Slashdot Mirror
The 12-minute Windows Heist
An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said
authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."
It takes slightly more time to get pwn3d now.
After all, I am strangely colored.
How is this figured? Are people just randomly surfing two-letters TLDs 12 minutes upon installing windows and hopping on the net?
What if an old Win2k or XP computer goes online to get protection? And it happens to take 12 minutes to get those updates? Is that ironic or deserving?
That means you should probably get out of Windoze quickly! (OK, that joke sucked dirt.)
1-Crawl 2-Cnfg 3-ATF 4-Exit ?
Why would a REAL operating system like this get hacked? Ah.... must have been submitted by one of those "trendy" Linux zealots.
From 11/29/2004: Unprotected PCs can be hijacked in minutes
That article used to say 5 minutes, but I saw he was running SP2 with McafNotFree and had to change the article a bit just before publication deadline to prove a point. Whoops.
the original can be found at: ww!@#$_
COCARRIER
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
No surprise.
...the built in Windows XP firewall (enabled by default on SP2 and assuming you don't have any other services enabled or open) and/or have a $30 personal firewall/router, there is a 100% chance you won't get compromised.
But wait, they're talking about spyware, viruses, and phishing. So, those things can install themselves now?
Don't get me wrong...viewed by itself, Windows has historically a dismally horrible track record. But a patched Windows XP SP2 machine behind a personal firewall/router with current anti-virus/anti-malware protection can be a secure system. Granted, it's been a long time coming, and it's easy for many users to fall into traps, but this seems like nothing more than a typical scare tactic by an AV vendor.
Never trust an AV vendor saying the sky is falling.
Yikes, I was looking forward to reading some great insights ...
But in response to the main premise, surely most people actually connect to the web through routers, protected networks etc.
The only really large number of directly accessible unfirewalled computers are surely in universities ?
My machine, Windows 98, now Windows XP Home has never had any kind of virus on it, not been owned to the best of my knowledge, and is not dragged down by the burden of crappy 'anti-virus' software, that is almost as bad as the thing that it is meant to protect against.
My protection: a carefully configured $70 router.
-- "It's not stalking if you're married!" My Wife.
You know, on second thought, the better idea is just get a Mac. The average PC user will find it safer and they can do 99% of what they were going to do anyways.
Strange women lying in ponds distributing swords is no basis for a system of government.
8,000 new viruses? Say what?
How many of those are just viruses edited by some script kiddy to say "0wn3d by Fr0g3r" or some such shit?
Like sobig.a, sobig.b, sobig.c, sobig.d, sobig.e, etc...
What I'd like to know is how many unique types of attacks are exploited by new viruses, that would be a useful statistic...
I'd like to see the actual numbers and the methodology of their study. It seems like all of the compromising attacks require action on the part of the user, like downloading unknown attachments, clicking spam links, and browsing shady porn sites.
I don't see how any of those could be affect turning on your computer and using automatic updates.
And the next time it will be 23 minutes. And so on.
You could not pay me to put a Windows or Linux machine on my DMZ. They're all behind my $30 NAT router and they can be patched to my heart's content without having to worry about them getting p0wn3d. Oh, and to all you Linux fanboys who are going to be insulted by this - try putting a fresh RH9 (off ISOs) on your DMZ, and let's see how long it lasts.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
What about the other 50%? does it take another 12 minutes for 50% of that figure?
Does that mean the half life of windows is 12 minutes?
All the attacks are from compromised systems in the same domain that are portscanning and sniffing for activity. Back in the Year 1997, I was port-scanning with some of my homebrew scripts looking for fileshares. When I found a fileshare that was writable, or find someone's entire WINDOWS directory shared, I tried to pry through enough information to uncover contact information of the owner and send them an eMail warning them. The world has changed since then. Firewalls report most of my scripts as being malicious intrusions, and find it disheartening that it has come to this: software companies slandering the good purpose of software as a delivery mechanism for malicious use and not practical use.
I have found fewer fileshares on the Verizon domain. In part, it is best to firewall MS Windows systems because they are such bloody-hell for any purpose other than pussy-foot workstations. I was using RedHat 5.2, BTW.
without prejudice
I love telling this story to people that ask why they should run Windows Update / run a firewall / get antitivirus, etc.:
I was at a client's site, and needed to do some testing on their backup DSL line. Since it was a backup meant to plug into the main firewall in case of an outage, the line had no firewall - It was wide open.
I had a laptop I had just rebuilt for an employee. Win2K, SP4. Unpatched, no antivirus. I planned on jumping on the line for all of five minutes to do some quick IP testing, and I just didn't think about it being vulnerable.
So, I change the IP and plug into the DSL line. I'm plugged in no more than two minutes, and I get the damn "Windows is shutting down" dialog box. It reboots, and all hell breaks loose. Within those two minutes the damn machine had contracted the Blaster worm. I formatted and reloaded it to be safe, and learned a fun lesson that day. Good thing the laptop didn't have any important data on it.
Perhaps part of the problem is people downloading their favourite infected app..
Any one worth their salt knows that a lock pick on the front door is much more elegant and can be done in 30 seconds ... besides, windows have glass which will cut you and if you're fat, forget about going through one of those ... oh ... you meant ... umm, yeah, nevermind
"It's difficult to meditate on amphetamines." - Joe Walsh
This is what brought me to Linux in the first place. The story takes place in February 2004. After an old hard drive failed on my PC and I bought a replacement, I re-installed Windows XP Pro and proceeded about my business, but within half an hour of getting online I got a typical windows error message pop-up about so-and-so process unexpectadly terminating, then Windows said it had to restart and gave me a 60-second countdown to save my work. I was like WTF!?!? So after several reboots and having the same virus compromise my system, I reformat, re-install XP, and then the second I get online I start downloading Windows updates....but the virus is too fast! It sees the Windows update process and goes "Woops, you don't want to do that now do you?" and kills the critical updates, along with my system again. Then I go to plan C, which is installing Norton Antivirus BEFORE updating Windows. Only problem is, the antivirus software has to be downloaded from my campus nextwork. So I re-format, re-install, and literally browse-and-click as fast as my hand could move the mouse to install that antivirus software. And it worked. Or so I thought. The virus then started automatically deactivating the AV software while I was using the computer, and I would continually re-activate it. But I couldn't keep this up forever. I mean, isn't the point of having a computer to be able to do something PRODUCTIVE with it instead of fighting viruses? Well, after the AV had been deactivated for more than 2 minutes the virus would kill that Windows process again and force yet another shutdown. I went battling this virus/these viruses for 2 damn weeks trying everything I could. God forbid, I even went to the DOS command-line to try some things, but to no avail.
And that frustration, my nerds, is what brought me out of the shadows and into the light that is GNU/Linux/OSS. It was the second best thing that happened to me in my life. I thank yee, virus writers, who allowed me to cast off the shackles of M$ and come to know the true meaning of computing and hacking. *salutes*
Hero of Allacrost, a FOSS RPG for *NIX/*BSD/OS X/Win
There are attacks which don't require your help; Sasser in particular goes through an open port rather than through Outlook or IE. There are a few others.
But that's pretty unlikely with a new PC, which presumably comes with the latest service packs. The article is incredibly short on actual data. There's nothing to support their 12-minute average. I get the impression that they chose the scariest headline to support an article which is mostly about phishing attacks, trojans, etc: attacks that require your help.
So for all I know they're talking about the fact that there are enough attackers that if you throw a Windows ME (or even unpatched XP) box on the Internet, yeah, you're hacked. That says a lot, but not about how insecure Windows is. It says that there are still plenty of computers running hacks like Sasser; if you're not protected against it, you're screwed.
That's mostly scaremongering, since unless you're installing a very out-of-date Windows, you're protected. You're not protected against new attacks, nor are you protected against many trojans. They're trying to convince you to buy software for that, which is relevant, by using scary but irrelevant numbers.
I can believe it. Ive spent the past 2 years of my life doing support for Verizon..DSL/FIOS seriously I cant even keep track of the amount of times i helped a customer get connected and by the end of the call their pc would be shutting down... Most of the time its thier fault..I laughed my butt of when transfering someone to a billing office and thier pc already had a virus when i just told the to do thier updates before doing anything else..... besides this is just another reason to use linux
So Xp has a half-life of 12 minutes... now just where do we put it on the periodic table?
Sorry, I've heard too many lame chem. teacher jokes.
Surely the diligence of the user needs to be taken into account.
Windows users are generally less inclined than linux users to work on securing their machines, and seem to be much less informed about whether they should really be downloading those smilies, or that cute pet that sits on their desktop.
The intelligence/experience of the user has a lot to do with how easily the PC can be compromised, and this is regardless of their choice of OS.
First Kaspersky, now Sophos... I've lost all respect for AV vendors. Using scare tactics to sell software is just sad.
Here's all it takes to keep your Windows box safe: a router (or SP2) and Firefox. Oh, and enough common sense to not run any executable file sent to you by a stranger.
There, I let the secret out.
smattawichu
Part of me thinks that part of the reason for this very short cycle doesn't have to do so much with windows insecurities as the fact that it's so damn old, relatively speaking. The stock copy of Windows XP sold on the shelf right now is vulnerable to attacks patched back in 2001. Apple and Linux don't have this problem simply because the relatively short time to live of their distributions, and the fact that Apple at least seems more willing to provide version updates in with their retail boxes. Maybe it's time that MS looked at their sales practices and started actually slipstreaming patches into their boxes. Surely pressing a new master every couple months can't be that hard for their plants.
Marxism is the opiate of dumbasses
I keep hearing these stories about Windows machines getting infected within x amount of minutes of being connected.
I decided to test this...
I took a PC with a fresh install of the latest boxed copy of Windows XP and connected it directly to my cable modem (no firewall) and left it on overnight...
The next morning, everything looked fine. I disconnected it from the cable modem. I installed some antispyware apps, no spyware. I installed an anti-virus app, no viruses. The machine was fine.
What do these people do in those first 12 minutes? Disable a few security features, set IE's security to low, go to bigwettits.com and run freexxxporn.exe?
After 12 minutes, an unprotected PC running Windows is both compromised and uncompromised until a tech collapses the state vector by producing a hefty bill for checking.
The only conclusion one can come to is that the real value of the internet, e-mail, file transfer, commerce, are being deliberately screwed by the Microsoft approach to computer security. Hiding things like netstat and msconfig really sucks and treats the user as a stupid Joe consumer.
No doubt Microsoft will tout Longhorn as salvation for the user.
Having to pay for virus removal and security software has been the biggest scam ever successfully foisted on the consumer.
Might be nice to have SP1 on disk too...
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
My own Windows box was infected, cleaned up, and re-infected with Sasser (or Sobig or Sober or Blaster or something - I don't remember which it was) - all in the space of 2 to 3 minutes on a stinking dialup.
That was a couple of years ago, when Windows worms (as opposed to Trojans, viruses, etc.) were a pretty new phenomenon, and when I thought I wouldn't need a firewall for my dinky little dial-up connection. Live and learn.
Run something more modern and you will be fine, like Debian 3.1. Alot of people use Linux on their routers (old systems as routers.) I do the same, but I run OpenBSD on my router (*BSD, not Linux.) I find greater flexibility in OpenBSD with ipf than some cheap router that is hard to update the firmware of if there is an exploit discovered.
Powered by caffeine and sugar; BSD
If I put a Redhat/SUSE/Mandrake/etc... release from 2001 on the net as is, without a firewall or on a NAT'd network or patches, how long till they are "owned"?
I really do not believe this. My PC has been Windows XP for years. I have no firewall. I have a static IP. I have an ActionTec modem and Cisco router. I have Norton Corporate. I have no problems, and I do know how to tell. So why have I been so problem free? WHY? I don't know... I think it is "security" companies that blow a problem out of preportion.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
it would then mean that this is an average based on a large sampling of users. So some users take forever to infect themselves while others are going to malware infected sites with 0.03 seconds.
And people doubt me when I say the primary reason for most people going online is porn and the primary place to get infected is so-called "free porn" sites... Though "free ringotnes" and "free smilies for your IM" are coming up rapidly behind.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Me and my mac havent noticed.
"When they invent bitch slaps that can go through a monitor you better f'ing duck" --deft (253558)
Amazingly enough I just had my first spyware encounter today. First off I'm a Mac guy so in that respect I'm pretty ignorant to the whole virus / spyware thing. With that said I decided to set up a homebrew Windows PC / media center in my living room. My goal was to rip all of my DVDs to Divx and have a video jukebox of sorts in my living room.
It all went very well except that I needed an app to rip *MY* DVDs so this whole setup could work. I found an app, ripped a disc or two and started to enjoy my first movie. Then, all of the sudden, *pop - pop - pop* ad banners started popping up. This was followed by Divx player unexpectedly quitting and taking me to a porn site.
New to the idea that my "TV" would need spyware protection, I quickly grabbed Ad-Aware and ran it 27 times until it came up clean. I then launched my movie again and crossed my fingers.
As we speak, a giant 'remove Spyware' banner is obscuring half of my screen. I guess the brighter side of things is that it took more than 12 minutes to get infected...
Are you kidding, my freshly formatted computer took all of 3 seconds of being online to get sasser. Of course in my infinite wisdom i decided instead of putting my antivirus software and firewall on a disc i would go online and get it...
that actually it takes longer now to infect a Windows machine? It used to be 6 minutes...
I guess it all depends where you are connected. When I connect in Costa Rica I get DOZENS of threats (using Zone Alarm), almost all from local IP's. A good guess would be the local internet cafe's running dirty pirated windows OSes. Here in the US I get maybe 1 a day.
Since SP-2 I have run my Windows PC's with just the basic SP-2 firewall at times, with no intrusions.
I am as anti-microsoft as the next slashdotter, but credit has to be given where it is due. Pre-SP2 was a wide open OS, which is now fixed. Now you have to make a special effort to get your box pwn3d. The article is bogus IMO.
Seven puppies were harmed during the making of this post.
Its absolutely pointless, but I wonder how long you could keep Windows 95 up before it gets taken over... If you could even find everything you needed to get it online, that is. It might be safer than xp now, if only because it is useless and mostly forgotten.
lol: You see no door there!
Seriously, we've all sat down behind friends and families computers, most of the time we hear 'oh im sure it has plenty of viruses' or 'it does $THIS or $THAT all the time', people have grown to expect this from their computers. Additionally, how many times have you sat down behind a friends computer and seen the 'updates are available' bubble in the corner, and how many times has your friend/family said 'oh that, i normally just click the x' or similar. I mean a big part of the problem is the patching method, IMHO all XP retail boxes should have SP2 at least, and ideally most people would be behind a crappy linksys nat router, but this isn't always the case. The problem really ends up being the end user who just doesnt care. So in summary, whenever I hear things like 'oh that, i normally just click the x', and then I run across signs of the box being hacked/infected, I've decided to just let it go, if you don't care, neither do i.
Now we will see 1000 posts by Windows fanboys about how unfair these reports are, and how they somehow manage to do the impossible and secure their Windows box with no effort whatsoever, rather than just moving on to a better OS.
yawn
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
quite a few residential broadband providers are blocking many incoming ports due to the threat windows boxes pose to the reliability of their networks.
I figure that number would be closer to 0 now, espically when Microsoft is buying / bought Claria.
Either it does, or it doesn't. Anything's fifty percent. Either I win the lottery, or I don't. Either I find that uber rare weapon in some random MMORPG, or I don't.
How the heck is a Firewall necessary to keep a default Windows box secure? In other words, if a Windows firewall is there to disallow services (or protocols) from receiving connections from the outside world, then what are these services, and why are they running in the first place?
I understand that by deceiving a user, a malicious service can be started up and listen on the internet, and become a vector for infecting your machine. But that requires an act of the user. If I NEVER enable any special services on my machine, than only the default services are running, and they must somehow be allowing malware to install, right? So, why aren't these services fixed, or disabled by default?
Finally, if these servies are necessary to the proper running of my machine, then when I use them the Windows firewall software will ask if I do not want to block that port, service, etc. Once that occurs, am I not just as unprotected as if I never used the firewall software? How does it really help?
So, that's a lot of questions, but I would appreciate an explanation. Are the attacks on windows solely due to users running malware directly, or are there vectors by which, without any user action (ie. no browsing w/ ActiveX controls, no javascript, no running malicious executables, no starting email attachments, etc) the machine can get infected anyway? If so, what are those services? It's not like a Windows machine, by default, needs to have an email/web/network disk/instant messaging service running, so why does it?
NOTE - I googled "insecure windows services" and got some info; indeed windows does have a bunch of services open to the world by default (un-f'ing believable). Can anyone say which ones are primarily allowing machines to become zombies?
http://www.ss64.com/ntsyntax/services.html
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
My friend was at a datacenter in downtown LA installing Windows 2003 for one of his clients, and his box got 0wned DURING the install right after networking was configured. He knew because the datacenter started getting calls of attacks coming from his machine. He didn't even get a chance to do a windows update.
Turn on the built in windows firewall.
That is doesn't turn on by default was a mistake in a pre SP2 box, but it really is a simple solution.
I am one of the unfortunate souls who offers phone support to windows users and I am still surprised with how often Dell, HP, etc. have their users use their System Recovery discs only to fail to have them turn the firewall on. I get the phone call the day of the restore with the user wondering why their computer is booting on it's own.
It takes less then 8 clicks of the mouse to turn it on.
I've said it before and I'll say it again. Anyone who sells a windows XP box without the built in firewall on (or a firewall added) OR advise to the user on how this should be achieved should be fired. This goes for Internet Providers. When you 'bring' someone online, checking to see if the firewall is on takes 3 minutes and saves hour upon hour of frustration.
The first thing people do is install Kazaa or some other spyware-laden P2P application.
So I decided to start over gain but just being curious I wanted to see what would happen again. Well this time I made it past the windows updates when I got hit again and infected. After That I stuck the WIN box behind my IP Cop box and I was fine after that install.
Yesterday I got a new box to mess with and started to install Win2000K Server. Got it installed and by the time I managed to go and download Outpost firewall I get hit with the some Blaster virus. I managed to delete it but with in minutes IE got hijacked and my CPU prosess's where being eaten up by WINAMP.EXE and other random letter exe files.
Im not sure about you guys but its quite amazing how quickly a windows machine will get infected if its not behind a firewall. Now I'v had people tell me Im stupid and should have gotten the MS Patch CD but WTF is a single computer joe/jane windows user to do?. Wait a week for the patch cd before they can reinstall their OS?
Anyways just an real world example of how quickly it can happen. Yes I do use windows for my daily computer as there is no other alternative that gives me the aps I need with out having to use alternatives or emulators which at the moment lack in features.
I'm a cumputer user I dotn need to know how to spell or punctuate.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
A few months ago at college, a friend and I were helping someone else get their computer set up. Wiped the hard drive, did a fresh install of XP SP1, and the ethernet cord was left plugged in. Before we could open IE to patch it to SP2, the computer was bogged down.
We started over, this time leaving it disconnected until we'd patched it with the help of a USB flash drive to install SP2 and some other software.
There really _are_ people that don't know the first thing about their computers. And they don't care, because they spent 8-9 hours at work workin their ass off and when they get home they don't have enough time to figure out why their damn machine is messing up again.
Most people just live with it. That's why you see tons of zombies out there.
Most of us are behind routers/firewalls. This article isn't talking about viruses that people get by opening email attachments or going to shady porn sites. This article is talking about nimda, blaster, and worms like that which require no user intervention. That said, the vast majority of computer users have no reason to run a router and no knowledge to run a firewall. If they screw something up and call tech support, HP is going to tell them to toss in the system restore disk. If that restore disk was before the latest service pack, as soon as system restore finishes they're going to be vulnerable and apparently infected within 12 minutes. For all you people saying, "OMG they must be idiots!! I don't run a firewall and I've never been 0wned!!", you're probably behind a NAT router. Unless your router multicasts for some reason or you set yourself as DMZ, how exactly do these viruses know how to get to your client machine? Basic routing, they don't. Unless you or someone on your small personal network makes a habit of clicking on mysterious links and OK buttons, or admit failure and set yourself as DMZ, there's no reason for a personal firewall.
I had Microsoft send me a free WinXP Service Pack 2 CD in anticipation of any future installations. This way I can get some of the patches, updated firewall, etc before going online to get more recent patches.
t es/sp2/cdorder/en_us/default.mspx
http://www.microsoft.com/windowsxp/downloads/upda
Whats a good hardware firewall these days?
An off the shelf one, I don't really want another box sitting around, but rather have a router/firewall.
I was looking at Fry's last weekend but didn't know what'd be a good one to buy.
I've installed Win2k at least a dozen times in the past 5 years and have never been victim of one of these attacks. I install a software firewall and antivirus stuff as soon as I can, but that usually takes at least 30 minutes to download.... and don't get me started on how long before I can install the latest service packs.
I think this 50% chance of being h4x0rD is scare mongering crap. And before you start cracking on the number of installs I've done they've always been because of changing my boot HD, getting a new machine or helping a friend install their copy of Win2k. Not because an install became a virus-infected, spyware-saturated heap of 1s and 0s.
Don't get me wrong, Win2k is horribly insecure and I wouldn't trust it to last long without a firewall and anti-virus program... but a 50% chance in 12 minutes seems a bit ridiculous.
-Derick
More of the same for this place. I have had 3 publicly accessible systems up and running for over a year and a half. Many scripted login attempts and nothing has gotten through. I have 2 desktop systems used by my wife and kid. Nothing there and neither of them has gotten the concept down that SPAM is not a special offer 'just for them'. Even my moms XP (XP home even for christs sake) system is on DSL and has yet to have a problem.
/. is the friggin Weekly World News of, well, news and should carry a label on the main page: (Take your pick)
Believe what you want, but 12 minutes my ass.
In the world of information
slashdot: For Entertainment Purposes Only
slashdot: Any resemblence to real news is purely coincidental
slashdot: And you thought the Democratic Party knew how to skew the facts!
slashdot: If we keep saying it enough, maybe everyone will switch to what we think is better and we'll all be considered kewl for 5 minutes
antivirus software companies on the sly. Hey, they have to keep the level of fear up to sell software. Follow the money.
Visit the best Liberal Blog: DU
I once put a Windows XP box on the net directly because of a firewall failure, and before I got connected to Windows Update, it had already been infected with Blaster. It was less than 30 seconds, for sure. I have since taken steps to keep that from ever happening again. None of my PC's run any flavor of Windows any more, and my primary surf/e-mail machine is a Mac Mini. So much more relaxing than having to deal with Microsoft.
12 minutes after leaving the lot, 50% of new cars would be violently car-jacked, their owners left by the side of the road wondering why some zitty-faced kid just drove the shiny new car into a tree. And so car dealerships would stop selling cars without armour, bullet-proof glass and tires, and so on.
In a few years when Linux global desktop market share reaches 10% (10 x 10!) why will Linux be differnet than Windows? Specifically, other than not (yet!) being targeted by virus/trojan/{spy,mal}ware authors, what makes linux more secure than windows? Won't linux as it becomes more user friendly become as susceptible to these sorts of ilk as windows? Isn't Linux perceived desktop security superiority mostly due to the fact that crackers and kiddies aren't targetting linux desktops? They will!
It really disgusts me when people always throw around ideas and lines, such as that going to porn sites will get u viruses, or that using any p2p program will contract viruses, etc. These are extreme generalizations. If you go to a porn site using a browser like firefox, and dont allow any executable programs to be run (which is really quite simple, just click cancel if one attempts to download), nothing at all will happen, i assure you.
I will admit that some p2p programs do come with a payload of spyware, and other goodies, but if you pick right, you are in the clear: For example...Limewire has nothing of the sort.
I have been going back and forth between gentoo and windows xp for years, and other than a close encounter with the blaster virus (fixable by downloading a program called fixblast), i have never had any problems: Windows itself is not that insecure, unless you really are running an old unpatched version that can be attacked through a security whole (on dmz, because if your natted with no port forwarding I would say you're safe), you are safe.
All the problems result from ignorant users. For example, with the recent aim virus going around (the one that im's a link to a virus), if people would see that it attempts to download a "com" (executable) file, it would be pretty obvious.
I believe someone above said that if you dont automatically open executables from friends, stay patched, and use firefox (and gaim instead of aim), you are relatively safe.
Ditto
A Win2K SP4 PC (not what I'd call unpatched but I'll assume you mean, no updates beyond just SP4) is not vulnerable to the Blaster worm.
So you KNOW there are no bugs in the that firewall/router? You KNOW there are no bugs in the XP firewall? And you KNOW there are no bugs in XP itself?
According to your claim there would never be another need to download an XP SP again.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'll second you on the free smilies. My wife, who is usually well trained enough to avoid the usual traps, just can't resist "100 free smilies for Yahoo Messenger".
Then wonders why they wont work in GAIM. So loads up real Yahoo just for the smilies, and has extra floating toolbars and what have you.
Funnily enough, it wasn't until a few weeks ago that she realised the buttons you can type in for a smiley actually look like the graphic, if you turn them sideways! She was so amazed...
Most computers are not connected to the web through routers, protected networks, etc. Maybe most of the computers of /. users, but there's a huge number of households with a computer(s) connected directly to the Internet.
Universities actually do a decent job of keeping most of the dreck out of their networks. Of course, they can't help it if a bunch of less savvy users fall for the usual traps.
Most people don't even know what a router is, most people don't care what a router is.
Push the envelope. Watch it bend. -Tool
I've used linux as my main machine for some years and always laugh at viruses but unfortunately now have to install XP and office on a pc that is lying around (1 GHz+) so I can test a wxperl based system I'm building. I figure I may do my email mainly on XP too now and use it as my main work machine until I buy a new one. I had to buy XP and Office but through a friend at Micro$oft so hopefully Mr. Gates has not made a fortune off me.
Anyway, I just bought a new 90Mbps router (about 50 bucks!) and would like to know the real best way to make sure I don't get infected. Which I really don't wantto happen. Companies where I work all use Virus Buster, but is ClamAV (cygwin or native port) good enough? I figure I'll turn on all firewall etc., have Microsoft Update add all the patches and maybe get a backup HD and I'll be relatively safe. I could use some nifo from people who have done exactly this - is there a free alternative and if not what is absolutely necessary? Thanks!
In order to test the malware-busting skills of new employees, I would routinely infect a test machine with adware and spyware. I had two methods, based on the two most common scenarios we've encountered:
I would use a stopwatch and time myself, stopping at 15 minutes. For Case 1, I'd search Google for "casino" or "sex" and hit those sites. For Case 2, I'd search for "lyrics" or "buddy icons" and hit the top ten or fifteen sites listed.
At no time did I ever click "yes" when prompted to install software. The point was to attract the "drive-by" malware, the ones that didn't put an entry in "Add/Remove Programs", the ones that were the hardest to remove (e.g., randomly named polymorphs, malware that sees if one tries to terminate the process or remove a registry key and re-installs, malware that prevents anti-spyware programs from running, etc.).
In fifteen minutes, I can infect an XP box with between 400 and 600 objects (by AdAware's count). That's the result of hitting between 10 and 15 sites. Often, that's enough to inflate the number of running processes from 30 or so to about 60. Pop-ups appear even if IE isn't explicitly running. Case 1 infections often leave the computer in an unusable state, and by unusable state I mean "tits and ass all over your screen".
I give a prospective employee two hours to disinfect the computer, though I do cut major slack if it takes longer but they've got the right attitude and methodology. If hired, I show them how to get this down to under an hour (AdAware, Spybot, UBCD, manual cleaning, etc.).
Malware removal is about 30% of our billable hours. Since our contracts with our clients call for a certain amount of hours of service and maintenance each quarter, bug hunting is a distraction from the real work of administration: keeping up to date with patches and software updates, implementing our infrastructure upgrade roadmap, and software support and training. In other words, nearly a third of the time we spend doing productive work for our clients is spent whacking malware that targets Windows PCs.
Finally, we do try to come to terms with the fact that sometimes this is a human resources problem and not a technological problem. In Case 1, Employee X should not be surfing pr0n or playing Texas Hold-em on the job. As contractors, we try to block certain sites at the firewall, though that's a game of whack-a-mole, and we encourage all workstations to have monitors that face a common area (knowing someone can randomly shoulder-surf you is a big deterrent). Case 2, the residential case, is more problematic, since the sites that install drive-by malware are pretty innocent (lyrics, IM buddy icons). Permissions/ACLs would help, but there are so many applications that need admin rights to run that it's a joke. I've steered a few residential customers towards Apple Mac Minis and iMacs and have had no complaints after the fact.
Bottom line: it's a fucking jungle out there.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
Anyway, with an older version of ZoneAlarm, SpyBot Search & Destroy, and LavaSoft Ad-Aware it runs just fine. Periodically I do AV scans and have never found a virus or trojan on the system.
I'm sure this will get modded down just like the last time I pointed out this very simple fact, but how many "Windows box gets rooted in $time!!" articles have we seen so far? I believe this is the third in the past 12 months alone. Is there really *nothing else to post* besides the same crap?
here is one from November 30th, 04, and there are others. I Googled for "windows box compromised site:slashdot.org" and found this right away.
Go ahead, try it, for each "duh" story, change the search string and see what you come up with.
This is worse than a dupe, it's just... sloppy. I'm glad I don't actually pay money for this site.
As I see it, there are only 4 solutions:
(1) before going on-line for the first time, purchase a router and configure the firewall, then immediately download all necessary patches, plus a good anti-spyware program,
(2) download all your Windows security atches, service packs, etcetra, third-party firewall and anti-spyware software from a friend's Mac OSX
machine and burn them all to CD/DVD. Apply all necessary patches and third-party software before venturing out onto the internet,
(3) choose not to play the MSFT security patch and upgrade revenue stream game - buy an Apple Mac, or reformat your hard drive and install any of these: linux, FreeBSD, OpenBSD, Solaris 10 x86, QNX. If in doubt, ask a knowledgeable friend for advice,
or
(4) buy the absolute fastest bad-ass big disk Wintel/AMD computer you can find to make that
broadband connection. Make certain that you have the OS media and valid cd-key, make backups of all
your important personal data, and figure on either (a) reformatting/reimaging your computer every three months, or (b) be prepared to buy a new computer every six months. Wash, rinse, repeat.
They DO install themselves. Get online with a clean, unprotected install of XP, and it will be 0wn3d in a few minutes. Not "may be", it WILL be.
Circumcision is child abuse.
People are trying to boost ratings, and sell newspapers!
If they post sensible and logical stories, how are they going to cash in on all the Latvian cab drivers and alcoholic divorcees who demand that the Evil Intarwebs be banned to protect the children?
Use your brain sometimes for fuck's sake!
I installed win2k sp1 on a university lab machine (we have some software which we need that only operates on win2k). I protected it during the install and update period with a belkin router acting as a firewall. After everything was patched and the mcafee was in operation i took the firewall off and connected the computer directly into the wall rj-45 (fingers crossed of course).
Comment removed based on user account deletion
My Linux box was constantly the target of Windows exploits--which I laughed at for hours--but no one ever bothered with my Windows box.
And since I know this is /., and must sound like an invitation to some of you, it IS firewalled, patched, running AV and anti-spyware programmes right now, but the point remains: While there are horror stories out there about how hackers are able to take over your computer even before you get it home and out of the car, it's probably a lot less common than the sops who write these articles want you to believe. Yes, make sure your computer is secure, but no, don't be so scared of it that you don't use it.
Wait, Firefox's market share isn't that high yet is it?
I hate to be an ass, but it rarely takes 12 minutes. In my experience it's been closer to 5 minutes on Windows server OS's, and slightly longer on Xp's and Nt's... Also depends on your connection, few hackers are ever interested in narrow band users.
This signature has Super Cow Powers
I installed windows xp a few months ago with one of the 'old' (no SP1 or SP2) versions. I noticed a few minutes after connecting the to the internet i was being infested. Windows without SP2 can easily be overrun without even using any programs like IE. In the end I had to download SP2, Firefox, and Anti-spyware to a CD. Then reformate and install windows xp all over again without connecting to the internet.
The human race is artificial intelligence created using object orientated programming.
It's the average Joes and Julies. Most folks haven't a clue about firewalls or Windows Update and patches. Users just want to get on-line. They don't want to buy AV software and those that do purchase or have a friend install it don't know about configuring for auto updates.
Many SlashDot users are unlikely to be infected, nor are their close relatives who have a guardian angel to look after their machines. The crux of the virus problem is ordinary users who aren't computer experts or can't be bothered with maintaining their system. We shouldn't blame them. After all, this
The real problem is the inherently poor design of Microsoft Windows. It's OLE and Visual Basic Scripting that grants full machine privileges to applications, something Java was intended to protect against.
It's stupid Microsoft programmers who think the best way to grant memory to a program is with DIMENSION ARRAY_X[1..10000000]. It programmers who have no clue about boundary checking each and every use of variables or not trusting user input, by assuming that input is intent on breaking system security or the application.
It doesn't matter that new PCs now ship with SP2. Over 100 million systems are running pre-SP2 software or Windows 95/Me/98/2000. As the price of DSL comes down, these older machines go on-line to become infected in 12 minutes or less.
Whoever said 12 minutes is a "mean" has a misunderstanding of statistics. The distribution is almost certainly nonstandard or nonuniform. Mean is average. Median is middle: 50% are less than 12 minutes and 50% are greater than 12 minutes, which could be years. That's not an average.
signature pending slashdot approval
try putting a fresh RH9 (off ISOs) on your DMZ, and let's see how long it lasts.
2.5 years and counting, here. Default workstation installs of RH8 and later don't leave any ports open. Same goes for every other Linux distro I've tried in the past couple of years.
Nice troll, though.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
If everyone switched to Mac OS X, there wouldn't be ANY security problems at all. The security that is built into Mac OS X is practically impenetrable: http://www.apple.com/macosx/features/security/>
I installed Windows XP on my mother's PC. Installed McAfee Security Center, enabled the internet connection, and updated the virus scanner. After a restart it instantly discovered 2 different viruses installed. From the moment I loaded the internet, to the time I rebooted, it was no more than 3 minutes.
I'm a signature virus. Please copy me to your signature so I can replicate.
I really find it quite ironic that there's so many MS apologists in this discussion willing to say that getting infected is the user's fault for being too stupid to have a commercial A/V package installed (at additional expense) and have a hardware firewall (at additional expense) between their system and the internet.
Yes, I know that AVG is free and very good, and Zone Alarm has a free version (I make sure both are on every MS box I have to look after).
But this ignores at least two problems. First, OEM PCs don't come with AVG or ZA, they come with Norton or Symantec or McAfee and a very short period of free support. Two months after you bring your new PC home and the new NetskyBlaster.z hits your hotmailbox, you're SOL. Why, if MS is so focused on improving security, do MS customers need to rely on 3rd party vendors for A/V security software?
Secondly, the firewall in XP SP2 is certainly an improvement over nothing at all (or over nothing useful, a category to which the the pre-SP2 firewall certainly belongs). So then why do I need to buy a $70 hardware firewall if XP has a firewall already?
Why does ZA tell me about so many more applications that want to reach the internet than the XP firewall? Why the hell does rundll need the internet (let alone Nero, or my printer for that matter), and why doesn't the XP firewall tell me about it?
For a commercial software vendor, MS's security record is beyond dismal. For a company that claims security as a priority, MS's poor performance would be laughable if it weren't so damned expensive and time consuming.
Why is it that Linux vendors can provide fully configurable firewalls that block anything and everything (if that's what you want) out of the box, but MS Windows insists on leaving open ports, enabling ActiveX, and phoning home to download updates whether you want it or not?
Why is it that wierdo hippy-commu-nazi Linux developers understand the difference between user and administrator but MS developers insist on every little widget having complete kernel access?
Why is it that MS thinks security is something to tack on to an OS through SPs, weekly downloads (with requisite reboots), patches, and 3rd party products, rather than something that is built into the code?
Unpatched Win95 will last about 20 minutes, from what I can see with Snort, IF you have file shares bound to TCP/IP. There's still a lot of Opaserv traffic on cable/DSL ISPs.
:)
(For those that don't remember/didn't know, Opaserv was a fun worm that can crack any unpatched Win95/98 box with file sharing turned on, and bound to TCP/IP. How does it get in? Easy. Until patched towards the end of 1998, Windows 9x shares only authenticated the first character of the password. Opaserv just tried the first 40 or so possibilities. Took Microsoft over 3 years to patch this one
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Within twelve minutes of getting a WinXP machine up and running, I needed to read a PDF to figure out some drivers. Went for Adobe and low and behold it installs Adobe download manager, Yahoo toolbar, and some other garbage, by default. Yahoo toolbar counts as spyware to me, so there you go. I'm sure the article is refering to more dastardly software, but even still, a lot of it is in common applications now.
P.S. For anyone else who has this problem, go get Ghostview and its accompanying PDF reader, it's free and open source.
A whole slew of services: RPC, SMB/CIFS (file sharing), UPNP...
Ports: 135, 137, 138, 139, 145, 500, 1025...
Windows 2000/XP has a TON of default listening services, most of which have been exploited over the years by various worms. Only way to turn most of these "off" (other than to render your system unusable) is to run a software firewall, Microsoft's or 3rd party. They're turned on and listening for "convenience", I imagine. I will admit that in a corporate environment it's handy as hell to be able to admin just about anything on a box without doing a thing. Why the hell these were left on for home users is beyond me.
Ah, Blaster, Sasser, et al, you will always have special places in my heart.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
More and more, Microsoft's attitude of profit and mediocrity over security is costing the world's businesses billions and billions of dollars in lost productivity, and there is a real threat of leaked trade secrets and proprietary information due to these worms and viruses. Yet, people are so dependent on legacy Windows applications that they feel trapped in a software hell.
Thankfully, the resurgence of Mac and Solaris, motivated by advancements with Linux, has brought real solidly engineered commercial systems into reach of ordinary computer users. Never before have industrial-grade time-tested kernels like Solaris been free downloads, and never before have people had desktops with such attention to detail as Mac OS X.
It has come to a time where replacing Windows is both practical and affordable. Windows is no longer needed on servers, and it can be done without on workstations. People are switching in droves as Longhorn stagnates in its feature limbo and Windows XP is mired in security exploits. This is a very important time in computing history as the biggest software giant of them all is about to fall flat on his face, big time.
Read the parent comment, then finish this one.
"That is very amusing story... and so believable that it should be spread as a virus, via email.
And be serious about it. When the n00bs ask "ooh! really?" tell them yes! It's true. It's all true.
And so the herd stampedes to safety. They choose an OS that is safer and does the stuff they love: the applications.
The applications through this os are, on the whole, smart applications: they know what they shouldn't do. They don't open new executables without a warning and they especially don't open them if a virus scanner doesn't give them the okay. They don't wig out when given a buffer overflow. They have sensible default settings.
The OS that succeeds will support the user in making wise network decisions about the things that really matter: the OS never allows an option to not hassle the user about a new executable, because it can't be risked. Period. Allowing would be like allowing a toddler to play with a loaded gun. And, frankly, like allowing a retarded adult to do the same -- that's you, yes, the high-functioning geek who thinks he knows that he will never ever fuck up a simple "run yes/no" dialog except you only have to do that once and no one is ever perfect.
==--Pay attention to the previous and next paragraphs --==
And check this out: it might not really matter that you know that absolute perfection isn't required to squelch the masses of viruses: if we were all so safety-compliant as you, the problem would probably go away. But there will be so many people that think that they are you, who go to the trouble of disabling the nag, that they'll far, far outnumber you. You'll go down fighting an endless battle of wits. It is too late: we can not win. We need to eliminate choice at the OS level.
I repeat We need to eliminate choice at the OS level.
It is the only way to protect ourselves. We can not allow users to make choices that compromise network security. And for all but the OS I/O kernel functions, the decision is completely and absolutely off-limits. You want to change it, you have to have access to the source code. You have to be technically capable of compiling the kernel correctly, and integrating it with your system. You might even need to be technically capable of overriding your hardware.
And here, let me up the ante even higher: applications need security clearance at the kernel level, with private-key encryption ensuring that only an official OS-kernel-update is ever allowed to be installed.
The security module might well be a second chock-point: the kernel and security module pk-confirm their identify. Both modules are securely encrypted themselves. Magic makes it possible to boot the OS. Once it's up and running -- perhaps after an intensive security check, and well before there is any possibility however remote of foreign bitstreams getting involved.
You don't get a choice. The security kernel and kernel kernel are assigned identity to one-another, and can not be replaced without a huge internal security hullabaloo to ensure the system is superfuckinglutely certain it's perfectly safe.
You don't get to choose to not run a firewall. You don't choose to open ports. You don't get to make any decision that can compromise the absolute security of the OS.
Yes, that sucks. But it's what is necessary:
Spread the meme. Fix the OS. Herd the cattle. Don't let them know. Save us.
There's money in this, I'm sure. Be reasonable, like the OpenOS and OpenApplication people have been. Thanks.
The OSes that can offer wise decisions for all but the most incredibly privileged technical few, will be those OSes that
--
Don't like it? Respond with words, not karma.
I have internet through ethernet with some 120 users on the 192.1.1.x block. In my firewall logs when i am online i see a port scan every hour or so. And this is with approx 3 PCs in the network which have been affected. When i used to connect to the internet through a router(DSL) I would see a port scan in the logs every 5 minutes or so!. So 12 minutes is not really a big deal!
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Recently, when installing a friend's machine with windows, the damn thing got infected before I even had a chance to download and install SP2. :)
Needless to say, both he and I were quite angry by the second attempt. He is now a happy Ubuntu Linux user!
RebateFX.com - Spread rebates for Forex traders
Considering the Spybot worm (not referring to the anti-spyware software) and the different ones out there that don't need user interaction after the first outbreak, I'm not surprised at all by this. In a lot of cases, even if just one box is infected on a subnet it'll often nail every unpatched box.
Consider this: 12 minutes after your Windows box is installed, are all of your patches finished?
Not a chance unless you're working off an image or have slipstreamed the hell out of everything somehow.
Thus, the numbers make sense.
I have been surprised by Comcast. I have a linux box directly on the net serving as Firwall, server, etc. I will occaisionally sniff to see what is going on, and even use to check my apache and postfix logs. From what I can tell, I have several neighbors that are totally infected. Yet, when I suggested to comcast that they take my log files and make use of them, they basically sniffed at me. Here was a nice way for them to have honey pots all over (via *nix boxes), and yet, they are not interested in getting that data on KNOWN infected boxes. Amazing.
I prefer the "u" in honour as it seems to be missing these days.
Silly me, I was using SSH. Someone shoot me.
Nice troll
Nice apologetic washout.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Sounds like my local tv channel's weather forecast for chance of precipitation.
BTW, I love the new required ability to decipher Klingon before you can submit a post. Why not make a fucking colorblindslashdot.org and make the images in green and red dots you chompers.
What is this all about?
An unprotected windows box, hey?
This is pretty stupid. Windows boxes are firewalled by default (all new Windows XP/2K3 installs are firewall on by default. All Windows XP boxes connected by default - again, all of them - to Windows Update have SP2 installed and the firewall enabled). Sure there are some legacy PC's out there running Windows without protection - but we've already established that this is lunacy, just like not firewalling your Linux box is also lunacy.
What is the author trying to prove exactly? All people who go deep sea diving without basic scuba equipment drown within 12 minutes? Shock horror omg wtf?
This isn't news, it's anti-MS FUD. Why didn't the author mention that a properly protected (firewalled, AV'd) windows box will stay unviolated on the internet for as long as a properly protected (firewalled, AV'd) linux box wil? Because that isn't Slashdot's traditional anti-MS FUD, that's why.
Slashdot used to be a respectable news source. Dead horse flogging propaganda like this only removes journalistic credibility from slashdot.
Flame/Mod away.
I am government man, come from the government. The government has sent me. -- G.I.R.
A firewall doesn't protect everything. A firewall with a clueless user at the helm won't protect you from quite a lot. It won't protect you from buffer overflows, system exploits, or a lot of other automated exploits. It won't protect you from a lot of spoof attacks. It will make you non-pingable, which helps, but anything you have enabled might still be a way in. Saying that having the built-in XP firewall running gives you a 100% chance of not being compromised is like saying that having antilock breaks gives you 100% chance of surviving a crash. It helps, but if it's your only line of defense, you're screwed. Quite frankly it's grossly inappropriate to tell people to not worry anymore. Everyone should pick up a free firewall (of the kind that can detect outgoing traffic, as opposed to SP2), a free AV software package, and a free spyware detector or two.
We just had a bug fly around my work, owning the network. This was with a hardware firewall and AV. Both were working, it was just a bug that was too new and the AV vendor hadn't discovered it yet.
The ______ Agenda
I set up a fresh workstation PC for my mother barely a year ago. New Linux compliant components, a top grade Asus Mobo, Infineon RAM, a nice case, etc. Time was getting short and I in the last moment I decided to screw Linux and install Win2K to avoid the driver setup hassle and have her a more stable DVD playback. (turns out that was pointless, since Win2k had more driver hassle than Linux later on)l ing. Anything else I can't take serious anymore.
The first time it went onto the internet was across a brand new 56 anaog modem. I swear it was less than 15 Minutes when the first addware started to pop up - and we just had gone online for a very short period to test her mail account.
My mother emphasised a clear "No go" and I felt the very same way. I went to the next convienience store, got a copy of Aurox (a european/polish magazine fedora-variant Linux distro) and installed it right away.
I still use Win2K for the occasional task that can only be done with it, but I don't do anything mission critical with it anymore. Since 4 weeks ago my Mom has a Mac Mini (the PC had untracable power issues) and is happier than ever before.
Bottom line:
Mac to get the job done, x86 Debian or Ubuntu Linux for cheap PC workhorses/servers/tinkerboxes/old-hardware-recyc
We suffer more in our imagination than in reality. - Seneca
Sure, and anyone working retail knows that Winblows has been getting creamed for years, cable or no. This puts a number on that you can use, and the number has gotten smaller.
"But wait," you might plead, "I remember just a few months ago reading about a minimum time to exploit of four minutes. This is twelve, how can things be getting worse and how do you know?"
Well, Sophos knows because they have the thankless and hopless task of "protecting" hundreds of thousands of Winblows computers around the world. They came up with their figure by studying what their little clients fold them for the last six months. With so many clients, it's easy to watch them pop and extrapolate rates of infection, just like you can with radioactive material.
What they have told you is a Winblows computer now has a HALF LIFE of twelve minutes. That's much worse than a four minute minimum because half lives have a way of adding up quickly. In 24 minutes, a given machine has only a 25% chance of not being owned. In 36 minutes, the chances of being "factory new" are down to just 12.5%. After an hour, oh my, you have less than a one in fifty chance of being virus free. Needless to say, after a few hours on line, YOU WILL BE OWNED. This is why even dial up users are suffering quickly.
Notice that Sophos can be off by an order of magnitude and the results will be about the same. If the half life were really 120 minutes instead of 12 minutes, you would still be owned after a few days on line. There's little practical difference to the average user between 10 hours on line and 10 days. It's doubtful they are off by that much, given ammount of data they have available.
Just for fun, try this fun little half life game. It's a little fast and the lables are elements, but you can imagine different Winblows versions getting oowned and spewing out their toxic spam and trojans onto the rest of the world. Radioactivity, cancer and Microsoft, what great analogies. Given real world M$ performance and it's results, the cancer shoe fits much better on Steve Balmer than it does on any GPL'd project.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
If you connect a unpatched copy of windows on the microsoft campus network, you have a 95% chance of getting infected within 2 minutes.
... when I was warned not to install a fresh copy on the network ...
I know this, because it happened to me. When I was out there doing some consulting, I used a vmware install to connect to the network. I didn't wanna screaw up my own install by joining the MS network.
I couldn't understand why my install keep getting hosed, until I ask some of the people there
That's good advice, but you left out the Thunderbird mail client. The router (not SP2) will block many automated worms before they can seize your Winblows computer through something silly like a Plug and Play deamon that listens to the network. Firefox will protect you from many drive by malware sites, unless you load it up with crappy plugins like Macromedia flash. Thunderbird will protect you from many email born problems.
Because the commonality above seems to be, something non M$ will protect you, why not just run something like Mepis in the first place? The router is still a good idea, and a bonus is wifi.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
what utter twaddle! "try putting an unpatched win98 machine on the net and see how long it takes to get hacked" is about as sensible a statement as the one you just made.
= 1272&q=unpatched+linux+windows+hacked&btnG=Search& meta= if you need any references.
there are things like iptables that tend to not be like your windoze 'firewall', if you can call it such.
by the way, http://www.google.co.uk/search?hl=en&safe=off&biw
funny, though. well done.
it happened to me... i think it was more like 5 minutes :o)
That's true it happens to me when I made a 'clean' install of my xp system.
No time to download neither SP2 nor AntiVir Guard (the free antivirus) and my computer wasn't able to go on internet without crashing.
I had to reinstall three times.
Finally I used a quite old version of Norton which came with my pc and enabled me to download those two things.
My computer was still infected by another virus but could download AntiVir which cleaned the system. I which I could burn SP2 along with antivir on a CD for next time .
I worked for a company that will be selling a multi-million dollar solution to them for figuring this out (OC-48 speeds and ability to read, copy and modify all packets at real-time).
The amazing thing is that they are evaluating system constantly. Once they know that they are infected, they do shut off the network to them. But they are doing it very slowly and inefficiently.
And yes, the log files would be perfect for them. It gives them a start point on a number of local nodes and allows them to evalutate systems quietly. The honeypot approach actaully works better (does a better job of weeding out brand-new infections before they make progress, whereas the large box will be at least several hours out of date, just like any normal anti-virus).
I prefer the "u" in honour as it seems to be missing these days.
Improvement on re-installation routine.
Requires user to do some work downloading latest versions/and slipstreaming pre-install.
Slipstream the latest service pack onto the CD.
Install Windows.
Install Latest Drivers.
Use Latest Autopatcher to patch computer - and upgrade other components. (WMP10/Win Msg 5.1/MSN Messenger 7 - Remove MS JVM, Install Sun Java + more)
Install Firewall (Your Choice)
Install AV (Your Choice)
Install Microsoft Anti-spyware (Or another Resident AV)
Plug network cable in - From Router with firewall
Apply any further patches that may have been released since Autopatcher.
Patch MS Office (If Running)
Install Spybot S&D - Immunise
Install SpywareBlaster - Apply Immunisations.
Install Firefox/Opera - Only use IE for WinUpd/OfficeUpd or Sites that don't work)
Although it can be funny, tell them to plug the power in.
A society in which every second person was being violently assulted has already broken down and most commerce would have ceased sometime ago.
A better comparison would be - if every second train carriage was tagged every night, manufacturers will need to develop easy-clean paint coatings. Which they now do.
But you are right in that Operating Systems need to be bullet proof immediately that they are installed, wired up or not and regardless of what install type or configuration the user might have selected. If they try to deselect a required setting or config, they should be warned and offered choices - eg - "you are trying to install your computer without the default firewall. You need to install a firewall to be safe but if you want to install a different one, you can easily do so later. For now shall we just install this one?"
Blah
(3) choose not to play the MSFT security patch and upgrade revenue stream game - buy an Apple Mac, or reformat your hard drive and install any of these: linux, FreeBSD, OpenBSD, Solaris 10 x86, QNX.
Yeah, none of those ever require patches or updates.
P.S. Never bitch about "revenue stream" in the same breath as recommending a Mac.
Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005
Apparently now one knows of the Survival Time http://isc.sans.org/survivalhistory.php
This is a graph auto-generated from live network traffic estimating the time from plugin to compromise for a Windows machine.
OpenBSD...
At home I run OpenBSD and packet filter for a firewall. Naturally whenever there is a problem my ISP is convinced it has to be my "non-standard" equipment.
So I direct-connected one of my Win2k boxen and it still doesn't work. I finally persuade the tech to replace the modem, force a new DHCP lease and it works. Within 2 minutes of the connection going live I had to close 2 MS Messenger boxes ("Your computer is vulnerable, click here to find out how!").
I re-routed through my firewall and gee, my "non-standard" equipment works just fine.
Bought a display model from a local retailer, brought it home, popped in a Norton Anti-Virus CD and went to town. Eight hours later, it was still fubarred. Even the emergency repair partition was screwed up. (I have no way of knowing if that was virus-related, though.) Eventually, I just called the manufacturer and had them send out a set of Windows-XP media.
Lesson learned: never buy the display model if it's hooked up to an in-store network!
That's how long it took to get a machine at Yale loaded with 2K or XP, and get it online to download the required security fixes (and this was the required way to do it). The machines were compromised before the security fixes were downloaded. This wasn't one time. We tried several times. 7 seconds was an average.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
While admirable, I am certain that with sufficient effort we can cut this in half.
Perhaps that is why it is called XBOX 360.
If you really want to crash some of these viruses and worms...
/Bjprn-
you might wanna set up a tarpit using IPtables on the 135 and 445 ports on your internet network-interface.
That'll make the applications that connects on those ports to crash, when they try to connect to your machines ports (at least is that what the maintainer says).
It doesn't use up your CPU % nor bandwidth afaik !
Why isnt this more widely used?
It's an excellent technique (which also can be used maliciously (tori spelling!)).
Bush bull-shitted us and the **IAs are blowing it up out of proportion.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Silly person.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Sorry but your sig intrigues me.
Crush the infamous is not a common sentiment.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
My solution: run a minimally patched Windows 95. It's too outdated to get infected.
NEVER make a claim like "Never once have i had a virus or been 'owned'." unless you have the statistics and logs, proving you were attacked and able to repulse, to back it up.
.mil network, don't throw down a gauntlet like that on a public forum. Someone is likely to spend an hour or so making a liar out of you, just because they have some time to spare.
Unless you are running on something suitable for a
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I had this old machine in DMZ on my network and had forgot about that detail. I switched hard drives and installed windows. The installation took 3 times the usual time and I thought it was probably some hardware problem or something. As I booted up the first time I realised it wasn't a hardware issue but a windows one. I had to explain to my fiancee that I couldn't have visited any pornography sites yet since it was the first boot.
this is absolutly true. A few months ago i reformated a friends system and installed XP again. this was a version that only had integrated service pack 1. it was plugged direcly to the cable modem and since windows did not have a firewall on by defualt he was wide open. in fact his computer was infected by multiple things before it even finished booting for the first time! By the time i got into widnwos it already had lots of interesting spyware and worms for me to get rid of. Luckily im more than capable of handeling those problems, but the average user would not be, and may never even know he was infected. This is a huge prolem IMHO, which could be fixed by having a full firewall enabled during the install. and has a habbit of turning what should be an easy install of windows in less than an hour, into a nightmare that last over 5 just to get it ready to use.
but in the mean time just dont be connected directly to the internet when doing an install. or you can just use Linux like me =)
I've got a couple of Win 98SE and a Win 95 box running at home. They were on dialup for several years, and then over the last 1.5 YEARS they were on roadrunner, with only the router hardware firewall between them and the net.
NO infections on those machines.
Scare mongering again.
This research indicates that 50% of windows installs are compromised before they've finished booting. No way.
My computers haven't had an anti-virus program installed on it in 5 years, and I've never had a virus, spyware, or anything. Ever. If you know what to look out for, you're not going to get hit.
There's a process called slipstreaming that will allow you to implement service packs, includings hot fixes, into a Windows XP CD, and they will be installed when Windows XP is installed. Just search on google and you'll find plenty of guides.
Don't connect to the internet without protection! DUH!
Well, there is World of Warcraft that runs natively on MacOSX. Somebody help me out here...
Blizzard has always been really kickass about supporting Mac games. That's one thing I love about them. I still quite regularly fire up WC3 and do a little LAN gaming.
I had a computer at home where I destroyed the copy of windows XP on it. So I decided to do a fresh install of Windows 2003 Server on it. The mistake I made was to keep this box on the DMZ of my router. So, as soon as I was done installing and ready to download service pack 1, BAM within 3 minutes, it started complaining about executed code and would shut itself down within 30 seconds. Thank god it at least had the sense to turn itself off before anything dangerous was installed (a very nice feature of 2003), but at the same time prevented me from ever completing the download of SP1.
Quick and easy solution: download the service pack manually on a win2k box that was not DMZ on my router, disconnect the win2003 box from the internet, and transfer the service pack through the network.
Of course, with SP1 I'm all peachy since it has the improved windows firewall. Along with the windows antispyware, clamwin antivirus, and firefox, my free-as-in-beer protection has kept me safe ever since.
"Worker bees can leave
Even drones can fly away
The Queen is their slave."
I suppose this is true if you install Windows XP with no service packs, and connect without some sort of NAT.
But no sensible person does this. Anybody with half a brain uses both a router, and slipstreams service packs into their windows install disks.
Showing that you can exploit an unupdated machine in 12 minutes and saying that proves something is pretty pathetic. I bet it would be pretty easy to root a Debian box that hasn't been updated in 5 years too.
I have a fresh install of XP after it crapped out on me last night. I've been online for 5 minutes.. 7 minutes will tell if I get the wrong side of the coin.
It assumes you're a user that downloads attachments and clicks on those "Buy viagra now!" ads. It has nothing to do with going online, but with the user being stupid.
Windows has made significant strides in this department, including a half-decent firewall that is enabled by default out of the box.
"OMGZ THERE'S VIRII EVERYWHERE!!1 Please buy our AV software at the following link."
:wq
Maybe MS should throw in a free one-port router/NAT box with every copy of Windows... or maybe that should be the other way around?
Downmodding is the refuge of the weak. Don't downmod, make a better argument!
I was doing dorm tech support at a major (Ivy League) university a year or two ago, which had upwards of 30,000 computers on its network. Even well after the height of the Blaster/Welchia/MyDoom/whatever outbreaks, I'd say that an unprotected and unpatched Windows XP machine lasted at most 2 minutes on the network before getting a worm or virus. Most machines were unusable after 30 seconds.
I know a number of people who have had their systems compromised by worms before the latest security fixes finished downloading. This has happened with not very out of date versions such as XP SP1. Some of the problems occurred because the people had to reinstall Windows from the cds which came with their OS, which may be a year or two out of date.
Everytime I see that a computer connected to the internet is highjacked in whatever amount of time, I have to wonder what they were doing. How was the test done? Did they just plug it into the internet? Were they surfing bad sites? Download crap? They had to have said yes to something at some time.
It puts the lotion on it's skin, or else it gets the hose again.
1) How long does it take an out-of-the-box, default-install, brand new XP/SP2 machine to be infected, assuming the user only browses to www.microsoft.com, www.hispcmanufacturer.com, www.hisisp.com, and www.majorsecuritysoftwarevendor.com in the hours/days/years before his machine is fully hardened?
2) How long does it take a Windows98-1st edition box to be infected if it's behind a hardware firewall that blocks all inbound ports, assuming the same browsing restrictions above before the machine is hardened?
The former represents "new machines."
The block-all-inbound-ports represents what most home routers do out-of-the-box and what ISPs SHOULD be giving to users, until the users specifically request a port be opened.
Malware usually comes in one of the following ways:
1) open inbound ports + buggy/exploitable software
2) users browsing to web pages that force downloads using exploitable browsers
3) users reading HTML email using exploitable email clients
4) users doing whatever on the net using exploitable client software
5) users accessing an infected file, via disk, network-mounted drive, or other means.
2-5 usually require the user to take some affirmative step, such as loading a web page. #1 is the only one that "needs" to be locked down on freshly-installed systems. The rest just need to be locked down before the user starts doing things that could get him into trouble.
Here's a third question:
Why aren't ISPs blocking inbound traffic for customers that don't request it?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
To go from spending 0% of your time fiixng Malware to 30% of your time fixing Malware solely by adding consulting hours, you'd increase your billable time by around 42%.
People don't always have the patch-CDs on hand. Heck, most people get a computer of of the box preloaded.
:).
Here's what these people should do:
Turn on machine, network disconnected.
If machine is preloaded, enable firewall and antivirus programs if you have them.
If it's not preloaded, install Windows and any security patches and security software you have handy.
If machine is not blocking all inbound traffic, get a hardware router or software firewall and install it. Sorry folks, this may mean a trip to the store if you have a 98 box. XP users can just enable the built-in firewall.
Turn on network, visit MS web site, and install all security patches. If you have dialup it may be faster to order the security update CD
Visit firewall, antivirus, anti-spyware, web-browser, email-client, and any-other-net-enabled-apps -vendors and download and install all security patches.
Visit vendors for any software that reads files you will be downloading over the internet, e.g. word-processor, graphics, etc., and install security patches.
Optional but very preferred:
If you aren't on dialup, get a hardware firewall and set it up properly. Be sure to get security patches for your firmware.
Enjoy your computer, knowing sooner or later if you aren't very careful, it won't be yours anymore.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Saying half the unprotected machines are exploited within 12 minutes is NOT the same as saying unprotected Windows systems have a 12-minute half-life.
All we know from the article is that 12 out of 24 such machines are infected by the 12-minute mark. We do not know about the other 12 - are they infected by 13 mintues? by 13 months? never?
Likewise, we don't know from the article when the first 12 got infected - was it a flat distribution, with 1 each minute, or were they all infected between the 11 and 12 minute marks?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Something some businesses do, and all ISPs COULD do, is provide a web page with nothing but fixes.
Here's the fun part:
If your machine starts sending out viruses, they cut off your internet connection and replace it with another, so that all IP addresses go to this web page, or better yet, a version of this page that has a link at the top "Why can't I get to the Internet" with an explaination.
This does three things:
1) It stops you from harming others
2) It protects you from further harm
3) It gives you a way to fix the problem
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I don't see why you make a distinction between daemons and the kernel/OS in one case and not the other.
When we talk of Linux vs. Windows security, we are not talking about Linux on an iPod or something, we're talking about a Linux install on a PC. So it is fair game to talk about security issues which come from portions of the install outside the kernel.
If we're gonna talk about distros on the Linux side, why not on the Windows side? The "SP2" distro of Windows XP is a lot more secure than the outdates distro that this article uses as a reference. It's so much better that the real problem now is more trojans than viruses. And we all know that the real thing that makes trojans work isn't a problem in a distro, it's the user behind the keyboard. And Linux is not immune to user idiocy.
I tried putting an unpatched windows XP system on my speakeasy account to watch it get infected (The things one does for fun.)
I took signatures of everything on the system so I could pick over the changes when it did get infected. I wanted to see how fast it would take and how hard it would be to clean the system up.
It surprised me when it took around a day for it to get infected.
The best I could conclude was that it does matter where you are on the Internet.
I need to try this experiment on a cable connection.
i want to know
No, not in America anyway, but the infamous are slowly being eradicated in Western Europe. America is always behind the times. I guess we got to give America another three hundred years to get out of the Dark Middle Ages.
America is a highly religious society. They even have a gigantic statue of the Goddess Libertas in their old capital city - recently restored to her full glory - and thousands of people pay homage to her every day.
I sure prefer Libertas to the old grumpy War God Zeus, that is favoured by the majority...
Oh well, what the hell...
Continueing the pedanticness:
No, the assumption on a number like that would be "at least". There is no such thing as "at most". You can always find a more obscure way to do it.
That's true but saying that Windows machines have a 50% chance of being owned in 12 minutes is a half life. I'll quote the article, in case you forgot what was actually said while you were busy spouting sophestry about small numbers of machines:
There is a 50 percent chance your unprotected Windows PC will be compromised within 12 minutes of going online, says security vendor Sophos.
Now I'll answer this question you had, which you phrased as a statement of misdirection:
All we know from the article is that 12 out of 24 such machines are infected by the 12-minute mark. We do not know about the other 12 - are they infected by 13 mintues? by 13 months? never?
We can't distinguish one machine from the other, and one machine being owned only marginally effects the others. So, if you had 1,000 Winblows machines about 500 would be owned within 12 minutes of being placed on the network. Of the remainder about 250 would be owned in the next 12 minutes. If you can tell me what the difference between one Windoze computer and another is and one 12 minute period and another is, we can say the odds have changed. Otherwise, every 12 minutes online is like any other 12 minutes online for any Windoze machine and the odds are 1 in 2 of being owned in that time. As I pointed out, the odds of not being owned over a longer period of time get small fast.
With a modern calculator, this is easy to compute for arbitrary times. Just raise 1/2 to the number of 12 minute intervals you have. 13 minutes, for example is about 1.08 half lives. 1/2 to the 1.08 power is .472, so you have just a little less than a 50% chance of not being owned in 13 minutes. If you have been lucky, your chance of being owned in 12 minutes does not change from 1/2, but you have to be very lucky indeed to last for any length of time. Your odds of surviving for one hour are only 3 in one hundred. Would you put your data in a box with such low odds of maintaining it's integrity?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Of the remainder about 250 would be owned in the next 12 minutes.
You are claiming that the "loss rate" of MS-Windows machines is one of exponential decay, like radioactive decay. This may or may not be the case. The article didn't say.
Let's take two types of attack, the kind that doesn't require human intervention, and the kind that does.
I'll concede that the first case may be logarithmic. Intuition and some thought experiments indicate it probably is.
However, what about the cases that do require human intervention, such as those that are vectored from infected gambling web sites. I submit to you that some unprotected Windows machines will NEVER be infected from those vectors, either because the user doesn't frequent these sites or the user doesn't browse at all and only has an internet connection because he's on a LAN that's connected.
In this case, the overall first-infection curve is a function of two other independent functions - the time it takes to get infected by a no-human-involved bug, and the time it takes to get infected by a human-involved bug.
Since I assume the 2nd is not logarithmic, and I doubt the combined situation is truly logarithmic either.
Here's a silly example of how a situation can come to be:
Suppose, and these numbers are obviously false, that no-human-involved viruses are rare and the time-to-first-infection curve is logrithmic with a half-life of 100 years. After 1 day, 99.99% of computers are NOT infected yet. Even after a month, 99.9% are still not infected.
Suppose there are rapidly-spreading viruses, but to get them, you have to browse to compromised web sites. Suppose that only gambling web sites are affected. Suppose further that the traffic pattern for gambling sites is such that new Internet users who like to gamble tend to go there within a day of going online, and they go there every day, but that people who don't like gambling rarely go, and rarely does someone suddenly decide they like gambling. Under this scenario, almost all gamblers will be infected within a day of turning on their unprotected PC, but it will not necessarily be "logrithmic" during that time period. First-time infections will probably be clustered around lunchtime and evening hours. Since very few computers that have been online for more than a day will visit infected gambling sites for the first time, there will be relatively few first-time infections after the 2nd day or so. While the rate of infection may be an exponential decay based on the number of page loads or number of web sites visited it is not necessarily an exponential decay function of time online.
Now, the real world has a lot more "no human required" bugs floating around, and I expect the rate of first-time infection for unprotected machines has a large exponential-decay-over-time component to it, but I doubt the actual "curve" is completely logarithmic with respect to time.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Sure... just as long as you don't mind not being able to talk to your guild, since neither ventrilo nor teamspeak run on a Mac.
If you have the ability, of course, you could get Knoppix-STD http://www.knoppix-std.org/ with snort, and watch the alerts pile up (again, no IP address). Just listen.
I think 12 minutes is high, based on significant, substantial personal experience (i.e. helping people clean up infected machines).
It's not that it takes 12 minutes to break into a 'Doze box. If you're targeting a given system, you're talking seconds (if you have to assess its vulnerabilities), fractions of a second if you know its weaknesses -- say, for an out-of-the-box, unsafe-at-any-bandwidth, factory-defective "product".
It's that such a box is cracked, within 12 minutes on average, of going online.
It's as if your car was burgled five times an hour, every hour, every day, 365 days a year. 366 on leap years.
The grandparent may not have an entirely appropriate analogy, but I think the gist is correct: sheeple are being sold something which is unfit for use in standard configurations and environments. This is not a user problem, it is a design defect.
What part of "gestalt" don't you understand?