Is Your OS Tough Enough? 597
LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."
Jaguar? (Score:2, Interesting)
Conclusion summary: (Score:5, Interesting)
Patched Windows, Mac, Linux: Good.
Point? We already hear how much worse security Windows has multiple times a day. This doesn't even say it outright...
The real thing I gained from the article is the fact that there are still an immense number of infected computers out there, and this brings me to the question: where? How many people could there possibly be out there whose computers are being run by various exploits? We already know that they're all thanks to people that suck at patching their machines, and I find that to be a much larger problem than the security of a fully patched OS.
Scan with Impunity (Score:3, Interesting)
So any resolution of this issue has to must be implemented on the OS side.
On that note, Windows is largely responsible for attacks on other operating systems--easily hacked Windows machines are what provides the cover for most blackhats, including those who are attacking Linux/BSD servers.
Re:Now open sendmail and config it. (Score:5, Interesting)
Re:RTFA (Score:2, Interesting)
Comment removed (Score:2, Interesting)
Re:idiot... (Score:5, Interesting)
You are anonymous, and most likely you are attempting to troll. I probably should not have bitten but what can I say, it gave me the chance to rant a bit.
Shields Up! (Score:3, Interesting)
Re:Security (Score:4, Interesting)
They won't succeed as long as I patch, because root logins through SSH are disallowed, and I don't have any of the usernames they guess.
Keep trying, d00dz!
Re:RTFA (Score:4, Interesting)
To get a bigger slice of a smaller pie. Worm authors aren't just writing the things as a form of random vandalism; they're writing them to set up botnets that they can use for other nefarious purposes. The huge volume of Windows malware means that there's serious competetion for infectable hosts. A successful Linux or OSX worm would have the whole field to itself, which would make up for the smaller number of infectable hosts.
Re:idiot... (Score:5, Interesting)
Re:Of course (Score:5, Interesting)
Re:Of course (Score:4, Interesting)
(actually, now that I think about it, I can name several. Methinks I need to go have a talk with some friends and family.)
Re:RTFA (Score:3, Interesting)
Whats an attack? (Score:5, Interesting)
For example: they say Windows XP SP2 got attacked 16 times.
Does that mean it got port scanned 16 times? It can't as i'm sure it got port scanned many more times than that.
or
Does that mean it got infected 16 times? It can't because they said it survived all attacks.
So what on earth were these attacks?
Re:Are you all retarded? (Score:3, Interesting)
Congratulations on your narrow minded, immature, emotional "M$ is the Devil" reaction. The reverse FUD is working....really. In the meantime, I'll just continue running a Windows network the way it should be run and not lose any sleep over it. So will most other business networks. And so will the workers who want to use the same thing at home that they use at work. All the talk about Windows being insecure out of the box for the home user is now past tense as of SP2. Soon enough, it'll be another outdated argument right up there with "Windows is unstable" and "What about backward compatability with DOS apps? They can't force users to upgrade!"
If the developers of other OSes want to battle with MS for market share, they should focus on developing the product and deliver all the new features that people feel is worth paying for the latest version of Windows. While they stand around shouting about a particular advantage, Microsoft is moving to take that away while creating many more advantages of their own.
-Lucas
Re:Lame article. (Score:4, Interesting)
The blaster and sasser worms, for example, make no attempt at reconnaissance. They simply blast TCP connections to IP addresses chosen at random. In theory, they have exactly as many chances of attacking the XP/SP1 box as the XP/SP2 box, or for that matter any the Mac or any of the Linux boxes. The attack is much more likely to be successful of tne SP1 box, but that does not mean the other computers were not attacked.
So, what did they actually count? What do those numbers mean?
Re:Of course (Score:2, Interesting)
I guarantee you there are millions of Windows XP SP1 machines on the 'net right now. How many RedHat 7s are out there? Not so many. First off, Linux is much less common in general, and second, Linux is much more likely to be administered by professionals, and thus properly patched.
So sorry, to NOT include Windows XP SP1 would have been the stupid thing to do.
It would have been interesting to see what would happen to an older Linux distro, but it would have been trivia compared to what happens to SP1. I'm actually surprised they included any non-Windows OSs at all, though.
Re:Yes, Yet again... (Score:2, Interesting)
Last time I did it it was 43:8 SP2:XP.
However, let's just say you give default installs of XP SP2 and your choice of recent Linux distro to two equally "non-technical-unable-to-think-run-every-exe-attac hment" users to do with them their usual stuff. Guess which machine will be compromised (virus, spyware, worm, root, whatever) first. I'll call any bet you put down. You?
Re:RTFA (Score:3, Interesting)
I do it (Score:4, Interesting)
By conventional logic, my box should be dead by now. Especially since I keep it on nearly 24/7, connected up to teh intarweb. Go ahead and say I'm just lucky, but I think that if you just have a computer reasonably configured, the over-the-top security that most people think is necessary . . . well, it isn't. I do update with security patches often, and that's about as far along as I go with conventional means of protection.
So what's the secret, then? I don't entirely know, I think it must be alot of little things combining. Partially, I think things aren't quite as horribly insecure as people think; just that when they are, and they often are by default, things go so horribly wrong that it colours one's perspective on the issue. The other thing is, I don't use any Microsoft products other than Windows itself, really. Third-party chat, Eudora for e-mail, Firefox and Opera for browsing, WordPerfect and OpenOffice for all the office-style needs, etc etc. True, that isn't at all what the original article is talking about, but I'm hardly the first to deviate from topic here.
Re:I do it (Score:1, Interesting)
And if you've been running without a firewall for all this time on SP1 with open shares and a default config, there is simply no way that you are not infected or rooted with something. Maybe someone hacked you, installed a root-kit, and firewalled you?
You're simply insane... really, you hook an unsecured SP1 box to the internet and within minutes it will get infected. Maybe your ISP blocks access to certain ports for security reasons? I know mine blocks 135-137 and 445 to keep it's customers from getting hit.
How about older distros? (Score:3, Interesting)
The behavior of a not exactly up-to-date system would give much more insight in the overall security of an operating system. The authors tested Windows XP SP1. But what about outdated Linux distributions?
My personal experience is that it is virtually impossible to install Windows XP today on a system that is connected to the internet. You don't even have the chance to install SP2 fast enough. The article confirms this with its SP1 experiment (it survived 18 minutes).
In contrast, I'd expect any of the Linux distributions to survive way longer unpatched than Windows does. The distros I've seen (SuSE, Gentoo) have turned any useless service off on a default install since years (I wonder about
A few, say, one or two year old Linux distros would have been a very interesting contrast to the authors SP1 experience.
Comment removed (Score:2, Interesting)
Linux is insecure (Score:2, Interesting)
Hula. YOu know it. You love it. It's installed on your PC right now. Did you audit the code? No. Did you install it as someone other than root? No.
You have it sitting there, since it's not packaged yet, as a daemon, which is running as root, in
Totally safe!
(Before we go further, this is true of any software package. Hula's just been popular lately and thus helps to underline the point more clearly. I do not believe Hula is evil spyware, nor that anyone involve with it is now, nor has been, a member of the communist party.)
Except if it where spyware it could have wrote over who-knows-what and now is sending each shell command and bit of network activity to whomever. And it's root. So we've now a root server running on port 80 which has not been audited. Thank God sendmail taught us all our lesson, right?
Linux is no safer than any other OS at the moment. Hell, if we look at the fact that strlcat/cpy have been turned down for inclusion multiple times to the GNU libc because it would be "slower" when preventing a buffer vuln, if anything it's getting worse, and will continue down that slope.
It's as if we've forgotten all we know, and we're ignoring those who try to remind us. [openbsd.org]
Re:PLEASE MOD PARENT UP! (Score:5, Interesting)
I think you are giving many users far too much credit. 90% of the cases where I have to deal with customers who have misconfigured their mail server as a spam relay, I get a response similar to "Yeah, I know that's really insecure and lets spammers use it, but it was [easier to set up]/[only going to be like that for a few weeks]/[not as if I was telling the spammers the open relay was there]" (delete as appropriate).
The point is that these people *knew* that what they were doing was really stupid, but were doing it anyway because they couldn't be bothered to be secure. Of course it always comes back to bite them in the ass when their server falls over with several million spams in the mail relay queue and a completely saturated ADSL connection.
Re:Of course (Score:3, Interesting)
Of course reading is very difficult and all.. but still..
The fact is that they were testing what people are using TODAY, not what shops should be selling and people might be using in the future.
With regards to SP1, the following quote from the article seems somewhat relevant:
So, while you are right that people should be running SP2 if they use Windows at all, many people are not doign so, and are extremely unlikely to start doing so in a reasonable amount of time. Hence looking at what a substantial part of the users is running is a very good idea. With regards to this, Win2k SP4 should have been tested as well.
Re:I do it (Score:3, Interesting)
I am going to assume that: 1. your modem has a firewall built into it (I know some models do). 2. Your internet provider is fire-walling you (I know some that do).
I have several logs on various firewalls that tell me how many intrusions were attempted on different boxes and the numbers are amazingly HIGH. Your box is either 0wned by someone on the internet (and you don't know it) or you ISP has been "babysitting" you because they know thier are many people out there like you.
Re:Of course (Score:2, Interesting)
Yeah, I would say that the comments from MS themselves are pretty damning there - that they would expect an OS they were selling 2 months ago to be completely riddled with holes to the point that it's cracked within 18 minutes of being connected.
The ability to exploit it within 18 minutes isn't a function of how many vulnerabilities Windows XP has. It's a function of a huge number of systems continually trying to exploit two known vulnerabilities. If Linux had the same number of systems trying to exploit two of its known vulnerabilities it would probably have a similar infection time.
Re:Of course (Score:1, Interesting)
I think you're missing the point
I think it is you who are missing the point.
if I don't apply updates to a machine for 2 months I don't expect it to suddenly be *that* vulnerable to attack,
It's not *that* vulnerable. If you've applied all the latest patches except those from the past two months pre-SP2 versions of XP would not have succumbed to the two worms mentioned in the article.
Blaster was first discovered 8/11/2003. The patch for the vulnerability that Blaster exploits was released on 7/16/2003.
Sasser was first discovered 4/30/2004. The patch for the vulnerability that Sasser exploits was released on 4/13/2004.
Now I don't know about how they calculate time in your world but in this world both of those are easily more than two months old.
In addition XP SP1 became out of date the moment that XP SP2 was released. The fact that pre-SP2 versions were still being sold up until a couple of months ago doesn't mean that SP1 was out of date. Thus SP1 has been out of date since August 2004...over six months ago. People need to accept that Windows XP SP2 is the current version of Windows. If you're going to discuss the current state of Windows' security you'll have to use it as the reference point. Anything else is being disingenuous.
Re:Of course (Score:3, Interesting)
Yeah, doesn't help when you get cracked whilest pulling down the updates though does it? (Yes, yes, I know you can ask MS for a SP2 CD but really, shouldn't that be bundled with the OS, even if it's just a CD taped to the outside of the box?)
I thought XP tried to durring install anyways?
Doesn't help if you're on a pay-per-minute dialup connection.