Is Your OS Tough Enough? 597
LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."
Security (Score:5, Informative)
The truth is that if somebody really does want to get into your system, it can happen. In addition to using a secure OS and keeping the security updates current, securing physical access is your next line of defense.
Re:Now open sendmail (Score:2, Informative)
4 simple words: (Score:5, Informative)
The most hilarious thing to me when someone gets hacked is looking at their box and a simple nmap shows every port under gods lcd monitor open.
Re:The Article in one sentence (Score:3, Informative)
Attacks: 4,857
Results: Attacked successfully within 18 minutes by the Blaster and Sasser worms. Within an hour, the computer was taken over and began attacking other Windows machines."
Geeks hate them, but... (Score:5, Informative)
OK, running P2P software is a slight hassle, but it isn't that hard to expose ports on a case-by-case basis. Certainly a lot simpler than fucking around with firewall softare.
Since a good firmware-based router costs less than a full suite of security software, this is a no-brainer.
Of course, it doesn't work with the "Spirit of the Internet" that says that every system on the net can provide services to or use services from any other system. But you know what? That "spirit" is long gone -- it only worked when the Internet was an academic toy.
Re:Lame article. (Score:5, Informative)
The attacks are more than just pinging/scanning, which was separately tracked.
99% of incoming attacks... (Score:3, Informative)
I've seen Linksys BEFW's go for $10 on E-Bay.
Or go whole hog and get the Motorola SURFboard SBG900, combination DOCSIS 2.0 cable modem/wireless-G AP/firewall.
-Charles
Re:Security (Score:3, Informative)
Not to be picky, but securing physical access is the first line of defense.
I don't care what OS you use or how up to date it is, if someone can physically touch the computer they can break into it.
Re:Of course (Score:3, Informative)
Re:Even modern linux distros need to be sanitized (Score:5, Informative)
FC3's firewall is also set up very well and has been noted to have one of the best default setups out of many of the linux distros. Some of the other protections included in FC3 are SElinux which has policies for all major services and exec-shield is also extensively used. All major services connecting out are compiled with switches that randomize the memory allocation, which may have the negative side affect of taking a little longer to start because it can't prelink, but it really helps against many attacks because every machine has its memory mapped in different locations. The amount of security that Red Hat puts into FC3 while still leaving it so functional is pretty amazing. Most of the vulnerabilities found usually can't do much harm after you consider the layers of security and the other standard security measures, i.e. users and setting up perms correctly. Its nice to know though that the latest outbreak of [insert worm here] *probably* won't affect you.
Regards,
Steve
Re:RTFA (Score:1, Informative)
Paying for patches (Score:3, Informative)
My golden rule:
apt-get update
apt-get upgrade
Once a week. For free.
Re:redhat 9 super secure? (Score:5, Informative)
Or it means that RH9 wasn't logging portscans and pings... which, AFIK, it didn't do with any of the default firewalls. It is only newer distros that log potentially malicious traffic.
Re:Geeks hate them, but... (Score:1, Informative)
That certainly keeps out all the spyware and email worms, and definitely prevents browser hijacking.
Oh, you meant *old-school* hackers who use active instead of passive attacks? Who does that anymore? I have heard that blackice firewall really is a superb security addition to any home PC, though.
Comment removed (Score:2, Informative)
Yes, Yet again... (Score:3, Informative)
SP2 was such a large step forward in terms of user security that I'm sure they sleep quite well. This is yet more proof that these three OSs are now on even footing in terms of security.
Re:Even modern linux distros need to be sanitized (Score:2, Informative)
Which install mode are you using? The recent FC releases don't give you this option during the X-based GUI installs, just a choice of package groups that have further options.
Re:Survival of the fittest? (Score:2, Informative)
Religious adherence to evolution? Are you trying to be Ironic?
Don't look now but.... http://devolab.cse.msu.edu/software/avida/ [msu.edu]
The evolutionaries are one step ahead of you!
Windows 3.1x may be old, but it's "tough enough" (Score:1, Informative)
Re:What I'm not surprised about (Score:5, Informative)
Which OS is propagating the viruses/trojans/malware?
Windows.
Which OS does it infect?
Windows.
Yes, other oses were attacked - [by windows zombies] - but not compromised, in fact there are very limited examples of exploits propagating through other oses aside from windows [I can find 7 linux viruses, all of which do not propagate nor are effective to any measurable extent].
It is likely in the future that one may find a way to compromise a linux/mac in the same way, but that day has yet to come.
And that is why we question findings that windows is more secure than linux. It is GLARINGLY obvious that this is untrue to anyone sane.
Re:Geeks hate them, but... (Score:5, Informative)
Assuming your router doesn't have an undocumented backdoor password like the NetGear WG602. Or a no-password remote administration interface on port 1900 like SMC used to have (fixed in June 2004 firmware). Or remote administration on port 5678 even when you disable remote administration (Linksys, 2002). Or a Telnet interface with a password of "private" (DLink ADSL routers as of 2002). Or a remote backdoor on port 254 (any DSL router with the Conexant CX82310-14 chipset with firmware 3.21). Or remote web administration with a factory default password (X-Micro WLAN).
And assuming the firmware doesn't have any subtler bugs than that.
And assuming you don't open a "DMZ" which in reality doesn't segment your LAN.
Of course, your point was that routers are a necessity, which is generally correct. But there have been too many scandals for comfort. A Soekris box or some other small box running pf offers code you can trust and the flexibility to offer services to the world.
Re:Geeks hate them, but... (Score:1, Informative)
Although if you use application protection, it can get annoying (but in a good way) if you forget to turn it off before attempting to install new software or patches
Re:Windows 3.1x may be old, but it's "tough enough (Score:2, Informative)
It's hard to remote sploit something that isn't even listening....
Useful link (Score:3, Informative)
Re:I wouldn't say it 'earns a pass' (Score:2, Informative)
Re:What I'm not surprised about (Score:2, Informative)
The Morris Worm [wikipedia.org]
Re:firewall.. (Score:3, Informative)
Everybody should for two reasons:
One: Minimizing your configuration to have only what you need is a basic security principle. Software that isn't installed doesn't have to be patched, configured, audited, and otherwise watched. This is more important considered in light of item two.
Two: You should use good security practices on all systems / devices to establish a defense in depth. You are begging for trouble if your entire security plan is: use a firewall. All it takes for your maximum software machine to be owned is for a new exploit to come out that your firewall doesn't block, or a trojan that you let through. That may not happen often, but it does happen.
If you don't use it or need it, get rid of it, and then patch, properly configure, maintain, and audit the rest.
Re:Sometimes you have no choice (Score:4, Informative)
It is more then enough to keep you safe and secure until you get your windows updates. The time to infection is a heck of a long time with that turned on. That it isn't turned on by default was a mistake but to say that XP out of the box will be infected before you have the ability to update is outright incorrect.
Re:4 simple words: (Score:1, Informative)
0.99pl13 -- life was simple. It took several
days to install (from 50+ floppys) and configure,
but in the end, you had a 486 that looked like,
and almost performed like a SUN workstation.
This was in the early 90's, when Usenet ruled,
and the web was in its infancy.
Back to the topic
As a current Slackware user, my hosts.allow
file lets anyone on my localnet (192.168.0.x)
to play, but everyone else (via hosts.deny)
is denied.
If I am not running a server (Apache, telnet,
ftp,
Re:idiot... (Score:3, Informative)
This isn't an entirely stupid thing to do - if someone is on a pay-per-minute dialup connection, they don't *want* to be automatically downloading hundreds of megabytes of updates. (Especially if a lot of those updates are to add stuff they don't need/want - i.e. DRM for Media Player, etc).
FUD? (Score:3, Informative)
"Microsoft responded that the tests prove that any operating system is vulnerable when not patched."
No. They KINDA show that only Microsoft products are vulnerable when not patched.
For what it's worth, IMHO, I think that SOME of the home users that don't patch their installs of MSXP are afraid that MS is trying to slip in some software that would automagically inventory thier MP3 collection, hacked software, etc and somehow "break" thier computer. I think many people think of MS operating systems as a "deal with the devil". They really DON'T want to use Windows, but isn't that Linux thing for computer gurus and really hard to use? It's really hard to combat that kind of FUD. If it wasn't, a HUGE number of corporate users would be using a *nix based solution, if only to shrink desktop support staff.
As a networking professional, I can tell you that the constant rolling out of virus and OS patching to our user base DOES impact network traffic and "regular job" throughput, but the top brass sees this as a necessary evil. But of course my corporation has MS stock in it's portfolio....
Re:Internet Auditing Project (Score:3, Informative)