the abuse of the roadways has been
risen up to.
When I started, the car dealer would inform me that my car could cause immeasurable damage to other drivers and pedestrians as a not-so subtle hint to not screw around, and driving required some basic knowledge of transmissions and
attention to the owners manual before you could even start the car. Frankly, things became unmanageable at the point the roads were made
accessible to anybody with a few thousand dollars; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with aggressive drivers and drag racers are the same problem. Intimate knowledge of automobile mechanics used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires a few hundred bucks and a trip to the local accessory shop. Every Honda is now a potential rice-rocket, and every SUV doubles as road-tank.
Many experts believe we should raise the barrier of entry by requiring drivers to undergo education, certification, and maybe
even an oath to only pass in the passing lane as part of the certification process if going onto the expressway. It used to take years to do what kids today
can do in months; additionally, a would-be driver who spends a few months picking up parrallel parking or whatever has hardly
learned the fundamentals of driving any more than someone who reads a manual about his DVD player has become a laser
engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to automobiles (by means of pricing and with the cooperation of the rental car companies) and by separating people allowed to drive on local roads during the day from those allowed to drive at night or on the expressway.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We
don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate"
passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to driving cars?
paintball
The issues with extreme traffic congestion and high insurance rates are only another sign of the degree to which the abuse of the roadways has been risen up to.
When I started, the car dealer would inform me that my car could cause immeasurable damage to other drivers and pedestrians as a not-so subtle hint to not screw around, and driving required some basic knowledge of transmissions and attention to the owners manual before you could even start the car. Frankly, things became unmanageable at the point the roads were made accessible to anybody with a few thousand dollars; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with aggressive drivers and drag racers are the same problem. Intimate knowledge of automobile mechanics used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires a few hundred bucks and a trip to the local accessory shop. Every Honda is now a potential rice-rocket, and every SUV doubles as road-tank.
Many experts believe we should raise the barrier of entry by requiring drivers to undergo education, certification, and maybe even an oath to only pass in the passing lane as part of the certification process if going onto the expressway. It used to take years to do what kids today can do in months; additionally, a would-be driver who spends a few months picking up parrallel parking or whatever has hardly learned the fundamentals of driving any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to automobiles (by means of pricing and with the cooperation of the rental car companies) and by separating people allowed to drive on local roads during the day from those allowed to drive at night or on the expressway.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to driving cars?
paintball
That way, you'll have it for next time.
Second, the linux box isn't necesarily representative. Mandrake, for example, has open ports and no firewall. I would like to see a fresh mandrake box put on the net rather than the more secure Linspire. Additionally, was it ever figured out what port 7741 was used for? In a digital attack simulation we had, Linspire boxes were hard to characterize for the attackers because of the lack of any ports open on them. 7741 may be a good way to characterize the OS of the box. (Also, I worry more about open ports I don't recognize than ones I do, even if they aren't connected to extremely strong programs.)
Also, the abstract seems to indicate the OSX box was NOT one of the better ones since it seemed to draw so many attempts. (I think this explained in comments as having to do with samba being turned on. Was samba on by default? And is there any implications of having a cloned service on as it draws more attacks even though these attacks are fundamentally hopeless.)
I do security
My point is that you should declare both just as loudly:
* People should know that unpatched boxes are trouble, that's completely fair
* People should know that the patched and secured boxes are just as good (based on the published results at least) as just about any other OS.
I can accept that maybe the Slashdot slant as represented by the front-page post may have made the article seem like something it wasn't, namely a Windows bash piece. But, having read the actual article, it didn't seem like both conclusions were fairly represented. It seemed as though the positive outcome of the "secured" XP box only got a small blurb, while the negatives of the unpatched box got much more air time. I believe it should have been more well-balanced. That is my point.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
I used to be a Wide Open West cable modem subscriber - it was a great service, fiber to the curb and speeds to go with it (you had a choice of 3Mbs or 10MBs bi-directional!!!).
They also had a firewall over the whole network. While it seems like a good idea, I have to say I'd rather have gone without it. One thing it caused a problem with was Unreal Tournement - the server browser would take about 10 seconds for each server ping, which made refreshing the master server list pretty much impossible. Actual games worked OK...
I would have expected more cable modem companies to do something similar though.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As you might imagine, I have relatively little control over how USA Today chooses to present a half page (guessing... haven't seen the print version yet) article, or how Slashdot chooses to summarize that into a single paragraph. I had a chance to comment on the USA Today article ahead of time, and they had the option to ignore some of my comments.
I'm more than happy to tell people what the actual methodology was, what was trying to be measured, and what the results actually represent. Check some of the other threads on this story.
How many MS users you think you will convert with this so called study?
Paranoid much?
It's called automated p2p software distribution you insensitive clod!
How do I transform an original copy of windows 2000 including a valid licensing key to installation media that already includes all the necessary patches?
There is a fundamental problem with your myth.
How does a fresh install of Windows get compromised so quickly? Through ports on services, mostly.
Now consider a fresh OS X install. Let us imagine a future where 99% of the computers are Macs. You go to install the OS, and - you have no compromises when you are done (much less ten minutes later). How is this possible? Because there are NO NETWORK SERVICES RUNNING BY DEFAULT. None! You have literally no way for the four-minute phenominom to strike you.
Different Linux distros are more or less along these lines, depending on how many services they, too, leave off by default.
Perhaps in a different future with a more popular OS you might have quite a few more Malware programs that would seek to have the user install them or attack browser flaws. That is a different issue, but doesn't address the fundamental weakness of a system that can be compromised without user action in under four minutes.
Windows solved a lot by adding a default firewall, though you are still at the mercy of the firewall working properly instead of fundamentially being more secuure by leaving services off. It only takes one bit of malware to disable the firewall without telling you and it's off to the races again for your PC. SInce other systems as of yet have no need for these programs, they are not as fundamentially weak.
As a side note, I hope that people doing software performance reviews from now on are doing them with firewall and anti-virus programs in full operation, otherwise the results are meaningless. Especially on an Intel platform, why would you not use an OS that requires a lot less background processing just to keep other people off your system? It's like hiiring a full time bodyguard and agent when you work at K-Mart - it just should not be needed.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Sorry, but this barely qualifies as research and is a awful example of journalisim as well. Example: USA Today said: "To hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers. He then uploaded a program that gave him full control." The report from Avantgarde said: "the default configuration (NetBIOS enabled) exposed both the XP SP 1 and the Windows SBS 2003 by exposing hidden shares such as C$, ADMIN$, etc. The attacking agent simply had to guess any account's password that had administrator rights. The administrator account was configured with a simple, easy-to-guess password--"password." Both, the Windows SBS 2003 and the regular Windows XP Home Edition with SP1 systems were compromised using this method by correctly guessing a weak password." What a complete waste of time.
ryanr posted further up the chain somewhere that some services were enabled on the Mac. Which is one reason it attracted a lot more attention than the linux box in the test...
Microsoft did not popularize the internet. In fact they tried to kill it with 'blackbird'. Microsoft jumped on the HTML bandwagon AFTER Netscape/Mozilla created the 'market'. Computers were not popularized by Microsoft. They were quite popular before before windows, and DRDOS was just as good (or better) right up until Windows 95. There were plenty of good choices prior to MS's dominance. While the x86 platform (debatably) is the best desktop solution today, up until the win95/Voodoo time period, it was one of the worst. The MS/x86 computer system set computers back 5 to 10 years.
In another post where I asked a question about that, the author responded that they turned a few services (like Samba) on that normally would be off by default (actually there are no services on by default). It is interesting (though I guess not surprising) that it would draw so many attacks even if not an actual Windows box.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I rebuilt a friends PC (on my home lan), made sure it had a firewall, Antivirus and was fully patched.
On connecting it at their house, and running up the adsl, within 15 seconds the firewall had logged 5 attempts from external hosts to use port 135
If I had not had a firewall, then the PC would not doubt have been compromised.
I assume whoever carried out these tests was not using one of the bigger ISPs which have a large base of infected pc's
In early 2002 I started a Win2K Server installation. The installation is a 2 step process. The first step formats the partitions and copies a minimal setup onto the machine which then reboots and completes the "real" installation.
Unwisely I had the machine directly attached to my then DSL w/ DHCP connection. As soon as the installation was completed I started running System Update to install security patches. Nearly the first patch detected that I was already infected by the virus de jour. I took a quick look and found that the virus had installed it 6 minutes after the pagefile was created in the very first boot of the machine.
Moral of the story: Always install new machines behind a NAT box and run all security updates before attaching them to the public network. I continue to use this policy even for linux boxes.
In these modern days an installation isn't done when the DVD-ROM pops out of the drive and the machine reboots. I believe that OSes of all flavours should temporarily disable all network facing services upon install or upgrade until the user has had a chance to install post-release security updates (or at least click a "I'm an idiot, run network services now" button). This would be much safer, regardless of the OS.
-- "Most people prefer a popular myth to an unpopular truth"
You need to take your security more serious. I have a firewall for my firewall. Then I wrap both of those in Latex. Ha, beat that..
Click HERE
So you get online with your unpatched, fresh install of XP, and you get it all up to date over a day from windowsupdate, and what's more you install spyware S&D and adaware, and nod32 antivirus and prevx, and whatever else. Are you telling me that my system is compromised already eventhough those scanning and cleaning programs tell me that it's clean?
Shut the fuck up. You don't know what you're talking about.
love to see the article, anybody grab a mirror in time?
The die-hard Mac user in the group felt that having a few services on might better represent a typical Mac user.
Thanks, I couldn't find the other post but I can understand that. I have to admit I have a few services turned on at home, mostly SSH and printer sharing. I do also use a NAT switch because it just makes life a little better with mutliple computers, not even nessecarily for the security aspect of it.
I'm not totally sure that Samba would be on by default in all that many Mac homes, I don't know how many people are really sharing files between computers that way. It would be interesting to see a study on that.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
a more interesting test would be to put a bunch of retro computing devices up onto the internet. How does a pdp-11 running v7 stack up against bsd 2.11?
Does the work of robert morris live on?
When was the last time someone try to use wizard mode on *your* port 25?
All I can say is MS surely have to be held accountable for this, and answerable to it* - forget the bollocks on the EULA.
Nick
* we all have known for eons MS stuff isn't secure anyway - no matter in what guise.
In other words:
1) IE: bad security
2) IE: good security => breaks sites
3) IE is Windows (let's assume)
4) Windows breaks sites/Windows has security issues
Oh sigh... man, I'm not even going to look for an analog syllogism because it's just so obviously wrong.
What I get really irrate about is this little fact: 90% of sites out there that tout anything cool don't work without IE. That's not to say IE is good, it's just to say these people who designed the sites were LAZY and fucking did not follow W3C standards. On top of that, most of them blatantly used IE's lax security to get cool features. Changing security settings for IE, or simply using Firefox breaks those sites.
So here's the tricky part class: it's not IE or firefox that's broken, it's the sites.
My old man use to program back in the mid 70's and early 80's. Since the days of the IBM 360 it was fairly easy to insert code and get into memory from another program running. These same techniques as well as stack smashing and buffer overflowing which causes a buffer that holds data to execute code after it runs out of its bounds is still being used today.
All the worms still infect pc's and execute using the same old tired methods outlined above. They just try stress different components of an OS or program in a hope that a buffer or data stack is being used and to insert the code right when it finishes a bound in a buffer for execution.
Anyway my old man was shocked when I told him that is the problem today with worms infecting computers.
Problems also are language based. C is horrible and something simple like getting the length of a string of text can be used to execute code. Unix is number 2 behind Windows on the most insecure systems for the reason that it is dependant on C/C++. Linux is not that great folks just because its alot better than Windows. The whole reason to migrate to NT back in the 90's was to avoid the security problems of Unix oddly enough.
Today that is laughable as Windows was discovered to be more insecure but it shows there is a fundalmental design flaw tih modern processors and languages.
I support a non drm pallidium like architecture which demands an encryption key for each set of data that needs to be executed. It sounds insane but its the only way to stop unathorized code from executing. Cpu level bound checking would also be nice.
You can try to have your programmers and users more knowledgable but it will never be 100% secure. After all your code will never appear insecure because its really the resulting assembly level code from the compiler which really leaves the door open for hackers.
I think AMD is working on buffer safe cpu's which can do array bound size checking at the CPU level and I do not know if the new Opterons support this. At least its a start.
http://saveie6.com/
If you look at the statistics compiled by the investigators, you'll see that the Window XP SP1 box and the Mac OS X 10.3.5 box both logged the overwhelming majority of attacks (45% each), and equal to within less than 1%.
The Windows box was compromised multiple times. The Mac OS X box was never compromised. The Linux box was never compromised, but it only was hit a tiny fraction of the times the Mac OS X and Win XP SP1 boxes were.
Oddly, the authors conclude that the best systems are Linux, and Win XP SP2. WTF?
The obvious winner is the platform that sustained the highest number of attacks with the fewest number of compromises. That would be Mac OS X, with essentially half of all the attacks (just like Win XP SP1) but ZERO successful compromises.
The authors seem to be bending over backwards to come up with a "winner" that runs on intel compatible hardware (Linux and Win XP SP2) but the obvious choice is Mac OS X.
Why the biased interpretations?
If nothing else run your whole network on Bart's PE. That thing is great.
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
I call FUD. Name a distro that has a vulnerable service available, open by default, and does not have a firewall running. Come on, name one.
You are being MICROattacked, from various angles, in a SOFT manner.
I've never seen Linspire on the shclf, usually SuSE, Mandrake or Redhat. How was Linspire chosen over the others?
Thanks, and Enjoy.
It's just the normal noises in here.
And only then you can plug in your Internet connection. (You did remember to remove it before you started Windows, did you?)
(Shamelesly copied from my writeup at everything2.com: http://www.everything2.com/index.pl?node_id=167965 9)
There is a very simple way to avoid exploitation while using Windows Update.
If on broadband (Cable modem or DSL), buy a hardware firewall.
Most Internet sharing devices have built-in firewalls that act as one-way doors to the Internet. You can go out to the net, but people on the net can't get back in. For less than $100.00 (Canadian, one time) you can get better protection than any "software firewall" can provide, and without renewing subscription costs. Even for a single computer, it's well worth the investment.
If on dial-up, turn on the built-in Internet Connection Firewall on your dial-up connection.
Windows XP as first released comes with a silent firewall program already installed. Make sure you turn it on! Sadly, AOL dial-up users can't use it.
(Yes, I read the PDF file that describes how XP SP1 doesn't have a firewall turned on by default. If I sell you a lock and you don't lock it before someone steals your stuff, you can't sue me for selling you a defective lock!)
Use Windows Update Only until it says it's done.
Don't do any production work, don't check e-mail, don't surf any other web sites, until Windows Update tells you that you don't need any more critical updates.
That's it, really. Get behind some kind of firewall and patch your system first. After that, start using the tools included in Windows XP, such as Automatic Updates, to let the system keep itself updated.
Other routine precauctions include: Use the hardware firewall at all times, create a Limited User account for yourself and do your production work there, stick with applications and devices Designed for Windows XP, and (as The Register is fond of saying) wear a regulation tinfoil hat.
Use Evolution instead of Outlook? Bewa
Fair enough. I will look for the other threads as you suggest.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Has it had a patch in the last several years?
"Because this system responded to ICMP ping requests, there was a low number of attempts to compromise the system--795 attacks." Makes sense?
Also, from their methodology I really don't quite understand how they count attack attempts. Especially for MacOS X they say that ~44% of total attacks observed in experiment were targeting MacOSX machine, but later they honestly say that almost all of attacks were some kind of Microsoft exploits. Does this means that they counted microsoft exploits attempting to compromise MacOS X as a mac attacks?
And, finally, I really like their babbling about most secure platforms being THREE (linspire, SP1 + zoneAlarm, windows SP2) and mentions the fact that mac were not compromised just in one table.
If you would like to see conspiracy, I would say that this is a Microsoft PR with goal to:
a) SP2 is good.
b) Don't fucking use our products without additional security software (a marvelous reccomendation by the article)
c) the only real operating envorement in this article is irrevelant and we just added it at the latest moment to gain some credibility.
Disinformation by fanboys on slashdot is so amusing. By the way outlook stop recieving scripts attachments since 2002, you're 3 years behind the times. And btw, you can't access outlook address book with a script since outlook 2002. And if we are going to talk about servers, lets talk about windows server 2003. I like to see you remote a exploit a default installation of it. A since you are on the subject of market share, I can remember when apple had a decent market share. And I can remember having my mac plus(nvir),mac se/30(wdef), and even my mac 7200ppc infected by viruses. Hell one even came on the fricking the macworld CD. Those were the days, now apple's market share has dwindled, so have the virii. Haven't seen one since System 8.5, but thats what about time I picked up my first PC like many of my other fellow mac users. God I miss those days,my Hermes BBS and trolling on the PC bbs systems.
Here's a little bit of trivia, what was the first mac software to have malware/backdoor? Homer IRC client that came out back in 96.
9.17.2003 News New SSH Exploit (detailed here) affects Mac OS X granting the attacker access to the computer as root. This security issue is vulnerable in OpenSSH version prior to 3.7, and Mac OS X is currently only at OpenSSH 3.4. To protect yourself from being vulnerable to this security risk disable SSH access to your computer by accessing your Sharing Control Pane and make sure that Remote Login is disable. Or setup your firewall to restrict access to the SSH port to only allow trusted connections. We will update this issue when Apple releases a security update.
Directory Services - Mac OS X and Mac OS X Server contains a security hole in DirectoryServices which allows for escalation of privledges and denial of service attack which is fixed with the 10.2.5 update. DirectoryServices is part of the operating systems information services subsystem, and is launched at being setuid as root by default. Credit for this find goes to Dave G. as noted by Apple's security advisory
Have you ever been to a turkish prison?
http://foo.slashdot.org/article.pl?sid=04/11/30/19 32245&tid=220&tid=172&tid=201
man my eyes hate that IT scheme
I pulled one down from MSDN; a clean box (or vmware disk) to SP2 with no insecure moments. note that not only do hacked activation keys not work, but our official corporate XP activation key didn't work either; they've changed activation somewhat, presumably reissuing all new block keys to trusted parties.
Simply put, Linux does have a better security model than Windows does.
Even Firefox has a better security model than IE. Firefox starts with the deny everything that is not specifically allowed by the user.
IE starts with the allow everything that isn't specifically denied by the user.
Now, a very knowledgable person can achieve the same level of protection with both of these systems. But that does not mean that both models are equally secure.
Linux vs Windows is the same. Particularly since IE is "integrated" with the OS.
Read the other responses. The Mac was targetted so often because it was running Samba and the attacking machines' scans saw that port and tried to exploit the vulnerabilities associated with Windows.
On the Internet, it doesn't matter if you only have 1 million boxes to Microsoft's 100 million. A scanner can find them. If they are vulnerable, they will be cracked. Maybe not in 4 minutes
But the Linux box in the article was being attacked a couple of times an hour.
If you're vulnerable, one attack will crack you.
If you are not vulnerable, a million attempts won't crack you.
It's Security. Not Marketshare.
I hear that!
I do some work with a small cable ISP, originally I built their 2 network gateways for the 2 plants they operate. These were Linux boxes with transparent squid and iptables, etc.
Well a couple months back someone sold them on changing their DOCSIS system, so a guy comes in to help them do it. While doing so he convinces the boss to switch to Cisco routers at the gates.
Now they are having major issues with virus and worm infections on their network. I had the Linux boxes configured to block most of the bad ports, etc. and infections were kept to a minimum.
The sad thing is the guy sold the boss these new routers claiming the Linux boxes weren't the correct solution, this was during an attempted install of the new DOCSIS system. One of the gates had a bad NIC in it, well it wasn't bad until the idiots entered the room and touched the PC housing, the room is a static nightmare apparently and just entering the room has caused hardware failures. I spent hours on the phone with them trying to get this thing working and it ends up being static related yet again.
The old system allowed them to monitor usage, track down infected PCs quickly, etc. while the new system makes this much more difficult to manage. We're talking a less than 300 seat cable plant.
So, now I'm telling them they are better off educating the users and selling them cable routers whenever possible.
Meanwhile, DSL just showed up in their area and they are kicking their asses. I even recommended they become DSL resellers so they'd at least have options to keep some clients who find their cable modem service crappy.
Why cant ISPS protect users?
:) or just threaten the country that has them in with blocking the WHOLE ISP from talking to USA.
Simple stuff really;
1. block/monitor ports for trojans, cant be that hard.
2. if a user is sending/accepting bad ports and it is really prooved that they are infected, FIREWALL em so they cant use the net, except the ISPS homepage which will 'clean' them.
3. actively help users to patch, (dunno about win98 loosers though)
4. find the IRC servers that are used to communicate with BOTNETS that are infected, and track down the people who are using the infected machines, and shutdown their irc servers, and other dodgy websites that host the hacking tools used to distribute more attack/botnets. I am sure a team of 2 people working actively 24/7 would be cost effective if you reduce your Tech Support callins by 70%.
5. call the FBI once you have gathered real evidence of people actively abusing/hacking botnets.
6. send em to bleed ur ass prisons
Liberty freedom are no1, not dicks in suits.
to download all the MS security patches
and service packs to a GNU/linux box (or
an OS X Mac), then apply all the needed
lock-downs off-line.
The same holds true for most *nix boxes
(including GNU/linux) as well. Never
install a new *nix system (bare iron)
while connected to the internet (or even
intranet in most places). Damn fine way
to get "rooted" before you've finished
spinning CDs.
When I was young
lol
Sorry, but I laugh because it was exactly the same back when the first multi-node chat BBS systems started to show up.
It wasn't long before traditional single-node bulletin boards saw a decrease in traffic and us sysops were pissing and moaning about all the uneducated types showing up to our social events who had no clue of the significance of "ATQ0V1X4" let alone the airspeed velocity of an unladen swallow.
Times change, and they'll always do so.
Addware, spyware or worm in .... hmmmm geee 20 years or more?
Started out with Amiga, (On the old Fido Net and BBS's) moved breifly to a wang doing Dos Emulation. Then got my first PC and installed FreeBSD. Since them my desktop is Linux or one small box running Qnix. But otherwise. I'm wondering why every one talks about when Linux will be ready for the desktop. I've been running it as my desktop since 1997.
My theory on how to get people to stop using Windows. Simple Don't sell it to them pre-installed.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
We've got 1536/256 ADSL at my hosue (Whoever thought of making connections asynchronous should be made to suffer, along with the "let's change IP's for no reason" guy). It's connected straight to my gateway box, which is a psycho-paranoid IP-masquerade for our LAN as well as a limited internet server (http/ftp/ssh/bzflag).
And oh, does a lot of crap ever go *plink* against that firewall. This is an IP that is not on Google, and does not advertize it's presence to the 'Net. There are probably 10 to 20 attempts to exploit Apache every day (Including some damn attempt to overflow it with a huge garbage query that makes my logs very ugly), along with a litany of thing requesting stuff from a windows directory. Probably as many attacks against proftpd, usually erroneous login attempts. Loads of garbage attempts to log in to sshd as root, test, and admin along with a few null passwords. On the packet filter level, I get probably 500 incoming connections from p2p programs (both because I use them and from the previous guy) a day. And believe it or not, Sasser, Slammer, Bagel, and Satan's Backdoor still come knocking. So, yeah... If all that crap got relayed to my dad's win2K box, it'd be pwn3d 20 times a day.
Now, let's not talk about my relatives who use Windows 98, even on dialup.
Boot the machine without connecting it to a network. Enable IP sec. And enable the built-in firewall (it was there all along, SP2 tried to improve on it). Or buy a damn $50 NAT'ing router (some of them evern support dialup). THEN, connect to Windows Update. Patch, etc...
If you were only detecting the ones that got through the firewall, then what is this saying? did attacks get past ZA? If so, why didn't they succeed then?
Or is this attempts that ZA blocked and logged?
P.P.S. Get a grammar checker. There are at least 4 grammatical errors in your post, you arrogant bitch.
OSX, of course, has a firewall out of the box; but both it and all network services are off by default. Furthermore, with a clean install there are no options along the way to turn firewall or services on.
"These are my principles. If you don't like them, I have others." --Groucho Marx
IOW=="In Other Words"
Really 90% of internet consumters need two things... Websurfing and email... And email tends to be blocked anyways by most ISPs.
Set it up so they can only access port 80 by default and other standard ports for say AIM and various other IM clients.
Need more ports? Well we have this other package... (oh god I sound like someone in marketing)
But seriously most people have no idea what to use the internet for and they really don't need things unless they want them since the other case involves them turning into zombie bots bogging down the rest of the net.
My 3.11 box hasnt seen an exploit in years
i feel left out
well, one of our machine reinstall XP-SP2 last week got infected with worm *during* running XP setup, at the time Windows Firewall is still not active yet. And we are doing this whole thing inside a private network(I think there are some infected PCs in the LAN already). That's way too crazy...
I'm sure they use linux too but OS X provides a secure environment and free GUI development tools that are easy to use (X-code (formerly Project builder which came from OpenStep/NextStep) and Interface builder (which started out on NeXTStep).
Jesus was a compassionate social conservative who called individuals to sin no more.
Ehem. I managed to download and install SP2 onto a HP desktop system using nothing but a 28.8 AOL dialup. Sure, it took overnight, but it worked just fine. Further, you really can't say Microsoft has done any less than they could to fix this. I know you don't make that claim, but that seems the obvious implication of all this. They fixed the holes, they added an acceptable firewall (despite the idiocy the ZoneAlarm/BlackICE/etc crowd have been spewing), they marketed this quite a bit, and they made it free to obtain a CD. What more do you want?
Yes, I realize we're in a war here but can't it be a civilized war?
I dunno, but I think making users either pay more (or better still, prove they're running a good firewall and/or otherwise protecting themselves) to get a real, unfirewalled, IP address might go a long way to mitigating the problem.
I used to have fun back in OS 9 days looking for machines that were using File Sharing on my cable modem. I have no idea how far this extended, but I did run into a few people. One even had guest access--the machine was called "Jane's iMac" or something like that. I left a note on her hard drive telling her to turn off file sharing. It was gone the next time I looked.
One reason it might be on, also, is that it's a laptop used at work. While the workplace is nice and secure, when they bring it home and plug it in--BINGO!
the Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks."
People like to infer that Linux gets targeted very little because it is used very little. But that's wrong: Linux is used a lot for well-connected servers--a juicy target for botnets.
I suspect a big reason Linux gets targeted very little is because attackers realize the futility of targeting it: Linux systems are generally more secure out of the box, and they are generally maintained better.
1 Install XP SP1
2 Search on google on enabling (shitty) firewall
3 D'oh!!!
If I help people they often have only one computer. So new installs should not be taken lightly. Normally I prepare beforehand.
I have SP1 with full patches up to but not including SP2 (evidently no more patches coming out for security for SP1...) I basically have AdAware SE running in a continuous loop in the background, and have Norton Antivirus active, and also manually run Hijack This every 20 minutes. All this just to keep my system clean.
And somehow that WToolsA/WSup/whatever bastard still managed to self-install itself for the first time yesterday in months, so they must have found another exploit.
I am afraid to install SP2 because I heard not to install it if your system is infected. Is this still true? Reinstall is not an option for me, and it's clear all these tools cannot discover the mechanism installing all these things, even if they can "quiet" the system after the first few iterations after startup.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
nt
Perhaps the reason Macs aren't targeted is that they're not running any network services out of the box (how most people leave 'em)? This would reduce their vulnerability.
Then they don't recommend it as a system to consider - apparently because of a theoretical possiblity? Very strange.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
They also should have had a machine with Mac OSX with the Firewall switched on or a 3rd party firewall like Norton. If they are going to publish Windows XP SP1 with Zonealarm as the least exposed and best protected system, they ought to have a Mac OSX machine with the Firewall on. All the Macs and Windows XP machines at my work have the firewall enabled, and when I run a Nessus scan which scans for all known vulnerabilities (for all platforms) firewalled Mac OSX and Windows XP machines do quite well. I think this study would be a little more balanced with a few alternative configurations for both Mac and Linux.
"This is like the New Pig Times reporting that if brick ever becomes as popular as straw then wolves would just start blowing them down as easily."
I got to say, that analogy is great. I really like that one.
Dood, too easy. Google "default redhat vulnerable" and away you go.
Loading...
When was the last time you actually had windows detect the network card right away and correctly?
"Linux users have the latest and greatest available all the time on the net"
SP2 is also available on the net.
"CD publishers for five bucks or so"
Five bucks? What a rip off. MS is sending out free SP2 disks AND paying the postage for those who ask.
"I can't speak for Mac, but my impression is that they supply updates free of charge."
Nope. I have an iMac running OSX. I bought 10.1 and then had to turn right back around and buy 10.2. XP is 3 years old now (not two) and they are giving away SP2 for free.
For downloading windows patches after a fresh install to later run under windows off line.
Heh.
I guess there is a difference between being a 'nerd' and a competant computer user, isnt there...
"Just enable TCP/IP filtering in advanced networking and set TCP to permit only (nothing)."
And exactly how many people realize that is the way it should be done? Where in the manual does it tell you to do this? Do you expect people without years of experience an a keen interest in security to even understand what TCP/IP fitering means?
THAT is why Windows is the problem, not the user. Computers were supposed to make life easier, remember...
Yes, that would have been the obvious next choice. I think it would be interesting as well. It would also be somewhat one-sided in the results. :)
Unforunately, that kind of test is a lot more work. I don't see us doing it any time soon. I'd be happy to see someone take that on if they are interested.
What if i am not using SP2. (Actually my computer keeps on rebooting on installing SP2) Then if i have a cyberarmour or zonealarm firewall running. And i do not use IE or install crap, am i still at risk?
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Why should the default install of an operating system require a firewall? Presumably no network services are running on the default install. There's no need to run a firewall if all your ports are closed to start with.
The W2K filter works fine but you have to know what needs to be opened and in which direction. I believe that the latest XP firewall is easier to setup, but ironically some major Linux distros are much better at this asking you about your required security level and allowing you to enable extra services by name. I say "ironically" because Linux is supposed to be harder to install. I really can't agree that an equiv Windows installation (Windows Adv Server with loads of extras) is easier to configure than Linux.
"And oh, does a lot of crap ever go *plink* against that firewall. This is an IP that is not on Google, and does not advertize it's presence to the 'Net"
Uh...you want to run that by me again?
You can't be serious about large downloads with window$$$$$$$$!! Windows will find a way to screw them up. All of them. Unless you use a resumable download manager like 'Lightning Download' (google it out if you want it), you will fail. Especially with a slow connection and/or even more certainly with a slow or older machine. Download failures with window$$$$$$$ 98 and 95 were legendary.
I recently testified in a court case where an innocent enduser had his box rooted and (unbeknownst to him) turned into a child porn distribution site.
Luckily (and I mean that - it was more luck than anything else) he won the case and did not get branded as a sex offender for the rest of his life, with his neighbors notified of his "problem" where ever he goes.
Anyway, as a result of that near-miss, a number of my friends have asked me to check their boxes for similar problems.
I've found four boxes rooted so far - 1 wXP, three w98 - and one of them was on a 28.8 line.
The virus scanner on the 28.8 box appeared to work perfectly but did not find anything. I booted from a linux BBC and found all kinds of previously invisible directories loaded with warez.
If you are rooted, you cannot trust any program run on the machine unless you boot clean from external known good media. If you are unpatched, you can be rooted regardless of what scanners you are running.
Think hard...
I would hazard that the default install of an operating system require a firewall because, today, the default use of a PC is for it to be networked in some fashion.
Please remember, I'm not arguing that Windows ins't an insecure mess of crap, it can be (usually is actually.) I'm just saying that it sounded rather sensationalist (the OP, not the articles themselves.)
It was a 'baby seal' scenario, LOL.
Loading...
But if you enable network services, presumably you have to knock holes in your local firewall to allow them to be accessed.
I can't think of any additional services on my desktop that would need external network access. I have file sharing (NFS), messaging (Jabber), mail and web access without opening any ports for external access.
I guess the point I was trying to make was that a firewall is not some magical protection: there have to be vulnerable services listening on ports for you to be vulnerable.
Definitely. It takes about 1 second to actually make a firewall useless: "A process at xxx:xxx:xxx:xxx has attempted to connect to your machine, do you wish to allow this process access to your machine?" LOL.
Loading...
P.P.S. Get a grammar checker. There are at least 4 grammatical errors in your post, you arrogant bitch.
Yes, there were several typos and grammatical errors in my post. But none were misspellings because I use a spell checker. Given how easy it is to use a spellchecker on most systems, I don't think my advice was out of line. As far as my being an arrogant bitch goes ...yes I am arrogant. No, I am not a female dog. Getting a universal grammar checker is a great idea, their is one on my old workstation that never made it over to my laptop. The download is finished now. I'll have to restart my browser before the service is available for Slashdot posts. Thanks for your suggestion.
What is the purpose of measuring the number of unsuccessful attacks, and making note after note about it in the abstract? (Yes, unfortunately I RTFA) This seems bizarre, no? And by what method did they determine the 1, 2 & 3 systems? None of them were sucessfully attacked.
Better have a Mac or Linux to download it.
"CD publishers for five bucks or so" Five bucks? What a rip off. MS is sending out free SP2 disks AND paying the postage for those who ask.
Woot, a $0.25 CD and $0.37 in postage (if you ask for it). The second bug fix for a three year old OS. I'm underwhelmed by the generosity of people who try to charge between one and three hundred dollars for an OS that has yet to include something as basic as a spell checker.
I mentioned CDs because some people still use dial up. A single CD purchase and Dial up internet represent the minimal cost of getting a computer working and on the net. Getting a 650MB iso with the average dial up provider is a painful process even with intelligent downloading programs with auto resume and a $5.00 CD looks like a good deal. You can buy a lot of $5.00 CDs with the $20 a month price difference between dial up and "broadband". $5.00 covers the cost of making the CDs. The software is free, of course, and your local Linux User's Group usually has a library you can use to get started. The average person can keep their system updated on dial up. CDs and broadband represent maximum costs for people who like to have multiple choices of latest and greatest without much fuss.
When you consider the cost of legally owning multiple coppies of Winblows, even a big broadband spender like me is a winner. At any given time, I've got five computers up. Each of those machines has a specific set of tasks and does them well. The operating systems alone would have set me back $1,000. The software to do anything useful another $500 at the least. That's enough money for three years worth of cable bills, but my poor Winblows computers would have been blown out after the first 4 minutes or so.
Friends don't help friends install M$ junk.
I think it's funny that you posted as an AC to call someone paranoid.
"At first, we thought it was just another snake cult."
It is not referenced anywhere on the 'Net, does not respond to pings of any kind, etc. It doesn't stick it's head up over the trench.
Sure, but a repeatable and published test to point at would be nice.
Unforunately, that kind of test is a lot more work. I don't see us doing it any time soon.
Oh well, thanks for what you did.
Friends don't help friends install M$ junk.
I used Windows 95 and Windows 98 for three and a half years
If you have a poor ISP or a cheapass winmodem, problems may result.
If you have a decent ISP and a decent modem, large downloads tend to work.
While windows has its failings, dropping PPP connections isn't one of them.
PS: Windows isn't spelled with any dollar signs.
PPS: For large downloads under windows, I prefer the win32 compile of wget.
The real reason why you don't see Worms and Viruses on MacOS and Linux is that Unix, in general, is an unatractive target.
A virus writer needs to know the ABI, processor architecture, etc. Preferably, they want to know the libraries they need are installed, etc. too.
On GNU/Linux, this is all chaotic and difficult to manage. Even with a PNG or JPEG exploit, you'd have to know server side the version of the kernel, etc. to send the correct exploit.
Windows is relatively constant. You have an ABI that's been unchanged for years, you have x86 processor, you have a cloud of DLLs you know are always there.
That's more why Windows is attacked, it's a much more desirable environment.
If your code is acting bloated, and is running rather slow, it's likely and predicted that some loops you will unroll.
Since I didn't see any comments to reflect the other side of this, I feel I must respond.
As someone whose ISP blocks every single port, I must say, a forced* ISP-based firewall is not the way to go. If you really want such a firewall, by all means, try Comcast. But don't come crying to me when you want to use DCC.
Here are some examples of what I have tried, and failed, to do:
- Set up a webmail server to allow myself and my parents to access our email from outside the home (My mom really hates Comcast's webmail interface, and I don't blame her)
- Set up an ssh server so that myself and my friends can log in, retrieve files, work on projects, etc.
- Set up a VNC server to allow me to teach C online (AIM just doesn't cut it)
- Use DCC on IRC
- Send and receive files over AIM (gaim, actually)
- Use any of AIM's features, besides basic messaging (sending/receiving pictures and voice chat, for example)
- Set up any of a dozen game servers
The second I move out (or when my mom's email address no longer has enough inertia to keep us on Comcast), I will switch ISPs. Until then, I guess I must continue to try to convince my mom...
It's too bad Comcast has a government-funded monopoly on cable TV and internet around here.
* I do realize that the parent was not talking about an forced firewall, but I still feel that this viewpoint deserves some discussion
Every time you run "emerge", a Microsoft drone dies.