The NYT on the Proliferation of Botnets

ThinkComp writes "The New York Times has a up a story on the proliferation of botnets. The article cites a number of security researchers who paint a depressing picture of the state of internet security, and concludes with the suggestion that for home users, buying a new 'updated' PC may be the only real solution. Unfortunately, as most of us know, given the number of outstanding flaws in software and the ingenuity of malicious software authors, that might not even help."

Re:Look at it logically and focus your efforts.

[0racle]

Windows ships with lots of open ports

IIRC, it hasn't since XP SP2 as the firewall is enabled by default. Any open ports a users system has since then is because they allowed those connections themselves.

Bullshit: Just turn off services.

[TerranFury]

I really, really don't get it. It's not that hard to keep a Windows box safe. I do understand how grandma can screw up, but I just do not buy the rubbish that every Windows machine gets compromised in five minutes.

People talk about "open ports." To me, that's right up there with "oh no! My IP address is visible!" paranoia. It's just not how computers work! Worms don't somehow jump into your computer through magic holes called "ports:" They exploit bugs in services.

So, disable all the services you don't need. Get rid of the blasted Windows filesharing cruft. Shoot the scripting host. Turn off the remote desktop crap. Look through all the services, and just clean all that junk out. If you don't have idiot programs running that worms can fool into executing arbitrary code or otherwise misbehaving, you're ok! Then connect to the 'net and install the latest updates. In the time it takes you to do that, nobody will jump up through your NIC and give your computer gonorrea.

A firewall is a safety net, and it makes perfect sense in, say, a production IT department to have as many safety nets and backups as you can. But a properly-configured machine, without exploitable crap running, shouldn't strictly need it, and I really think that a competent personal user can easily stay safe.

As for the "security software" the article speaks of: Though an up-to-date antivirus is a decent idea, most software firewalls and other pieces of security software really just operate something like modern-day politicians, keeping users alarmed so as to justify their own existance. "Someone is trying to HACK you!" they scream, as an innocent ICMP ping request arrives at your computer. Pfft. Save your CPU cycles and just don't be a fool!

Re:Firewalling them is not the same as closing the

[Vancorps]

Sorry, but the primary function of a firewall is indeed to add security. My website is protected by a firewall but it still receives millions of hits and several hundred thousand pageviews. It's safe to say its quite visible and I wish it to remain so. You're right that a firewall is an additional layer of protection and is by no means the only layer. Sometimes you are forced to run an insecure app though and in those times you thank your lucky stars you have proper firewalls and routers and VLANs and RADIUS to help protect your services.

Re:Yeah, But...

[Todd Knarr]

I don't know, I see the basic advice about security everywhere I look. You can't go to any security-related Web site, or even Microsoft's site, without hearing the basic common-sense rules I learned from other people in the BBS community back 25 years ago when I was in high school. Don't install software from sources you don't know and trust. Don't use software that downloads and runs stuff from external sources automatically. Put a hardware router with a firewall between your computer and the Internet. E-mail is text, don't try and treat it as anything else (or use a program that'll treat it as anything else) until after you've reviewed it to confirm that the non-text parts are really what you expect them to be. Don't trust e-mail just because of who the sender is, you know about all the viruses that use the address book to spread themselves and there's no guarantee the sender of that e-mail didn't get infected with one of 'em. None of that's rocket science, and it probably addresses 80% of the problems out there.

Re:Not quite....

[Dcnjoe60]

(Oh and your point about XP having ports visible to the outside world has been moot for over a year, SP2 turned on the firewall externally giving the XP box the same attack surface as your Mac with everything bound to the local subnet, hence we haven't seen anything like blaster since).

Really? Every XP box has hidden files shares turned on automatically. There isn't anyway to turn them off without resorting to executing a batch file after Windows starts. If you are relying on the Window's firewall for security, it is only providing a false sense of security, at best. There have been numerous tech articles against it (yes, it is better than nothing, but it isn't a full firewall).

Many malware rely on open ports to do their dirty work (connecting to IRC is just such an example). Several Linux distros have all ports disabled, other than those needed for actual use. OS X has most ports disabled. Even with the Windows firewall, there are many ports that are open, because otherwise, all the "neat" things Microsoft has touted you can do won't work. The problem is, that they are open whether you do those neat things or not and they don't show as an open threat because Microsoft wants them to be open.

Try it for yourself. There are many security websites that you can hit that will "test" your pc and tell you what is at risk with the default Windows settings. In short, the default Microsoft security settings may stop the kid down the block, but they won't stop the real hacker any more than copy protection does on CDs. At best, it just makes it a little less convenient.