Posted on 11/30/2004 1:29:41 PM PST by zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.
In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.
The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.
The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.
"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.
"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."
The main point that should be taken from this, even though it is not explicitly stated is that if you are going to be connected to the internet, especially if your are nailed up with a broadband connection, it is critcal that you have a hardware firewall to hide your PC from the hackers.
Also, if you're browsing, don't use IE unless you absolutely have to. Mozilla or Firefox will help keep a lot of nastiness from your computer.
bump for later...
I always appreciate your point of view, backhoe.
For the sad truth is that a hardware firewall/router will NOT protect your PC from attacks initiated from behind the firewall. Such attacks are initiated by spyware that has already infected the PC. Without something like Outpost, you're a sitting duck.
Get Them Shields UP!
And lo...100% of them are Windows.
Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.
Thanks!
| FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) (Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection") |
|
 |
|
While I've been running some sort of firewall since I first got DSL 5 years ago, I still think the companies that provide broadband service and sell their hardware are completely irresponsible, in that they don't provide any sort of firewall built into the hardware they supply.
This is the relevant useful statement in the whole post. At least for today.
BTTT
Very true. Ultimately we're going to need some sort of OS-enforced sandboxing, so the fluffy bunny animation doesn't get to read your address book or make network connections.
I bought a new laptop a few months ago. At the time, there was a worm in circulation causing computers to shut down. Sure enough, within an hour, my computer got infected and started shutting down, etc. I was astounded and outraged.
I run Firefox rather than Windows on my computers now, and seem to encounter fewer problems. I did use Zone Alert, but found it was too intrusive and also interfered with my wi-fi system so have deleted it.
In only 2 or 3 months since I installed my updated Zone Alarm, it's detected and stopped 27,190 intrusions!
(Gee, I wonder why my dial up connection is running so slow?)
Four minutes? That's nothing. I have a group of like machines at work. In 2001, I got them and installed 2000 SP2(I think) on all of them. I turned one off and kept it as a cold spare. In July 03, one died. I took the cold spare, and turned it on. By the time it finished booting (90 seconds), it was hacked by the RPC virus, and rebooted just before the login screen came up. If I were a cracker, I would have beamed at the beauty of the creation. As a Sysadmin, I was seriously horked off.
I replaced the whole lab with OS X boxes this year, and haven't been happier.
Agreed. The Linksys firewall/router is down to about $49.00, and there's no excuse for not having one (or something similar).
I've been on DSL for 4 years and not been hacked or even touched once beyond the outside of the firewall, which is under constant and unsuccessful assault.
Finally, honeypot tests I saw years ago agreed with the above story, and in one instance a scripted attack found the machine, installed a trojan horse (remote control) program, and disconnected within 10 *seconds*.
And that's on the expensive side. I got a Netgear wireless router/firewall about a year ago for $30 after rebate. I'm surprised that ISPs don't include firewall functionality in cable and DSL modems.
I got hit with this one earlier this year. I had to wipe out my hard drive and reinstall the OS.
I use Armor2Net firewall, which has a stealth setting making my computer invisible while on the net.
No doubt about it. In the 4 years that I've had a cable modem, I have learned a ton of stuff about protecting and cleaning PCs and how woefully prepared 99% of users are...and how their ISPs do NOTHING to help them. I wish I had the time to start a home PC protection service. I could make a good living by using nothing but freeware and donating a small fee to the authors after charging a larger fee to the end users.
"Out of the box, Linspire left only one open port....
Does anyone know which port this is, and what network service is bound to it?
Install a good anti-intrusion software that hardwalls Windows against hackers. Qwik-Fix from Pivx is a nice product that does just that. It even protects against vulnerabilities for which Microsoft hasn't come out with patches till now. http://www.pivx.com
Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.
It is obvious that you are a MS basher and that you did NOT read the article. It said no machines with SP2 (available for some months) was hacked. It also said that Linux and Mac were equally vulnerable but that they weren't directly attacked because the attackers were looking for Windows systems. Read the quotes below. YOUR MAC is vulnerable without a firewall. MORE vulnerable than XP SP2!
"Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
ping for later reading.
bump
Probably the port you need to get on the net. You can't close ALL ports. Some are needed open for perfectly legitimate reasons. You don't want to have ALL your ports running open. A balance's is a good idea.
If I hAve Windows 98, can I download Mozilla or is my computer too old?
- learn how to close open ports, - speed web browser, computer start up - Increase password security.
ping
These are some more free-for-home-use programs to add to your excellent list.
WinPatrol (free for home use) at http://www.winpatrol.com guards pc's against unknown executibles being run and some changes to file associations.
Prevx Intrusion Protection (free for home use) at http://www1.prevx.com/default.asp is similar to WinPatrol, but more extensive in watching over a pc and protecting against unknown executibles and changes in file associations.
EVEREST Home Edition at http://www.lavalys.com/index.php?lang=en is a freeware system information, system diagnostics and benchmarking solution for home PC users, based on the award-winning EVEREST Technology. It offers the world's most accurate system information and diagnostics capabilities, including online features, memory benchmarks, hardware monitoring, and low-level hardware information.
bump for later read
Most of the article seems to be the obligatory and popular Gates-Microsoft bashfest.
Firefox is ok for basic websurfing, but it doesn't do Java very well. Also many of the plug-ins don't work with it. Its tabbed features and extensions are leaps ahead of IE.
That conclusion is unsupported. It doesn't say that Macs are "vulnerable", only that they weren't targeted. As far as I know there are *no* remote exploits against Mac OS X in its default configuration (which has very few ports open).
"[But] it would have been very vulnerable had code been written to compromise its system," he added.
Well yeah, but that's a meaningless statement. Any system is vulnerable if code is written to compromise it.
Having said that, everyone should have a hardware firewall regardless of OS.
Probably 113 ident, a lot of NAT routers and firewalls will leave this "unstealthed" but closed.
And you can get one for about fifty bucks. A small price to pay for peace of mind.
Yes, you can close all ports to incoming traffic, and that's exactly what most consumer router/firewalls do. That doesn't affect your ability to create *outgoing* connections from your computer to the Internet. (Which also means it doesn't protect against spyware and trojans that use your machine to transmit data).
We just had Mozilla Firefox installed, and that has really cut down on the pop-ups, esp from the DrudgeReport!
I do enjoy some of the extensions, such as the ability to remember passwords even on sites that try to prohibit that. Is there a system you recommend as an alternative to IE and Firefox?
Not 100% sure about Linspire but an educated guess would be 113/IDENT.
Bookmark for future edjumakashun....
You think they're doing a port re-map internally?
Now why would you say that since you also seem so confident that Macs are not vulnerable?
Two comments:
1. The honeypots were inactive; e.g., no email reading or web browsing to simulate real-world usage. I'd like to see this experiment repeated with some scripts on each machine running through a list of web sites as well as receiving and responding to spam. Each OS's resistance to the resultant malware attacks would be instructive.
2. The Mac in this experiment actually had some extra services turned on such as 'windows file sharing' ... and still wasn't compromised.
I'm confident I won't get into an accident driving home tonight, but I'll still wear my seat belt.
Can I just click on firefox and that's all I need...I don't need to buy anything?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.