Is Your OS Tough Enough?

LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."

Conclusion summary:

[rasafras]

Unpatched Windows: Bad.
Patched Windows, Mac, Linux: Good.

Point? We already hear how much worse security Windows has multiple times a day. This doesn't even say it outright...
The real thing I gained from the article is the fact that there are still an immense number of infected computers out there, and this brings me to the question: where? How many people could there possibly be out there whose computers are being run by various exploits? We already know that they're all thanks to people that suck at patching their machines, and I find that to be a much larger problem than the security of a fully patched OS.

Re:Now open sendmail and config it.

[innosent]

Agreed, for instance, the default configs with FreeBSD 5.x are so secure, you can't even send mail from your own system. You can send between users, but that's it, no relays, no outbound of any kind. Of course, it would be nice if people who only need one element of sendmail (sending mail, not receiving it) would realize that a full-featured mailer daemon is overkill, and an invitation for problems. If all you need is something that can send alerts (like from your non-mail servers), use something like sSMTP, a sendmail workalike that can only send mail through your real mail server (even outside accounts, it can handle servers that require authentication). Don't blame sendmail for giving you a headache on 50 systems, when you should never have turned it on in the first place.

Re:idiot...

[rpbailey1642]

Wow, that was an angry response. Yes, I did read the article before I posted, that's how I knew they did upgrades on Win XP SP2 and none of the other systems. The article explictly stated that the Win XP SP1 system was exploited by Blaster and Sasser in under 18 minutes, which is good enough to call them "hacked". There are three faults with the second part of your argument stating that if they haven't upgraded to SP2 they deserved to be hacked. In the first, there are those who can not upgrade due to programs (custom jobs, programs no longer supported by their manufacturers) that will no longer work with SP2. In the second, there are those who turned off (or had a "helpful" tech turn off) their automatic updates and have no idea how to update their system. Yes, they should know their computers better, but that's a debate for another time and it's one that we've rehashed time and time again. In the third, they only updated Win XP SP2. Had they done all the upgrades on all the systems, I have a feeling the Win system would still not have fared as well as the UNIX-based systems. Remember, there *HAVE* been exploits for XP SP2 in the wild already. Granted, XP SP2 is a step in the right direction, but it is nowhere near perfect. Viruses, spyware, etc are still a problem.

You are anonymous, and most likely you are attempting to troll. I probably should not have bitten but what can I say, it gave me the chance to rant a bit.

Shields Up!

[baconbit]

Check for open ports on your pc. https://www.grc.com/

Re:Security

[bersl2]

I have had 2 or 3 bots trying to brute-force my main box's password for months on end. The attacks all come from (likely compromised) server farms. I used to run without a firewall, but now I block every IP that tries to run an attack.

They won't succeed as long as I patch, because root logins through SSH are disallowed, and I don't have any of the usernames they guess.

Keep trying, d00dz!

Re:RTFA

[rgmoore]

If I was a malicious coder, why would I want to spend time writing code that would only attack the 10% of computer users not running windows in the first place?

To get a bigger slice of a smaller pie. Worm authors aren't just writing the things as a form of random vandalism; they're writing them to set up botnets that they can use for other nefarious purposes. The huge volume of Windows malware means that there's serious competetion for infectable hosts. A successful Linux or OSX worm would have the whole field to itself, which would make up for the smaller number of infectable hosts.

Re:idiot...

[rpbailey1642]

Story about the firewall not blocking Windows shares. I think Slashdot carried this story a long time ago as well. Do not get me wrong, the firewall and steps in SP2 are a nice step, but they simply are not enough at this point. Unless the user is actively involved, no default Windows setup will be enough.

Re:Of course

[MoriaOrc]

Except, as the article says, WinXP SP1 is still quite common. Hell, I still use Win2k SP4. I wish they'd run the test with that.

Re:Of course

[DaveJay]

Better question: does ANYONE put a box on the internet these days without a router between them and the connection?

(actually, now that I think about it, I can name several. Methinks I need to go have a talk with some friends and family.)

Whats an attack?

The article makes great mention of "attacks" but fails to mention what an "attack" actually consists of.

For example: they say Windows XP SP2 got attacked 16 times.

Does that mean it got port scanned 16 times? It can't as i'm sure it got port scanned many more times than that.
or
Does that mean it got infected 16 times? It can't because they said it survived all attacks.

So what on earth were these attacks?

Re:Are you all retarded?

[Nintendork]

That's funny. I administer about 100 Windows boxes and none of them have been compromised in the two years I've been with the company. That's 2000 and XP. Out of the box, Windows XP SP2 is not open to the Internet. If the computer is a member of a workgroup, it's open to its local subnet and that's all. If it's a member of a domain, the administrator can use group policy to configure it any way he/she pleases. In fact, when it comes to patches, a proper group policy will have all Windows XP boxes (Even with no service pack) and Windows 2000 (As of SP3 I believe) updating automatically. I configure some basic settings from the server and all the computers in our organization get the settings.

Congratulations on your narrow minded, immature, emotional "M$ is the Devil" reaction. The reverse FUD is working....really. In the meantime, I'll just continue running a Windows network the way it should be run and not lose any sleep over it. So will most other business networks. And so will the workers who want to use the same thing at home that they use at work. All the talk about Windows being insecure out of the box for the home user is now past tense as of SP2. Soon enough, it'll be another outdated argument right up there with "Windows is unstable" and "What about backward compatability with DOS apps? They can't force users to upgrade!"

If the developers of other OSes want to battle with MS for market share, they should focus on developing the product and deliver all the new features that people feel is worth paying for the latest version of Windows. While they stand around shouting about a particular advantage, Microsoft is moving to take that away while creating many more advantages of their own.

-Lucas

Re:Lame article.

[louarnkoz]

There is something bizarre in the way the article counts "attacks". In theory, the number of attacks should be almost the same for each computer in the honeypot, because most viruses don't know what they are attacking.

The blaster and sasser worms, for example, make no attempt at reconnaissance. They simply blast TCP connections to IP addresses chosen at random. In theory, they have exactly as many chances of attacking the XP/SP1 box as the XP/SP2 box, or for that matter any the Mac or any of the Linux boxes. The attack is much more likely to be successful of tne SP1 box, but that does not mean the other computers were not attacked.

So, what did they actually count? What do those numbers mean?

I do it

[Phil+Urich]

I have no firewall, or router. I'm running XP SP1. And I've never had a single problem (my virus scanner hasn't even had to do any work . . . and I have open shares, including an upload folder!).

By conventional logic, my box should be dead by now. Especially since I keep it on nearly 24/7, connected up to teh intarweb. Go ahead and say I'm just lucky, but I think that if you just have a computer reasonably configured, the over-the-top security that most people think is necessary . . . well, it isn't. I do update with security patches often, and that's about as far along as I go with conventional means of protection.

So what's the secret, then? I don't entirely know, I think it must be alot of little things combining. Partially, I think things aren't quite as horribly insecure as people think; just that when they are, and they often are by default, things go so horribly wrong that it colours one's perspective on the issue. The other thing is, I don't use any Microsoft products other than Windows itself, really. Third-party chat, Eudora for e-mail, Firefox and Opera for browsing, WordPerfect and OpenOffice for all the office-style needs, etc etc. True, that isn't at all what the original article is talking about, but I'm hardly the first to deviate from topic here.

How about older distros?

[Esel+Theo]

I'm absolutely not surprised that up-to-date systems survive current attacks. I'd even expect that from the vendor/distributor.

The behavior of a not exactly up-to-date system would give much more insight in the overall security of an operating system. The authors tested Windows XP SP1. But what about outdated Linux distributions?

My personal experience is that it is virtually impossible to install Windows XP today on a system that is connected to the internet. You don't even have the chance to install SP2 fast enough. The article confirms this with its SP1 experiment (it survived 18 minutes).

In contrast, I'd expect any of the Linux distributions to survive way longer unpatched than Windows does. The distros I've seen (SuSE, Gentoo) have turned any useless service off on a default install since years (I wonder about /. readers that tell something different for Fedora). And I think you can safely do a default install on these systems and then pull your patches from the internet.

A few, say, one or two year old Linux distros would have been a very interesting contrast to the authors SP1 experience.

Re:PLEASE MOD PARENT UP!

[FireFury03]

If normal users understood that direct connections to the net were bad, they'd all buy routers, they'd consider firewalls, probably ones configured to block all but MSN, E-mail and web access, and we'd live in a considerably more worm free world.

I think you are giving many users far too much credit. 90% of the cases where I have to deal with customers who have misconfigured their mail server as a spam relay, I get a response similar to "Yeah, I know that's really insecure and lets spammers use it, but it was [easier to set up]/[only going to be like that for a few weeks]/[not as if I was telling the spammers the open relay was there]" (delete as appropriate).

The point is that these people *knew* that what they were doing was really stupid, but were doing it anyway because they couldn't be bothered to be secure. Of course it always comes back to bite them in the ass when their server falls over with several million spams in the mail relay queue and a completely saturated ADSL connection.