UK Officially The Most Hacked Country

_Hellfire_ writes "Symantec's Internet Security Threat Report for the second half of 2004 says that the UK is leading the rest of the world with bot networks. The report states that "...25.2% [of bots] are located in the UK. That now puts the country ahead of the US (24.6%), China (7.8%), Canada (4.9%) and Spain (3.8%)". Symantec blames a sudden uptake of residential broadband connections without the awareness of the required security measures."

Wow, a .6% lead

I wonder how accurate these statistics are.

Re:Wow, a .6% lead

[dominator]

What I find it interesting is that a country with 1/4 the US's population and with a roughly equivalent standard of living represents a roughly equivalent percentage of the world's hacked PCs, even if the difference between the UK and US is within this poll's margin of error.

Is the US public that far behind in broadband connections? Is the UK public engaging in more risky computing practices? Are US ISPs blocking more 0wn3d boxes? Are the UK ISPs incompetent, overwhelmed, or more laisse-faire?

Statistics.....

[wpiman]

You have to wonder about this. They show the US at 24.6% of PCs compromise- and the UK at 25.2%. This is well within the margin of error for even the most rigorous of surverying.

Re:Statistics.....

[tabkey12]

But considering US has 4.5 times as many people - the fact that the UK is that high at all is very worrying.

Re:Statistics.....

[Monkelectric]

Well, if you think about per capita, the UK has a much worse problem. However, I think what theyre really saying is, "sales of symantec products poor in the UK."

Maybe the brits just know that symantec has been a joke for years.

Re:Statistics.....

[ites]

Furthermore the figure seems far too low. From my experience with Windows PCs, something close to 100% of home Windows PCs are compromised - I've not seen a single home Windows PC without some spyware or trojan in the last year.

How can one count whether a PC is compromised? Perhaps by tracking and sampling bot traffic. But many compromised PCs are not used except to spread the parastical software. A zombied PC that is actively used tends to be noticed and wiped.

I suspect the real figure - if one counts all parasitic software (viruses, trojans, spyware, and backdoors) - is more like 80%, with a large part of the healthy PCs either not running Windows, or being disconnected from the Internet.

Re:Statistics.....

The report says that "25.2% [of bots] are located in the UK", not that 25.2% of UK computers are bots.

Re:Statistics.....

[flumps]

Think about how stupid the average person is; now realise half of them are dumber than that. - George Carlin 47.3% of all statistics are made up on the spot. - Steven Wright How to understand statistics.

hacking abroad

[cwebb1977]

Or it is because most hackers or script kiddies are located in the US and elsewhere outside the UK and they prefer hacking abroad, because that might limit the possibility of legal troubles.

Re:It's called a hardware NAT router

[B2382F29]

You don't need NAT, a simple firewall which blocks connections not initiated from the internal computer is enough. NAT is fine if you have > 1 computers but NAT itself isn't the magic silver bullet.

Re:That's a lot...

Size is immaterial.

Population is what's important. 60 million in the UK versus a bit less than 300 million in the US.

That's a difference of a factor of 5, as opposed to a factor of 50 or more (probably a lot more) for landmass.

Still a big difference, though.

Bad Broadband

[epiphani]

I personally think that the approach towards broadband was mostly done wrong. The large majority of users should never be fully visible online - those broadband routers should be doing NAT for all but a small minority of users.

While we cant code or design around user stupidity (in the sense that if you give a user a button that says "DONT CLICK HERE, IT WILL INSTALL A SPYBOT" and they'll still click it), we certainly can design around stupid operating systems that have holes you could drive a transport truck through. NAT does this quite well - I reccomend a NAT router (WRT54G, specifically) for everyone I know - including myself. It saves massive amounts of problems.

Part of the issue also lies with the fact that most "concious" users load up their PC with firewalls and zonealarm and so forth to the point where its slow because of all the crap on the system.

Symantec Security Studies...

[Onimaru]

...say that you should buy more security products! Wow, it's almost like the MS studies that say linux is more expensive and the environmental studies by the meat industry that say millions of gallons of pig shit isn't harmful to the environment so you might as well just spray it into the air.

This is the second one in as many days, too. Come on, could we get a real story, not one spun from the gossamer threads of greed and conflict of interest?

Canada?

[kbahey]

US (24.6%) ... Canada (4.9%)

This is really problematic, given that Canada only has about one tenth of the US population. Does this mean that if we had as many people as the USA, 49% would be hacked?

Or is it just because we have more broadband per capita than in the US?

Re:required skills

[DigiShaman]

Having a licence required would cause the PC/Internet access industry to plummet. And because of lack of consumer investment, progress in newer technologies would slow down.

Ya, spyware sucks ass. But I'll just let the free market take care of this. Until then, I'm willing to take the good with the bad.

Re:It's called a hardware NAT router

[caluml]

It's called a hardware NAT router

Cmon, a NAT router won't stop someone getting infected via some malware run by their browser, and then connecting out to an IRC channel awaiting commands. It won't stop someone sending spam either. NAT isn't the answer.

Just thought

[cca93014]

A lot of ADSL connections in the UK now come with bandwidth limits, and charges per GB over the standard monthly utilisation. This is a relatively new concept in retail broadband in the UK (In Oz it is almost the standard).

Anyway, it's sort of weird that the ISPs now actually have a vested interest in their users contracting malware; they make more money out of it in over-charges...

Re:Just thought

[flumps]

That is very insightful...

However most ISPs in the UK provide minimal 512Kbps connections for a basic package without restriction and 1Mb connection restrictions they do have run into the GB range for download/uploads per month.

You still have a good point tho, and its interesting most ISPs do not provide firewall applications/hardware on basic packages like this. The basic user could find he is disconnected without notice for bandwidth overuse with no idea that malware might be the root cause....

Re:UK rules OK

No, it's perfectly possible to be a Linux using dipshit. Users who have unsecured Redhat machines running services like Sendmail or BIND. Dipshits who try to run servers from their home machines but get the configuration totally wrong E.g. open relays. Gentoo users.

There are dipshits everywhere.

Re:It's called a hardware NAT router

[ka9dgx]

NAT doesn't solve the problem, it merely hides the symptoms of the bigger picture:

• The users expect an appliance, and don't want to be sysadmins
• The company that likely created the OS is driven by marketing, and the need for features over stability
• The programmers that wrote the code were under pressure to meet deadlines, and just get it shipped.
• The language chosen to write the OS and applications in is weakly typed, and prone to holes.
• The security model of the OS based on access control lists, which are insufficient to meet the challenges of mobile code
• The internet service providers are under economic pressure, and have insufficient resources to track down and take offline all of the compromised machines
• Hardware has gotten so fast that sometimes its just not perceptable that a machine is a zombie, until it gets quite overt
• The globally distributed nature of the treat makes it almost impossible to isolate and address with the court system
• The economic incentives to take over your machine increase daily, as more creative (profitable) uses are found for it.
• The barriers to entry that do exist are constantly being lowered as new tools become available to script kiddies, etc.

When you go with NAT, you fundamentally break the end to end nature of the InterNet, and you don't solve any of the above problems.

NAT is a band aid at best, and the end of the InterNet at worst.

--Mike--

It's the modems!

[GuerillaRadio]

Most of the big ISPs in the UK supply these horrible usb modems for their ADSL service, leaving the only protection being the Windows firewall. I've had to sort out several PCs from friends and family that were brand new, but shipped with XP SP1 and pwned within minutes of plugging these modems in. Contrast this to when I lived in Holland - adsl routers with NAT always supplied or recommended.

Re:Too many Americans are still on modems...

[Eunuchswear]

4% use a mixture of access methods.

Ah, at least 4% have one of those nasty "connect to the internet via a premium rate number" viruses.

Re:wireless is the savior

[mr_z_beeblebrox]

And thankfully more people are going to wireless

Yes, thankfully they are going to wireless. Thank the lords of Kobol, they will doubtless put great effort into security even though they never paid more than lip service while wired. For example, ask your neighbor how many minutes he had a wireless connection before he changed the default ssid and admin password. Probably less than 2. Probably also set it up to use MAC address lists...These things are as hardened as you can make the "average" access-point" and I doubt that 5% of the access points have had this done. (I know that the above does not make it secure, but it would keep out a good chunk of trouble)

Re:It's called a hardware NAT router

[caluml]

I'd say that most of the time it's people clicking stuff, and surfing dodgy sites, believing that their NAT and virus scanner will protect them from 0-day malware.

Good thing

[Craig+Ringer]

Well, NAT might be a good thing in that it's a simple "security" step that _currently_ helps protect users against _some_ threats.

Alas, it does really break the way the 'net works - hosting your own services can be a screaming nightmare over NAT. With static IP addresses, always-on 'net connections, and things like MacOS/X's Apache-based "personal web sharing", that's no longer just the preserve of the hard-core geek.

I'm with the parent poster to your post in most regards. I'm also still hopeful that we'll see IPv6 start to take the worst of the weight off soon (now that 6to4 permits it to be adopted in cells anywhere on the 'net).

Re:UK consumers

[prandal]

Most of the virus infections I've dealt with on friends' and acquaintances' Windows PCs have occured on boxes running (yes, you've guessed it) Norton Antivirus. I routinely uninstall Norton and replace it with Avast! Personal Edition.

Some antivirus vendors have yet to catch on to the idea that virus patterns need updating on a daily or more frequent basis. So along comes a new Bagle variant, which is yet to be detected by Norton, and the first thing it does is kill Norton's on-access scanner.

Blame the Broadband Providers...

For aggressively marketing broadband services to the completely clueless masses. These companies don't give a crap that these new accounts end up hurting people's computers and the Internet as a whole, so long as the $$$$$$$$ keeps rolling in.

Cost of Software+Harware is the reason

After moving from the UK to the USA I am not supprised about this statistic. The simple reason I can see is the cost of (antivirus) software and (router) hardware in the UK is probably the most expensive in the world - a detereant to end users actually buying and using them.

Re:True story about a non-hacked Brit's parents

[CdBee]

We need a site called geek-exchange so people like us can swap inconveniently-situated tech problems (ie, I fix your mum's PC if you do my cousin's....)

It'd save us all an awful lot of driving.

Show us the data

[PMuse]

What is it with news reporting that they never attach a data appendix? C'mon guys. We wanna know:
# bots worldwide
# broadband computers worldwide
# bots in UK
# broadbanded computers in UK
[repeat for US, China, Canada, Spain, etc.]
[then, for kicks, break them down by OS]

Re:4x lead when population normalized

[It'sYerMam]

Here in the UK there is a big push for broadband coverage and general access. There's also a lot of work going into Wi-Fi hotspots and perhaps more importantly, a lot of things targeting children. With PCs in schools, and regular access to the internet as part of the curriculum (in fact, IT is now becoming compulsory from the start of schooling) children are increasingly being active on the internet. Parents will surely hear the scare stories about chatrooms, paedophiles and so on, and perhaps will make sure children do not do that kind of thing.
However, children will be more likely to open up attachments, surf around the online gaming sites which come with spyware toolbars and so on. This will make the problem of not having a firewall/antivirus/anti spyware much worse.

I don't know about the situation in the US, but it's certainly about time ISPs started handing out information with their broadband packages, to prevent this kind of 0wn4ge. Alternatively, after installing the cable modem, they can install anti-virus software and a decent firewall, as part of the package. I'm sure this would significantly reduce these occurrences.

The problem in the first is getting people to read the material, and in the second if people then upgrade/reinstall, ensuring that they also install the security applications.