Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Unprotected PCs Fall To Hacker Bots In Just Four Minutes
Techweb ^ | 11/30/2004 | Gregg Keizer

Posted on 11/30/2004 1:29:41 PM PST by zeugma

Unprotected PCs Fall To Hacker Bots In Just Four Minutes

By Gregg Keizer, TechWeb.com

The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.

In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.

The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.

Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.

"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."

Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.

The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.

The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.

"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.

"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."


TOPICS: Business/Economy; Culture/Society; Miscellaneous
KEYWORDS: computersecurity; exploit; freeware; getamac; hackers; internetexploiter; linux; lookoutexpress; lowqualitycrap; microsoft; patch; securityflaw; spyware; trojan; virus; windows; windoze; worm
Navigation: use the links below to view more comments.
first 1-5051-100101-140 next last
New old news I guess, but it helps for folks to be reminded occasionally.

The main point that should be taken from this, even though it is not explicitly stated is that if you are going to be connected to the internet, especially if your are nailed up with a broadband connection, it is critcal that you have a hardware firewall to hide your PC from the hackers.

Also, if you're browsing, don't use IE unless you absolutely have to. Mozilla or Firefox will help keep a lot of nastiness from your computer.

1 posted on 11/30/2004 1:29:43 PM PST by zeugma
[ Post Reply | Private Reply | View Replies]

To: zeugma

bump for later...


2 posted on 11/30/2004 1:30:31 PM PST by Ulysses ("Most of us go through life thinking we're Superman. Superman goes through life being Clark Kent!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma; backhoe

I always appreciate your point of view, backhoe.


3 posted on 11/30/2004 1:33:08 PM PST by lysie
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
In addition to Firefox, a good router for a firewall and regular spyware searches and cleanings, I recommend the use of Outpost Personal Firewall. It's free, small and damned effective.

For the sad truth is that a hardware firewall/router will NOT protect your PC from attacks initiated from behind the firewall. Such attacks are initiated by spyware that has already infected the PC. Without something like Outpost, you're a sitting duck.

Get Them Shields UP!

4 posted on 11/30/2004 1:33:53 PM PST by Bloody Sam Roberts (All I ask from livin' is to have no chains on me. All I ask from dyin' is to go naturally.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes

And lo...100% of them are Windows.

Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.

5 posted on 11/30/2004 1:34:17 PM PST by Prime Choice (I like Democrats, too. Let's exchange recipes.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Thanks!


6 posted on 11/30/2004 1:35:00 PM PST by lilylangtree (Veni, Vidi, Vici)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
And remember, boys and girls, that no computer is safe in the hands of a user willing to run an infested executable, click "OK" without paying attention, or authorize an executable to run as a privileged user without thinking.
7 posted on 11/30/2004 1:37:25 PM PST by Question_Assumptions
[ Post Reply | Private Reply | To 1 | View Replies]

FREE PC PROTECTION:
(Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)
(Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection")

8 posted on 11/30/2004 1:39:27 PM PST by martin_fierro (00111100 00100000 01111100 00111010 00101001 01111110)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts

While I've been running some sort of firewall since I first got DSL 5 years ago, I still think the companies that provide broadband service and sell their hardware are completely irresponsible, in that they don't provide any sort of firewall built into the hardware they supply.


9 posted on 11/30/2004 1:39:53 PM PST by stylin_geek (Liberalism: comparable to a chicken with its head cut off, but with more spastic motions)
[ Post Reply | Private Reply | To 4 | View Replies]

To: zeugma
The most secure system during the experiment was the one running Linspire's Linux.

This is the relevant useful statement in the whole post. At least for today.

10 posted on 11/30/2004 1:40:46 PM PST by Publius6961 (The most abundant things in the universe are hydrogen and stupidity.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

BTTT


11 posted on 11/30/2004 1:41:52 PM PST by b4its2late (Liberals are good examples of why some animals eat their young.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Question_Assumptions

Very true. Ultimately we're going to need some sort of OS-enforced sandboxing, so the fluffy bunny animation doesn't get to read your address book or make network connections.


12 posted on 11/30/2004 1:43:10 PM PST by ThinkDifferent (A plan is not a litany of complaints)
[ Post Reply | Private Reply | To 7 | View Replies]

To: zeugma
Is it safe?

13 posted on 11/30/2004 1:43:11 PM PST by Delta 21 (MKC USCG -ret)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

I bought a new laptop a few months ago. At the time, there was a worm in circulation causing computers to shut down. Sure enough, within an hour, my computer got infected and started shutting down, etc. I was astounded and outraged.

I run Firefox rather than Windows on my computers now, and seem to encounter fewer problems. I did use Zone Alert, but found it was too intrusive and also interfered with my wi-fi system so have deleted it.


14 posted on 11/30/2004 1:43:19 PM PST by governsleastgovernsbest (Watching the Today Show since 2002 so you don't have to.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
I'm running a Windows 98 box with Zone Alarm. I have a dial up connection, so it's not even online that much.

In only 2 or 3 months since I installed my updated Zone Alarm, it's detected and stopped 27,190 intrusions!

(Gee, I wonder why my dial up connection is running so slow?)

15 posted on 11/30/2004 1:43:58 PM PST by Slump Tester (John Kerry - When even your best still isn't good enough)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Four minutes? That's nothing. I have a group of like machines at work. In 2001, I got them and installed 2000 SP2(I think) on all of them. I turned one off and kept it as a cold spare. In July 03, one died. I took the cold spare, and turned it on. By the time it finished booting (90 seconds), it was hacked by the RPC virus, and rebooted just before the login screen came up. If I were a cracker, I would have beamed at the beauty of the creation. As a Sysadmin, I was seriously horked off.

I replaced the whole lab with OS X boxes this year, and haven't been happier.


16 posted on 11/30/2004 1:45:10 PM PST by ThinkPlease (Fortune Favors the Bold!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Is your PC lifting its skirt at every passer-by on the Internet? Find out here.
17 posted on 11/30/2004 1:46:03 PM PST by Redcloak ("FOUR MORE BEERS! FOUR MORE BEERS! FOUR MORE BEERS!" -Teresa Heinz Kerry)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
it is critcal that you have a hardware firewall to hide your PC from the hackers.

Agreed. The Linksys firewall/router is down to about $49.00, and there's no excuse for not having one (or something similar).

I've been on DSL for 4 years and not been hacked or even touched once beyond the outside of the firewall, which is under constant and unsuccessful assault.

Finally, honeypot tests I saw years ago agreed with the above story, and in one instance a scripted attack found the machine, installed a trojan horse (remote control) program, and disconnected within 10 *seconds*.

18 posted on 11/30/2004 1:46:27 PM PST by angkor
[ Post Reply | Private Reply | To 1 | View Replies]

To: angkor
Agreed. The Linksys firewall/router is down to about $49.00

And that's on the expensive side. I got a Netgear wireless router/firewall about a year ago for $30 after rebate. I'm surprised that ISPs don't include firewall functionality in cable and DSL modems.

19 posted on 11/30/2004 1:50:01 PM PST by ThinkDifferent (A plan is not a litany of complaints)
[ Post Reply | Private Reply | To 18 | View Replies]

To: zeugma
The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

I got hit with this one earlier this year. I had to wipe out my hard drive and reinstall the OS.

I use Armor2Net firewall, which has a stealth setting making my computer invisible while on the net.

20 posted on 11/30/2004 1:53:30 PM PST by jellybean
[ Post Reply | Private Reply | To 1 | View Replies]

To: stylin_geek
I still think the companies that provide broadband service and sell their hardware are completely irresponsible

No doubt about it. In the 4 years that I've had a cable modem, I have learned a ton of stuff about protecting and cleaning PCs and how woefully prepared 99% of users are...and how their ISPs do NOTHING to help them. I wish I had the time to start a home PC protection service. I could make a good living by using nothing but freeware and donating a small fee to the authors after charging a larger fee to the end users.

21 posted on 11/30/2004 1:53:48 PM PST by Bloody Sam Roberts (All I ask from livin' is to have no chains on me. All I ask from dyin' is to go naturally.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: zeugma

"Out of the box, Linspire left only one open port....

Does anyone know which port this is, and what network service is bound to it?


22 posted on 11/30/2004 1:54:40 PM PST by proxy_user
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Install a good anti-intrusion software that hardwalls Windows against hackers. Qwik-Fix from Pivx is a nice product that does just that. It even protects against vulnerabilities for which Microsoft hasn't come out with patches till now. http://www.pivx.com


23 posted on 11/30/2004 1:54:47 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Prime Choice
And lo...100% of them are Windows.

Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.

It is obvious that you are a MS basher and that you did NOT read the article. It said no machines with SP2 (available for some months) was hacked. It also said that Linux and Mac were equally vulnerable but that they weren't directly attacked because the attackers were looking for Windows systems. Read the quotes below. YOUR MAC is vulnerable without a firewall. MORE vulnerable than XP SP2!

"Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

24 posted on 11/30/2004 1:55:25 PM PST by WildTurkey
[ Post Reply | Private Reply | To 5 | View Replies]

To: Redcloak

ping for later reading.


25 posted on 11/30/2004 1:56:00 PM PST by Bush_Democrat (Now EX-Democrat)
[ Post Reply | Private Reply | To 17 | View Replies]

To: martin_fierro
You may want to add the Sygate Personal Firewall to your list. It's free, and very effective. I've been using it for years on my Windows boxes, and have never been compromised. Very easy to use too.
26 posted on 11/30/2004 1:56:24 PM PST by KoRn
[ Post Reply | Private Reply | To 8 | View Replies]

To: zeugma

http://www.dslreports.com/faq/security


27 posted on 11/30/2004 1:56:38 PM PST by this_ol_patriot
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

bump


28 posted on 11/30/2004 1:57:46 PM PST by 2right
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

Probably the port you need to get on the net. You can't close ALL ports. Some are needed open for perfectly legitimate reasons. You don't want to have ALL your ports running open. A balance's is a good idea.


29 posted on 11/30/2004 1:58:20 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 22 | View Replies]

To: zeugma

If I hAve Windows 98, can I download Mozilla or is my computer too old?


30 posted on 11/30/2004 1:59:00 PM PST by native texan
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Some good basic security tips at this link, especially if you are running Win 98.

NETcessities

- learn how to close open ports, - speed web browser, computer start up - Increase password security.

31 posted on 11/30/2004 1:59:06 PM PST by BJungNan (Stop Spam - Do NOT buy from junk email.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sauropod

ping


32 posted on 11/30/2004 1:59:51 PM PST by hellinahandcart
[ Post Reply | Private Reply | To 1 | View Replies]

To: martin_fierro

These are some more free-for-home-use programs to add to your excellent list.


WinPatrol (free for home use) at http://www.winpatrol.com guards pc's against unknown executibles being run and some changes to file associations.

Prevx Intrusion Protection (free for home use) at http://www1.prevx.com/default.asp is similar to WinPatrol, but more extensive in watching over a pc and protecting against unknown executibles and changes in file associations.

EVEREST Home Edition at http://www.lavalys.com/index.php?lang=en is a freeware system information, system diagnostics and benchmarking solution for home PC users, based on the award-winning EVEREST Technology. It offers the world's most accurate system information and diagnostics capabilities, including online features, memory benchmarks, hardware monitoring, and low-level hardware information.


33 posted on 11/30/2004 2:00:03 PM PST by TomGuy (America: Best friend or worst enemy. Choose wisely.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: zeugma

bump for later read


34 posted on 11/30/2004 2:01:10 PM PST by Space Wrangler
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Most of the article seems to be the obligatory and popular Gates-Microsoft bashfest.


35 posted on 11/30/2004 2:01:13 PM PST by Old Sarge
[ Post Reply | Private Reply | To 1 | View Replies]

To: governsleastgovernsbest

Firefox is ok for basic websurfing, but it doesn't do Java very well. Also many of the plug-ins don't work with it. Its tabbed features and extensions are leaps ahead of IE.


36 posted on 11/30/2004 2:03:34 PM PST by TomGuy (America: Best friend or worst enemy. Choose wisely.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: WildTurkey
YOUR MAC is vulnerable without a firewall. MORE vulnerable than XP SP2!

That conclusion is unsupported. It doesn't say that Macs are "vulnerable", only that they weren't targeted. As far as I know there are *no* remote exploits against Mac OS X in its default configuration (which has very few ports open).

"[But] it would have been very vulnerable had code been written to compromise its system," he added.

Well yeah, but that's a meaningless statement. Any system is vulnerable if code is written to compromise it.

Having said that, everyone should have a hardware firewall regardless of OS.

37 posted on 11/30/2004 2:05:12 PM PST by ThinkDifferent (A plan is not a litany of complaints)
[ Post Reply | Private Reply | To 24 | View Replies]

To: proxy_user

Probably 113 ident, a lot of NAT routers and firewalls will leave this "unstealthed" but closed.


38 posted on 11/30/2004 2:05:46 PM PST by this_ol_patriot
[ Post Reply | Private Reply | To 22 | View Replies]

To: zeugma
... if your are nailed up with a broadband connection, it is critcal that you have a hardware firewall to hide your PC from the hackers.

And you can get one for about fifty bucks. A small price to pay for peace of mind.

39 posted on 11/30/2004 2:07:38 PM PST by Mr Ramsbotham (Laws against sodomy are honored in the breech.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop
You can't close ALL ports.

Yes, you can close all ports to incoming traffic, and that's exactly what most consumer router/firewalls do. That doesn't affect your ability to create *outgoing* connections from your computer to the Internet. (Which also means it doesn't protect against spyware and trojans that use your machine to transmit data).

40 posted on 11/30/2004 2:08:18 PM PST by ThinkDifferent (A plan is not a litany of complaints)
[ Post Reply | Private Reply | To 29 | View Replies]

To: zeugma
We've been told we don't have to worry about a firewall because we have dial up. Is that true?

We just had Mozilla Firefox installed, and that has really cut down on the pop-ups, esp from the DrudgeReport!

41 posted on 11/30/2004 2:11:02 PM PST by ncpatriot
[ Post Reply | Private Reply | To 1 | View Replies]

To: TomGuy

I do enjoy some of the extensions, such as the ability to remember passwords even on sites that try to prohibit that. Is there a system you recommend as an alternative to IE and Firefox?


42 posted on 11/30/2004 2:12:17 PM PST by governsleastgovernsbest (Watching the Today Show since 2002 so you don't have to.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: proxy_user
Does anyone know which port this is, and what network service is bound to it?

Not 100% sure about Linspire but an educated guess would be 113/IDENT.

43 posted on 11/30/2004 2:13:10 PM PST by LTCJ
[ Post Reply | Private Reply | To 22 | View Replies]

To: zeugma

Bookmark for future edjumakashun....


44 posted on 11/30/2004 2:14:16 PM PST by AngryJawa (Now Accepting Ammo Donations)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user
I don't know but when I saw that I wondered if they would be compliant with RFC 1122.

You think they're doing a port re-map internally?

45 posted on 11/30/2004 2:14:43 PM PST by Proud_texan
[ Post Reply | Private Reply | To 22 | View Replies]

To: ThinkDifferent
Having said that, everyone should have a hardware firewall regardless of OS.

Now why would you say that since you also seem so confident that Macs are not vulnerable?

46 posted on 11/30/2004 2:16:00 PM PST by WildTurkey
[ Post Reply | Private Reply | To 37 | View Replies]

To: zeugma

Two comments:

1. The honeypots were inactive; e.g., no email reading or web browsing to simulate real-world usage. I'd like to see this experiment repeated with some scripts on each machine running through a list of web sites as well as receiving and responding to spam. Each OS's resistance to the resultant malware attacks would be instructive.

2. The Mac in this experiment actually had some extra services turned on such as 'windows file sharing' ... and still wasn't compromised.


47 posted on 11/30/2004 2:18:42 PM PST by IndyMac
[ Post Reply | Private Reply | To 1 | View Replies]

To: governsleastgovernsbest
I like the FoxyVoice extenstion. I use another browser (IE based) that has build in speech. It is excellent for reading long news articles aloud, although the computer voice takes some getting used to.

I've tried most known browsers at one time or another. My favorite (IE based) is Fastbrowser because it was one of the first tabbed and build-in speech capabilities.

I have Maxthon (IE based) and Mozilla (similar to the old Netscape).

If I run up against a webpage that doesn't work with one, I load up IE. Sometimes I'll have 2-3 different makes of browsers running at the same time. Each has its good and not so good. It is in what a person gets used to.
48 posted on 11/30/2004 2:18:46 PM PST by TomGuy (America: Best friend or worst enemy. Choose wisely.)
[ Post Reply | Private Reply | To 42 | View Replies]

To: WildTurkey
Now why would you say that since you also seem so confident that Macs are not vulnerable?

I'm confident I won't get into an accident driving home tonight, but I'll still wear my seat belt.

49 posted on 11/30/2004 2:19:38 PM PST by ThinkDifferent (A plan is not a litany of complaints)
[ Post Reply | Private Reply | To 46 | View Replies]

To: zeugma

Can I just click on firefox and that's all I need...I don't need to buy anything?


50 posted on 11/30/2004 2:20:11 PM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-140 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson