Forgot your password?
typodupeerror
Security IT

Is Your OS Tough Enough? 597

Posted by timothy
from the mepis-seems-to-do-alright dept.
LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."
This discussion has been archived. No new comments can be posted.

Is Your OS Tough Enough?

Comments Filter:
  • Of course (Score:5, Funny)

    by jdwest (760759) on Tuesday March 01, 2005 @12:46AM (#11809868)
    If you build it, they will come.
    • by qw(name) (718245) on Tuesday March 01, 2005 @12:48AM (#11809883) Journal
      Reminds me of starving dogs staring at a cat through a chain-link fence waiting for the gate to open.
      • by Shanep (68243)
        Reminds me of starving dogs staring at a cat through a chain-link fence waiting for the gate to open.

        You must be refering to OpenBSD! If only those dogs could understand human language, we could tell them that those gates will never be opened. ; )
        • Re:Of course (Score:3, Informative)

          by awing0 (545366)
          Only one open gate in the default install, in more than 8 years!
          • Re:Of course (Score:5, Insightful)

            by Mistlefoot (636417) on Tuesday March 01, 2005 @02:01AM (#11810224)
            The fact is.......

            that anyone selling a box online without putting the most recent patches on the operating system provided should be shot. At a bare minimum making certain that reasonable measures are taken like some sort of firewall and an OS updater running OR a caveat to the buyer should be required.

            Putting a box with almost 4 year old unpatched OS is stupid and should not have been included in the test. To include the original XP and not lets say RedHat 7 for example shows a bit of a skewed results.

            Windows is already more prone to attacks. There really is no need to offer the original XP in the story EXCEPT to show users how imnportant it is to patch after a format or system recovery.
            • Re:Of course (Score:5, Interesting)

              by MoriaOrc (822758) on Tuesday March 01, 2005 @02:05AM (#11810233)
              Except, as the article says, WinXP SP1 is still quite common. Hell, I still use Win2k SP4. I wish they'd run the test with that.
              • Re:Of course (Score:3, Insightful)

                by bdsesq (515351)
                And according to the Microsoft quote in the article SP1 is an out of date OS.
                After all the last one was sold at Xmas.

                How in the world can Microsoft say something they were selling two months ago is "out of date"?

                Of course the purchaser could turn the firewall on or get a hardware firewall. But they are helpless guppies who don't know any better. If they knew any better they wouldn't have been buying SP1 then.
                • Re:Of course (Score:4, Insightful)

                  by FireFury03 (653718) <slashdot@nexus[ ]org ['uk.' in gap]> on Tuesday March 01, 2005 @08:10AM (#11811335) Homepage
                  How in the world can Microsoft say something they were selling two months ago is "out of date"?

                  Yeah, I would say that the comments from MS themselves are pretty damning there - that they would expect an OS they were selling 2 months ago to be completely riddled with holes to the point that it's cracked within 18 minutes of being connected.
            • Re:Of course (Score:4, Interesting)

              by DaveJay (133437) on Tuesday March 01, 2005 @02:12AM (#11810265)
              Better question: does ANYONE put a box on the internet these days without a router between them and the connection?

              (actually, now that I think about it, I can name several. Methinks I need to go have a talk with some friends and family.)
              • I do it (Score:4, Interesting)

                by Phil Urich (841393) on Tuesday March 01, 2005 @03:43AM (#11810592) Journal
                I have no firewall, or router. I'm running XP SP1. And I've never had a single problem (my virus scanner hasn't even had to do any work . . . and I have open shares, including an upload folder!).

                By conventional logic, my box should be dead by now. Especially since I keep it on nearly 24/7, connected up to teh intarweb. Go ahead and say I'm just lucky, but I think that if you just have a computer reasonably configured, the over-the-top security that most people think is necessary . . . well, it isn't. I do update with security patches often, and that's about as far along as I go with conventional means of protection.

                So what's the secret, then? I don't entirely know, I think it must be alot of little things combining. Partially, I think things aren't quite as horribly insecure as people think; just that when they are, and they often are by default, things go so horribly wrong that it colours one's perspective on the issue. The other thing is, I don't use any Microsoft products other than Windows itself, really. Third-party chat, Eudora for e-mail, Firefox and Opera for browsing, WordPerfect and OpenOffice for all the office-style needs, etc etc. True, that isn't at all what the original article is talking about, but I'm hardly the first to deviate from topic here.
                • Re:I do it (Score:3, Insightful)

                  by FireFury03 (653718)
                  I can just tell you that having seen how many services are listening for connections from anywhere by default on a Win2k box, *I* would never want to plug one into the internet directly. And yeah, I know you can disable those services, but it would take a degree in rocket science to figure out which you need or don't need within a sane amount of time. (Turn off the wrong service and your box stops working right)

                  The other thing is, I don't use any Microsoft products other than Windows itself, really. Thir
                • Re:I do it (Score:3, Interesting)

                  by oconnorcjo (242077)
                  I have no firewall, or router. I'm running XP SP1. And I've never had a single problem (my virus scanner hasn't even had to do any work . . . and I have open shares, including an upload folder!).

                  I am going to assume that: 1. your modem has a firewall built into it (I know some models do). 2. Your internet provider is fire-walling you (I know some that do).

                  I have several logs on various firewalls that tell me how many intrusions were attempted on different boxes and the numbers are amazingly HIGH. Yo

              • Re:Of course (Score:4, Insightful)

                by RenatoRam (446720) on Tuesday March 01, 2005 @03:57AM (#11810646)
                What a silly question... most of the world is still on modem dial-up, and most of the people who have DSL (at least in italy) have USB ADSL modems, and a such they are directly on the internet just as well.

                Only tech savvy people know that there is a reason to spend double (but still as low as 40EUR AFAIR) to buy an ethernet modem/router. The other 95% will simply buy the cheapest (and crappiest) USB modem on the market. Or worse, they'll take the leased one from the telco: they specifically seem to choose the worst models :-)
            • by Marran Gray (722447) on Tuesday March 01, 2005 @03:22AM (#11810504) Journal
              While I agree that it might have been instructive to include, say, RedHat 7 in the lineup, security of original XP is still an important consideration. First, to hear MS at the time, XP-SP1 should have been more solid then and should be more solid now. But far more importantly, we see how vital it is to fully patch your XP system before connecting it to the internet. And where do I get those patches from? Oops...

              The catch-22 is that time-to-infection is much shorter than time-to-patch for Windows XP, even with a contemporary internet connection. If you don't have SP2 media, and don't have some other means of (manually) acquiring the latest patches, you're dead in the water. Yes, there are workarounds; you can install some ice of your own before you connect, for that matter, but that obviates all the really neat security features of SP2 with a 3rd-party solution. "Not the solution he had in mind..."

              Admittedly, part of this is due to the fact that Windows is "productized", i.e. you have a box containing Windows and you can add patches. With Linux operating systems I think there's a lot more sensitivity to versioning and awareness of granularity; you aren't working on this monolithic thing in need of repair but on a collection of components which can be individually upgraded. Partly psychological, yes, but you also have the advantage of simply leaving out "risky" components until you can get everything up to date. You can run a Linux OS with no services, nothing particularly visible except the interface you're downloading updates through. That's not an option with Windows.
              • by Mistlefoot (636417) on Tuesday March 01, 2005 @04:04AM (#11810668)
                You can simply turn on the XP firewall that comes with XP out of the box.

                It is more then enough to keep you safe and secure until you get your windows updates. The time to infection is a heck of a long time with that turned on. That it isn't turned on by default was a mistake but to say that XP out of the box will be infected before you have the ability to update is outright incorrect.
            • Re:Of course (Score:3, Insightful)

              by FireFury03 (653718)
              Putting a box with almost 4 year old unpatched OS is stupid and should not have been included in the test.

              I don't think it's stupid to do this, but it should only be done if you're doing the same with other systems. I find a lot of these honeypot test reports do not test comparable operating systems. What they should be including in the test is:

              1. Fully patched up Windows against fully patched up Linux
              2. Windows against linux, both patched to the latest patches that were around 3 months ago.
              3. Windows
            • Re:Of course (Score:3, Interesting)

              Of course reading is very difficult and all.. but still..

              The fact is that they were testing what people are using TODAY, not what shops should be selling and people might be using in the future.

              With regards to SP1, the following quote from the article seems somewhat relevant:

              Many computers around the world are still running Windows SP 1, though exact numbers are hard to come by. Gartner research director Michael Silver estimates that by the end of 2005, half of the world's desktops used in businesses

  • Not News (Score:5, Funny)

    by swillden (191260) * <shawn-ds@willden.org> on Tuesday March 01, 2005 @12:47AM (#11809874) Homepage Journal

    This news isn't news. What's news is this news is in the news!

    • Re:Not News (Score:5, Funny)

      by node 3 (115640) on Tuesday March 01, 2005 @02:17AM (#11810285)
      This news isn't news. What's news is this news is in the news!

      So then it is news. Otherwise the news that it's in the news couldn't be news.
    • Re:Not News (Score:5, Insightful)

      by KevMar (471257) on Tuesday March 01, 2005 @02:34AM (#11810348) Homepage Journal
      Exactly, This does not tell us anything we did not know before. How many honeypot papers have told us this already.

      It is sad that the internet has become so hostile. At work I connected one of our servers to a connection on the outside of our firewall for some remote support (didn't have the VPN papers signed yet). The moment that I enabled the nic, the server informed me that the RPC Service has failed and the computer will shut down.

      I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.

      As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.

      At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.

      And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.

      --
      Kevin Marquette [blogspot.com]
      antispyware [blogspot.com]
    • by jd (1658) <.imipak. .at. .yahoo.com.> on Tuesday March 01, 2005 @03:11AM (#11810457) Homepage Journal
      This reminds me of the fuss over the Internet Auditing Project, six or seven years ago, in which it was revealed that something like 1:3 Unix systems was vulnerable to attack, across the entire visible realm of the Internet.


      The data collected was interesting, in that it did show that admins were way too lazy and complacent. However, the resolution of the information presented was too low to actually do anything useful.


      This is much the same. It is interesting, it does show the perils of negligence, but there are way too many variables and unknowns for this to be actually useful in preventing attacks.


      Did attacks vary with time? Did attackers fingerprint the OS' and then target Windows (explaining why there were fewer attacks on other systems) or did they target all machines equally but with attacks assuming a Windows OS?


      How were attacks counted? By what measure was something deemed an attack, as opposed to something accidental or incidental? (Broadcasts happen, guys, especially on something like cable where you've a shared line.)


      For that matter, was this using a shared line or something dedicated? What was the bandwidth used? Would the stats have differed, if there had been a greater capacity to handle the traffic?


      Although we're told this just dealt with machines "connected to the Internet" and not going to websites, that is not strictly the case. The Windows boxes did auto-updates, which means that they had transmitted data. If it was a shared line, or if there was a hacked machine en-route, the Windows boxes would have been visible and identifiable as Windows machines. The Linux boxes, transmitting nothing, would be much stealthier and therefore only prone to genuinely random scans.


      In consequence, what can we really conclude from this test? I would say nothing, unless it was re-run with Linux simulating calls to the Windows update system at Microsoft.


      If we saw an explosion of attacks, as a result, then we can argue that it is not Windows that attracts the assaults but the patching mechanism.


      There is a lot that COULD be learned, through rigorous controlled tests, but as this was neither rigorous nor controlled, I don't see that we learn anything other than the world isn't 100% safe. If the researchers didn't know that beforehand, I pity the researchers.

  • Yet again... (Score:5, Insightful)

    by rpbailey1642 (766298) <robert DOT b DOT pratt AT gmail DOT com> on Tuesday March 01, 2005 @12:47AM (#11809878)
    I'm not that surprised, but Windows was the least secure. It should be noted that XP SP2 was installed and then the updates were applied "automatically" while none of the UNIX-ish systems had updates installed, just what came on the CDs. I know, competent admins can make any machine secure, but I wonder how MS can sleep at night knowing that their users are at such a high risk, even if they don't DO anything.
    • by Anonymous Coward on Tuesday March 01, 2005 @12:49AM (#11809887)
      I wonder how MS can sleep at night

      Obligatory: On piles and piles of money. :-)

    • With the firewall enabled by default, and with no inexperienced user actively checking email and browsing all the while saying "yes yes yes I do want to download and run this active web page or whatever it is you stupid browser", SP2 didn't need the updates.
    • Re:Yet again... (Score:3, Insightful)

      by megarich (773968)
      What bothers me with windows is home use. You know how many home users are out there WITHOUT the latest patches becaue they don't know any better.

      My friend had to reinstall his parents computer because it was too infested with virus/spyware and I had to yell at him to put on sp2 which he still didnt do because it wasn't showing up on windows update or something like that.

      People with older dell systems pre sp2 just don't know and that scares me.

    • Yes, Yet again... (Score:3, Informative)

      by Barlo_Mung_42 (411228)
      The point was to test the "Out of Box" experience. XP with SP2 what users get out of the box now. The firewall is on by default and the automatic update is the default selection.
      SP2 was such a large step forward in terms of user security that I'm sure they sleep quite well. This is yet more proof that these three OSs are now on even footing in terms of security.
  • by Ars-Fartsica (166957) on Tuesday March 01, 2005 @12:48AM (#11809880)
    Look at all of the software and services running on a modern linux distro - FC3 for example. I have spent a great deal of time shutting off everything I really don't need and erasing piles of useless rpms installed by the distro (its 2005 - I don't need talk). Any software you don't use or services you do not need are just potential security holes.
    • firewall.. (Score:5, Insightful)

      by Cryptnotic (154382) * on Tuesday March 01, 2005 @01:06AM (#11809980) Homepage
      First of all, you should be behind a firewall that disallows incoming connections to almost everything. Even if you're not, FC3 has a kernel firewall enabled that blocks just about everything.

      As for the packages, who cares if they're just sitting on your HD taking up space?

      For a server machine "outside the wall" it's important to keep things as lean as possible. But for your desktop machine, who cares?

      • Re:firewall.. (Score:3, Informative)

        by cold fjord (826450)
        But for your desktop machine, who cares?

        Everybody should for two reasons:

        One: Minimizing your configuration to have only what you need is a basic security principle. Software that isn't installed doesn't have to be patched, configured, audited, and otherwise watched. This is more important considered in light of item two.

        Two: You should use good security practices on all systems / devices to establish a defense in depth. You are begging for trouble if your entire security plan is: use a firewall. Al
    • by LnxAddct (679316) <sgk25@drexel.edu> on Tuesday March 01, 2005 @01:23AM (#11810045)
      FC has no services running by default that connect to the internet unless you specify otherwise. Also you have complete control over every program installed at installation time. Regardless, an entire FC3 install with all the thousands of applications takes up approx 4 gigs, thats really not much for what your getting. A server install is something like 800 mb, and thats before you cut off the fat. I always do a full install because its nice to just have everything you need, a program sitting on my harddrive isn't doing anyone any harm.

      FC3's firewall is also set up very well and has been noted to have one of the best default setups out of many of the linux distros. Some of the other protections included in FC3 are SElinux which has policies for all major services and exec-shield is also extensively used. All major services connecting out are compiled with switches that randomize the memory allocation, which may have the negative side affect of taking a little longer to start because it can't prelink, but it really helps against many attacks because every machine has its memory mapped in different locations. The amount of security that Red Hat puts into FC3 while still leaving it so functional is pretty amazing. Most of the vulnerabilities found usually can't do much harm after you consider the layers of security and the other standard security measures, i.e. users and setting up perms correctly. Its nice to know though that the latest outbreak of [insert worm here] *probably* won't affect you.
      Regards,
      Steve
    • by Spoing (152917) on Tuesday March 01, 2005 @02:03AM (#11810229) Homepage
      1. Look at all of the software and services running on a modern linux distro - FC3 for example. I have spent a great deal of time shutting off everything I really don't need and erasing piles of useless rpms installed by the distro (its 2005 - I don't need talk). Any software you don't use or services you do not need are just potential security holes.

      While I agree, I was stunned looking at the results of a Nessus scan (default) after completing a default install of Solaris on Sparc (E450). Wow. 9 known security holes and a bunch of services on by default and listening on open ports.

      Sure, it's not Windows-bad, though it wasn't what I expected in the latest revision of Solaris (I've used a previous version of SunOS and have installed Solaris 8 & 9 on both x86 and Sparc hardware). Fedora Core does a much better job by default -- though I agree FC3 needs to be purged to make it clean and fully trustworthy.

  • Lame article. (Score:5, Insightful)

    by Seumas (6865) on Tuesday March 01, 2005 @12:48AM (#11809882)
    Just because people can knock on every door doesn't mean that every door is as insecure as the next. You can knock on every door in a neighborhood, but some will be better constructed and have more secure locks. Still, none prevent one from knocking.

    If they're only tracking ping/scan attempts, there is no reason to even include mac/linux in this.
    • Re:Lame article. (Score:5, Informative)

      by angle_slam (623817) on Tuesday March 01, 2005 @01:11AM (#11810000)
      From the article: The Macintosh system received three attacks. Two of the Linux systems received eight attacks each, though Red Hat's version of Linux received no attacks at all.

      The attacks are more than just pinging/scanning, which was separately tracked.

    • Re:Lame article. (Score:3, Insightful)

      by Ridgelift (228977)
      Just because people can knock on every door doesn't mean that every door is as insecure as the next. You can knock on every door in a neighborhood, but some will be better constructed and have more secure locks. Still, none prevent one from knocking.

      You're right, but it's a fluffy piece targeted at your mom and her friends, not you and me. The fact that this sort of stuff is getting into the news is a good thing. I'd say more than 90% of all Windows users are not protected properly, and they don't reall
    • Re:Lame article. (Score:3, Insightful)

      by Jedi Alec (258881)
      Just because people can knock on every door doesn't mean that every door is as insecure as the next. You can knock on every door in a neighborhood, but some will be better constructed and have more secure locks. Still, none prevent one from knocking.

      Well, I could think of a *few* things...how about a gate to prevent access to the premises itself? (it's not like a little 4 port NAT/router/firewall is expensive these days). Especially for Joe User who doesn't need all sorts of ports open since he's only bro
    • Re:Lame article. (Score:4, Insightful)

      by Meetch (756616) on Tuesday March 01, 2005 @02:35AM (#11810349)
      Still, none prevent one from knocking.

      Mmmm... sentry guns.

      But seriously (just a little OT), the response to a knock can be tuned easily enough:

      • Firewall. Your bouncer only lets in whoever he's been taught to trust. Or you can give it a guest list. Many broadband interfaces can also present a "false" front door thanks to IP Masquerading. Neither is 100% foolproof, but they do make life harder, especially for bulk tools used by script kiddies.
      • Silently DROP incoming SYN packets on unused ports. Like having a trapdoor under the doormat - what knock?
      • Something I liken to Neighbourhood Watch - at the first sign of a port scanner, broadcast to your friends and concerned neighbours of the attempt so they'll be wary of the stranger.
      • Use your own bot army to DoS the attempted intruder. Something like a Claymore on the doorstep?
      Then there's antivirus, groupware... the difference as I see it is the tools to do these are freely available with basically anything *n[iu]x*, while you tend to have to pay for a decent solution that runs on your favourite monopolistic vendor's OS. Not always, mind, but typically. Since I payed for XP (keeping it up to date), no software but games have cost me anything - AVG/OpenOffice/Mozilla + extensions/software that comes with purchased hardware... etc etc... it's pretty easy to meet license terms when you're not putting things to commercial use. This also means I'm not running any networked services publicly, so this box never accepts an incoming connection from the cloud.

      As for the stuff that does matter - web, database etc services... I leave that to my Linux box, running just what it needs to, and I take a little time semi-regularly to ensure it stays close enough to up-to-date. It hasn't let me down as yet (neither did FreeBSD while I was running that too), and this is year 13...

      Disclaimer: I don't know everything, but I know what ideas I like. And just because I like the idea, doesn't necessarily mean I implement it.

    • Re:Lame article. (Score:4, Interesting)

      by louarnkoz (805588) on Tuesday March 01, 2005 @03:02AM (#11810430)
      There is something bizarre in the way the article counts "attacks". In theory, the number of attacks should be almost the same for each computer in the honeypot, because most viruses don't know what they are attacking.

      The blaster and sasser worms, for example, make no attempt at reconnaissance. They simply blast TCP connections to IP addresses chosen at random. In theory, they have exactly as many chances of attacking the XP/SP1 box as the XP/SP2 box, or for that matter any the Mac or any of the Linux boxes. The attack is much more likely to be successful of tne SP1 box, but that does not mean the other computers were not attacked.

      So, what did they actually count? What do those numbers mean?

  • Security (Score:5, Informative)

    by BWJones (18351) * on Tuesday March 01, 2005 @12:48AM (#11809884) Homepage Journal
    These results mirror what I typically see on my workstation. I run a couple of websites on my workstation including our laboratory website [utah.edu], and my blog [utah.edu]. Logs are monitored constantly with a nice tool called mkconsole [mulle-kybernetik.com] that displays the logs transparently on my desktop. Several times a week, there is an attack. Most however are either scripted or fairly primitive, although last week there was a sophisticated attack that that bounced through a compromised Windows machine on campus. We tracked it back to an AOL user on the East coast and reported his IP address to the sysadmins. They sent an email back to me letting me know that they would follow it up. I've not heard anything else since, but in addition to using a more secure OS, one should also maintain a vigilance of your systems to help keep things under control and if you do use Windows, PLEASE keep it patched with recent security releases.

    The truth is that if somebody really does want to get into your system, it can happen. In addition to using a secure OS and keeping the security updates current, securing physical access is your next line of defense.

    • Re:Security (Score:3, Informative)

      by SensitiveMale (155605)
      In addition to using a secure OS and keeping the security updates current, securing physical access is your next line of defense.

      Not to be picky, but securing physical access is the first line of defense.

      I don't care what OS you use or how up to date it is, if someone can physically touch the computer they can break into it.
    • Re:Security (Score:4, Interesting)

      by bersl2 (689221) on Tuesday March 01, 2005 @01:53AM (#11810189) Journal
      I have had 2 or 3 bots trying to brute-force my main box's password for months on end. The attacks all come from (likely compromised) server farms. I used to run without a firewall, but now I block every IP that tries to run an attack.

      They won't succeed as long as I patch, because root logins through SSH are disallowed, and I don't have any of the usernames they guess.

      Keep trying, d00dz!
  • and count the seconds before it becomes a spam relay.
    • Re:Now open sendmail (Score:2, Informative)

      by Seumas (6865)
      That's interesting, because Sendmail has (for a number of years now, I believe) been configured to deny all relays by default. Same with iMS, SIMS, S1MS, NMS, etc.
  • Yeah (Score:5, Insightful)

    by elid (672471) <{moc.liamg} {ta} {dopi.ile}> on Tuesday March 01, 2005 @12:49AM (#11809886)
    I don't think end users can be trusted to protect their computers. At a minimum, providers of Cable and DSL should make customers use modems with built-in NAT/firewall.
    • Re:Yeah (Score:3, Insightful)

      by vijayiyer (728590)
      Why should those of us who are responsible, don't use windows, and don't want NAT or a firewall be forced to use one? Thankfully, I have a provider who doesn't handhold me, block ports, or tell me that I can't use my connection for business. They give me my IP, and I pay for my bandwidth, they way it shoudl be. A better solution would be to cut off access to those who are perpetrating or supporting attacks. That includes people whose machines become zombies used in DDOS attacks, worms, etc. That would have
  • by Mudcathi (584851) on Tuesday March 01, 2005 @12:50AM (#11809891) Journal
    Over the course of a single week the machines were scanned 46,255 times.

    I got stuck in the self-checkout line at Walmart once, behind a lady who had this same problem.

    /sucked!

  • Jaguar? (Score:2, Interesting)

    by Anonymous Coward
    Tell me I'm dreaming. Are these people really testing the old Mac OS X 10.2 (Jaguar)? And it withstood all atacks. Nice kitty.
  • by cecom (698048) on Tuesday March 01, 2005 @12:50AM (#11809894) Homepage Journal
    TFA tells us that Windows XP SP2 is more secure than Windows XP SP1 (unbelievable!!) and that there are fewer attackers targeting Linux and MacOS than Windows (hmmm - I wonder why ?).

    Very thought provoking and innovative information indeed.
  • RTFA (Score:3, Insightful)

    by jleq (766550) <jleq96@[ ]il.com ['gma' in gap]> on Tuesday March 01, 2005 @12:51AM (#11809899)
    And I quote:

    Windows XP Service Pack 2
    Attacks: 16
    Results: Survived all attacks

    Windows is *obviously* attacked more, simply because it is the most popular operating system. If I was a malicious coder, why would I want to spend time writing code that would only attack the 10% of computer users not running windows in the first place? It's simply more logical for those evil people to write software that attacks Windows... secure or not secure, it's going to be the primary target until it loses it's market dominance.
    • Re:RTFA (Score:5, Insightful)

      by geminidomino (614729) * on Tuesday March 01, 2005 @01:19AM (#11810031) Journal
      If I was a malicious coder, why would I want to spend time writing code that would only attack the 10% of computer users not running windows in the first place?

      IIS vs. Apache seems to deny this conclusion.
    • Re:RTFA (Score:4, Interesting)

      by rgmoore (133276) * <glandauer@charter.net> on Tuesday March 01, 2005 @01:54AM (#11810199) Homepage
      If I was a malicious coder, why would I want to spend time writing code that would only attack the 10% of computer users not running windows in the first place?

      To get a bigger slice of a smaller pie. Worm authors aren't just writing the things as a form of random vandalism; they're writing them to set up botnets that they can use for other nefarious purposes. The huge volume of Windows malware means that there's serious competetion for infectable hosts. A successful Linux or OSX worm would have the whole field to itself, which would make up for the smaller number of infectable hosts.

  • Warez (Score:2, Funny)

    by NoGuffCheck (746638)
    I was on a warez site last week looking for some serial numbers um.. i miss placed. anyway the amount of crap that was installed onto my win98se firefox box was incrediable. after uninstalling at least 4 pieces of spyware i had 860 odd errors in my registry.. lovely!
  • by TheDarkener (198348) on Tuesday March 01, 2005 @12:53AM (#11809908)
    Imagine a reality show based on this...

    "Coming up, we'll have Windows eat a big bowl of fried portscans!!!"

    *circus music*

    "And after the break, Linux will jump off of the gigantic Mount Exploit!"

    *dark piano music*

    (Reality check): It would probably fall off the air for requiring someone to think, though...
  • by bdigit (132070) on Tuesday March 01, 2005 @12:53AM (#11809910)
    " But in the end, none of the attacks were successful."

    So... Let's see how many people don't read the article and begin ranking on windows. Startttttinnnng NOW
    • by Anonymous Coward
      "Windows XP Service Pack 1

      Attacks: 4,857

      Results: Attacked successfully within 18 minutes by the Blaster and Sasser worms. Within an hour, the computer was taken over and began attacking other Windows machines."
  • Conclusion summary: (Score:5, Interesting)

    by rasafras (637995) <tamas&pha,jhu,edu> on Tuesday March 01, 2005 @12:54AM (#11809913) Homepage
    Unpatched Windows: Bad.
    Patched Windows, Mac, Linux: Good.

    Point? We already hear how much worse security Windows has multiple times a day. This doesn't even say it outright...
    The real thing I gained from the article is the fact that there are still an immense number of infected computers out there, and this brings me to the question: where? How many people could there possibly be out there whose computers are being run by various exploits? We already know that they're all thanks to people that suck at patching their machines, and I find that to be a much larger problem than the security of a fully patched OS.
  • Scan with Impunity (Score:3, Interesting)

    by physicsphairy (720718) on Tuesday March 01, 2005 @12:54AM (#11809917) Homepage
    Most scans and penetration efforts are conducted via zombie machines, and shutting down infected users who probably haven't the faintest clue what's going on just isn't worth the headache it causes ISPs.

    So any resolution of this issue has to must be implemented on the OS side.

    On that note, Windows is largely responsible for attacks on other operating systems--easily hacked Windows machines are what provides the cover for most blackhats, including those who are attacking Linux/BSD servers.

  • 4 simple words: (Score:5, Informative)

    by sniepre (517796) <sniepre@gmail.com> on Tuesday March 01, 2005 @12:55AM (#11809926) Homepage
    Turn. Off. Unused. Services.

    The most hilarious thing to me when someone gets hacked is looking at their box and a simple nmap shows every port under gods lcd monitor open.
  • Virus Scan (Score:5, Funny)

    by null etc. (524767) on Tuesday March 01, 2005 @12:57AM (#11809939)
    SP 1 was attacked 4,857 times. It was infested within 18 minutes by the Blaster and Sasser worms. Within an hour it became a "bot," or a machine controlled by a remote computer, and began attacking other Windows computers.

    From what I remember in Tron, this visually looks very cool. Digital warriors fighting on a neon grid, etc.

    I'm pretty stumped, though. I tried to get my box pwned eight times, just to see the digital battle. I thought at the least Norton Antivirus would sent a digital probe destroyer bot out to eradicate the trojans. But all that happened was my computer got really slow, and pop-ups kept showing up, advertising herbal virility pills for men.

    Come to think of it, Hollywood movies never seem to match up with what my computer does. That's it, I'm going to stop believing them movies and start reading Wikipedia instead.

  • by chrisbtoo (41029) on Tuesday March 01, 2005 @12:58AM (#11809940) Homepage Journal
    "SP 1 is not a current operating system," said Sundwall. "It doesn't surprise me that it only took 18 minutes to get infected."

    Ah, but would it have surprised him when it was still current? ISTR that back then, the time was a far more robust 20 minutes.
  • SP1 Earns a pass? (Score:5, Insightful)

    by salemlb (857652) on Tuesday March 01, 2005 @01:04AM (#11809965)
    According the article, no one was all that surprised Win XP SP 1 went down in 18 minutes. After all, it is not up to date... it is essentially an old OS, right? So this is expected, right? Old OSs should be broken into, right? And then we have OS X 10.2, aka, Jaguar. No successful attacks. Older OS, check. Not up to date with all the latest security features that are in Panther, check. And not one successful attack. One company makes on OS that still stands after two and a half years... one company makes an OS that only stands after a major major major patch and constant updates that sometimes break software. Now, which company's OS would I choose to build a secure network? Sure, it's a flawed argument, but still I think worth noting.
  • by fm6 (162816) on Tuesday March 01, 2005 @01:08AM (#11809988) Homepage Journal
    There should always be a router between any personal system and the Internet. Not a kludgy firewall/filter, mind you, but a simple NAT-translation router that puts your machine in a private address space. Hackers can't hack what they can't get to.

    OK, running P2P software is a slight hassle, but it isn't that hard to expose ports on a case-by-case basis. Certainly a lot simpler than fucking around with firewall softare.

    Since a good firmware-based router costs less than a full suite of security software, this is a no-brainer.

    Of course, it doesn't work with the "Spirit of the Internet" that says that every system on the net can provide services to or use services from any other system. But you know what? That "spirit" is long gone -- it only worked when the Internet was an academic toy.

    • by billatq (544019) on Tuesday March 01, 2005 @02:32AM (#11810339)

      There should always be a router between any personal system and the Internet. Not a kludgy firewall/filter, mind you, but a simple NAT-translation router that puts your machine in a private address space. Hackers can't hack what they can't get to.

      Actually, that's not quite correct; take a peek at rfc2663: http://www.faqs.org/rfcs/rfc2663.html [faqs.org]. In a somewhat roundabout way in the security section (Section 9), it says not to use it as a "Firewall", but rather in conjunction with a firewall.

      The reason for this is that if someone spoofs an address in your nat range, it pass through unfiltered. Bottom line is to not rely on NAT alone for a firewall; always use it in conjunction with real filtering. Thankfully most consumer boxes will do this already, so it's practically a moot point.

    • by Beryllium Sphere(tm) (193358) on Tuesday March 01, 2005 @02:36AM (#11810356) Homepage Journal
      >Hackers can't hack what they can't get to.

      Assuming your router doesn't have an undocumented backdoor password like the NetGear WG602. Or a no-password remote administration interface on port 1900 like SMC used to have (fixed in June 2004 firmware). Or remote administration on port 5678 even when you disable remote administration (Linksys, 2002). Or a Telnet interface with a password of "private" (DLink ADSL routers as of 2002). Or a remote backdoor on port 254 (any DSL router with the Conexant CX82310-14 chipset with firmware 3.21). Or remote web administration with a factory default password (X-Micro WLAN).

      And assuming the firmware doesn't have any subtler bugs than that.

      And assuming you don't open a "DMZ" which in reality doesn't segment your LAN.

      Of course, your point was that routers are a necessity, which is generally correct. But there have been too many scandals for comfort. A Soekris box or some other small box running pf offers code you can trust and the flexibility to offer services to the world.
  • by chill (34294) on Tuesday March 01, 2005 @01:12AM (#11810004) Journal
    Can be avoided by plugging in a hardware firewall that does NAT between the cable/DSL modem and any computers. Operating system be damned.

    I've seen Linksys BEFW's go for $10 on E-Bay.

    Or go whole hog and get the Motorola SURFboard SBG900, combination DOCSIS 2.0 cable modem/wireless-G AP/firewall.

    -Charles
  • by Kip Winger (547075) on Tuesday March 01, 2005 @01:13AM (#11810009) Homepage
    Despite Linux being hardened, its basis still is Unix -- which, from the beginning, was coded with such grevious insecurities, such as using a blank gets() at the beginning of crucial protocols. Worms ripped apart Unix in the 80s, and despite what has been hardened since, the methodologies which ripped Unix apart in the 80s mostly are still being used in Windows development.

    Microsoft might have something with Windows Longhorn, since the entire API outside of the kernel will be written in C# completely sandboxed in a CLR, much like Java.

    Combined with a monolithic auto-update system, Microsoft has no intentions of repeating the problems of Windows 2000/XP when they release Longhorn, much like they had no intention of repeating the problems of stability they had with Windows 95/98/ME when they designed Windows 2000/XP. For as much as they do, they mostly won with stability in 2000/XP, and they could win again, despite their market share, by sacrificing RAM (480MB commit charge, 1GB recommended) and processing power by implementing the .NET framework for their entire API.

    I honestly hope open source has something to compete for their future desktop environments, or else desktop Linux could be relegated to processors too slow to deal with the overhead.

  • by PinkX (607183) on Tuesday March 01, 2005 @01:14AM (#11810013) Homepage
    From TFA: "Experts say spyware programs are also necessary for Windows users. Microsoft is offering a free beta version of its spyware program at www.microsoft.com/athome , and Webroot is offering its spyware program free to Colorado residents through April 15 at www.webroot.com Free spyware programs are available at www.download.com"

    Of course Claria/Gator [claria.com] is also offering a free version of their spyware program, and it's not beta - it's an official, stable release, available to users from all over the world, and with no date limits!!

    There are also other known spyware providers out there, all you have to do is to search the web for some pr0n and warez, and there you go.
  • by The Master Control P (655590) <ejkeever&nerdshack,com> on Tuesday March 01, 2005 @01:25AM (#11810052)
    If you're gonna put your system on a direct connection to the internet, you should use a secure operating system. And implicitly, if you want that operating system to go more than 2 months between r007ings, you should lock it down.

    Nothing us geeks don't already know. Anyway, I can belive 6 systems got attacked 40 thousand times in one week. I check my own system logs often enough, and there's usually some inbound packet on a disallowed port dropped every 10 to 40 minutes. Usually two or more attempts or blocks of attempts to login via ssh every day. Probably 10+ malformed GETs a day in the Apache logs. And this is my little residential gateway that gets about 4 legitimate hits to it's Apache server (which I'm not supposed to run) per day. That's about 250 attacks per week per server, or close to 1500 for 6. Take a website with non-trivial traffic, and it's easy to reach 40K/week. Since I'm pretty sure that DenverPost.com gets more than 25x my traffic, I'm suprised it was only 40K.

    Other than saying that a lot of shit flies around the internet, the article was very skimpy on details. Not suprising, since an article that explains what a 'worm' and a 'virus' is is obviously not aimed at 1337 geeks. But it would have been nice to know what's installed on them.

    For example, was it a full server install of Linux? (CUPS, httpd, ftpd, ntp, ssh, sendmail, etc?) Or just a minimal install with no server software installed a la home Windows? Quite a difference. How long would either of the Windows machines have lasted if they'd had Microsoft's server software installed too? Check secunia.com for Windows XP home, IIS 6 [secunia.com], or SQL Server [secunia.com] - It seems that ~1/4 of the known security holes in Microsoft's software are always unpatched. Contrast that with Apache, proftpd, Mysql 4, cups, OpenSSH, and Sendmail, which on Secunia currently share 10 vunerabilities between them all (9 of them 1/ or 2/5 for severity, and one 3). Of the 3 tested Linux OSes, Red Hat 9 has one not-critical vunerability listed.

    It is certainly possible to make a Windows server or desktop reasonably secure, but compared to comparably securing a Linux server or desktop, would seem to require a monumental effort. And it's not just that Linux is more configurable - The FOSS community (judging by open holes) has done a far better job patching their software than MS.

    Well, off to overdose on the Numa Numa Dance...
  • Paying for patches (Score:3, Informative)

    by _Hellfire_ (170113) on Tuesday March 01, 2005 @01:29AM (#11810078) Homepage
    Most companies, however, chose to pay a Linux vendor in order to receive security patches.

    My golden rule:

    apt-get update
    apt-get upgrade

    Once a week. For free.
  • Life on the edge (Score:3, Insightful)

    by erwin (8773) on Tuesday March 01, 2005 @01:31AM (#11810084)
    first, I didn't RTFA, but I wanted to relate our exprience at a recent technology conference my employer hosted. The names of the guilty/innocent have been scrubed to keep this post from being moderated into Flamebait.

    Part of the conference was a series of hands-on labs that we were hosting using loaner equipment from major manufactures. The network was provided my a major ISP through a national hotel (where this part of the conference was being held).

    The labs were assembled by volunteers, and were pretty much infected beyond use with spyware and viruses within about 10 minutes of coming online. It was the worst thing I'd ever seen. We had 20+ people scrubbing the machines off-line for literally HOURS, only to have them reinfected once they came back online (now behind a firewall).

    To compound the issue, we couldn't feasibly reimage the machines because the vendor donating them gave us at least 10 different models with 2-3 variations on each model.

    In the end we threw in the towel, refunded people's money, and let the Mac lab (which remained unaffected) continue their presentations.

    just my $.023233432322
  • Shields Up! (Score:3, Interesting)

    by baconbit (808672) on Tuesday March 01, 2005 @01:50AM (#11810177)
    Check for open ports on your pc. https://www.grc.com/ [grc.com]
  • Riiiiiiiiiight.... (Score:4, Insightful)

    by theantix (466036) on Tuesday March 01, 2005 @02:08AM (#11810250) Journal
    Microsoft's leadership position means that more viruses are written for Windows, said Silver, who estimates that 96 percent of all desktops and laptops worldwide used Windows at the end of 2004.

    So Microsoft get's a pass on viruses because it is popular and has a lot of software written for it? And then those same people use the amount of software available for MS Windows as a reason why Windows is superior. You can't have it both ways: if you think Windows has an advantage because of a larger application base you have to include the malware applications like viruses and spyware as well.

    You could wrongly argue that when Linux has a larger installed base it will have the same problems as MS Windows. But even if that were true, it's new popularity would mean that more commercial applications like Photoshop would be written for it also. The blade turns both ways for better and for worse, yet MS Windows apologists try to claim the best of both worlds.
  • Whats an attack? (Score:5, Interesting)

    by Anonymous Coward on Tuesday March 01, 2005 @02:22AM (#11810301)
    The article makes great mention of "attacks" but fails to mention what an "attack" actually consists of.

    For example: they say Windows XP SP2 got attacked 16 times.

    Does that mean it got port scanned 16 times? It can't as i'm sure it got port scanned many more times than that.
    or
    Does that mean it got infected 16 times? It can't because they said it survived all attacks.

    So what on earth were these attacks?
  • Useful link (Score:3, Informative)

    by Gary Destruction (683101) * on Tuesday March 01, 2005 @02:54AM (#11810407) Journal
    Here's a useful link for securing Windows Systems: Black Viper.com [blackviper.com]
  • by IchBinEinPenguin (589252) on Tuesday March 01, 2005 @03:12AM (#11810461)
    "Free spyware programs are available at www.download.com"

    :-)
  • by Esel Theo (575829) on Tuesday March 01, 2005 @05:51AM (#11810965)
    I'm absolutely not surprised that up-to-date systems survive current attacks. I'd even expect that from the vendor/distributor.

    The behavior of a not exactly up-to-date system would give much more insight in the overall security of an operating system. The authors tested Windows XP SP1. But what about outdated Linux distributions?

    My personal experience is that it is virtually impossible to install Windows XP today on a system that is connected to the internet. You don't even have the chance to install SP2 fast enough. The article confirms this with its SP1 experiment (it survived 18 minutes).

    In contrast, I'd expect any of the Linux distributions to survive way longer unpatched than Windows does. The distros I've seen (SuSE, Gentoo) have turned any useless service off on a default install since years (I wonder about /. readers that tell something different for Fedora). And I think you can safely do a default install on these systems and then pull your patches from the internet.

    A few, say, one or two year old Linux distros would have been a very interesting contrast to the authors SP1 experience.
  • FUD? (Score:3, Informative)

    by Goose3254 (304355) on Tuesday March 01, 2005 @08:52AM (#11811471)
    From the article

    "Microsoft responded that the tests prove that any operating system is vulnerable when not patched."

    No. They KINDA show that only Microsoft products are vulnerable when not patched.

    For what it's worth, IMHO, I think that SOME of the home users that don't patch their installs of MSXP are afraid that MS is trying to slip in some software that would automagically inventory thier MP3 collection, hacked software, etc and somehow "break" thier computer. I think many people think of MS operating systems as a "deal with the devil". They really DON'T want to use Windows, but isn't that Linux thing for computer gurus and really hard to use? It's really hard to combat that kind of FUD. If it wasn't, a HUGE number of corporate users would be using a *nix based solution, if only to shrink desktop support staff.

    As a networking professional, I can tell you that the constant rolling out of virus and OS patching to our user base DOES impact network traffic and "regular job" throughput, but the top brass sees this as a necessary evil. But of course my corporation has MS stock in it's portfolio....
  • by gelfling (6534) on Tuesday March 01, 2005 @10:21AM (#11811988) Homepage Journal
    The article stated that MS will go on the offencive to 'get the facts out'.

    Hey Steve Ballmer - why don't you get a good fucking product out the door then you wouldn't have to spend a coupla hundred million bucks spinning shit into gold, now would you?

    Don't 'give me the facts' I know what the damn facts are. Just make Windows more secure. And here's a tip, Microsoft, just a thought....

    Instead of carrying on about the animated 3D Video crushing interface in Longhorn THAT IS ALREADY 2 YEARS LATE....Why don't you spend that effort on making Windows more secure?

    Or isn't that sexy enough for your PR guys. I swear you MS morons must go to sleep every night dreaming of new ways to be useless.

Lend money to a bad debtor and he will hate you.

Working...