Slashdot Mirror
Clean System to Zombie Bot in Four Minutes
Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.
I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user.
I know it works well enough for me, but I am not a typical user -- even my Windows box is locked down tight.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
Many IT-people brand the persons that get these bots / infections as clueless lusers who get their comeuppance. I don't.
A machine isn't supposed to act this way. It is very simple, but we forget that proper behaviour for the machine is to NOT get infected in seconds. I have abandoned windows some time ago, but still help friends with their machines. But it is a battle they're losing. Nothing seems to help, mostly due to the extremely bad security paradigms. They now think its normal having to run 2 - 3 different anti-adware programs, virusscanner, be on eternal vigilance at every corner of the internet.
It is not supposed to be like this. Don't forget that.
ARG! The patches! They do nothing!
Erm, if you look at the article summary and the article itself, it says that Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. Windows XP SP2 is what many would consider a collection of patches, so yes, it seems to have done something.
Zone Alarm and Firefox get on the system from a flash drive before ethernet cable is ever pluged in.
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
I was on a modem as recently as last year.
What I did was went through the list of patches and manually downloading them through Microsoft's download site. Some of them weren't available or had odd restrictions of installation, but whenever I set up a computer, I just got the list of patches it needed through Windows Update and installed the local copies.
I also had the luck of staying at a hotel the next city over, it had free wireless Internet service, so I downloaded as much of everything I could.
You don't mention the same about linux neither? Linux and all other unix based systems are built mor e secure in nature.
I wish marketshare would skyrocket for a unix-based OS so we could prove to the world, togeather, that market share isn't what protects these systems.
My shit-hole apartment would be cleaned out in about 4 minutes if I didn't lock the door, too. So what does this prove? That there are nasty things out there? That shouldn't be news to anybody, especially not the Slashdot crowd. Lock down your computer the same way you'd lock your car doors and you'd lock your house.
I don't respond to AC's.
Well, that's kind of irrelevant, because you don't see very many machines with those OSes getting newly connected to the Internet any more. Some, but not many...
This is the version that's been shipping on new machines and sitting on store shelves for half a year now.
But these facts are a bit inconvenient and don't make for exciting headlines, so we'll run the test with SP1, which everyone knows had some juicy exploits.
This is the version that's been shipping on new machines and sitting on store shelves for half a year now.
1. And this still doesn't represent a large portion of machines running XP.
2. There have been some major exploits, albeit not necessarily remote, that have still affected XP post-SP2.
Microsoft's almost criminally (considering how many billions of dollars and manhours that have been lost due to this) late sudden "awareness" of security does not change the basic premise of this article, nor what I said.
Well, I've been around the "Internet" since the early 80's and remember when you had to manually route email across the UUCP network. I also know people who have been on the "Internet" ever since it was only the ARPANET. And you know what? I started complaining around the early nineties when this "Mosaic" thing showed up and started to screw up the Internet. And the guys who were on the ARPANET bitched when our machines started routing USENET and email through their network. Bottom line, whenever new people come in and change things, the "old timers" say that it sucks. Old immigrants always dislike new immigrants. Welcome to reality, where things always will suck more next year because kids these days just don't know how to behave.
But in the end, you know what? I wouldn't have changed a thing. It was what it was, it will be what it will be because people try to make it better and it's still a hundred times better than if it would have been if it had stayed the same. Stop thinking about how great things were in "the good old days" and trying to keep people from doing interesting stuff (and, yes, even worms and viruses are interesting in a malevolent way). Instead, figure out how to improve things without cutting off access and help build "the good new days".
That is all.
I understand what your saying, but two points:
1. All users should be patching, or letting the OS do it. We do want patched systems, right? So we have to educate users, and they have to follow through, or the OS has to be allowed to do it for them. To a degree I blame MS for taking so long to make auto-update the default, but frankly if they had it set to auto from the start everyone would be screaming bloody murder about privacy concerns and such. Can't have it both ways.
2. As for the pirated versions, I think if MS is smart they will let the pirated versions update as well regardless. I think that's better for everyone. I think they should separate out the patches from the updates. Patches should always be allowed no matter if the copy is legit or not (and it shouldn't even be checked), but updates, things like a new version of Movie Maker or Media Player (that doesn't involve security fixes) should require validation of your copy. I'd be OK with that.
But, that being said, the pirates shouldn't be pirating, so I don't have much sympathy for them. In fact, I could give a shit if their systems gets hosed by a virus or worm or whatever else, if it wasn't for the fact that it could harm ME if they get zombified, I wouldn't care at all. But, since they CAN affect me, MS should allow them to be patched, security-wise, but that's it. If they don't, I'm against the policy.
But in the end, the update mechanism, certanly for legit users, is there, and they need to be taking advantage of it, whether it's automatic or not.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
I'm sorry but this is absolute shash. A properly configured current KDE installation is just as easy to use as Windows, and why shouldn't it be? All the requisite components are where you would expect them to be (Applications on a menu in the bottom left corner, close, minimise and maximise buttons where you would expect them, trash on the desktop, equivalents of system tray and quicklaunch bar). Visually they are superficially different but that's as far as it goes.
I know this from experience. We support offices running 90% linux desktops and we still have a significantly higher support overhead from the Windows machines.
"The dew has clearly fallen with a particularly sickening thud this morning"
This is a flame for everybody who keeps making these assnine comparisons and believes that they're OS integrity is somehow extra special or that Windows M$ is extra bad.
Well, I hate to break it to you, but Windows security is extra bad. Popularity aside, Windows does some really dumb things from a security perspective, both historically and currently, and and security professional will tell you that Windows needs some serious changes to their underlying system if they ever want to make it reasonably secure.
No system is bulletproof, but some of them at least put the bulletproof vest on their chest and the helmet on their head. Windows puts them both on it's ass.
Just because Windows is popular, you should not excuse the designers their crappy security decisions.
P.S. Get a spellchecker.
Zombie bots generally don't know the difference between dialup and broadband.
Perhaps you don't "have" any spyware or viruses is because your line is too slow to update your scanners?
Seriously, install a squid proxy so you can download the patches on one machine and all the other machines can just use the cache.
I bet if you let it go overnight it would be done in the morning.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
But seriously. If Linux ever becomes as popular as windows, I guarantee malcontents will find any and every way to comprimise your system in under 4 minutes.
This is like the New Pig Times reporting that if brick ever becomes as popular as straw then wolves would just start blowing them down as easily. In other words you are arguing under the Fallacy of the General Rule; namely that all platforms have exactly the same vulnerabilities, if only someone would bother to look for them.
Windows has large, exploitable holes that other platforms don't. Period. End of sentence. It is the height of tunnel sighted arrogance to think today's hackers wouldn't each love to be the one that finally writes the mighty virus that gets through OS X or Linux.
Yes, a large percentage of problems are from copy cats. But you will not convince me there aren't those who take pride in their hacking that wouldn't love to be the one to break the OS X/Linux barrier and aren't working at doing so just to show it can be done.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
And Windows XP SP2 doing just as well as OS X means...?
It means that something as simple as a firewall, implemented from the very beginning... say 1995 with Windows 95... would have saved the world economy damn near a trillion dollars.
For ten fscking years we have had to put up with negligent behavior on the part of MS when it comes to basic computer science.
All in the name of one more sale.
--Phillip
Can you say BIRTH TAX
My point is that you should declare both just as loudly:
* People should know that unpatched boxes are trouble, that's completely fair
* People should know that the patched and secured boxes are just as good (based on the published results at least) as just about any other OS.
I can accept that maybe the Slashdot slant as represented by the front-page post may have made the article seem like something it wasn't, namely a Windows bash piece. But, having read the actual article, it didn't seem like both conclusions were fairly represented. It seemed as though the positive outcome of the "secured" XP box only got a small blurb, while the negatives of the unpatched box got much more air time. I believe it should have been more well-balanced. That is my point.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
There is a fundamental problem with your myth.
How does a fresh install of Windows get compromised so quickly? Through ports on services, mostly.
Now consider a fresh OS X install. Let us imagine a future where 99% of the computers are Macs. You go to install the OS, and - you have no compromises when you are done (much less ten minutes later). How is this possible? Because there are NO NETWORK SERVICES RUNNING BY DEFAULT. None! You have literally no way for the four-minute phenominom to strike you.
Different Linux distros are more or less along these lines, depending on how many services they, too, leave off by default.
Perhaps in a different future with a more popular OS you might have quite a few more Malware programs that would seek to have the user install them or attack browser flaws. That is a different issue, but doesn't address the fundamental weakness of a system that can be compromised without user action in under four minutes.
Windows solved a lot by adding a default firewall, though you are still at the mercy of the firewall working properly instead of fundamentially being more secuure by leaving services off. It only takes one bit of malware to disable the firewall without telling you and it's off to the races again for your PC. SInce other systems as of yet have no need for these programs, they are not as fundamentially weak.
As a side note, I hope that people doing software performance reviews from now on are doing them with firewall and anti-virus programs in full operation, otherwise the results are meaningless. Especially on an Intel platform, why would you not use an OS that requires a lot less background processing just to keep other people off your system? It's like hiiring a full time bodyguard and agent when you work at K-Mart - it just should not be needed.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In other words:
1) IE: bad security
2) IE: good security => breaks sites
3) IE is Windows (let's assume)
4) Windows breaks sites/Windows has security issues
Oh sigh... man, I'm not even going to look for an analog syllogism because it's just so obviously wrong.
What I get really irrate about is this little fact: 90% of sites out there that tout anything cool don't work without IE. That's not to say IE is good, it's just to say these people who designed the sites were LAZY and fucking did not follow W3C standards. On top of that, most of them blatantly used IE's lax security to get cool features. Changing security settings for IE, or simply using Firefox breaks those sites.
So here's the tricky part class: it's not IE or firefox that's broken, it's the sites.
Unless I'm mistaken
That's a possibility, since your argument doesn't seem to follow from the known facts.
Plot the price/performance curve of desktop systems from 1980 onward. The rate of change is of course quite variable, but there is certainly no dramatic spike or change of slope that can be particularly attributed to Microsoft Windows. Indeed, almost all of the price/performance effects are due to hardware.
"Because this system responded to ICMP ping requests, there was a low number of attempts to compromise the system--795 attacks." Makes sense?
Also, from their methodology I really don't quite understand how they count attack attempts. Especially for MacOS X they say that ~44% of total attacks observed in experiment were targeting MacOSX machine, but later they honestly say that almost all of attacks were some kind of Microsoft exploits. Does this means that they counted microsoft exploits attempting to compromise MacOS X as a mac attacks?
And, finally, I really like their babbling about most secure platforms being THREE (linspire, SP1 + zoneAlarm, windows SP2) and mentions the fact that mac were not compromised just in one table.
If you would like to see conspiracy, I would say that this is a Microsoft PR with goal to:
a) SP2 is good.
b) Don't fucking use our products without additional security software (a marvelous reccomendation by the article)
c) the only real operating envorement in this article is irrevelant and we just added it at the latest moment to gain some credibility.
I'm sure they use linux too but OS X provides a secure environment and free GUI development tools that are easy to use (X-code (formerly Project builder which came from OpenStep/NextStep) and Interface builder (which started out on NeXTStep).
Jesus was a compassionate social conservative who called individuals to sin no more.
While I am a mac user (only for the last year though), I am a windows admin by trade. Why did you not state in your article that while the mac *was* getting attacked almost as much as windows, it was much more secure in that nothing broke through? You stated that "if they had been written to exploit OS X, they would have been successful". Find me something that will exploit samba successfully that can grant root (install) access on a mac, and I will agree with you. However, even with SMBd getting attacked, and even if there were an exploit that could take it over, it still would be unable to get admin access to make the mac a zombie, because of the secure nature of OS X.
You said yourself "it was fun watching all the windows attacks fail on OSX", which merely means that it was getting attacked so much BECAUSE the exploits thought it was windows. This is not a reason that OS X should be ranked "less secure". The real winner in your survey is OSX here, not SP2.
I hate sigs...
My old man use to program back in the mid 70's and early 80's.
;)
Yep, he's a youngster
I support a non drm pallidium like architecture which demands an encryption key for each set of data that needs to be executed. It sounds insane but its the only way to stop unathorized code from executing. Cpu level bound checking would also be nice.
That's like a lock that's so good you lock yourself out. Permanently.
Actually the Burroughs computers a bit before your old man's time, did precisely that, the bounds checking. Problem is, a number of programs that were aparently running ok would fail because they were actually doing something illegal.
but it will never be 100% secure.
Right. The question is how much effort is worthwhile and how good a security do you really need anyway? Elaborate security setups and junking old computers with hard drives intact
really the resulting assembly level code from the compiler which really leaves the door open for hackers.
This is the level at which code is exploited. The exploits do not use the source, they use the machine language. You need source to fix the exploit, not to exploit the code. In particular, any differences between what the machine code does and what the source code plus comments implies is probably capable of aloowing something undesirable.
The whole reason to migrate to NT back in the 90's was to avoid the security problems of Unix oddly enough.
Unix security is poor, but extremely effective considering the effort.
Anyway my old man was shocked when I told him that is the problem today with worms infecting computers.
Remember Melissa? Melissa was nice. Everything since has been pretty much predictable. The assumption or attitude that computers are nice and trustworthy paints a large target that can and does draw fire. It's a bad idea to claim that you are more secure than you are.