Slashdot Mirror


Clean System to Zombie Bot in Four Minutes

Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.

17 of 608 comments (clear)

  1. NAT by The+Snowman · · Score: 4, Insightful

    I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user.

    I know it works well enough for me, but I am not a typical user -- even my Windows box is locked down tight.

    --
    24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. You can't play the 'luser' card! by nordicfrost · · Score: 4, Insightful

    Many IT-people brand the persons that get these bots / infections as clueless lusers who get their comeuppance. I don't.

    A machine isn't supposed to act this way. It is very simple, but we forget that proper behaviour for the machine is to NOT get infected in seconds. I have abandoned windows some time ago, but still help friends with their machines. But it is a battle they're losing. Nothing seems to help, mostly due to the extremely bad security paradigms. They now think its normal having to run 2 - 3 different anti-adware programs, virusscanner, be on eternal vigilance at every corner of the internet.

    It is not supposed to be like this. Don't forget that.

    1. Re:You can't play the 'luser' card! by revscat · · Score: 4, Insightful
      You're way off the mark. We don't blame the users. Or even windows for that matter. This is just the way of life for us in the computer age.

      Correction: "Way of life for us in the Windows world." Other operating system's don't have these problems and associated costs and loss of productivity.

    2. Re:You can't play the 'luser' card! by PitaBred · · Score: 3, Insightful

      I think you missed the whole point of his post. That it's not supposed to be like that. It's not "just the the way of life for us in the computer age." It's a symptom of a deeply broken system that has no visions of actually repairing it. Virus scanners, adware scans, firewalls... they're band-aids. They don't address the true causes of the problems, that the system is failing miserably.

  3. Re:First Zombie. by omicronish · · Score: 4, Insightful

    ARG! The patches! They do nothing!

    Erm, if you look at the article summary and the article itself, it says that Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. Windows XP SP2 is what many would consider a collection of patches, so yes, it seems to have done something.

  4. Rule number 1 for doing an XP install: by theparanoidcynic · · Score: 3, Insightful

    Zone Alarm and Firefox get on the system from a flash drive before ethernet cable is ever pluged in.

    --
    Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
  5. Re:Only on broadband by Jeff+DeMaagd · · Score: 4, Insightful

    I was on a modem as recently as last year.

    What I did was went through the list of patches and manually downloading them through Microsoft's download site. Some of them weren't available or had odd restrictions of installation, but whenever I set up a computer, I just got the list of patches it needed through Windows Update and installed the local copies.

    I also had the luck of staying at a hotel the next city over, it had free wireless Internet service, so I downloaded as much of everything I could.

  6. Re:Ok, before the bitching begins: by pcmanjon · · Score: 3, Insightful

    You don't mention the same about linux neither? Linux and all other unix based systems are built mor e secure in nature.

    I wish marketshare would skyrocket for a unix-based OS so we could prove to the world, togeather, that market share isn't what protects these systems.

  7. Re:Ok, before the bitching begins: by Ancil · · Score: 3, Insightful

    Even a completely unpatched Mac OS X 10.0.0 machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be.
    Yes, and on Windows XP with Service Pack 2 installed, the firewall is also locked down from first boot until such time as you decide to open some ports up.

    This is the version that's been shipping on new machines and sitting on store shelves for half a year now.

    But these facts are a bit inconvenient and don't make for exciting headlines, so we'll run the test with SP1, which everyone knows had some juicy exploits.

  8. Re:Ok, before the bitching begins: by daveschroeder · · Score: 4, Insightful

    This is the version that's been shipping on new machines and sitting on store shelves for half a year now.

    1. And this still doesn't represent a large portion of machines running XP.

    2. There have been some major exploits, albeit not necessarily remote, that have still affected XP post-SP2.

    Microsoft's almost criminally (considering how many billions of dollars and manhours that have been lost due to this) late sudden "awareness" of security does not change the basic premise of this article, nor what I said.

  9. Re:This doesn't surprise me. by frank_adrian314159 · · Score: 4, Insightful
    I've been around the Internet for a long time -- since the early 90s in fact...

    Well, I've been around the "Internet" since the early 80's and remember when you had to manually route email across the UUCP network. I also know people who have been on the "Internet" ever since it was only the ARPANET. And you know what? I started complaining around the early nineties when this "Mosaic" thing showed up and started to screw up the Internet. And the guys who were on the ARPANET bitched when our machines started routing USENET and email through their network. Bottom line, whenever new people come in and change things, the "old timers" say that it sucks. Old immigrants always dislike new immigrants. Welcome to reality, where things always will suck more next year because kids these days just don't know how to behave.

    But in the end, you know what? I wouldn't have changed a thing. It was what it was, it will be what it will be because people try to make it better and it's still a hundred times better than if it would have been if it had stayed the same. Stop thinking about how great things were in "the good old days" and trying to keep people from doing interesting stuff (and, yes, even worms and viruses are interesting in a malevolent way). Instead, figure out how to improve things without cutting off access and help build "the good new days".

    --
    That is all.
  10. Re:Our experience by SpooForBrains · · Score: 3, Insightful
    Linux boxes initially are difficult to set up, but are more difficult for novice users necessitating frequent support


    I'm sorry but this is absolute shash. A properly configured current KDE installation is just as easy to use as Windows, and why shouldn't it be? All the requisite components are where you would expect them to be (Applications on a menu in the bottom left corner, close, minimise and maximise buttons where you would expect them, trash on the desktop, equivalents of system tray and quicklaunch bar). Visually they are superficially different but that's as far as it goes.

    I know this from experience. We support offices running 90% linux desktops and we still have a significantly higher support overhead from the Windows machines.
    --
    "The dew has clearly fallen with a particularly sickening thud this morning"
  11. Re:Myth of the Suckiest OS by 99BottlesOfBeerInMyF · · Score: 3, Insightful

    This is a flame for everybody who keeps making these assnine comparisons and believes that they're OS integrity is somehow extra special or that Windows M$ is extra bad.

    Well, I hate to break it to you, but Windows security is extra bad. Popularity aside, Windows does some really dumb things from a security perspective, both historically and currently, and and security professional will tell you that Windows needs some serious changes to their underlying system if they ever want to make it reasonably secure.

    No system is bulletproof, but some of them at least put the bulletproof vest on their chest and the helmet on their head. Windows puts them both on it's ass.

    Just because Windows is popular, you should not excuse the designers their crappy security decisions.

    P.S. Get a spellchecker.

  12. Re:Myth of the Suckiest OS by NaugaHunter · · Score: 4, Insightful

    But seriously. If Linux ever becomes as popular as windows, I guarantee malcontents will find any and every way to comprimise your system in under 4 minutes.

    This is like the New Pig Times reporting that if brick ever becomes as popular as straw then wolves would just start blowing them down as easily. In other words you are arguing under the Fallacy of the General Rule; namely that all platforms have exactly the same vulnerabilities, if only someone would bother to look for them.

    Windows has large, exploitable holes that other platforms don't. Period. End of sentence. It is the height of tunnel sighted arrogance to think today's hackers wouldn't each love to be the one that finally writes the mighty virus that gets through OS X or Linux.

    Yes, a large percentage of problems are from copy cats. But you will not convince me there aren't those who take pride in their hacking that wouldn't love to be the one to break the OS X/Linux barrier and aren't working at doing so just to show it can be done.

    --
    R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
  13. Re:Ok, before the bitching begins: by Phillup · · Score: 3, Insightful

    And Windows XP SP2 doing just as well as OS X means...?

    It means that something as simple as a firewall, implemented from the very beginning... say 1995 with Windows 95... would have saved the world economy damn near a trillion dollars.

    For ten fscking years we have had to put up with negligent behavior on the part of MS when it comes to basic computer science.

    All in the name of one more sale.

    --

    --Phillip

    Can you say BIRTH TAX
  14. RTFA - it's shit. by KZigurs · · Score: 4, Insightful

    "Because this system responded to ICMP ping requests, there was a low number of attempts to compromise the system--795 attacks." Makes sense?

    Also, from their methodology I really don't quite understand how they count attack attempts. Especially for MacOS X they say that ~44% of total attacks observed in experiment were targeting MacOSX machine, but later they honestly say that almost all of attacks were some kind of Microsoft exploits. Does this means that they counted microsoft exploits attempting to compromise MacOS X as a mac attacks?

    And, finally, I really like their babbling about most secure platforms being THREE (linspire, SP1 + zoneAlarm, windows SP2) and mentions the fact that mac were not compromised just in one table.

    If you would like to see conspiracy, I would say that this is a Microsoft PR with goal to:
    a) SP2 is good.
    b) Don't fucking use our products without additional security software (a marvelous reccomendation by the article)
    c) the only real operating envorement in this article is irrevelant and we just added it at the latest moment to gain some credibility.

  15. Re:Hey, cool. by MaestroRC · · Score: 5, Insightful
    As someone else replied, that means they were non-functional. Pretty useless in a home setup.

    While I am a mac user (only for the last year though), I am a windows admin by trade. Why did you not state in your article that while the mac *was* getting attacked almost as much as windows, it was much more secure in that nothing broke through? You stated that "if they had been written to exploit OS X, they would have been successful". Find me something that will exploit samba successfully that can grant root (install) access on a mac, and I will agree with you. However, even with SMBd getting attacked, and even if there were an exploit that could take it over, it still would be unable to get admin access to make the mac a zombie, because of the secure nature of OS X.

    You said yourself "it was fun watching all the windows attacks fail on OSX", which merely means that it was getting attacked so much BECAUSE the exploits thought it was windows. This is not a reason that OS X should be ranked "less secure". The real winner in your survey is OSX here, not SP2.

    --
    I hate sigs...