Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Your OS Tough Enough?

Posted by timothy on from the mepis-seems-to-do-alright dept.

LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."

8 of 597 comments (clear)

  1. Security by BWJones · · Score: 5, Informative

    These results mirror what I typically see on my workstation. I run a couple of websites on my workstation including our laboratory website, and my blog. Logs are monitored constantly with a nice tool called mkconsole that displays the logs transparently on my desktop. Several times a week, there is an attack. Most however are either scripted or fairly primitive, although last week there was a sophisticated attack that that bounced through a compromised Windows machine on campus. We tracked it back to an AOL user on the East coast and reported his IP address to the sysadmins. They sent an email back to me letting me know that they would follow it up. I've not heard anything else since, but in addition to using a more secure OS, one should also maintain a vigilance of your systems to help keep things under control and if you do use Windows, PLEASE keep it patched with recent security releases.

    The truth is that if somebody really does want to get into your system, it can happen. In addition to using a secure OS and keeping the security updates current, securing physical access is your next line of defense.

    --
    Visit Jonesblog and say hello.
  2. 4 simple words: by sniepre · · Score: 4, Informative

    Turn. Off. Unused. Services.

    The most hilarious thing to me when someone gets hacked is looking at their box and a simple nmap shows every port under gods lcd monitor open.

    --
    Is not life a hundred times too short for us to bore ourselves? -Friedrich Wilhelm Nietzsche
  3. Geeks hate them, but... by fm6 · · Score: 4, Informative
    There should always be a router between any personal system and the Internet. Not a kludgy firewall/filter, mind you, but a simple NAT-translation router that puts your machine in a private address space. Hackers can't hack what they can't get to.

    OK, running P2P software is a slight hassle, but it isn't that hard to expose ports on a case-by-case basis. Certainly a lot simpler than fucking around with firewall softare.

    Since a good firmware-based router costs less than a full suite of security software, this is a no-brainer.

    Of course, it doesn't work with the "Spirit of the Internet" that says that every system on the net can provide services to or use services from any other system. But you know what? That "spirit" is long gone -- it only worked when the Internet was an academic toy.

    1. Re:Geeks hate them, but... by Beryllium+Sphere(tm) · · Score: 4, Informative

      >Hackers can't hack what they can't get to.

      Assuming your router doesn't have an undocumented backdoor password like the NetGear WG602. Or a no-password remote administration interface on port 1900 like SMC used to have (fixed in June 2004 firmware). Or remote administration on port 5678 even when you disable remote administration (Linksys, 2002). Or a Telnet interface with a password of "private" (DLink ADSL routers as of 2002). Or a remote backdoor on port 254 (any DSL router with the Conexant CX82310-14 chipset with firmware 3.21). Or remote web administration with a factory default password (X-Micro WLAN).

      And assuming the firmware doesn't have any subtler bugs than that.

      And assuming you don't open a "DMZ" which in reality doesn't segment your LAN.

      Of course, your point was that routers are a necessity, which is generally correct. But there have been too many scandals for comfort. A Soekris box or some other small box running pf offers code you can trust and the flexibility to offer services to the world.

  4. Re:Lame article. by angle_slam · · Score: 4, Informative
    From the article: The Macintosh system received three attacks. Two of the Linux systems received eight attacks each, though Red Hat's version of Linux received no attacks at all.

    The attacks are more than just pinging/scanning, which was separately tracked.

  5. Re:Even modern linux distros need to be sanitized by LnxAddct · · Score: 5, Informative

    FC has no services running by default that connect to the internet unless you specify otherwise. Also you have complete control over every program installed at installation time. Regardless, an entire FC3 install with all the thousands of applications takes up approx 4 gigs, thats really not much for what your getting. A server install is something like 800 mb, and thats before you cut off the fat. I always do a full install because its nice to just have everything you need, a program sitting on my harddrive isn't doing anyone any harm.

    FC3's firewall is also set up very well and has been noted to have one of the best default setups out of many of the linux distros. Some of the other protections included in FC3 are SElinux which has policies for all major services and exec-shield is also extensively used. All major services connecting out are compiled with switches that randomize the memory allocation, which may have the negative side affect of taking a little longer to start because it can't prelink, but it really helps against many attacks because every machine has its memory mapped in different locations. The amount of security that Red Hat puts into FC3 while still leaving it so functional is pretty amazing. Most of the vulnerabilities found usually can't do much harm after you consider the layers of security and the other standard security measures, i.e. users and setting up perms correctly. Its nice to know though that the latest outbreak of [insert worm here] *probably* won't affect you.
    Regards,
    Steve

  6. Re:redhat 9 super secure? by thegrassyknowl · · Score: 4, Informative

    Don't forget that their idea of being "attacked" included regular-old port scans and pings. Looks like they they just plum configured the network badly...

    Or it means that RH9 wasn't logging portscans and pings... which, AFIK, it didn't do with any of the default firewalls. It is only newer distros that log potentially malicious traffic.

    --
    I drink to make other people interesting!
  7. Re:What I'm not surprised about by spacecowboy420 · · Score: 4, Informative

    Ok, I'm responding to an ac, but oh well -

    Which OS is propagating the viruses/trojans/malware?
    Windows.
    Which OS does it infect?
    Windows.

    Yes, other oses were attacked - [by windows zombies] - but not compromised, in fact there are very limited examples of exploits propagating through other oses aside from windows [I can find 7 linux viruses, all of which do not propagate nor are effective to any measurable extent].

    It is likely in the future that one may find a way to compromise a linux/mac in the same way, but that day has yet to come.

    And that is why we question findings that windows is more secure than linux. It is GLARINGLY obvious that this is untrue to anyone sane.

    --
    ymmv