Clean System to Zombie Bot in Four Minutes
Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.
I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user.
I know it works well enough for me, but I am not a typical user -- even my Windows box is locked down tight.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
Many IT-people brand the persons that get these bots / infections as clueless lusers who get their comeuppance. I don't.
A machine isn't supposed to act this way. It is very simple, but we forget that proper behaviour for the machine is to NOT get infected in seconds. I have abandoned windows some time ago, but still help friends with their machines. But it is a battle they're losing. Nothing seems to help, mostly due to the extremely bad security paradigms. They now think its normal having to run 2 - 3 different anti-adware programs, virusscanner, be on eternal vigilance at every corner of the internet.
It is not supposed to be like this. Don't forget that.
ARG! The patches! They do nothing!
Erm, if you look at the article summary and the article itself, it says that Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. Windows XP SP2 is what many would consider a collection of patches, so yes, it seems to have done something.
I was on a modem as recently as last year.
What I did was went through the list of patches and manually downloading them through Microsoft's download site. Some of them weren't available or had odd restrictions of installation, but whenever I set up a computer, I just got the list of patches it needed through Windows Update and installed the local copies.
I also had the luck of staying at a hotel the next city over, it had free wireless Internet service, so I downloaded as much of everything I could.
This is the version that's been shipping on new machines and sitting on store shelves for half a year now.
1. And this still doesn't represent a large portion of machines running XP.
2. There have been some major exploits, albeit not necessarily remote, that have still affected XP post-SP2.
Microsoft's almost criminally (considering how many billions of dollars and manhours that have been lost due to this) late sudden "awareness" of security does not change the basic premise of this article, nor what I said.
Well, I've been around the "Internet" since the early 80's and remember when you had to manually route email across the UUCP network. I also know people who have been on the "Internet" ever since it was only the ARPANET. And you know what? I started complaining around the early nineties when this "Mosaic" thing showed up and started to screw up the Internet. And the guys who were on the ARPANET bitched when our machines started routing USENET and email through their network. Bottom line, whenever new people come in and change things, the "old timers" say that it sucks. Old immigrants always dislike new immigrants. Welcome to reality, where things always will suck more next year because kids these days just don't know how to behave.
But in the end, you know what? I wouldn't have changed a thing. It was what it was, it will be what it will be because people try to make it better and it's still a hundred times better than if it would have been if it had stayed the same. Stop thinking about how great things were in "the good old days" and trying to keep people from doing interesting stuff (and, yes, even worms and viruses are interesting in a malevolent way). Instead, figure out how to improve things without cutting off access and help build "the good new days".
That is all.
But seriously. If Linux ever becomes as popular as windows, I guarantee malcontents will find any and every way to comprimise your system in under 4 minutes.
This is like the New Pig Times reporting that if brick ever becomes as popular as straw then wolves would just start blowing them down as easily. In other words you are arguing under the Fallacy of the General Rule; namely that all platforms have exactly the same vulnerabilities, if only someone would bother to look for them.
Windows has large, exploitable holes that other platforms don't. Period. End of sentence. It is the height of tunnel sighted arrogance to think today's hackers wouldn't each love to be the one that finally writes the mighty virus that gets through OS X or Linux.
Yes, a large percentage of problems are from copy cats. But you will not convince me there aren't those who take pride in their hacking that wouldn't love to be the one to break the OS X/Linux barrier and aren't working at doing so just to show it can be done.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
"Because this system responded to ICMP ping requests, there was a low number of attempts to compromise the system--795 attacks." Makes sense?
Also, from their methodology I really don't quite understand how they count attack attempts. Especially for MacOS X they say that ~44% of total attacks observed in experiment were targeting MacOSX machine, but later they honestly say that almost all of attacks were some kind of Microsoft exploits. Does this means that they counted microsoft exploits attempting to compromise MacOS X as a mac attacks?
And, finally, I really like their babbling about most secure platforms being THREE (linspire, SP1 + zoneAlarm, windows SP2) and mentions the fact that mac were not compromised just in one table.
If you would like to see conspiracy, I would say that this is a Microsoft PR with goal to:
a) SP2 is good.
b) Don't fucking use our products without additional security software (a marvelous reccomendation by the article)
c) the only real operating envorement in this article is irrevelant and we just added it at the latest moment to gain some credibility.
While I am a mac user (only for the last year though), I am a windows admin by trade. Why did you not state in your article that while the mac *was* getting attacked almost as much as windows, it was much more secure in that nothing broke through? You stated that "if they had been written to exploit OS X, they would have been successful". Find me something that will exploit samba successfully that can grant root (install) access on a mac, and I will agree with you. However, even with SMBd getting attacked, and even if there were an exploit that could take it over, it still would be unable to get admin access to make the mac a zombie, because of the secure nature of OS X.
You said yourself "it was fun watching all the windows attacks fail on OSX", which merely means that it was getting attacked so much BECAUSE the exploits thought it was windows. This is not a reason that OS X should be ranked "less secure". The real winner in your survey is OSX here, not SP2.
I hate sigs...