Slashdot Mirror
Is Your OS Tough Enough?
LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."
These results mirror what I typically see on my workstation. I run a couple of websites on my workstation including our laboratory website, and my blog. Logs are monitored constantly with a nice tool called mkconsole that displays the logs transparently on my desktop. Several times a week, there is an attack. Most however are either scripted or fairly primitive, although last week there was a sophisticated attack that that bounced through a compromised Windows machine on campus. We tracked it back to an AOL user on the East coast and reported his IP address to the sysadmins. They sent an email back to me letting me know that they would follow it up. I've not heard anything else since, but in addition to using a more secure OS, one should also maintain a vigilance of your systems to help keep things under control and if you do use Windows, PLEASE keep it patched with recent security releases.
The truth is that if somebody really does want to get into your system, it can happen. In addition to using a secure OS and keeping the security updates current, securing physical access is your next line of defense.
Visit Jonesblog and say hello.
Turn. Off. Unused. Services.
The most hilarious thing to me when someone gets hacked is looking at their box and a simple nmap shows every port under gods lcd monitor open.
Is not life a hundred times too short for us to bore ourselves? -Friedrich Wilhelm Nietzsche
"Windows XP Service Pack 1
Attacks: 4,857
Results: Attacked successfully within 18 minutes by the Blaster and Sasser worms. Within an hour, the computer was taken over and began attacking other Windows machines."
OK, running P2P software is a slight hassle, but it isn't that hard to expose ports on a case-by-case basis. Certainly a lot simpler than fucking around with firewall softare.
Since a good firmware-based router costs less than a full suite of security software, this is a no-brainer.
Of course, it doesn't work with the "Spirit of the Internet" that says that every system on the net can provide services to or use services from any other system. But you know what? That "spirit" is long gone -- it only worked when the Internet was an academic toy.
The attacks are more than just pinging/scanning, which was separately tracked.
FC has no services running by default that connect to the internet unless you specify otherwise. Also you have complete control over every program installed at installation time. Regardless, an entire FC3 install with all the thousands of applications takes up approx 4 gigs, thats really not much for what your getting. A server install is something like 800 mb, and thats before you cut off the fat. I always do a full install because its nice to just have everything you need, a program sitting on my harddrive isn't doing anyone any harm.
FC3's firewall is also set up very well and has been noted to have one of the best default setups out of many of the linux distros. Some of the other protections included in FC3 are SElinux which has policies for all major services and exec-shield is also extensively used. All major services connecting out are compiled with switches that randomize the memory allocation, which may have the negative side affect of taking a little longer to start because it can't prelink, but it really helps against many attacks because every machine has its memory mapped in different locations. The amount of security that Red Hat puts into FC3 while still leaving it so functional is pretty amazing. Most of the vulnerabilities found usually can't do much harm after you consider the layers of security and the other standard security measures, i.e. users and setting up perms correctly. Its nice to know though that the latest outbreak of [insert worm here] *probably* won't affect you.
Regards,
Steve
Don't forget that their idea of being "attacked" included regular-old port scans and pings. Looks like they they just plum configured the network badly...
Or it means that RH9 wasn't logging portscans and pings... which, AFIK, it didn't do with any of the default firewalls. It is only newer distros that log potentially malicious traffic.
I drink to make other people interesting!
Ok, I'm responding to an ac, but oh well -
Which OS is propagating the viruses/trojans/malware?
Windows.
Which OS does it infect?
Windows.
Yes, other oses were attacked - [by windows zombies] - but not compromised, in fact there are very limited examples of exploits propagating through other oses aside from windows [I can find 7 linux viruses, all of which do not propagate nor are effective to any measurable extent].
It is likely in the future that one may find a way to compromise a linux/mac in the same way, but that day has yet to come.
And that is why we question findings that windows is more secure than linux. It is GLARINGLY obvious that this is untrue to anyone sane.
ymmv
But for your desktop machine, who cares?
Everybody should for two reasons:
One: Minimizing your configuration to have only what you need is a basic security principle. Software that isn't installed doesn't have to be patched, configured, audited, and otherwise watched. This is more important considered in light of item two.
Two: You should use good security practices on all systems / devices to establish a defense in depth. You are begging for trouble if your entire security plan is: use a firewall. All it takes for your maximum software machine to be owned is for a new exploit to come out that your firewall doesn't block, or a trojan that you let through. That may not happen often, but it does happen.
If you don't use it or need it, get rid of it, and then patch, properly configure, maintain, and audit the rest.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
You can simply turn on the XP firewall that comes with XP out of the box.
It is more then enough to keep you safe and secure until you get your windows updates. The time to infection is a heck of a long time with that turned on. That it isn't turned on by default was a mistake but to say that XP out of the box will be infected before you have the ability to update is outright incorrect.
From the article
"Microsoft responded that the tests prove that any operating system is vulnerable when not patched."
No. They KINDA show that only Microsoft products are vulnerable when not patched.
For what it's worth, IMHO, I think that SOME of the home users that don't patch their installs of MSXP are afraid that MS is trying to slip in some software that would automagically inventory thier MP3 collection, hacked software, etc and somehow "break" thier computer. I think many people think of MS operating systems as a "deal with the devil". They really DON'T want to use Windows, but isn't that Linux thing for computer gurus and really hard to use? It's really hard to combat that kind of FUD. If it wasn't, a HUGE number of corporate users would be using a *nix based solution, if only to shrink desktop support staff.
As a networking professional, I can tell you that the constant rolling out of virus and OS patching to our user base DOES impact network traffic and "regular job" throughput, but the top brass sees this as a necessary evil. But of course my corporation has MS stock in it's portfolio....