Posted on 11/30/2004 1:29:41 PM PST by zeugma
Unprotected PCs Fall To Hacker Bots In Just Four Minutes
By Gregg Keizer, TechWeb.com
The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.
In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.
The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.
The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.
For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.
"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.
"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."
Whether or not a system has a CLI has nothing to do with its degree of security. Classic Mac had a CLI. You probably never used it. Most people would panic and just reboot their Mac when they accidentally entered it.
moof
Yes, unlike all other operating systems, SP2 is completely impenetrable. (GE, is that you?)
I see all this stuff and I want to know what it is but there is a part of my brain telling me: do not absorb...do not absorb.
But goofy me, I keep coming coming back. I guess I'm a glutton for punishment.
Wasn't that more of a terminal than a CLI?
"No SP2 machines were hacked"
True, but they weren't being used either. Nobody was cruising the net, reading and writing emails, or downloading any software. OSX and other unix OS's are inherently less vulnerable to attacks that come from these activities. For example, it is very difficult for even a legitimate user to gain root access under OSX, which makes system level exploits extremely difficult.
Having said that, I use an XP box for my engineering work and recently upgraded to SP2, and am very happy with it (just don't do email on it).
That's right? Right?
bump
"... along with former hacker Kevin Mitnick, a co-investigator in the experiment."
Huh. I thought Mitnick wasn't allowed near computers as part of his parole, or is that no longer the case?
What can anyone do with a virus-proof worm-proof MSFT internet gizmo?
Run 24 hours a day while computers are in the shop or messing with firewalls, software, patches, security programs, popups -
More to come soon.
Gloat-A-Thon
http://members.fortunecity.com/00access/CountryRoads.html
Bond -- James Bond
http://pro.lookingat.us/007.5.html
56K dialup if yer rig is slow
http://pro.lookingat.us/009.html
Prairie Chapel
http://00access.tripod.com/TexasRancher.html
Heinz-Kerry Real Estate Section
http://pro.lookingat.us/ThisOldDump.html
Jukebox
http://www.angelfire.com/film/macny/Braveheart.html
Freedom!
http://pro.lookingat.us/Braveheart2.html
Gloat-A-Thon with an Irish flavor
http://pro.lookingat.us/FakeIrish.html
The Swimmer
http://pro.lookingat.us/MaryJo.html
Marines
http://00access.tripod.com/GreenGrass.html
I'm having a lot of problems with firefox. It crashes frequently.
Any suggestions?
Firefox runs fine on my win98 computer. Takes a little longer to load than IE but is safer.
Try Firefox instead of Mozilla -- from same company. Mozilla has features that you may not use.
TY.
Yup....download and follow the installation instructions. It is free.
Also, run your sypware program virus programs. It is likely that you have at least some spyware, benign or not, on your computer. You should do this at least once a week.
Ping
Ummmmm, maybe I should run a virus program, if this computer was any slower, I could deliver this post personally to you, and still beat it.
That's ok...really.
I hear chicks dig that stuff.
How very rude of me, Thank you!!
We've been told we don't have to worry about a firewall because we have dial up. Is that true?
a ping for later reference
Could be you have tons of spyware bogging down your computer, too. Let it run during the day or overnight until it has completed (spyware and virus check).
Also, a cheapest way to upgrade and increase performance is to add more memory.
Also, run disk defragmeter under: start...programs...accessories...system tools...Disk Defragmenter.
This takes a while too but will speed up your system if you haven't run it for a while.
Good luck.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.