Windows Infected in 12 Minutes

Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."

Nice...

[j0nkatz]

And Slashdot can apparently be infected with a dupe in as little as 5 days!!!!

Re:Nice...

[m4dm4n]

Actually thats a well protected and patched uptodate slashdot. Some slashdots can dupe within hours.

Re:Nice...

[apoc.famine]

No, this is Trolling v3.1. I mean, anyone who reads this site most likely saw this the first time around. Even if they didn't, they read the original article, or the massive tech-website and/or blog coverage of it.

This is indeed the new form of trolling - except way better than ever before. With no way to mod the article, submitter, or editor, this new trolling can go on for months or years. Rather than troll 1-2 people who then get modded "-1 offtopic", and the troll modded "-1 troll", they can now troll entire articles by submitting dupes. No mods, no karma hit, no being buried by higher-modded comments.

It's god-damned brilliant.

Re:Nice...

[Anonymous+Custard]

http://slashdot.org/search.pl?query=12+Minutes

Re:Nice...

Pete and Repeat were in a boat. Pete fell off. Who was left?

Re:Nice...

[thelost]

i don't usually complain about dupes but I'm almost sure this is actually a dupe of a dupe, and if this goes one we could end up with an all powerful dupe-sourceror and everyone knows that we're all fscked when that happens. I mean really, there must be a reasonable way to check for dupe stories before publication, this shouldn't be an issue on an important geek news website, really it shouldn't.

Re:Nice...

[mark-t]

But they haven't got MS beat yet.

I have yet to see a dupe within 12 minutes.

Maybe they just need to try a little harder.

Re:Nice...

Maybe it's not actually a dup... maybe they've simply decided to post a story every time a Windows box is compromised withing 12 minutes.

Re:Nice...

[ThePromenader]

So if this story is duping an already duped story, but is more developed (thus superior to) the first dupe, couldn't we call it a Superduper?

Re:Nice...

[apoc.famine]

Unlike my post, which suffered from the aforementioned moderation issues inherent in trolling. Except that it wasn't...

Holy Dupes, Batperson!

[Willeh]

http://it.slashdot.org/article.pl?sid=05/07/01/021 8209&tid=172&tid=220&tid=218

Not to mention the original article was a lot better, and not a link to yet another news aggregrator that in turn links to another site: http://www.globetechnology.com/servlet/story/RTGAM .20050704.gtvirusjul4/BNStory/Technology/

Re:Holy Dupes, Batperson!

[2$+Crack+Whore]

Yes, once again its another dupe - why is everyone still so surprised that this happens? The 'editors' barely pay lip service to their title and I doubt very much that they read the comments either. At face value there is no real passion from the creators of the site - its just the same old shit day after day.

To explain further, Slashdot exists for one purpose: to make money for parent company OSDN. There is nothing wrong with that in itself but don't expect a high quality site the way its currently run. The Slashdot business model (if you can call it that) seems to be to provoke reaction from the loyal crowd of slashbots that frequent the site. Inflammatory / trollish stories (e.g here) and dupes cause the page hits (and therefore ad revenue) to go through the roof.

As a result, most of the comments I see on the stories are neither insightful, interesting or informative. There seems to be no real balanced discussion - something I feel is a product of the moderation system which rewards those who conform to the slashbot mindset and censors everything else. This democratic method of editing the comments is terrible - especially where technical issues are concerned, as a lot of nonsense is modded up by people who don't know otherwise.

You are probably wondering why I read Slashdot. Partly morbid curiosity and partly to laugh at both the flame wars which invevitably break out and the well crafted trolls.

To conclude, Slashdot is neither really "News for Nerds" nor is it "Stuff that matters". If you want the former, go to somewhere like arstechnica or kuroshin and if you want actual stuff that matters, the BBC are hard to beat.

Re:Holy Dupes, Batperson!

[Evro]

What exactly is the point of that "Contact the on-duty editor" thing? There seems to be as many dupe stories as ever. I don't get it, it seems like a pretty straightforward thing to do - for any story, search Google for site:slashdot.org (since Slashdot's search feature is really bad) and if there's a match, don't post.

http://www.google.com/search?hl=en&q=site%3Aslashd ot.org+12+minutes&btnG=Google+Search

Ooh, hard. Google has an API so you can just roll that into your story-posting script and not even go through the trouble of typing it. Or something.

Re:Holy Dupes, Batperson!

[MyLongNickName]

Please read your own sig :)

oi vey...

[obzidian]

Can't kids find better things to do with their time? Nearly 8,000 virii... We should lock th.d.fgf.g... CARRIER LOST

Re:oi vey...

[ceeam]

Like install Linux on Lego or something?

Re:oi vey...

[harrkev]

But what I want to know is how do these machines get infected???

It is certainly easy to get infected while using e-mail or surfing. But now that SP2 comes with a firewall turned on by default, shouldn't it now be impossible to infect a SP2 machine without some sort of user intervention?

Does the SP2 firewall have some holes pre-poked in it already? Are there flaws in the firewall?

Re:oi vey...

The problem may also be the websites themselves, If I can't put my browsers internet security slider on High and expect not to miss content, Sholdn't we also be blaming the technologies used by those sites ?
Anyone blaming the scripting or active content methods used?
Seem to me that the PC is only half the
problem !
How can a firewall or anything effectively stop what we must allow through to see content ?
Many people just lower the security bar to allow the missing content
What about technologies that pass though firewalls
including web content over http ?
What about buffer overflows that add bad stuff ?
How can any firewall or antivirus stop these?
When the content is allowed staring in?

When they are allowed through ?

Re:oi vey...

[utlemming]

Well, it isn't installing Linux on Legos, per se, but it using Legos on Linux. http://www.tldp.org/HOWTO/Lego/intro.html

Re:oi vey...

[Cromac]

It's not SP2 firewall enabled PCs that get compromised in 12 minutes. It's unpatched, un protected machines that do. Put an old, unpatched, unsecured Linux machine on a cable or DSL modem and it will get rooted in short order as well.

Re:oi vey...

[slashname3]

Does XP ship with SP2? I think the problem is that most people have to load an XP system which does not have SP2 on it. To get SP2 they have to connect to the Internet and download it. If they get scanned and attacked prior to getting SP2 installed the game is over. :)

Re:oi vey...

[I'm+Don+Giovanni]

The retail and OEM versions of XP have been the SP2 version since Fall 2004.

Woop-de-freaking-doo.

[MasamuneXGP]

Honestly, who cares anymore? We've all seen this exact same story with some slightly different words or numbers in about 100 different places. Use a firewall or don't use windows, I get it. Let's get on with our lives plz.

Re:Woop-de-freaking-doo.

[digidave]

I guess one of the problems is that you can be infected before you have a chance to download a firewall. Unless you're on the newest version of Windows you're pretty screwed unless you can configure packet filtering on the NIC.

Re:Woop-de-freaking-doo.

Or maybe...don't worry about it at all, and finish the installation.

If your new install happens to get infected with some pathetic automated attempt at owning it, before you have a chance to install the appropriate patches, it's not a big deal. You were planning on exploit testing and hardening it anyway, weren't you?

Just continue to install patches, firewalls, anti-virus programs, remove unnecessary services, etc, and scan, block, test, and clean up when you're done.

This applies to any new install of any OS. It's not something to lose any sleep over.

Re:Woop-de-freaking-doo.

Good God man, how could you have missed the solution to this? It's practically a monthly tutorial as often as this story comes up.

Windows HAS a firewall in pre-XP/SP2, just turn it on.
Or, if you're paranoid, install a third-party firewall from CD.
Or, if that's not good enough, install patches for the two big remote exploits. MS04-011 for Sasser, forget what it is for Blaster. (MS03-038? Bah, like I care to check)
Or if you're a total nutcase, order a copy of the Windows security CD and run that to get everything offline.

There's more, but I don't care enough to list them out. Point is, there ARE ways to get a clean, safe reinstall unless you're completely helpless.

Re:Woop-de-freaking-doo.

[Romeozulu]

Just run behind a router ($49) and you've solved most of those problems until you get the firewall up and running.

I installed Linux about a year ago and was infected due to an exploit in the ftp server before I could get everything current, so this is far from a Windows only issue.

Re:Woop-de-freaking-doo.

[essreenim]

I'm still surprised by the amount of "special people" that actually allow an RJ45 connector or other connection to be plugged in and LIVE in a box with a brand new installtion...pff

Fail to prepare -> Prepare to fail (and by fail I mean be owned in 12 minutes! ..or less I'm sure..)

Re:Woop-de-freaking-doo.

[rm999]

I use Windows on an un-firewalled PC and don't install security updates much, yet somehow I don't get attacked every 12 minutes. In fact, I have had only one virus during the life of my computer (4 years) and have never been hacked.

As anti-Windows as I am, I think the argument that Windows gets attacked a lot is weak. At least based on my personal experience.

Re:Woop-de-freaking-doo.

[glesga_kiss]

Unless you're on the newest version of Windows you're pretty screwed unless you can configure packet filtering on the NIC.

There is a built in firewall from Windows 2000 onwards, accessible via the network card properties. It's not all that functional as firewalls go, but it'll stop inbound nicely until you get yourself going.

But IMHO this is a valid story, but not for Slashdot consumption, preaching to the choir here. Joe Sixpack would NEVER even consider pluging in the wire as dangerous, so if these stories simply prompt him to ask a more knowledgable friend, then they are worthwhile. Seems to be a week for "raising awareness"...

Re:Woop-de-freaking-doo.

[dpilot]

But thankfully they're getting away from turning servers on by default. You should have gotten updated before activating the ftp server, and the distribution should have been set up that way, or had instructions to that effect, or whatever.

Not to pick on RedHat, since this applies to anyone. It's not in RedHat's best interest to earn any sort of "most cracked" award. In that light, it NEVER makes any sense to ship with services turned on. The first post-install online act should be a security update, and then a separate script to enable services. (Just IMHO, of course.)

In the past, I've had a two-part firewall script. The first part is able to run before the NIC comes online, and lets nothing in except DHCP negotiation. The second part runs after we have an IP, and is able to be more intelligent about allowing connections.

Re:Woop-de-freaking-doo.

> Unless you're on the newest version of
> Windows you're pretty screwed unless you
> can configure packet filtering on the NIC.

really, the newest windows is secure?

Re:Woop-de-freaking-doo.

[TobiasSodergren]

Well, with your scenario you are at least certain that the box is compromised. Otherwise if you install the appropriate patches, firewalls etc. you'll always live with a nagging feeling that something _might_ be lurking inside.

Re:Woop-de-freaking-doo.

[randallschleufer]

This is idiotic. I reinstalled Windows XP on my machine 4 months ago and NEVER UPDTATED WINDOWS. I run Firefox, I don't use MS Office, I download freeware apps all the time, visit all kinds of odd websites and haven't had a single problem.

I use Norton Antivirus and thats about it (it hasn't discovered a single virus since reinstall). Am I lucky? Probably, but I haven't had any problems in the past either.

12 minutes my ass. Use common sense people, and you won't have to run scared.

BTW, I'm really looking forward to trying out Mac OS on my Intel machines. I use Linux, so I am not a Win Fanboy.

Re:Woop-de-freaking-doo.

[Altrag]

Are you sure about that? A good attack goes undetected and almost all of these "12-minute" style attacks are simply probing for potential zombies -- they hit an IP on an interesting port (or ports), log it on some guy's box somewhere as open or secure, and go onto the next one. 6months later you end up as part of a DDoS attack on hated-site-of-the-week.

Try installing firewall software with decent logging capability. My eyes were certainly opened when I first installed Zonealarm years ago. Got like a hundred probes in the first hour or two. No idea how many pre-Zone probes carried a payload with them.

Now getting an actual infection in 12 minutes.. I suppose its possible. If you're open there's no reason why one of those probes can't throw in a backdoor or other nasty while its at it. Just that most of them don't because they prefer to remain as undetectable as possible until payload time.

Of course nowadays I'm behind a good old NAT. Can't wait until we see the first virus attacking common router models though. Should be fun!

Re:Woop-de-freaking-doo.

http://www.avatar.demon.nl/APK.html

A.) Want to filter your XP Tcp/IP stacks some more & be more secure online by filtering packets @ the IP Stack level?

Go to your network connection properties via Control panel called "network & internet connections":

1.) Use the Network Connection item
2.) Right-Click on the connection itself, & from the popup-menu, select properties
3.) Under the "This connection uses the following items" section window, hi-lite 'Internet Protocol (TCP/IP)'
4.) Click the Properties button
5.) Click the Advanced button
6.) Use the Options tab
7.) Hi-Lite Tcp/IP filtering
8.) Click the Properties button
9.) Now, in the TcpPorts section, Tick off/Click the 'Permit Only' checkbox-radio button
10.) Under there, use the Add button to Add the ports you ONLY want to come thru (I only allow 21 for FTP servers I might run or port 80 for HTTP... add what you need to let come in on an as-needed basis for what you run)
11.) In the IP Protocols section, Tick off/Click the 'Permit Only' checkbox-radio button
12.) Under there, use the Add button to put in the number 6

* A simple "12-step" program to heighten the effectiveness of the Internet security of your machine online!

(UDP Ports can be filtered as well & right now? It's my belief using IP protocol 6 only does this! You could add IP protocol 17 (which is UDP) to the IP section as well. If you want to add UDP specifically allowed filters (since it is my belief it is already ALL UDP packet filtered since I only allow IP protocol 6 thru which is Tcp packets only in the IP section)?

You would add IP protocol 17 in the IP Section, as well & any ports for the UDP you want to allow in the UDP section checking off either ALLOW ALL, or Allow Only & adding ports you wish to come in!

This takes some research & doing with your ISP or with games as many use UDP since it is the fastest NET based protocol since it uses no return validation of packets sent as Tcp/IP does... ISP's for cablemodem providers often use ports like 53 in the 'known ports' category for communications with your system & higher ports like the 60000 range also! BUT, it can be strengthened as well, but takes some research & trial & error testing with your ISP!)

See, I found that many level #1 support techs aren't aware of this & many Tier #2-3 ones aren't either... hence, why I stated it can be VERY trial & error on your part but worth it! But, it is a PAIN trying & retrying it to get it right... but it can be done!

There you go!

APK

Re:Woop-de-freaking-doo.

[rm999]

You are talking about being "probed," I am talking about being "attacked." I don't care if I am probed, as long as I am not attacked, or "infected" as the headline put it. I keep a very close watch on my computer - especially the startup programs and services - and run frequent virus scans, so I am pretty sure no one has ever done anything to my computer. I will agree that I do leave my computer a bit open for attacks by not running a firewall, but claiming that a windows computer *will* be infiltrated in 12 minutes is just wrong and irresponsible, once again demonstrating the shameless bias on slashdot.

Honestly I think the biggest risk a Windows computer runs is stupid users who download questionable programs and attachments. The only reason why Linux doesn't have these same problems is because novice users don't run it.

Re:Woop-de-freaking-doo.

I guess one of the problems is that you can be infected before you have a chance to download a firewall. Unless you're on the newest version of Windows you're pretty screwed unless you can configure packet filtering on the NIC.

You know, everytime I setup a PC at work I feel like I should be wearing protective clothing. Sorta like a rubber for safe sex, but only not...

Say no to unsafe computer setup! Install Linux! Lol

Tes

Re:Woop-de-freaking-doo.

[arminw]

...trying out Mac OS on my Intel machines...

It is almost certain that Intel OSX won't run on any existing PC box any more than the present PPC OSX does. You might as well save your money right now for a new Mac with "Intel inside". Just because computers have the same processor type doesn't mean they are software compatible.

Re:er, dupe

[NoMoreNicksLeft]

No, this time it was another windows machine that was infected in 12 minutes. Expect to see 200 million similar stories in the next week or so.

Nothing to see here. Move along.

[slash76]

If your (fill in the blank with OS) computer is not properly protected it will take X minutes before it becomes infected, according to (fill in the name of some company that will sell you solutions to "secure" you computer).

Yes we all remember the "good ole" days when you could wait until tommorrow before doing anything to the computer you just loaded the OS on and hooked up to the internet. Those days have been long gone (if they were really ever here).

Re:er, dupe

[Andrewkov]

I'm waiting for a dupe in 12 minutes, now that would be good! :D

variants... do they count?

[super_ogg]

So there are variants and minor changes... do we really count these as new viruses?
ogg

Re:variants... do they count?

[SoloFlyer2]

So there are variants and minor changes... do we really count these as new viruses? we may as well... slashdot editors count variants and minor changes as new :)

Re:variants... do they count?

[ichigo-666]

Why not? Aren't humans "just" another variant of apes with minor changes?

Internet Storm Center is tracking "survival time"

[UnderAttack]

The Internet Storm Center is tracking a similar number for while. See the "survival time". It has actually improved over the last few months!

Nits: picked

[Jooly+Rodney]

Speed doesn't shorten, kids; perhaps the OP meant "increased?"

I'm a little sceptical

[91degrees]

And anti-virus firm says anti-virus software is essential.

They may be right, but I'd like a little more information since they're not exactly an unbiased source.

Re:I'm a little sceptical

[chrisnewbie]

Just leave your computer open and live on the internet without a firewall. I guarantee you that in less than 30 minutes, you will porbbaly catch something.
It's even faster if you have a static I.P.

I know, i was testing some vpn inside my company and i hooked the laptop to my external hub and it took about 20 minutes to get a worm, and i wasnt doing anything and my win2k was fully patched.

Re:I'm a little sceptical

[91degrees]

Have you done extensive tests on a range of IP addresses, or are you just extrapolating based on a single result?

Re:I'm a little sceptical

[chrisnewbie]

No but your more likely to get attacked if you always have the same ip, and this single result backs up this article.
I'm pretty sure i'm not the only one who has gotten a virus in less than 30 minutes without a firewall.

Re:I'm a little sceptical

[91degrees]

The thing is, to take them seriously, we need better evidence than we have. If it was an independent organisation, then we could reasonably assume that they had a reliable testing mechanism. Sophos are far from independent. They need to present better evidence, especially if they're going to be as specific as 12 minutes.

Anecdotal evidence does not make their result any more reliable. I can find dozens of people who will provide an example of just about anything happening. It doesn't make it any more likely. You may just have been unlucky. A single sample is by no means representative, especially a sample that is self selecting. All the people who didn't get a virus in less than 30 minutes would not bother to respond to my comment.

Is it possible that a computer will be infected in 30 minutes? Clearly it is. Will that happen to all computers? Perhaps. Is the average 12 minutes? We don't know. The only evidence is from a company that makes no mention of their methodology, and has a definite reason to be biased. It has as much validity as a Microsoft sponsored report on Windows cost of ownership vs. Linux. Nobody would believe that, so why believe Sophos?

Re:I'm a little sceptical

[vettemph]

> i hooked the laptop to my external hub and it took about 20 minutes to get a worm

Oh, the irony.
Hook a floundering OS to the network and you catch a worm.

At Microsoft, the early worm catches you!

Some paranoid speculation...

Let's imagine for a second that I'm a large western government, concerned that my citizens are building infrastructure that could be used against me. Perhaps I foresee an oil crunch in a few years and I'd prefer a somewhat tighter control over information, debate, and possible anarchy. Perhaps I've been infiltrating the hacker underground for a while, and find the idea of being able to control hundreds of thousands of zombies quite interesting. Maybe my agents have tried various ddos attacks in the past, and we're satisfied that we can bring down any web site, any internet service, however large.

Now, as a citizen of such a government, I have to ask, "why when 80-90% of domestic PCs are infected, is nothing being done at the legislative level?" Could it be that a world of zombied PCs is just too useful as a tool of control?

Just thinking out loud...

Re:Some paranoid speculation...

[yotto]

I think it's far more likely that the legislative bodies of our country don't understand computers well enough to know what a "Zombie PC" is.

I mean, look who's at the apex of the government right now.

Re:Some paranoid speculation...

[vettemph]

>I mean, look who's at the apex of the government right now.

Earlier today i was thinking maybe he just ACTS stupid as a cover for his evil actions.

Duped again

[hvacigar]

try or the Search function

And in a related slashdot story

[mindaktiviti]

"Windows infected in 12 minutes."

new virus

there is a new virus that causes the same news story to be posted twice

Time Loop

[DanielMarkham]

Hey. I saw this episode on Star Trek. The same thing kept happening over and over again until Data finally kept the ship from blowing up.
That's what's happening on /. Now we need to repeat all of our original posts, while sending a message with tachyon beams back to our original selves...

Blog's Up!

Re:Time Loop

[Lt+Cmdr+Tuvok]

You are quite perceptive. Tachyon beams are exactly what I, myself, have been using, and am indeed using right now, to write messages on this very 'chatboard'.

Perhaps we are indeed violating the Prime Directive in the most appalling manner by allowing geeks from your time to view 'Star Trek' unabatedly. Your knowledge of events and technology that occur and exist in our time grows ever greater.

With this in mind, please disregard this comment. It does not exist.

Re:Time Loop

It does exist. It just has not been written yet.

Re:Time Loop

[IntergalacticWalrus]

Hey. I saw this episode on Star Trek. The same thing kept happening over and over again until Data finally kept the ship from blowing up.
That's what's happening on /. Now we need to repeat all of our original posts, while sending a message with tachyon beams back to our original selves...

Re:Time Loop

[festers]

There have been 45324 instances of the number '42' since I began reading Slashdot. Surely this is not a coincidence. It might be a message we are sending back to ourselves, the only question is what does it mean?

Re:Time Loop

[Guru2Newbie]

Perhaps we are indeed violating the Prime Directive...

Actually, that's the Temporal Directive that's being violated..

Re:Time Loop

[radiotyler]

Cat: What is it? Kryten: It's a white hole.

Only 12 minutes

[DS_User]

12 minutes hey. Gee I thought IE opened up quicker than that.

Re:Only 12 minutes

Gosh, 12 minutes, well in that time I would probably have about 100 copies of various bots and anything they bring with them, assuming that the system would have lasted the bombardment and wouldn't have rebooted (which it probably would as MS Blast and friends are still active).

Re:Only 12 minutes

[aonaran]

You have to take boot up time into account.

Re:Only 12 minutes

[rcamans]

No, 12 minutes is definitely on a tweaked install of windoze.

Re:Hmmm. Dupeage!

[gustgr]

In slashdot the posts read the editors.

news?

[SillyNickName4me]

Sophos telling us that we really need them, and providing some subjective numbers to make their case...

I know Windows PCs get infected quite easily, but do we really have to:
1. repeat this statement every few days?
2. quote numbers from an organisation which is served well by making this look as bad as possible and present it as fact?

Re:news?

It's not really fair to blame them for scaremongering, but it does take a moment of thought about what the *real* problem is. Wow, lots of viruses out there! So? It still boils down to the fact of being vulnerable or not.

User education is always a big point that needs to be made, so this helps to drill it into their heads. As for it reappearing on Slashdot, I think we're pretty well aware by this iteration...

What'd I'd like to know

[AutopsyReport]

What I'd like to know is what are they doing during those 12 minutes for Windows to become "infected."

For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).
I can understand that Windows is vulnerable -- but if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

Re:What'd I'd like to know

[dissolved]

but if I've managed to run Windows for many years without any major problems

...that you know of.
If you don't seek the spyware/malware/viruses you often do not find them.

Re:What'd I'd like to know

Well it's not often I speak directly to members of my bot net but whilst you're on may I offer you sincere thanks for the use of your computer.

Re:What'd I'd like to know

I'm not sure, but I hit a virus of some sort while setting up DSL about a year ago. And after getting wireless internet access a couple weeks ago, I just found out yesterday that I have a keylogger installed on my computer. So yes, it can happen.

Re:What'd I'd like to know

For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).

You must run Windows Update religiously. Last year there was a worm, and if you hadn't already updated your machine, it was more or less impossible to avoid, because the time it took to download the update (a couple of minutes) was way more time than was necessary for your machine to be compromised and auto-reboot.

This worm automatically tried to infect random IP addresses near the host and was that prevalent that any given consumer connection was being attacked every minute or so.

if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

It need be as simple as "connect to the Internet to run Windows Update". It's nothing like "download spam and run random EXEs".

Re:What'd I'd like to know

[westlake]

What I'd like to know is what are they doing during those 12 minutes for Windows to become "infected."

I think that is a fair question to ask. I was playing with BitComet last week, linked to Bitracker, or one of the other popular BT sites, and spent three days cleaning up the mess it left behind. In

Re:What'd I'd like to know

[ceeam]

Maybe you are on some strange subnet that bots don't scan too much. Maybe you don't visit sites that track your address for "who-knows-what-purposes" (OTOH - at least you've successfully posted to /. so you have your port 80 scanned back). Maybe your provider filters bad traffic (or even NATs you). Maybe your connection is so unreliable that they don't bother. Maybe you just don't know. Lots of options.

Re:What'd I'd like to know

[oliverthered]

I booted into windows to download ndiswrapper, and had popups appearing with in a couple of minutes of dialling up.

do you have your own ip or is in in an ISP block? I would expect most scans to attack the dynamically assigned ISP's ip range.

Re:What'd I'd like to know

[iphayd]

Plugging in the ethernet cord.

Re:What'd I'd like to know

[Dun+Malg]

I can understand that Windows is vulnerable -- but if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

I've had my "NAS pr0n box" (an old Athlon 1600+ w/250GB worth of misc drives) running un-updated WinXP Pro (the "reset5" 30-day hack precludes updates) for over a year on the same static IP, open to the whole intarweb, and it hasn't picked up a single virus. I use it for torrents, eMule, kazaa-- basically all and sundry untrustworthy site scouring-- and still it works. I recently installed McAfee on it, just to see what viruses I'd "collected", and there's nothing! I think the biggest deciding factor in how fast your exposed windows machine gets "pwned!" is whether or not it's in the IP address range assigned to a large ISP that caters to the Unwashed Masses (e.g. Comcast). Using an ISP that markets to the bespectacled nerd crowd puts your IP address in a range that probably won't be tapped for a "zombie harvest".

Re:What'd I'd like to know

[clonmult]

What version of windows are you running?

I was running a Win98 PC as a gateway for the kids PCs connection at home, and it was generally fine, the odd virus, but nothing major.

However, when I put in Win2K (SP1, no firewall or AV initially installed), it was virtuall unusable within an hour.

According to the firewall, the machine gets attacked/probed maybe up to a hundred times a day, its ridiculous.

Re:What'd I'd like to know

[AtlanticGiraffe]

I'm writing this on a Win98 box that hasn't been updated for years. It still works because it is not used for genereal web surfing (in win98's case, viewing=trusting) and it's behind NAT, so no incoming connections make it to this box.

I'm quite certain that removing the NAT (i.e. connecting directly to the internet) would render this machine pretty useless within a lot less than 12 minutes.

Re:What'd I'd like to know

[Bert64]

Well "the odd virus" is still infinitely too many.. why dont people find this unacceptable?

Re:What'd I'd like to know

[AutopsyReport]

I've been through Windows 95, 98, 2000, and now XP. I'm now running Norton Internet Security, and get the occassional warning about an attempted Trojan/Subseven probe.

Perhaps I've been lucky, but I can't really gauge that. I used the Internet probably no different than anyone else. Maybe it's a bit of defensive/smart surfing on my part, but I'd hardly call using virus-riddled Kazaa defensive surfing :)

Re:What'd I'd like to know

For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).

You are probably running Win 98 or earlier. These do not provide the services such as RPC or LSASS which can autoinfect without any user action.

Thomas

Re:What'd I'd like to know

I've been running XP totally unprotected 24/7 for the last 16 months on Comcast. I run windows update occasionally, but I am far from religious about it. I check regularily for viruses and malware and my machine has always been clean. I realize I've been lucky, but I still find the 12 minute number very difficult to believe.

Re:What'd I'd like to know

[Cutting_Crew]

same here as OP... i have a 98SE machine..its part of my LAN along with an XP Pro machine and the network is up 24/7. ive got one virus before,. a clone of some sort on the 98 machine but i have been clean 100% on the XP Pro machine.
i have port 80 open for the webserver to run and one more port for various other things but thats it. i also have it set up on the firewall that when someone tries to ping them, their IP addy is blocked forever.
also obviously only the things needing to send data out and receive data are allowed such as limewire, instant messengers, updates to firewall etc.
if people would realize there is more to a computer than email and IM then the computers out there would be a lot more secure. when they spend $$$ on a comp they need to treat it like a car, it needs maintenance, care and cleaning up once in a while.

Re:What'd I'd like to know

[CdBee]

More likely he's on one of those "irresponsible n00b-friendly" ISPs which does what I'd hope they would all do, and supplies a NAT modem OR blocks the RPC ports.

Re:What'd I'd like to know

[Psykosys]

In your case the "mess" was the result of downloading and installing spyware (unless you haven't updated anything forever, you were probably prompted beforehand). I think the article in question refers to unprotected boxes sitting around with no user intervention getting infected automatically.

Re:What'd I'd like to know

[vettemph]

>what are they doing during those 12 minutes for Windows to become "infected." ...Gay porn.
PS- you've got 2 minutes left.

Re:What'd I'd like to know

[f3773t]

I agree with u there ... I know heaps of people who do the same ...
I think that sometimes these virus protection s/w companies try to use scare tactics to improve their sales.
They are basically showing the WORST case scenario ... someone who is absolutely clueless and opens every e-mail coming into the inbox even if it says:
"Nigerian Billionare on the run and needs your help"

Re:What'd I'd like to know

[Sloppy]

I recently installed McAfee on it, just to see what viruses I'd "collected", and there's nothing!

?!

I don't understand this. You thought you had a possibly compromised system, and then you used that system to install and run a scanner -- and you expected any result other than negative?

An untrusted system runs an untrusted installer which installs an untrusted scanner. Furthermore, the untrusted scanner does file I/O by calling an untrusted API.

People don't know this anymore? Has fundamental antivirus doctrine really gotten this weak? I guess that would explain why everyone's having so much trouble.

Re:What'd I'd like to know

[Dun+Malg]

I don't understand this. You thought you had a possibly compromised system, and then you used that system to install and run a scanner -- and you expected any result other than negative?

Get real. I scanned it it from a bootable CD first. With more than one scanner. It's clean.

Re:What'd I'd like to know

[Snaller]

Connect it to the internet. A guy I knew installed from CD's and then connected to the net to patch from Microsoft, but before he got through outside vira had found his machine.

Guess you just live in the unfashionable end of the an IP range.

Uh

[sheriff_p]

London-based? They're based in Abingdon, Oxfordshire, England. Does English now automatically mean London-based or what?

+Pete

Re:Uh

[digidave]

Oxfordshire is on the East side of London, right?

Re:Uh

[SeekerDarksteel]

Only when it keeps the editors from having to spell or pronounce things like Abingdon and Oxfordshire.

Re:Uh

[ceeam]

Isn't England in London?

Re:Uh

yes.

Just be thankful it's not in Scotland or Wales. Trying to understand subcountries sends Yanks round the bend.

Re:Uh

[stuuf]

Most Americans can only recognize countries (or states) outside of their own as a single large city surrounded by unpopulated wasteland. Even our own federal government is often referred to as simply "Washington."

Re:On dupe is annoying, but two...

[kesuki]

no. I think the record stands at 22. The same story, covered 22 times in a 13 month span, from various news aggregators, blogs etc. I could be wrong though, I don't have 'hard' numbers.

When will they listen?

[LifeMatesCanada.Com]

I'm curious how many times this (and similar) stories will have to be posted on tech journals before Microsoft addresses the problem. In any other business, their customer base would shrink to nothing - imagine a model of car that was consistantly stolen due to shoddy lock manufacturing.

Viva Firefox, and viva the GoogleOS

HA

[bmgoau]

This has to be about the 10th time i have seen the whole "Windows can be compramised in [insert time here]" deal.

Anyone who actively follows the news and comments on slashot should know by now that windows is open to attack. And secondly i would hope that anyone who has the least bit of common sense would realise the viruses exist and that if you dont take neccisarry precations such as patching your version of windows.

Let me make it staight.
Windows has security issues, it gets viruses, and other malware. Get over it. Get onto doing something about it. stop scareing thepublic and educate people on ways of being protected.

Re:HA

[An1mus]

It's rare to see that kind of attitude on slashdot. 10 points.

Eat Your Own Dog Food

[Doc+Ruby]

I'm tired of talking about tech fixes to Slashdot's dup plague. It would stop if the editors would just read the damn front page.

Re:Eat Your Own Dog Food

You're right! Ask for your money back!

Re:Eat Your Own Dog Food

[Doc+Ruby]

How about my time, including the time spent responding to Anonymous Cowards who just make Slashdot harder to appreciate? You're as free as smog.

Re:er, dupe

But the funniest thing about the link is the one and only comment on there that says "Crappy article, but this girl will warm you up inside" and then gives a link to something that would probably lead you to the very exploit it is talking about.

Editors - Question

[Phishcast]

I read Slashdot regularly, and I at least skim every headline that comes across. I must notice just about every duplicate article with simple skimming. I'm not nearly as annoyed as a lot of folks when I see a dupe, but my question is this:

Do the editors of Slashdot actually read the site regularly? If not, should they be posting articles to the front page?

Followup question: Isn't this common sense?

Re:Editors - Question

[SomeOtherGuy]

I think they put the thing on autopilot back around 2001 or so.

Re:Editors - Question

[Basje]

In the editor's defense: they also see the submissions, so they really read lots more slashdot than the readers do.

So when they post something they may just have missed it the first time: after 250 potential articles, you may skip over some posted during your holiday.

That said, procedures should include a quick check on the keywords. It would improve quality.

Re:Editors - Question

[Threni]

> maintaining slashdot is already a huge job

You mean it's not done yet? Whatever code they're running today is just fine. Check that in, knock up a quick dupe detector, or allow people to vote on whether or not a story is a dupe, or have the submission part of Slashcode check links or keywords so the editors have the hard (sic) work done for them.

Re:Editors - Question

[g051051]

After a recent go-round with CmdrTaco regarding dupes, he mentioned that they typically know it's a dupe, but that they repost it because they have lots and lots of submissions for the same story. The thinking being, I presume, that if tons of people are submitting it, they don't (and won't) realize it's a dupe.

As far as technical fixes go, that's easy: add a "dupe" field to posts, and let users filter them out. Since it is claimed that the editors know it's a dupe most of the time, that would solve the problem (for me, at any rate).

Re:Editors - Question

[Donny+Smith]

>The thinking being, I presume, that if tons of people are submitting it, they don't (and won't) realize it's a dupe.

Another way to do it: only regged users can submit stories.
When a person submits a dupe, ban the fucker from submitting anything for the next 180 days.

Re:Editors - Question

or maybe each time there's a dupe, which sparks further, sometimes interesting, discussion, all the folks who no longer want to read about it should just not read about it.

Reading gripes about duplicates is a lot more annoying than reading the duplicate.

Re:Editors - Question

Quit fanning the flames! Aagh!

Re:Editors - Question

[Petronius]

Why not just use different Reject codes: rejected, rejected-dupe, etc. instead of encouraging the practise?

Re:Editors - Question

Why not read another article instead of posting complaints about a dupe? And if you finish with Slashdot, there's a lot of other sites on the Internet.

Re:Editors - Question

[g051051]

The problem is that there is a significant group of /. readers who are submitting the dupe. Since the editors feel it's important to post the dupe, it won't be rejected.

Re:Editors - Question

[lloydtesterman]

Knocking up a dupe detector around 'heah will git you hitched on the wrong end of a shotgun. "squeal dupe, squeal!!"

Re:Editors - Question

[I'm+Don+Giovanni]

"The problem is that there is a significant group of /. readers who are submitting the dupe. Since the editors feel it's important to post the dupe, it won't be rejected."

In other words, the chances of an article being duped is directly proportional to how bad the article appears to be for Microsoft. Got it. ;-)

Re:Editors - Question

So when they post something they may just have missed it the first time: after 250 potential articles, you may skip over some posted during your holiday.

And allowing duplicate stories to be posted just makes the problem worse.

There are only a few realistic reasons why they post duplicates:

1) They're being paid to (tin-foil hat option)

2) They don't care (likely, given how many bugs are still present in the underlying slashcode for over 2 years running)

3) It drives up page views, resulting in more ad revenue

Bottom line, dupes and triples are making it so that I don't bother checking SlashDot on a daily basis. Nor do I bother posting as much as I used to, or try to raise the signal level above the noise floor like I used to.

IOW, SlashDot is now only some place that I come and browse once a week or twice a month when I'm bored out of my skull. Even then, I'm only reading 6-10 articles and comments rather then finding every other story to be worth reading. Used to be there were half a dozen or more useful stories here on a daily basis, that average is now down to 2/day.

It's not a DUPE

[drsmack1]

It's not a dupe - this is what makes up the content of slashdot.

good job stating the obvious

so what you're telling me is if you don't patch your computer and make sure everything is up to date, you're vulnerable to being infected? I'm not quite sure what the 12 minutes has to do with anything.

Blue screen

[digidave]

My Windows blue screens in nine minutes, so I'm safe.

Re:Blue screen

Hilarious comment... for 1999. However, I've seen but a handful of BSODs -- on hundreds of modern Windows PCs -- since the venerable Windows 2000 was introduced.

By the way, you forgot "Micro$oft" LOL!!!1

Re:Blue screen

[digidave]

If I give you a nickel will you buy yourself a sense of humor?

Re:Internet Storm Center is tracking "survival tim

[savagedome]

A herd of buffalo can only move as fast as the slowest buffalo. And when the herd is hunted, it is the slowest and weakest ones at the back that are killed first. This natural selection is good for the herd as a whole, because the general speed and health of the whole group keeps improving by the regular killing of the weakest members. In much the same way, the Internet is only as good as the slowest Windows members. Excessive going online, as we know, gets Windows machines pwn3d. But naturally, it attacks the slowest and weakest Windows machines first. In this way, continuously going online eliminates the weaker Windows machines, making the Internet a faster and more efficient place.

Shameless parody of the 'beer is good for you' joke

Windows is stable!

[broothal]

At least it's stable. It's exactly the same amount of time as the last time slashdot mentioned this.

Re:On dupe is annoying, but two...

[patio11]

No.

Obligatory "here's a patch" post...

[Jugalator]

Here's a solution.

*dodges flying tomatos*

OK, OK, here's a patch.

*runs*

Re:Obligatory "here's a patch" post...

[springbox]

Just run the computers behind a NATting device. That will give pretty good protection to the internal network unless someone decides to do something stupid of course.

Next week's headline will say....

[slapout]

Slashdot story duped in 12 Minutes!

Re:er, dupe

[QuickFox]

Never-Review writes "The speed with which /. editors can become infected has now shortened. If your /. editors are not properly protected, it will take 12 minutes before a story becomes duped, according to world-based geek crowd Slashdotters. They have detected 7,944 new dupes in the first half of this year, a 59% increase over the same time span last year."

(Okay, so we're not quite there yet. But with Moore's law...)

--
--

Re:How can Windows be secured?

[SeekerDarksteel]

Zone Alarm has a free version.

I know!

That is ourragous.. i saw this over at whitedust along with the new IE JVM hole that slashdot doesn't seem to want to report about

Wow, thirty posts about it being a dupe.

[cablepokerface]

pot. kettle. black.

Advice

[ArchAngel21x]

That is why you unplug the computer while you install Windows and security programs. Have that stuff burned to CD or on a back up hard drive. You really don't want to be online right after a fresh install of Windows. I don't have my computer online until I have installed service pack 2, Anti-Virus, and Spybot.

Re:Irony

No, no it isn't. Not even in the slightest.

Great to be on Slashdot.

[krell]

I just turned on my new Windoes XP Home machine, and the first thing I did was to connect to Slashdot to make this post. I'm sure gla xx[[344 NO CARRIER

Twelve?

[RetroRichie]

Seven! Seven's the key!

Re:Twelve?

[hosecoat]

It's like you're dreamin' of gorgonzola when it's clearly bree time baby

Re:Twelve?

[neo_mushroom]

not seven, or even twelve, the number you're looking for is

42!!

*hangs nerd sign*

The number 3.1 keeps coming up everywhere

I guess we better downgrade to Windows for Workgroups to prevent explosions.

Re:er, dupe

[Shalda]

I've said it before, but it ain't a dupe until CmdrTaco posts it. That's what made his April fools joke of a few years ago particularly funny. Anyone else duping the same article 12 times in one day would be lame.

And in related news.....

[Darth_brooks]

You can get robbed in a little as three minutes in Downtown Detroit if you walk around counting large stacks of cash.

The internet is not a nice place. Evolve or die.

Re:And in related news.....

[rbarreira]

No, that's actually the fault of the wallet/large suitcase vendors, didn't you know? ;)

Re:And in related news.....

[JeanPaulBob]

Individuals don't evolve. Populations do. We may have to wait for the stupid people to die off.

email dangers and within 12 minutes?

[marcovje]

So apparantly people start an email client _on average_ within 12 minutes after an install and catch a virus? That is pretty rough, and IMHO unrealistic. I don't know what most people do, but I'm usually still install drivers, turning off teletubby mode etc.

Sounds like the vendors included a few old worms that snatch chronically unpatched systems, and gave it a spin to boost antivirus sales.

Re:email dangers and within 12 minutes?

[drc500free]

No, this has nothing to do with an email client. This is for a system connected to the internet and just sitting there with a default install.

Re:email dangers and within 12 minutes?

[Surr3al]

This is not talking about email viruses, but worms that make their way through unsecured ports. Like the blaster worm.

Re:email dangers and within 12 minutes?

[marcovje]

Why do they mumble over virusses then in the article?

See my remark over adding stats over wellknown old vulnerabilities (that have been patches 1.5 years+) triggered by worms to boost antivirus sales

Unsafe Sex

If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected,

Well that's faster than most /.'ers can get infected. The only time they have dirty sex is if they don't wash their hands.

for the love of FUD

text here

Same dumb post, same answer:

[wirehead78]

Get a cheap Linksys router from CompUSA.

12 minutes is faster???

[Vapon]

When MS_Blaster was at its peak I had computers that were infected before the install finished if I left it connected to the internet.

Other way.

[reality-bytes]

Abindgdon is to the West of London and a good way away - being in a different county (Oxfordshire unsuprisingly).

Re:Other way.

[jedidiah]

There are puny towns in the states that easily spread over multiple counties. Are counties just bigger in the UK? If not then a suburb being in another county is entirely unremarkable.

H*LL, in the US cities of that size (London) tend to spread over multiple STATES.

Re:Other way.

[Lovejoy]

In the east (and Kansas City)- yes.

In the wide open west, our states are big enough to contain our cities, thankyouverymuch.

Re:Other way.

[macsuibhne]

O.K., let's pick a few at pseudo-random (I've lived in all three):

Alameda County, CA : 738 sq. miles

Hampshire, U.K. : 1498 sq. miles

Greater London : 610 sq. miles

Re:Other way.

[sessamoid]

In the wide open west, our states are big enough to contain our cities, thankyouverymuch.

In the wide open west, our counties are big enough to contain your states. Brewster County, Texas is larger than Rhode Island, and Delware, and Connecticut, and almost as large as Massachussetts, New Hampshire, and New Jersey. Hell, it's more than twice as big than Rhode Island and Delaware put together.

Re:Other way.

[Bloater]

London has it's own county (Greater London), but also spreads out into five surrounding counties (the home counties). London encompasses many towns as well as the City of London. Oxfordshire is a long way away and there are vast tracts of beautiful countryside in between.

Sophos is on the far east side of Abingdon, very close to Radley village. Check out their website sophos.com and read about the company and it's headquarters - which are especially beautiful, with a very impressive entrance and a moat.

Re:Other way.

[jedidiah]

It's also a big fat empty.

Anywhere else in Texas (like where people actually live) has more conventionally sized counties and any large city in Texas is going to spread over several.

I just installed Redhat 5

[Andrew+Tanenbaum]

and my box got 0wned in no time!! Linux is insecure!!

Re:I just installed Redhat 5

[Master+of+Transhuman]

How long before Minix gets owned? :-)

Re:I just installed Redhat 5

[Andrew+Tanenbaum]

A long time, since it actually runs things outside of ring0!

Re:I just installed Redhat 5

[Master+of+Transhuman]

Yeah, but what does it run?

Oh, well, if there's no software for it, I suppose it can't get owned due to flaws in that software.

not always enough - hardware firewalls are better

[CdBee]

I seem to recall some cases of software firewalls (if this is what you meant) which don't initiate before the NIC driver comes online, meaning the PC has a few seconds where it can acquire an IP and receive packets before protection commences.

Good design practice should prevent this but it'll never be quite as good as a hardware f/wall. Decent FW devices can be found for very cheap prices now.

If you really can't run a hardware firewall due to a need for many open incoming posrt, the 2nd-best solution is to use a modem with routing ability and direct ports 445, 593 and 135-139 to a dead address (remember to send them to an address outside the router's DHCP range so that address can never be assigned to an unprotected machine). These ports represent Windows file/print sharing, RPC Endpoint mapper (a major exploit target) and RPC comms ports. Killing those 5 ports stops 80-90% of remote attacks, although if you are running a web server, but not actually serving remote users, block ports 80 and 8080 as well to kill frontpage server extensions overflow attacks.

How difficult would it be

to have a program that compares key words with a proposed article on slashdot to the last months' worth of articles, and red flags it with older articles that are potentially dupes?

So is Taiwan ...

[crovira]

but you don't see anybody supid enough to claim something made there as coming "from the suburbs" of London.

Actually to maintain proper parallelism, it should be the island of Formosa with Oxfordshire.

How about Fedora?

[periol]

I'm getting ready to install Fedora Core 4 on my laptop, and I can't find a driver for my wireless card yet. I was thinking about plugging straight into the cable modem, since I don't have an extra ethernet cable at the moment. Will I be okay, or should I just buy an extra cable and keep using the hardware firewall?

Re:How about Fedora?

[raolin]

I do hope you are joking. If not, I would recommend buying another network cable and running through the hardware firewall. Setting up a firewall on the laptop isn't a bad idea either, though the hardware firewall will pretty much take care of it. If you connect directly to the cable modem without any form of firewall, you are asking for trouble. If anyone else knows more or better, please feel free to trash my advice.

Re:How about Fedora?

[mrMango]

The article is about windows PCs, in case you haven't noticed. Linux uses a built-in firewall - in fact most hardware firewalls use linux anyway. You'll be fine. With linux you never ever have to worry about worms or virii.

Re:How about Fedora?

[Master+of+Transhuman]

Consider your advice trashed.

Fedora, like practically every other Linux, installs a firewall by default. While not perfect at its default setting, it's probably as good or better than the XP firewall. And 4 has presumably been patched against pretty much all current threats.

Also, we don't know what kind of cable modem he's using. If it's one of the better ones, it comes with a built-in firewall. Even the el cheapo hardware devices these days usually includes a firewall that protects against tons of standard attacks.

Re:How about Fedora?

[CynicalGuy]

for fucks sake, what kind of geek doesn't have an extra ethernet cable lying around?

Re:How about Fedora?

[periol]

a poor one...

Re:How about Fedora?

[periol]

Just think about it for a second. A Windows XP computer is infected within 12 minutes because of unpatched exploits that need to be updated from Microsoft. It's worms getting through open ports that infect the computer once it's plugged into the internet. A hardware firewall takes care of that worm traffic.

But theoretically, those ports should be closed on Fedora already. And since most internet attacks are meant for Windows anyways, I should be safe not using the hardware router. But the truth is I don't know enough about the innards of Fedora 4 to know if it's a safe move or not.

That's why I asked. Because Windows problems != Fedora problems necessarily.

Re:How about Fedora?

[periol]

I'm pretty sure the cable modem doesn't have a built-in firewall, but I didn't know that was even a feature, so I'll look into it. Thanks.

Re:How about Fedora?

[raolin]

My apologies. I took the question out of context and was refering to general practice. When working in linux, I typically avoid making assumptions about what security measures have or have not been taken.

As I understand it, a port is 'open' by default, and it takes something like a firewall to 'close' it. If there is a service waiting to respond on a given port, it will do so unless the port is closed. I'd do an audit of the services running on your fedora box and make sure there isn't anything you don't want others running (sendmail, telnet server, etc) accessible. Fedora may have the firewall enabled by default (I don't know) and it may have a high security profile running, but I'd check it out myself before exposing the box to the internet without a hardware firewall in place.

Re:How about Fedora?

[raolin]

Seems like if the cable modem has a firewall on it, then there is no problem. If I implied that the firewall needed to be external to the modem then I stand corrected. As for the built in firewall, if it does what you need it to, then by all means use it. I try to filter as much traffic as far from my computers as possible, letting the hardware firewall kill general unwanted traffic, and the software firewall do the filtering specific to that machine.

The main point of my advice is that I would ensure a firewall is in place between the box in question and the internet.

Re:How about Fedora?

[tuffy]

As mentioned, Fedora has installed with a software firewall activated for a long time, but a hardware firewall is a good idea. Then, pretend both of those don't work. Keep unnecessary network daemons turned off and keep your box fully patched as often as possible.

Re:How about Fedora?

[finse]

"in case you haven't noticed. Linux uses a built-in firewall"

umm Linux is a kernel, not an operating system. The Linux kernel has support for a IPTables, which is a software firewall, but it requires userland programs such as IPTables. Many Linux Distro's will give you the opportunity to setup a software firewall during the install process, but it can be easily skipped.

"With linux you never ever have to worry about worms or virii."

This is plain incorrect. Linux is not perfect, it has had many security vulneribilities including remote code execution. You're not worried about worms? Do you remember/know about the first widely publicised Internet worm? (en.wikipedia.org/wiki/Morris_worm) It attacked Sendmail, rsh, etc.., many of these daemons can be installed off the media from many modern linux distributions.
Take the time to know to learn whats at stake before propagating such incorrect information.

Re:How about Fedora?

[arf_arf_arf]

you're absolutely right - not a thing to disagree with there. but i thought i'd add the fc4 specific part - on a "workstation" or "desktop" type install (the primary diff betwwen those is a workstation install includes development tools) - the firewall config defaults to pretty much "all locked up". the user has to explicitly open ports either during or after the install. "server" installs differ, in that they open up the stuff you install to serve. i may be off on the details somewhat, but that's roughly the gist of it, and has been the way fedora treats it by default for several versions now.

Finally!

[Aumaden]

Now, all you linux fan boys can just stfu.

There's no way linux can beat windows speed record now!

Soviet Russia

[TheScorpion420]

Hmm I dunno which one is funnier . .

In Soviet Russia Slashdot dupes you

or

In Soviet Russia Windows infects you

wait . . that second one. . . excellent, its funny because its true, and not only in Soviet Russia

Re:Soviet Russia

[vettemph]

In Windows the early worm gets you!

Re:Internet Storm Center is tracking "survival tim

[jedidiah]

This would be cool if the hunting actually culled the herd but it does not. The infested members of the herd continue ramble on like... zombies. In so doing they are able to impact the rest of the herd and slow it down rather than speed it up.

An Ebola type strain of computer virus might actually be a public good. It would kill off these flu ridden beasts, put them out of their misery and prevent them from continuing to harm the rest of the herd.

Ra's al Ghul anyone?

Re:er, dupe

[Trigun]

Nope, it leads to a picture of some insecure girl with big tatters looking to validate her life through the intarweb.
(Kind of like what I do here, but without the boobs)

Just you wait...

[Viol8]

...until you connect it to the internet for the 3rd time. Then you'll be sorry!

They do on Windows.

[khasim]

Each minor variation means that the old anti-virus signatures won't catch it.

So new signatures have to be downloaded.

The problem is that any error in that and you're vulnerable to these "new" viruses/trojans/worms.

The real problem is that the infection routes on Windows still haven't been closed.

Re:They do on Windows.

[arminw]

...the infection routes on Windows still haven't been closed....

And it is not likely that they will be any time soon. MS has to make their OS secure from the ground up and that means you buy all new software. Unless you have a rather top of the line system now, be prepared to buy new hardware as well. Like in the physical world, good security is neither easy nor cheap. A Mac with OSX, because of a large number of factors is about as secure a computer you can buy. If you are an expert, like most here on /. you CAN make Windows quite secure also, but be prepared to spend considerable time and money doing so, both initially, and in an ongoing battle with the thousands of malware programs which are constantly changing to get past security measures.

Re:not always enough - hardware firewalls are bett

If you're running a router then just enable NAT and bingo - a simple firewall. I always deploy ethernet ADSL modems now for many reasons - but this is the main advantage.

1. Go to new site
2. Plug PC into modem
3. Configure modem
4. Plug phone line into modem
5. Download latest windows patches

Note that at stage 5 the PC is already protected by a firewall. Just need to AV and patches to protect against email, adware etc.

But then I also configure Thunderbird - which limits the email viruses as well (the number of times I've been called becuase a user can't open an email containing a virus ...)

pre sp1

[Mr_Silver]

If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos.

By "Windows" they mean Windows XP pre-service pack 1 which was released in 2001.

So, what they're saying is: "if your unpatched 4 year old operating system is connected to the internet, it'll get infected pretty quickly."

Granted, pre-sp2 versions of XP has security that wasn't exactly the greatest and, granted, post-sp2 it still isn't perfect (and I'm not defending that) - but the above statement is like saying "if your vanilla install of Redhat 7.2 is connected to the internet, it'll get infected in a couple of hours".

The latter isn't fair to Redhat and so I don't see why it's particulary fair to Microsoft either.

Re:pre sp1

[Tourney3p0]

It's absolutely nothing like comparing it to an ancient version of Redhat.

It's probably a safe bet that most computers have been coming with Windows XP since 2001. A very significant number of these computers came with a version of Windows XP with no service packs. How many average computer users do you know that are going to go through the effort of obtaining the latest Service Packs on a CD?

With all the spyware and viruses these days, it's pretty much guaranteed that a reload will occur every few years, if not more often. Imagine for a moment that I have a grandmother, and she has an HP. She knows her 3 year old computer is running like crap, so she calls HP. They instruct her on how to use the System Restore disk. She now has an unpatched version of Windows XP on the internet. She has no idea what a service pack is, nor does she care. In 12 minutes, she will be infected with a few viruses.

Redhat 7.2 is not the latest and greatest version of Linux. You can easily download the latest version of whatever distro you want.

If you want to make it a valid comparison, convince Microsoft to begin a program where you can trade in your version of Windows XP for Windows XP + Service Pack 2 + Updates, etc.

Re:pre sp1

[Mr_Silver]

Redhat 7.2 is not the latest and greatest version of Linux.

Neither is XP pre-sp1. As I said, it was released in 2001 (same time as 7.2). The latest version is Windows XP SP2.

You can easily download the latest version of whatever distro you want.

When you do, you're then compairing a distribution released in 2005 with a distribution released in 2001. Your comparison becomes null and void because it is unbalanced (and unfair).

Either compare Windows XP pre-sp1 with Redhat 7.1 or compare Windows XP SP2 with the latest version of Redhat. You can't have one and not the other otherwise it looks like you're deliberately skewing the results.

If you want to make it a valid comparison, convince Microsoft to begin a program where you can trade in your version of Windows XP for Windows XP + Service Pack 2 + Updates, etc.

All new PC's come with Windows XP SP2 installed and even the boxes in my local PC World have SP2 installed as well. I think even the hardened Linux advocate would agree that getting them to re-ship a new CD every time an update is released is a tad harsh.

I can't think of any Linux distributions that get rebuilt every single time the kernal or an application within it gets patched.

Re:pre sp1

[Tourney3p0]

I see your point. Now all you have to do is get my grandmother to fork out a couple hundred bucks because her Windows XP pre-sp1 disc is outdated, and everything is fine. I'm sure she, and the millions of computer users like her, will be fine with it.

Re:pre sp1

[Tim+C]

If you want to make it a valid comparison, convince Microsoft to begin a program where you can trade in your version of Windows XP for Windows XP + Service Pack 2 + Updates, etc.

If the average user can't be bothered to go to the effort of obtaining a service pack on CD (or downloading it and burning it to one themselves, for that matter), what makes you think they'd take up such an offer?

Re:pre sp1

[plover]

Because if you bought your PC in 2002 and it came with a bright, shiny XP (no service pack) disk and you're rebuilding it, you use what you have. You have to bootstrap to something in order to download and install SP2. In the time it takes to get Windows Update going, you're too late -- the machine is infected.

Re:pre sp1

[VanWEric]

I can't think of any Linux distributions that get rebuilt every single time the kernal or an application within it gets patched.

Gentoo? Or am I wrong - there are ways of reading that for either side.

Re:pre sp1

[xMilkmanDanx]

but the above statement is like saying "if your vanilla install of Redhat 7.2 is connected to the internet, it'll get infected in a couple of hours".

The latter isn't fair to Redhat and so I don't see why it's particulary fair to Microsoft either.

Your analogy doesn't quite work though.

1. it's not a given that a few year old vanilla distro of redhat will be infected even in a few hours (IIRC, no server functions are installed by default and if you're building a server, you should just know better).
2. a few hours and 12 minutes are hugely different. A few hours gives time to update/patch/setup firewalls etc, 12 minutes does not.
3. microsoft does not provide easy to download updated versions of their OS with all relevant patches included. Sure you can make a CD with all the SPs on it and then have to keep the internet disconnected until you've patched. The extra time and effort just makes it more likely to not be done by the average joe.

Re:pre sp1

[Curate]

Because if you bought your PC in 2002 and it came with a bright, shiny XP (no service pack) disk and you're rebuilding it, you use what you have. You have to bootstrap to something in order to download and install SP2. In the time it takes to get Windows Update going, you're too late -- the machine is infected.

You can download the SP2 standalone executable and burn it to a CD. Or, you could order an SP2 CD for free from Microsoft. Or, you could pick up an SP2 CD for free from your local computer store. All of these options are pretty easy, don't you think?

Once you have SP2 on CD, you have a choice. You can either go the complicated route by creating a slipstreamed XP SP2 install CD, and install it. Or, you could simply disconnect yourself from the Internet while you install XP followed by SP2. This is not rocket science.

Oh, and if you happen to have a hardware firewall already (e.g. your typical cable/DSL router) then you're pretty safe even if you don't disconnect yourself while you install.

Re:pre sp1

[Tourney3p0]

If the average user can't be bothered to go to the effort of obtaining a service pack on CD (or downloading it and burning it to one themselves, for that matter), what makes you think they'd take up such an offer? That's certainly valid. Perhaps Microsoft and leading computer distributors such as Dell, Gateway, HP, etc strike up a deal that allows the manufacturers to send updated "System Restore" disks on Microsoft's dime. I don't think the financial obligation should rest on HP's shoulders just because Microsoft messed up.

Or perhaps upon installation, users could be given the choice: "Do you want to disallow all network traffic except for Update sites until updates are complete?" with a nice little disclaimer as to why this is a good or bad idea.

I can't really say that I have the answers, but something should be done. It's not fair for regular users that have to reload using their pre-SP disks in a vicious cycle, and it's not fair to the techies that continuously have to fix it.. especially since people typically call the "nice cousin that knows about computers" before they call tech support or a paid technician.

Re:pre sp1

[plover]

You can download the SP2 standalone executable and burn it to a CD. Or, you could order an SP2 CD for free from Microsoft. Or, you could pick up an SP2 CD for free from your local computer store. All of these options are pretty easy, don't you think?

While you and I may know these options are easy, that's a very arrogant viewpoint. They are neither easy nor obvious to a hairdresser, a plumber or a truck mechanic.

You're lucky that you live in a city where you have cable modems instead of rural telephone lines, and that you know what SP2 is and that you ask for a copy from the computer store when buying the new hard disk. Yes, I have SP2 on CD and carry it with me when I go to fix other peoples' computers, but most non-computer people don't have these luxuries -- they have to connect via dialup and hope that Windows Update will take care of their problems. Only the "better educated than most" have any idea that they can get infected before they can even get patched.

These are the people who are allowing zombies to run rampant over the net. They need our help, not elitist comments about how "this is not rocket science" or "just download a CD."

Re:pre sp1

[whomeyup]

free xp service pack 2 cd

i wonder if redhat will send me free cds?

Re:pre sp1

[Cyno]

RedHat 7.2 doesn't get compromized in under 15 minutes when connected to the net. There are no known automated attack propogating through RedHat 7.2 systems. Perhaps if RedHat 7.2 had 90% of the market things might be different, but they aren't. Windows users should have to pay a security tax.

Re:pre sp1

[Fred+Ferrigno]

Yet the same argument applies to any bright, shiny, Linux box you purchased and the only physical media you have on hand is a Redhat 7.2 CD.

Re:pre sp1

[Curate]

Sorry if I came off as elitist. I wasn't trying to. I was merely countering your completey false assertion that:

You have to bootstrap to something in order to download and install SP2. In the time it takes to get Windows Update going, you're too late -- the machine is infected.

I pointed out the safe way to rebuild from an original XP CD. I think that most users *who are competent enough to undertake a rebuild in the first place* would also be knowledgeable enough to grab SP2 ahead of time.

Nowhere in your original post did you mention newbies. If you want to shift your argument to what a newbie is likely to do, then fine, but this is now a whole different issue entirely. I agree with you that newbies need our help; they need to be educated. One would hope that if a newbie not knowledgeable enough to grab SP2 were to undertake a computer rebuild, they would at least have the sense to consult a friend or tech support to help them through it. Then they would find out to get SP2. The steps involved to actually get SP2 are very easy, as I outlined.

On the other hand, if a newbie insists on blowing himself up without consulting anybody, then what can be done? I'm serious. If people won't help themselves, what do you suggest? Should MS just mail out SP2 CDs to every man, woman, and child, a la AOL? Users need to take *some* initiative if they intend to protect themselves. By now almost everyone is aware that there are dangers out there, even if they are not knowledgeable enough to know what those dangers are.

Elitist-sounding or not, my post was more useful to a newbie thinking of rebuilding his machine than your post was. Your post would actually scare him out of doing it. If you truly believe that we should be helping newbies, then maybe you should try to be a little more constructive and not spread FUD.

Re:pre sp1

The best solution is to slipstream and burn an SP2 CD: http://www.neowin.net/articles.php?action=more&id= 94. Then toss/hide/ignore your original and don't ever use it again.

I don't know about others, but when I get annoyed with something like reinstalling the same updates over and over again, I go looking for a solution.

Now if only more people (esp. "geeks") did the same...

Re:pre sp1

I think the problem is that Windows just needs to be reinstalled every once ins a while. (Fine, maybe you'll tell me that .02% of the population knows how to keep it maintained and uncrappified in such a manner that it doesn't need periodic reinstalls, but this is statistically meaningless.) Thus, as crap piles up, people periodically unpatch their systems (by using their 4-year-old install CD), and then get bitten.

On a normal platform (whether we're talking about Red Hat Linux or MacOS or whatever) people only reinstall the OS after there has been a hard disk failure or something like that.

Re:pre sp1

[RobertLTux]

not really but if you hit http://fedora.redhat.com/download/mirrors.html you can download yourself a free set

wow, misread

[valkr1e]

I read the headline as "Windows installed in 12 minutes" and hurredly clicked the link to see how I could save hours out of a work week and weeks out of a year. Alas, I read it again and see not only 1:it's a dupe, but 2: it's not news, this has been the case for years

just a matter of time

[Macnetic]

just a matter of time until Microsoft posts a technical report on how it takes 6 minutes for a Linux box to be infected. blah...

Irony in trashing the editors

[ChrisF79]

Anybody else find it funny that so many people replied to tell us that the story had already been posted on slashdot before, yet their comment is a repeat of 50 other replies above it?

You could cut the irony with a spoon.

Re:Irony in trashing the editors

[Rod+Beauvex]

*holds up a sign pointing to parent that says: "Lather, Rinse, Repeat"*

Destroy Slashdot

Yes, once again its another dupe - why is everyone still so surprised that this happens? The 'editors' barely pay lip service to their title and I doubt very much that they read the comments either. At face value there is no real passion from the creators of the site - its just the same old shit day after day.

To explain further, Slashdot exists for one purpose: to make money for parent company OSDN. There is nothing wrong with that in itself but don't expect a high quality site the way its currently run. The Slashdot business model (if you can call it that) seems to be to provoke reaction from the loyal crowd of slashbots that frequent the site. Inflammatory / trollish stories (e.g here) and dupes cause the page hits (and therefore ad revenue) to go through the roof.

As a result, most of the comments I see on the stories are neither insightful, interesting or informative. There seems to be no real balanced discussion - something I feel is a product of the moderation system which rewards those who conform to the slashbot mindset and censors everything else. This democratic method of editing the comments is terrible - especially where technical issues are concerned, as a lot of nonsense is modded up by people who don't know otherwise.

You are probably wondering why I read Slashdot. Partly morbid curiosity and partly to laugh at both the flame wars which invevitably break out and the well crafted trolls.

To conclude, Slashdot is neither really "News for Nerds" nor is it "Stuff that matters". If you want the former, go to somewhere like arstechnica] or kuroshin and if you want actual stuff that matters: Infoshop

Re:not always enough - hardware firewalls are bett

[Atrax]

two words

XP SP2

and if you don't have:

install XP, then switch on the damn firewall before you plug in the bloody ethernet cable

Yeah - that's about how long it takes to boot it..

I guess when they manage to speed up the Windows boot cycle it'll be even quicker, at the moment the rate of infection is probably held back by Windows 9x finding new (phantom) devices that require drivers, and Windows 2000 doing safe restarts after it loses track of it's own registry.

Win XP is quite a bit faster, so it obviously helps ;-)

i am now convinced

[circletimessquare]

that the editors of slashdot don't even read their own website

i'm a casual reader, and the dupes jump out glaringly at me just from reading the titles of articles

you would think then that an editor would have a little more exposure than me to the content coming into and out of slashdot, no?

hey editors: you have meta-moderation, how about meta-editting?

from your logs, identify readers who have read the website daily for a few months, and just as you randomly nab people for meta-moderation, randomly nab this pool of readers to review a story before it is published for dupes

leave the story in a holding area for a few hours, and if 5-10 of these regular readers look at it and don't have any dupe complaints, send it to the front page

because you have serious problem with all of these dupes

you need a solution

Now don't you feel silly?

"virii" is not the plural of "virus."

In trying to make yourself look intelligent, you instead made yourself look like someone who tried (and failed) to make himself look intelligent.

People like you annoy me, which is why I bothered to type up this mean-spirited post.

Re:Now don't you feel silly?

"virii" is not the plural of "virus."

Yes, it is.

Re:Now don't you feel silly?

"virii" is not the plural of "virus."

Yes, it is.

No, it's not.

Re:Now don't you feel silly?

[msuarezalvarez]

And 'boxen' and 'VAXen' are not the plural forms of 'box' and 'VAX'. And so on.

Using those variants does not make anyone look less intelligent. I am not saying that they are not less intelligent, but it is not the spelling of this or that plural that allows you to tell an idiot from a non-idiot.

On the other hand, the ability to recognize usage patterns for words, of variations in forms, of overgeneralization of `rules' of the language, of changes in the role words play (from verbs to nouns, from nouns to adjectives, and so on), of `incorrect' uses of derivation rules for words, of appropriation of jargon from other groups for various purposes, and other thousand ways a speaker of a language can mess around with his/her language, and the ability of recognizing the intent and meaning of such messing around *does* give very good hints as to the intelligence of a person.

Re:Now don't you feel silly?

[Archangel_Azazel]

2 points for the A.C., I hadn't been interested enough to actually look that up, thanks for the info!!! ^_^

A.A

In related news of today...

[Jugalator]

German admits creating Sasser

These infections are mostly direct host-to-host infections by Sasser, right?

12 Minutes?

[Teddy_Roosevelt]

Bah. I just finished this fresh install and I connected it to the Internet 22 minutes ago!

These guys don't know what they're talki... [NO CARRIER]

Re:Yeah - that's about how long it takes to boot i

[Master+of+Transhuman]

Right.

WinXP boots to the desktop quickly, allowing the luser to screw himself more quickly.

Oh, wait, I forgot - XP SHOWS the desktop quickly, but you still have to wait up to a minute for anything else to happen as Windows fumbles around in the background trying to find the rest of the system - including the DSL connection.

God knows what the security state is as XP stumbles around back there dragging in useless services and pumping out thousands of log entries that no customer actually ever asked for. Fortunately, since nothing can be done until it finishes, it probably means nothing can be done TO it as well.

This is news?

Hell, even if this WASN'T reported last week,

1> Who *didn't* know this?
2> Who cares?
3> Who isn't aware of the wide selection of ways to NOT get reamed when fixing up a fragile infant install?

Okay, This Is How It Works

[Master+of+Transhuman]

1) Start /.

2) Post dupe.

3) ???

4) Profit!!!

Re:FUCKING DO SOMETHING ABOUT THE DUPES

are you PLANNING some accident which involves a certain editors?

Re:Irony

[QuickFox]

Yeah, and the guy you linked to tries to teach correct English usage while making errors like "Trying to pretend [...] that a blurb from a random jackass which claims to be an authority [...] is nothing but a way to delude one's self [...]"

How ironic.

--
--

-2 Redundant

[part_of_you]

What's funny is that if there are more than 2 people that say this is a dupe, they get modded down to "Redundant" when in fact this article itself is a dupe. Catch-22?

What's even funnier is that the article is basicly saying that if you put an unprotected Windows box online, that within 12 minutes it's got problems. I want to know who is putting an unprotected Windows box online? All the Windows boxes that are sold today have the latest updates already installed on them, and I must say, Microsoft has stepped up it's game a bit. Days of Windows bashing should be near-end.

Re:FUCKING DO SOMETHING ABOUT THE DUPES

[Master+of+Transhuman]

He doesn't have to. The editors ARE accidents. Certainly their editing is.

I'd love to last 12 mins

[mcwidget]

...but back to Windows.

Sophos are quoting 12 mins, the ISC currently cite 32 mins "survival time". Does *anyone* see anything near these times though? If I connect a Windows box to the net and monitor firewall logs then it's normally a couple of minutes before someone's probing where they shouldn't be. I reckon I'd be very lucky to last 12..

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How can Windows be secured?

Why do you think that a physical firewall and a modem or wifi can't be done? Check out Freesco. And there are several other similar projects with varying features.

Of course it's faster!

[QuickFox]

The speed with which PC's can become infected has now shortened.

Of course it's faster now than before! What did you expect? Considering how much Microsoft has invested in improvements, of course it's become more efficient!

--

handy tip

If there are > 1 comments in a dupe article, it's already been pointed out that it's a dupe.

This post is brought to you buy Citizens Against Whiny Bitches.

This article needs a disclaimer

[Weaselmancer]

While I'm sure their numbers are pretty much correct, it's worth noting that Sophos sells a network anti-virus product and that may be coloring their findings.

Only fair to mention it, just like it's fair when some company says Windows NT has a lower TCO than Linux...and the funding for the study came from Microsoft.

Most retarded story.

[RingDev]

This is as wonderfull as the Zombie Dog story last week. No facts, no information about the PC, connection, patch history, viruses, etc. Just some random number and some advertising.

Big suprise, the world most popular OS has the largest number of virus's written for it. Another big suprise, leave your machine unpatched and unprotected on a network and it'll get infected.

-Rick

Re:Most retarded story.

[nam37]

Wow! Logic!!

You must not be from around here.

Re:Most retarded story.

[DaveCBio]

Hey, it's a weekly Slashdot feature. Got to have at least one story that talks about how a unpatched Windows PC hooked directly to the net gets infected along with one story about Microsoft killing puppies somewhere in the world.

What was the methodology?

[jockm]

I want to know what was the methodology used? Was this just a box plugged into the net without a firewall? Were they connecting to web sites (if so what ones?) Where they checking mail (what client, was the email address new)? Etc

It would be very easy to build up a system and get it infected though use, but there is no real information to tell us how real world it is, just to scare us (or make us happy we use a different OS).

London in England?

[baomike]

Putting London in the right country is probible a good as it is going to get in the US. Why do you think the New Mexico license plate have "USA" on them?

Prediction

[QuickFox]

Moore's law has proved accurate for three decades, so we can reliably predict that if Windows gets infected in twelve minutes today, in December next year it'll be six minutes, in June 2008 three minutes, and so on. By 2017 Windows will get infected in just 50 milliseconds.

Re:not always enough - hardware firewalls are bett

[Mr_Silver]

I seem to recall some cases of software firewalls (if this is what you meant) which don't initiate before the NIC driver comes online, meaning the PC has a few seconds where it can acquire an IP and receive packets before protection commences.

This, I believe, was a problem fixed in service pack 2. Windows now waits until all applications (which should include the software firewall) have started up before the NIC driver comes online.

Re:How can Windows be secured?

[anthony_dipierro]

I never said it can't be done. But it's not feasible for me to buy a computer with two double-width PCMCIA ports *plus* carry that computer around with me everywhere, just so I can access the Internet via Verizon's BroadbandAccess service. For a modem this is slightly more feasible, but for wireless Internet we're talking about spending hundreds of dollars on a firewall which would still be rather bulky to carry around everywhere.

Source Article

That was a PITIFUL ARTICLE. Why not link to the actual SOURCE of the info??? (You know, one with actual statistics and usable info)

http://www.globetechnology.com/servlet/story/RTGAM .20050704.gtvirusjul4/BNStory/Technology/

------------------

"12 Minutes to PC Infection"

By JACK KAPICA

Monday, July 4, 2005 Updated at 12:07 PM EDT

Globe and Mail Update

* E-mail Jack Kapica
* Read Bio
* Latest Columns

If your Windows computer is not properly protected, chances are it will take all of 12 minutes before it becomes infected, a major security company says.

The speed with which machines can become infected has shortened, virus-watchers at Sophos, based in England, say, because they have detected 7,944 new viruses in the first half of 2005, a 59-per-cent increase over the same time span last year.

As a result, the time before a machine is infected is rapidly decreasing, with a 50 per cent chance of being infected by an Internet worm within just 12 minutes of being on-line using an unprotected PC.

The security company made this observation while releasing its list of the top 10 viruses for the period from January to the end of June. The list was headed by Zafi-D (25.3 per cent), followed by Netsky-P (17.5 per cent); Sober-N (10.3 per cent); Zafi-B (4.7 per cent); Netsky-D (3.8 per cent); Mytob-BE (2.6 per cent); Netsky-Z (2.3 per cent); Mytob-AS (2 per cent); Netsky-B (1.9 per cent) and Sober-K (1.7 per cent). The remaining 27.9 per cent was shared among all other viruses.

Advertisements

The figures were in agreement with those released late last week by IBM, which reported that phishing attacks had increased 226 per cent, while viruses and worms, such as Sober and Mytob, also continued to spread rapidly through e-mail and Web applications.

IBM's May Global Business Security Index attributes the increase in phishing attacks to the rise of zombie "botnets" being used to pump out massive volumes of the scam e-mail used in phishing attacks, as cyber-criminals attempt to increase their profits.

IBM added that in May, more than 30 per cent of e-mail contained some form of virus -- a 33 per cent increase over the previous month.

"The Sober family of worms is an example of how damaging the collaborative efforts between virus writers and spammers can be, hijacking the computers of legitimate organizations to create 'zombies,' whose purpose is to perpetuate the generation of more spam," said Sophos spokesman Greg Mastoras.

"Organizations are being victimized and likely being identified as a source of spam, endangering reputations and potentially causing their e-mail to be blocked by others."

Sophos says it has also seen a threefold increase in the number of keylogging Trojans so far this year. Trojans are arrive as e-mail attachments or links to websites. They are often used by remote hackers to steal privileged information and very often, to launch further attacks. In June, an NISCC investigation, which Sophos assisted, found that nearly 300 British government departments and core businesses were the subject of Trojan horse attacks.

Trojans are increasing in number on a daily basis, Mr. Mastoras said. But "Trojans typically don't make the charts because they do not spread on their own and are used for targeted attacks, which are designed to make money or steal information."

IBM's report says it found that phishing incidents reached a peak point in January, and then dropped again. In May, phishing attacks exceeded anything previously recorded, increasing by 226 per cent.

In May, one in 32.2 (or 3.12 per cent of all e-mail) e-mail messages contained some form of virus or Trojan attack, an increase over the past month of 33 per cent.

Spam, however, has levelled off, IBM says. In May, 68.7 per cent of i

to save time. . .

[mazulauf]

. . .maybe Microsoft should just ship their OS pre-infected.

Re:to save time. . .

Umm... haven't you ever heard of Alexa?

Re:Internet Storm Center is tracking "survival tim

[plover]

I see someone disagrees with you, and others think it's funny, but I have to say that was precisely my experience this very weekend.

As the family's official computer nerd, I'm called upon to fix all the infested and/or dead boxes. I've rebuilt my sister-in-law's box several times now due to spyware and virus infections. This last weekend I said "screw it" and refused to fix her stupid Windows ME box, and said it was scrap unless I could install XP SP2 and give her the windows firewall. (Before the Linux/Mac fanbois descend upon me like a horde, she uses some weird Windows software for work on this box, and I'm not Mr. WINE.) I've given my nice gnucleus, I've talked to her about downloading kazaa I don't know how many times, but still she downloads it, and still she screws the box over big-time.

So, evolution happened. ME is gone, and now she has XP SP2 with every defensive program I could find loaded up on it, along with a lock down of every incoming port. Firefox has replaced IE, and Spybot S&D has "innoculated" it against 4000+ pieces of spyware.

I give her a month :-(

Suggestion

[DrSbaitso]

For stories that subscribers can see from "The Mysterious Future", but a button that can be clicked on the story title if the poster thinks the story is a dupe. I realize that each Slashdot author doesn't read every story that is posted, but enough other people would notice that dupes could get caught before they make the main page.

Do you remember 'Get the Facts'?

[famazza]

If you do, you'll also remember that they actually count.

Re:Do you remember 'Get the Facts'?

[super_ogg]

I don't remember 'Get the Facts' to be honest. But I agree with the one of the previous comments that the variants shouldn't matter, the patches should be applied immediately. But... the question is would it matter if Windows patched their systems 24 hours after a vulnerability was found because people choose not to patch their systems. ogg

Re:Do you remember 'Get the Facts'?

[famazza]

If you don't remember the 'Get the Facts' MS Campaign, take a look at this

There's Something About Mary

Hitchhiker: You heard of this thing, the 13-Minute PC infection?
Ted: Yeah, sure, 13-Minute PC infection. Yeah, the new version of Windows.
Hitchhiker: Yeah, this is going to blow that right out of the water. Listen to this: 12... Minute...PC infection.

Comment removed

[account_deleted]

Comment removed based on user account deletion

OT: Your sig

The first rule of PATRIOT act is do not talk about PATRIOT act

Has it occurred to you that your sig is lying? There's no provision in the PATRIOT act that says you can't talk about it. You're just adding to the incoherent ramblings of the Left, which nobody listens to.

There are plenty of real problems with the PATRIOT act, but your sig does nothing to address them. It's actually hurting by further making its opposition look like idiots.

Re:OT: Your sig

[Anonymous+Custard]

>>The first rule of PATRIOT act is do not talk about PATRIOT act

>Has it occurred to you that your sig is lying? There's no provision in the PATRIOT act that says you can't talk about it. You're just adding to the incoherent ramblings of the Left, which nobody listens to. There are plenty of real problems with the PATRIOT act, but your sig does nothing to address them. It's actually hurting by further making its opposition look like idiots.

Oh wise AC, verily, my slashdot sig is not doing enough to change society's problems. For that, I apologize profusely.

Re:OT: Your sig

[Archangel_Azazel]

Dear Mr. AC,

Enclosed, please find one (1) clue. Hopefully this will help you in your attempt to find your obiviously misplaced sense of humor.

Best wishes,
A.A

Incompetence

[g0at]

Taco, read your own fucking site much?

-b

Windows:

[elfuzzo]

32 bit extensions & graphical shell for a 16 bit patch to an 8 bit operating system, originally coded for a 4 bit microprocessor by a 2 bit company that can't stand 1 bit of competition.

Okay...

[djpenguin808]

By far, the most common 'in-defense-of-windoze' post runs along the lines of "it sucks out of the box, but once you add SP2 with that spiffy software firewall, it's neat"

There are two main things wrong with that assertion.

1) Software firewalls are the crappiest kind of protection you could have. Even the best software firewall will never be as good as the cheapest standalone unit, merely because it is integrated into the host system and therefore intrinsically shares the host's faults/vulnerabilities, whatever they may be.

2) I have seen and heard reports of major SP2 malfunctions...like losing all ability to communicate using http and ftp, or not being able to read non-DNS'ed web adresses (entering IP adress instead of name results in no connection), or just flat-out refusing to burn data CDs, no matter the program. Since SP2 can't be uninstalled, this turns these minor problems into major problems requiring a system reinstall without SP2. And if you're unlucky enough to own a new copy of XP with SP2 integrated, then you're totally screwed.

SP2 may be the worst software release from Redmond since they dropped that big steaming turd that was WinME. If all the claims of Windows' new-found security and stability rest entirely on SP2...

Let's just say I'm not planning to move back to Windows anytime soon.

NATing Router?

[Nom+du+Keyboard]

Will a NATing router protect you sufficiently to download patches once you've turned off File & Print Sharing?

Fresh installs.

[Specks]

I did a fresh install of Windows not too long ago for one of my relatives. They happen to use Earthlink DSL. The new install was infected in less than 3 minutes of going on line. So I think the time depends on who you use as an ISP.

Re:Internet Storm Center is tracking "survival tim

[ArcticCelt]

Remembers me the joke of the two guys in the jungle who see a lion.

The first one start immediately tying is shoes, preparing himself to make the run of is life.

The second one say: "What the hell are you doing, do you really think you can run faster than the lion?"

The first guy answer: "I am not planning to run faster than the lion but faster than you!"

well, you;re a fool

[CdBee]

You're an irresponsible prat, and you're on an ISP that blocks the RPC ports and TCP 445. (Some do this now to protect their network from people like you)

For christs sake at least install zonealarm so you can find out whats on your PC and talking to the outside world

Re:well, you;re a fool

[Dun+Malg]

You're an irresponsible prat, and you're on an ISP that blocks the RPC ports and TCP 445. (Some do this now to protect their network from people like you) For christs sake at least install zonealarm so you can find out whats on your PC and talking to the outside world

Relax, jackass. I don't need ZoneAlarm. My ISP blocks nothing but port 25 by default. Only incoming traffic has free and unfettered access. All outgoing traffic is through a tightly controlled proxy. All standard ports are remapped to random alternates. There ain't shit talking to the outside world other than what I specifically allow, when I allow it. Incoming traffic is also monitored and logged. It's unsecured, but closely watched. It's intentionally exposed, for the very purpose of testing this vulnerability. It started as a lark, and has developed into an amusing long-term experiment. So don't worry your empty little head, and save your sanctimonious lectures for the brats using daddy's AOL. I'm not the zombie you're looking for.

New computers are patched but...

[MarkByers]

All the Windows boxes that are sold today have the latest updates already installed on them,

Not everyone buys a new computer every time a critical patch is released. Some people use their old install disks when they have to reinstall and they probably don't even realise that they have been compromised until after they have re-downloaded their favourite virus software.

Still not quick enough...

[crazdgamer]

If I can beat Super Mario Bros. 3 in less time than it takes to have my unprotected machine infected, then my machine isn't being infected fast enough.

The 11 minute barrier is still alive!

Re:Internet Storm Center is tracking "survival tim

[The_Wilschon]

That's a good idea. The next virus I write will use that Orrin Hatch feature that destroys your computer if you have mp3s.

After they make styrofoam, what do they ship it in

A box. Duh.

this is corporate advertising, not news

[capicu]

In an unrelated story, General Motors has recently released a study proving that walking sucks even more than it used to.

Not mentioned in article

[Cyn]

11 minutes and 55 seconds was for the installation and reboot time.

Re:Internet Storm Center is tracking "survival tim

[sumdumass]

This is a bit off topic but when the human hunters went after buffalo, they actualy went after the leaders in front first and kept after the ones taking the lead.

By doing this they played on the heard mentality and the buffalo constantly became confused. While standing there looking for the next buffalo to take control they were easy prey. As long as someone was able to take out the leaders when they assumed control, this could go on untill there was either no more buffalo or untill there wasn't enough light to shoot.

The threat of newer "protection" were the computer has to check in before finding a program valid. Once this is in place, the object will be to take out the leaders and then they can pick off the heard. It won't be long before virus stop acting like wild preditors and start acting like organized human exterminators.

It was much faster in my experience

I had just finished installing Windows 2000 Professional on my older computer when it happened. All of a sudden, internet traffic became completely saturated, CPU utilization was at 100% and the system became completely unresponsive. Needless to say, I was forced to hit the reset button, pop in a Linux CD and install that instead.

Only 1 minute before fatal infection! That has to be some kind of a record! Imagine if we were that vulnerable to infection. We would all be dead!

That same Linux installation is still working great by the way, after two whole years and no firewall or anything.

What about XP SP2?

[tereshchenko]

I suspect that results for XP SP2 would be much better!

P.S. Sophos is the shittiest antivirus I've ever seen!

Survival time

[Crudely_Indecent]

Really... that's not such a bad idea.

I'm ALL FOR keeping incapable users from getting online. If it takes an 'Ebola type' virus which actually causes physical damage to the machine and a lot of it, so be it. It's the next logical step of evolution to the current viruses, physical interaction.

Those who habitually leave their systems unprotected will find themselves buying complete new systems because the majority of components are fried. Damage cost assessments of virus infections would skyrocket as "Survival Time" would become a literal.

Perhaps this carefully constructed virus would only infect zombies...that's an interesting thought.

This would ease the load on tech support as well. The first question would be "Do you see any smoke? Yes? Buy a new computer."

It's beautiful....

DUH!

[nozzo]

I get really tired of reading this kind of thing. There is really no excuse for this anymore and if you are an IT professional then SHAME ON YOU if a PC you are loading gets infected. Here's why: Windows XP 1) Use a Microsoft XP SP 2 CD 2) If you don't have one then copy the contents of a old XP CD, slipstream it with SP2 then make your own bootable XP SP2 CD. 3) If you cannot do either and you only have an older version of XP on CD then use another PC to download Zonealarm, burn it on a CD. Load XP with the internet connection disconnected. Load ZoneAlarm. Connect internet. Download Patches. Disconnect Internet, Remove Zoney, enable MS Firewall, reconnect Internet. Windows 2000 See (3) under XP except use ZoneAlarm Windows 98 See (3) under XP except use ZoneAlarm Windows ME See (3) under XP except use ZoneAlarm Windows 95 See (3) under XP except use ZoneAlarm Windows NT See (3) under XP except use ZoneAlarm Windows for Workgroups 3.11 1) Use an external firewall. Your company LAN should already have one OR you should use a ADSL modem/router with this facility. They are cheap enough. Windows 3.1 See (1) Above Windows Server 2003 Standard, Enterprise, Web edition. Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove ZoneAlarm, connect to domain etc. Windows Server 2000 et al Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove 3rd party firewall, connect to domain etc. Windows Server NT 4, 3.5 Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove 3rd party firewall, connect to domain etc. The other solution is to use Microsoft SUS and let your SUS server patch the box without it ever connecting to the net! See! Answer for everything. If you plug an unpatched Windows box on the internet then, yes, it will get infected. Of course it will. - Solution - Dont do it! Same goes for *nix boxes. If you put an ecommerce site on an old unpatched version of Apache then you may as well publish customer details on the front page. Chris Your friendly MCSE

DUH! (without the crappy HTML convertor messing up

[nozzo]

I get really tired of reading this kind of thing.
There is really no excuse for this anymore and if you are an IT professional then SHAME ON YOU if a PC you are loading gets infected.
Here's why:

Windows XP
1) Use a Microsoft XP SP 2 CD

2) If you don't have one then copy the contents of a old XP CD, slipstream it with SP2 then make your own bootable XP SP2 CD.

3) If you cannot do either and you only have an older version of XP on CD then use another PC to download Zonealarm, burn it on a CD. Load XP with the internet connection disconnected. Load ZoneAlarm. Connect internet. Download Patches. Disconnect Internet, Remove Zoney, enable MS Firewall, reconnect Internet.

Windows 2000
See (3) under XP except use ZoneAlarm

Windows 98
See (3) under XP except use ZoneAlarm

Windows ME
See (3) under XP except use ZoneAlarm

Windows 95
See (3) under XP except use ZoneAlarm

Windows NT
See (3) under XP except use ZoneAlarm

Windows for Workgroups 3.11
1) Use an external firewall. Your company LAN should already have one OR you should use a ADSL modem/router with this facility. They are cheap enough.

Windows 3.1
See (1) Above

Windows Server 2003 Standard, Enterprise, Web edition.
Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove ZoneAlarm, connect to domain etc.

Windows Server 2000 et al
Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove 3rd party firewall, connect to domain etc.

Windows Server NT 4, 3.5
Same as (3) under XP. You can load the basic server standalone, firewall it, patch it, remove 3rd party firewall, connect to domain etc.

The other solution is to use Microsoft SUS and let your SUS server patch the box without it ever connecting to the net!

See! Answer for everything. If you plug an unpatched Windows box on the internet then, yes, it will get infected. Of course it will. - Solution - Dont do it!

Same goes for *nix boxes. If you put an ecommerce site on an old unpatched version of Apache then you may as well publish customer details on the front page.

Chris
Your friendly MCSE

Re:Yeah - that's about how long it takes to boot i

[Novous]

>God knows what the security state is as XP stumbles around back there dragging in useless services and pumping out thousands of log entries that no customer actually ever asked for.

Security privilages are setup before the desktop is loaded...

Same story as a week ago, same reply from myself

Take 30 minutes and do this, never get infected AGAIN (on Windows no less), ever, & most certainly NOT in 12 minutes... not again, ever!

APK Online Security 20-points basic checklist. A combination of things really, layered security is the idea!

DETAILS:

http://www.avatar.demon.nl/APK.html

SUMMARY:

1.) IP Security Policy in place for adbanner servers blocking OR other "undesirable" IP addresses.

2.) A custom adbanner blocking HOSTS file with 35,000++ entries in it with known banner ad servers in it (which have been shown in some cases even as bearing malicious javascript etc. in them as well as just plain slowing you down as you surf the web by calling out to DNS' servers for URL to IP resolution & loading their remote data).

3.) Tcp/IP filtering @ the IP Stack levels (UDP & TCP) allowing ONLY port 80. Need others? Open then up, this is all I need personally here.

4.) Using up to date AntiVirus & AntiSpyware.

5.) Using .PAC file proxy filters in all web-browsers vs. adbanners & such.

6.) IE Restricted Zones (added to via .reg files which the first body of code in the HOSTS file I use is prepped for the .reg filedata for via a program I built in ObjectPascal delphi console mode ripping away the URL from the 127.0.0.1 loopbacks I equate adbanner servers to, etc. & then insert these here and into IPSecPols also).

7.) Custom adbanner filtering Cascading Style Sheets in webbrowsers when possible (via Opera).

8.) ZoneAlarm Pro or Native Windows Firewall. ZA is the better overall, the Windows one works though.

9.) Disable Java-javascript &/or ActiveX-activescripting in your webbrowsers.

Sorry webmasters, but too many holes popup here and ONLY IE gets that enabled here for Windows Update really only or sites that "demand" I use either.

10.) Making sure the Operating System is up-to-date/fully hotfix or service pack patched.

11.) Disabling uneeded services (especially remote oriented ones, e.g.-> Remote Registry) gaining not only memory & CPU cycles back, but also security:

Microsoft is even into this one now, evidenced by Windows Server 2003 Security Configuration Wizard run by the installation of SP #1 final onto it.

(I've been doing it for YEARS now, better than a decade since Windows NT 3.51 in fact: It WORKS!)

12.) Using restricted Registry &/or FileSystem ACL rights to disks/folders/files + Registry Hives.

13.) Amending secpol.msc & gpedit.msc security polices local to my system for better security.

14.) Using User-Rights & restricting them to my usual logged on user & the system entity SID itself only on most rights, denying all other groups.

15.) Applying registry hacks known to fortify the system BOTH remotely & locally per Microsoft guides for this on Windows Server 2003 for "OS Hardening" &/or "Tcp/IP Hardening".

16.) Being sure applications are up-to-date & patched current as well.

17.) Lastly here, by using a LinkSys BEFSX41 "NAT" & true CISCO technologies based stateful-packet-inspecting firewall router!

18.) Disabling NetBIOS over Tcp/IP & stopping Client for Microsoft Networks (all you need to get online IS Tcp/IP).

However, Ms Lans need these for file and printer sharing and networking properly/fully. THIS changes on LANS, but can be secured better than the default so IF you need it? Patch/harden for it IF you have to use it.

19.) ADDITIONALLY:

RUNNING IE in a "runas limited user class" sandbox effect, is possible -

It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

Of course, it's a hassle to

Re:On dupe is annoying, but two...

you know a reply to a post that is tangential to the article's duped nature is not off topic.

Re:DUH! (without the crappy HTML convertor messing

[nozzo]

and plus.....

There's a advanced setting in Windows 2000 workstation and server,XP and Windows 2003 server that you can configure so it only allows HTTP (port 80) and SSL (port 443) through the TCP/IP stack.
This way you can download patches from the net and you won't get infected by SMB based viruses.
Any Microsoft techs want to take this up?

Infected in 12 minutes, pish posh

[creeront]

I've worked on Windows systems on corporate networks that have been infected in less than 1 minute after installing a fresh copy of windows.

Re:Infected in 12 minutes, pish posh

[nozzo]

Well I wouldn't let you near my corporate network then...

Use Hardware Firewall Even WITH SP2

[billstewart]

Yes, SP2 is much better than previous MS versions. It's still Windows, it's still the Internet, and you're still probably running vulnerable applications. So you still need defense in depth. If you want to open holes in the firewall for specific applications, most cheap hardware firewalls will let you do this, but don't just leave the thing wide open handing packets to Windows hoping that something hasn't opened holes in Windows's firewall, either maliciously or just to implement their own application.

And if you've got a network at home, with shared printers or file sharing or anything at all that lets your separate PCs talk to each other, you especially need the firewall.

Okay so best/ linux way to fix??

[RobertLTux]

Question for the Slashmind: What is the magic url to get ALL post sp2 patches for a stock Windows setup? http://what.microsoft.com/%5Bwhere%5D ?

Idunno

Pete and Repeat were in a boat. Pete fell off. Who was left

Wrong. Who's on first, not in a boat.

Re:Internet Storm Center is tracking "survival tim

[P3NIS_CLEAVER]

Successful diseases do not kill the host.

Re:Internet Storm Center is tracking "survival tim

A herd of buffalo can only move as fast as the slowest buffalo

I'm reasonably certain Buffalo don't care what's happening behind them when running/stampeding; If I recall they didn't pay too much attention to the front of them either, as you could fairly easily get them to stampede right off a cliff. The reality is there wasn't a predator around that could stand up to an organized herd of Buffalo, humans included. Thankfully, there never was a known organized herd of buffalo.

TCP Ports 1026, 1027

[anubi]

Recently, there has been a flurry of port connection attempts to me on these ports.

Now, I do a netstat and find I have these connections open, despite my firewall ( zonelabs ) supposedly having them closed.

I am not running any IM clients.

My Grisoft AVS does not detect anything amiss, nor does AdAware nor Spybot S&D, but my gut feeling is telling me I *am* compromised.

I have not been routinely running with ports left open.

Is anyone else out there experiencing this?

....If this were really true....

[Superunknown_GP]

...my machines would all've been taken over a really, really long time ago. I run a mix of 2K and XP on my home network, and the machines are all clean. I have no virus protection, I have no real firewall installed.

I just don't go look at "TOP 500 p0rn SITEZ!!!" links, don't open e-mail attachments unless I know where they came from, etc.

And my machines are fine. Make all the jokes you want, go ahead and feel superior, whatever. But I check my machines pretty thoroughly, and they're clean. Have been for years. I haven't had a virus on my network since I got rid of Win95.

Re:Same story as a week ago, same reply from mysel

That's why the detailed URL is in it, the 20 steps are SUMMARY...

HOWEVER, the detailed part (actually called DETAILS in my first post)?

Is one of the FIRST things I posted:

http://www.avatar.demon.nl/APK.html

* That's as EASY as I know how to make it, & tells you what tools to use, how to do each step, etc. IN DETAIL... many folks cite & quote from it online & have used it, and wrote me in thanks etc. because they're NOT having to go to the local "Mom & Pop Shop"...

That same "mom & pop shop" that survives lately on yes, cleaning out the infections, or just grabbing their data & doing a reinstall... but does NOT show folks how to avoid this b.s. like malware/viral infections, etc. because... it keeps them in business.

Do what my 20 summary points note, by following the detailed steps from that URL?

You'll never get burnt again... unless, you do something STUPID like click on email attachments sent by those you don't know, etc. & the like which are in actuality, macro infectors etc.

APK

MOD PARENT UP

I think this guy has a point. I have stop coming here for the news or the stuff that matters... But more for entertainment.... So IHMO I think this guy is right...

Re:not always enough - hardware firewalls are bett

Say it with me now: NAT does not a firewall make. It only works one way, and it's rather crappy at the half it DOES work on (although it works for most people). But it's not anywhere near a half decent firewall.

0 to Zombie in 6 Minutes

[Bondolo]

While installing Win2k Server a couple of years ago I managed to get infected before the install process even completed. By comparing the creation time of the pagefile and infected DLLs I found that my infection time was slightly more than 6 minutes.

Since that time I always install new operating systems (Windows and otherwise) behind a NAT box until I have all the latest security patches installed.

Dupe of URL

[colinrichardday]

Dupe, dupe, dupe, dupe of URL. . .

You just answered yourself!

I recently installed McAfee on it, just to see what viruses I'd "collected", and there's nothing!

Yeah, McAfee frequently finds nothing because it's garbage. It's one of the main reasons I dumped it years ago. Get some real AV software and post back.

Mod Up.

There are a number of scanning "tools" available which will find unprotected shares behind NAT. NAT/IP Masquerading just makes it difficult to target specific LAN IP addresses. It doesn't prevent external access to unprotected shares on a random basis. (ie, skript kiddie runs "tool", locates unprotected shares on LAN behind NTA router, connects, does what skript kiddies do best...)

Re:Mod Up.

...does what skript kiddies do best...

Masturbate to pictures of a teenage Bill Gates?

Re:not always enough - hardware firewalls are bett

[crazyphilman]

Yet another thing to love about Linux/Unix/*BSD...

The firewall (iptables or ipfw) is turned on before the network interfaces are brought online. This is possible because the firewall functions of Linux are part of the OS kernel and are available as soon as the kernel is running.

Don't get me wrong, I still use a hardware firewall with my Linux box (belt and suspenders, right?) but it's not quite the matter of life and death it is with Windows machines.

Rumors of Slashdots demise are greatly exaggerated

[cbreaker]

If you can deal with the trolls and ignorant posts that are very much the norm on Slashdot, you'll also find some very interesting and well written comments. The ratio of good > bad is low, but it is interesting to see what some people around here think about things.

Comments about how bad Slashdot is, and how "everyone" is a troll, are a bit too harsh.

With any public forum you get a lot of noise. Slashdot is no exception. But there is a signal here, you just have to have the patience to look for it.

The user-moderation does have a lot to be desired but if you read more then just the +5's you're more likely to find good comments.

I like Slashdot.

Re:Internet Storm Center is tracking "survival tim

[ArtStone]

One way that pre-European cultures in America hunted buffalo (since they did not have horses or firearms) was to get the buffalo to start stampeding and drive them off a cliff. In that case, it was the ones at the front of the herd that died first.

http://lewisandclark.state.mt.us/sites.asp?IDNumbe r=25

Never were taught that in college, were you? Kind of breaks that fantasy story about how Native Americans respected nature and have an inherent moral superiority.

By protected if you mean

[warrior_s]

having an anti-virus....let me say that i never installed an antivirus on my xp machine and it is online all the time....and i dont think it is compromised...ofcourse i use firefox with adblock...and thunderbird as mail client... and install those huge updates by microsoft regularly.