Posted on 11/30/2004 1:29:41 PM PST by zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.
In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.
The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.
The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.
"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.
"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."
No doubt about it. In the 4 years that I've had a cable modem, I have learned a ton of stuff about protecting and cleaning PCs and how woefully prepared 99% of users are...and how their ISPs do NOTHING to help them. I wish I had the time to start a home PC protection service. I could make a good living by using nothing but freeware and donating a small fee to the authors after charging a larger fee to the end users.
"Out of the box, Linspire left only one open port....
Does anyone know which port this is, and what network service is bound to it?
Install a good anti-intrusion software that hardwalls Windows against hackers. Qwik-Fix from Pivx is a nice product that does just that. It even protects against vulnerabilities for which Microsoft hasn't come out with patches till now. http://www.pivx.com
Man...you'd think with the obscene amount of money that Herr Gates makes that he could actually afford a decent security audit of his company's crapware.
It is obvious that you are a MS basher and that you did NOT read the article. It said no machines with SP2 (available for some months) was hacked. It also said that Linux and Mac were equally vulnerable but that they weren't directly attacked because the attackers were looking for Windows systems. Read the quotes below. YOUR MAC is vulnerable without a firewall. MORE vulnerable than XP SP2!
"Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
ping for later reading.
bump
Probably the port you need to get on the net. You can't close ALL ports. Some are needed open for perfectly legitimate reasons. You don't want to have ALL your ports running open. A balance's is a good idea.
If I hAve Windows 98, can I download Mozilla or is my computer too old?
- learn how to close open ports, - speed web browser, computer start up - Increase password security.
ping
These are some more free-for-home-use programs to add to your excellent list.
WinPatrol (free for home use) at http://www.winpatrol.com guards pc's against unknown executibles being run and some changes to file associations.
Prevx Intrusion Protection (free for home use) at http://www1.prevx.com/default.asp is similar to WinPatrol, but more extensive in watching over a pc and protecting against unknown executibles and changes in file associations.
EVEREST Home Edition at http://www.lavalys.com/index.php?lang=en is a freeware system information, system diagnostics and benchmarking solution for home PC users, based on the award-winning EVEREST Technology. It offers the world's most accurate system information and diagnostics capabilities, including online features, memory benchmarks, hardware monitoring, and low-level hardware information.
bump for later read
Most of the article seems to be the obligatory and popular Gates-Microsoft bashfest.
Firefox is ok for basic websurfing, but it doesn't do Java very well. Also many of the plug-ins don't work with it. Its tabbed features and extensions are leaps ahead of IE.
That conclusion is unsupported. It doesn't say that Macs are "vulnerable", only that they weren't targeted. As far as I know there are *no* remote exploits against Mac OS X in its default configuration (which has very few ports open).
"[But] it would have been very vulnerable had code been written to compromise its system," he added.
Well yeah, but that's a meaningless statement. Any system is vulnerable if code is written to compromise it.
Having said that, everyone should have a hardware firewall regardless of OS.
Probably 113 ident, a lot of NAT routers and firewalls will leave this "unstealthed" but closed.
And you can get one for about fifty bucks. A small price to pay for peace of mind.
Yes, you can close all ports to incoming traffic, and that's exactly what most consumer router/firewalls do. That doesn't affect your ability to create *outgoing* connections from your computer to the Internet. (Which also means it doesn't protect against spyware and trojans that use your machine to transmit data).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.