×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Clean System to Zombie Bot in Four Minutes

michael posted more than 9 years ago | from the takes-five-minutes-to-download-patches dept.

Worms 608

Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

608 comments

FP (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10955823)

First Netscape 0.5.6+ post!

First Zombie. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10955838)

ARG! The patches! They do nothing!

Re:First Zombie. (4, Insightful)

omicronish (750174) | more than 9 years ago | (#10955928)

ARG! The patches! They do nothing!

Erm, if you look at the article summary and the article itself, it says that Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. Windows XP SP2 is what many would consider a collection of patches, so yes, it seems to have done something.

Re:First Zombie. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10955978)

humor (noun) 1. wit, humor, humour, witticism, wittiness a message whose ingenuity or verbal skill or incongruity has the power to evoke laughter

See also: "The goggles! They do nothing!"

Re:First Zombie. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10956115)

"humor (noun) 1. wit, humor, humour, witticism, wittiness a message whose ingenuity or verbal skill or incongruity has the power to evoke laughter"

too bad the original post lacked all that.

IOW: The original post! It wasn't funny!

Oh, now it makes sense... (5, Funny)

Anonymous Coward | more than 9 years ago | (#10955843)

So this is why my new Dell tried to eat my brain this morning!

Re:Oh, now it makes sense... (2, Funny)

Anonymous Coward | more than 9 years ago | (#10955882)

No, that's actually normal behavior. You should have sprung for the Dell "Non-Injury option" when you were ordering.

Re:Oh, now it makes sense... (5, Funny)

Darth_brooks (180756) | more than 9 years ago | (#10955966)

It tried, but once it got close to you it simpled turned away from your head and kept saying "Brains!"

First Bot Post (2, Funny)

Anonymous Coward | more than 9 years ago | (#10955846)

First Post from a Bot!

NAT (4, Insightful)

The Snowman (116231) | more than 9 years ago | (#10955850)

I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user.

I know it works well enough for me, but I am not a typical user -- even my Windows box is locked down tight.

Re:NAT (4, Informative)

hal9000(jr) (316943) | more than 9 years ago | (#10955898)

As long as you don't download crap off the internet or don't do port forwarding to an internal server, your NAPT router is a good defense.

Re:NAT (5, Funny)

The Snowman (116231) | more than 9 years ago | (#10956066)

"As long as you don't download crap off the internet or don't do port forwarding to an internal server, your NAPT router is a good defense."

Which is why I was curious about its effectiveness for the typical user. I use Firefox, lock down the machine, don't install crap, and that machine is perfectly clean a year after its OS install.

My wife's machine, however, is the opposite. AdAware choked because there were thousands of items (of course each piece of spyware has hundreds of items, so AdAware's list is misleading) and some that tried to prevent AdAware from running. I gave her a good talking to about installing crap from msn.com and visiting porn sites using IE. So I wound up sacrificing sex for a week so I would get a break from cleaning her computer. Sigh. Women.

Anyway, my point is that I am not the typical user. NAT is an effective tool, but like any tool, it is only as good as the person wielding it.

Only on broadband (5, Interesting)

Jucius Maximus (229128) | more than 9 years ago | (#10955910)

Let me preface this by saying that in my area you can only get 28.8 dialup. There is nothing better available. Not even 56K. (And yes, I know there are some here stuck on 19.2 and 21.6 ... I feel for you all.)

Our gateway box is a Win2k machine. It hasn't been patched in months upon months because it would tie up the connection for a long time. (Downloading patches over 28.8 is slow and we have eight computers in the house sharing that connection.) That gateway machine is totally clean. No spyware, no worms, etc. This is confirmed by proper antivirus and anti spyware software.

I'm just posting this an in interesting observation. This makes sense because a zombie on a dialup line is pretty damn worthles anyway.

Re:Only on broadband (4, Insightful)

Jeff DeMaagd (2015) | more than 9 years ago | (#10955957)

I was on a modem as recently as last year.

What I did was went through the list of patches and manually downloading them through Microsoft's download site. Some of them weren't available or had odd restrictions of installation, but whenever I set up a computer, I just got the list of patches it needed through Windows Update and installed the local copies.

I also had the luck of staying at a hotel the next city over, it had free wireless Internet service, so I downloaded as much of everything I could.

Too late, maybe (0)

Anonymous Coward | more than 9 years ago | (#10956109)

You think because AV finds nothing, your box is clean? Not necessarily. If you're rooted, you're rooted, and you'll never know unless you boot from trusted media. Once your box is not your own, the OS will never tell you the truth again.

Virus and Spyware detection will fail, because a root-kitted kernel will lie to it about what files are there, what processes are running, and what network traffic is flowing.

Re:NAT (1, Informative)

ChatHuant (801522) | more than 9 years ago | (#10955911)

I am curious how effective NAT (e.g. a cable modem router) is at slowing or stopping these attacks for the the typical user

Should be pretty effective. A NAT can be looked at as a simple (stateless) firewall with all ports closed by default.

Re:NAT (1)

llefler (184847) | more than 9 years ago | (#10956019)

NAT can reduce the risk of getting attacked, at least until you get a compromised system on your local net. If you have wireless, laptops, or friends that bring their computers over, don't rely on it. Pick up a free firewall like Kerio or ZoneAlarm.

Wow... (1)

Gentlewhisper (759800) | more than 9 years ago | (#10955851)

Suddenly that cheapo NAT router from WorstBuy seems like a good deal!

Come on, it saves you from a lot of all these weird evil packets!

no kidding (4, Funny)

hal9000(jr) (316943) | more than 9 years ago | (#10955856)

this is news?

Next up: People who see a dollar bill on the sidewalk will pick it up and put it in their pocket. See our analysis ...

Re:no kidding (0)

Anonymous Coward | more than 9 years ago | (#10955987)

this is news?

Precisely the same thing I thought of. Now, we'll end up with about 400 posts bitching and moaning about Windows. Of course, I agree with the those complaining about Windows, but this article is not exactly a surprising development in the world of IT.

Hey, cool. (4, Interesting)

ryanr (30917) | more than 9 years ago | (#10955860)

I wasn't expecting this to get Slashdotted. Kevin and I set up the honeypot machines and monitored the network during the test. If anyone has any questions, I'm happy to answer.

Re:Hey, cool. (4, Interesting)

diamondsw (685967) | more than 9 years ago | (#10955924)

Any chance of a repeat with XP SP2, to get a feel for whether or not the security fixes make a difference in the "real world"?

Re:Hey, cool. (5, Informative)

ryanr (30917) | more than 9 years ago | (#10956034)

There was an SP2 machine included in the same test. It went unmolested, due largerly to the new firewall enabled by default. This particular test environment included no user activity, i.e. no email reading, no web browsing.

Generally speaking, I'm pleased with SP2. As long as you're running XP, and it won't affect your critical functionality adversely, install it. It won't be exploit proof moving forward, but it's the easiest way to patch the current set of problems.

Re:Hey, cool. (2, Interesting)

Barlo_Mung_42 (411228) | more than 9 years ago | (#10956054)

"There was an SP2 machine included in the same test. It went unmolested"

Funny how that tidbit didn't make it into the synopsis.

Re:Hey, cool. (2, Interesting)

Saint Aardvark (159009) | more than 9 years ago | (#10955965)

Hey Ryan -- congrats on the story. I'm curious if you saw (or allowed) any behaviour on the compromised machines besides joining IRC or scanning for other machines; TFA didn't seem to mention this, and as you said the article itself is slashdotted.

Re:Hey, cool. (2, Informative)

ryanr (30917) | more than 9 years ago | (#10956075)

Nothing beyond that. However, I should point out that, for the most part, we didn't let the machine continue long after compromise. After an intrusion was detected, we restored it, patched that particular hole, and put it back. We also made no particular effort to analyze what happened on disk and in memory, the bulk of the analysis being done from the wire.

At least a couple of times, a minimal rootkit was installed. It's highly likely that if we had left them, the 0wners in the IRC channel would have finished moving in at some point.

How do you patch a system? (4, Informative)

ajiva (156759) | more than 9 years ago | (#10955861)

Does that mean I have to install XP, download SP2. Burn the SP2 archive onto a CDROM, reinstall XP with the network cable disconnected, and then patch? Geez that'll get old fast

Re:How do you patch a system? (5, Informative)

omicronish (750174) | more than 9 years ago | (#10955971)

Does that mean I have to install XP, download SP2. Burn the SP2 archive onto a CDROM, reinstall XP with the network cable disconnected, and then patch? Geez that'll get old fast

You can slipstream the SP2 patch into SP1 or a plain Windows XP CD. This will allow straight installation of Windows XP + SP2 already integrated. This basically involves running the SP2 installer on a copy of CD files, and then burning the resulting files to another CD. This page [winsupersite.com] has more information on slipstreaming SP2. This comment has reached its end.

Re:How do you patch a system? (5, Informative)

ChatHuant (801522) | more than 9 years ago | (#10956006)

You shouldn't need to reinstall. Do first installation offline; manually turn off unwanted services and turn on the Windows firewall (it's simple, but good enough for the time being). Connect to the internet (it's even better if you use a cheap NAT box), download and install SP2.

Re:How do you patch a system? (3, Informative)

yasth (203461) | more than 9 years ago | (#10956022)

Try AutoStreamer [autopatcher.com] (site is down atm, but just google for download locations), it allows you to update your windows XP CD to have SP2 in the installation. The program is an extension of AutoPatcher [autopatcher.com] which will fully update a system (and should be what you download and burn to a cd instead of trying to find everything on windows update) DL/Torrents for autopatcher [neowin.net]

Re:How do you patch a system? (0)

Anonymous Coward | more than 9 years ago | (#10956031)

You may not have enough time to download SP2 before your system starts a countdown to shutdown due to RPC (blaster and friends) problem.

I didn't the last time. Had to download SP2 from linux... and it was a challange, as Microsoft tries hard to force you to use Windows XP & Internet Explorer to do it--idiots!

Re:How do you patch a system? (1)

hoggoth (414195) | more than 9 years ago | (#10956056)

No, it means you have to install XP from behind a NAT box or firewall, then download and install SP2 while still behind the NAT box or firewall.

Then, of course, there is no reason not to STAY behind the NAT or firewall.

Re:How do you patch a system? (1)

skadus (821655) | more than 9 years ago | (#10956083)

Look around here [google.com]

or, even better:

Use nlite. [msfn.org]

Yes, you're still burning a new CD from a fresh install and installing Windows twice, but you don't have to run a patch file after install (and with nlite you can also set options like allowing non-MS visual styles, classic logon screen, and unattended installation - very nice!).

Not surprising... (1)

allism (457899) | more than 9 years ago | (#10955862)

We built an XP box maybe a year ago and forgot to turn on the firewall before we started downloading patches. The machine was infected with Sasser in well under five minutes.

Fortunately the machine didn't have anything important on it since it was freshly built...

Re:Not surprising... (1)

pcmanjon (735165) | more than 9 years ago | (#10955970)

Yeah, I remember when MSBLASTER was making it's rounds. At about the same time I had to reinstall Windows. Once the network was up, I started to install the soundblaster drivers. During the install, a 'System Shutdown in 30 seconds' notice came up. I was quite surprised because at the time I didn't even know about MSBLAST...

How annoying that was... at the command prompt every minute or so I'd have to type SHUTDOWN /A while I was in 'msconfig' removing it from the startup items. MSBLASTER resides on my system still today, but it's disabled from startup.

Amazing what a few minutes unprotected can do for (or against) you.

Dawn of the dead? (0)

Anonymous Coward | more than 9 years ago | (#10955867)

Is it just me or do WinXP users remind you of a bad movie.....

I'd love to see... (3, Interesting)

MrNemesis (587188) | more than 9 years ago | (#10955868)

...statistics for all the other versions of windows in common use, particularly Windows 2000, as well as XP SP2. Last time I looked XP machines could only account for a maximum of ~50% of all the potential zombie bots in the world.

Re:I'd love to see... (2, Insightful)

rewt66 (738525) | more than 9 years ago | (#10956064)

Well, that's kind of irrelevant, because you don't see very many machines with those OSes getting newly connected to the Internet any more. Some, but not many...

First post (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10955873)

First post

Not surprising (0)

Anonymous Coward | more than 9 years ago | (#10955874)

Considering my firewall blocks an average of one intrusion attempt every 5 minutes (on a dial-up none the less), I am not surprised.

Ok, before the bitching begins: (5, Interesting)

daveschroeder (516195) | more than 9 years ago | (#10955886)

Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean

Yes, yes, we know this is not surprising, since the exploits in question target Windows specifically, and therefore obviously will not affect Macs.

But the larger points you should take away from this is twofold:

1. The simple fact of the matter is that, for whatever reason, Macs are clearly affected far less than PCs by all types of exploits. This is not because of just marketshare. But whatever the reason, it is true nonetheless. But this brings be to:

2. Even a completely unpatched Mac OS X 10.0.0 machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be. The fundamental and intrinsic security design and considerations of Mac OS X are just better, period. Even local exploits, such as might travel freely and easily on Windows via email, aren't as possible or practical on Mac OS X (e.g., a potential Mac exploit of this nature that spread via email would have to have its own MTA or a lot more complexity than a simple script on Windows where Outlook and the OS does all the work for you). Yes, marketshare, i.e., the chances of the next host encountered being a Mac, certainly doesn't hurt, but that is not the sole or primary reason Macs aren't vulnerable. No effective automatic vectors of infection or spread, either local or remote, exist, period. When external ports are opened, they usually represent open source services such as apache and OpenSSH, which as a matter of course are usually updated long before theoretical exploits become reality because of the intense scrutiny and peer review such products receive by the community.

When will people learn, that after three and a half years of Mac OS X, with the market growing, it's not just because of "marketshare" that Macs are rarely affected by these types of issues? Can people admit that it's possible that security decisions that were simply and fundamentally better than those of Microsoft were made? I get a kick out of articles that trumpet "MACS JUST AS INSECURE AS WINDOWS" when a text shell script is "discovered", one that must be run by someone with root or physical access no less, with no worthwhile vector or method of automated propagation of any kind![1] This is in the face of completely remote and automated exploits that can hit a Windows machine in minutes of being on the network, or exploits that own your machine by simply visiting a web page, or viewing an email message in Outlook (yes, these have continued to exist, some even very recently).

[1] For the nit-pickers out there, copying itself to other remote Mac OS X system volumes to which the local user has root-equivalent access and has manually connected to doesn't exactly rise to the level of the unprivileged, automatic propagation we see in the Windows world.

Re:Ok, before the bitching begins: (3, Insightful)

pcmanjon (735165) | more than 9 years ago | (#10956013)

You don't mention the same about linux neither? Linux and all other unix based systems are built mor e secure in nature.

I wish marketshare would skyrocket for a unix-based OS so we could prove to the world, togeather, that market share isn't what protects these systems.

Re:Ok, before the bitching begins: (4, Interesting)

MysteriousMystery (708469) | more than 9 years ago | (#10956021)

Well, the same situation goes for Linux, BSDs (not including OSX in this statement) and a lot of other operating systems. And it's not just because of their substancially smaller market shares either(though it certainly doesn't hurt either). Windows obviously has a number of design flaws, and deployment of patches to consumers (and for that matter large organizations) is a problem, and until Microsoft can come up with a more complete way to solve this problem, it will always be an issue. From the ground level up there are fundamental problems with the way windows was designed, and as we've all learned, the security through obscurity approach is not an effective one.

Re:Ok, before the bitching begins: (3, Informative)

daveschroeder (516195) | more than 9 years ago | (#10956058)

Oh yes, I'll include other UNIXes, Linux, BSDs, etc.

However, the article summary only mentioned Macs (which is why I did), and also, many of these other systems are used as servers, and do in fact have many more open ports than a typical Mac OS X system, which often has none. This isn't to say they're "insecure" because of it; just that there are channels of potential access.

Now, a Mac OS X (or Mac OS X Server) machine used in a "server" role is likely to share a similar level of exposure.

But my reference is to a typical consumer or desktop machine, which represents by far the largest proportion of machines out there, and which is primarily what this article is referring to. And in the cases of these machines, Windows has remote avenues of attack, and Mac OS X does not - at all.

Re:Ok, before the bitching begins: (0)

Anonymous Coward | more than 9 years ago | (#10956037)

And Windows XP SP2 doing just as well as OS X means...?

(I know, I read the f.. article, sorry, forgot it was Slashdot)

The problem is... (1)

daveschroeder (516195) | more than 9 years ago | (#10956096)

...that it's clearly not, even now.

There have been numerous exploits that have affected XP post-SP2.

And Microsoft's new, extremely belated focus on security notwithstanding, this does not change what I said.

Nice try, though.

Re:Ok,To Quote Alfred E Newman (1)

Anonymous Coward | more than 9 years ago | (#10956038)

What me worry.. I use Windows ME which in reality has no reason to be zombied! Just kidding... The fact that 99.9% of winXP users do not even know what a shell script is and would not even know how to run one certainly helps. It is not a case of stupid windows users not patching the system, instead it is a case of Microsoft creating an os that is a can of worms (pun intended) and not paying attention to the fundamentals of internet security. Seems like a major selling point for Longhorn, and planned obsolesence as a business model!

Re:Ok, before the bitching begins: (3, Insightful)

Ancil (622971) | more than 9 years ago | (#10956078)


Even a completely unpatched Mac OS X 10.0.0 machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be.
Yes, and on Windows XP with Service Pack 2 installed, the firewall is also locked down from first boot until such time as you decide to open some ports up.

This is the version that's been shipping on new machines and sitting on store shelves for half a year now.

But these facts are a bit inconvenient and don't make for exciting headlines, so we'll run the test with SP1, which everyone knows had some juicy exploits.

code red (1)

rassie (452841) | more than 9 years ago | (#10955889)

At a customer site, an employee recently installed a backup program which included SQL server 2000. It took 10 minutes for it to become infected with Code Red.

Our experience (4, Interesting)

BWJones (18351) | more than 9 years ago | (#10955902)

Our experience with operating system maintenance costs has been that Windows systems typically are the most expensive in terms of total required hours. Linux boxes initially are difficult to set up, but are more difficult for novice users necessitating frequent support, Windows boxes are easy for novices to use and recently have become much more stable, but have malware issues. Solaris and IRIX boxes are somewhere inbetween in terms of ease of use but require "privileged" knowledge in how to deal with certain issues, leaving us with OS X.......

OS X/Macintosh has proven to be the absolute most productive environment for us to date, least susceptible to malware/hacking has the lowest support costs and is why we have been in the process of replacing most machines with OS X boxes.

I call phooey. (5, Funny)

Anonymous Coward | more than 9 years ago | (#10955906)

I'm using my new unpatched XP system right now and it works gre45h3@#$!dd11f

NO CARRIER

You can't play the 'luser' card! (4, Insightful)

nordicfrost (118437) | more than 9 years ago | (#10955915)

Many IT-people brand the persons that get these bots / infections as clueless lusers who get their comeuppance. I don't.

A machine isn't supposed to act this way. It is very simple, but we forget that proper behaviour for the machine is to NOT get infected in seconds. I have abandoned windows some time ago, but still help friends with their machines. But it is a battle they're losing. Nothing seems to help, mostly due to the extremely bad security paradigms. They now think its normal having to run 2 - 3 different anti-adware programs, virusscanner, be on eternal vigilance at every corner of the internet.

It is not supposed to be like this. Don't forget that.

Re:You can't play the 'luser' card! (1, Insightful)

which way is up (835908) | more than 9 years ago | (#10955982)

I the system admin for a small company, and you are can't be more wrong.

IT people DO NOT people with viruses or ad-ware as clueless. We know these things exist (and give us job security) and understand that things will get past our best efforts. Only when a user circumvents things like virus scans and other preventive measures do we get upset and brand them as 'clueless'.

You're way off the mark. We don't blame the users. Or even windows for that matter. This is just the way of life for us in the computer age.

Re:You can't play the 'luser' card! (4, Insightful)

revscat (35618) | more than 9 years ago | (#10956032)

You're way off the mark. We don't blame the users. Or even windows for that matter. This is just the way of life for us in the computer age.

Correction: "Way of life for us in the Windows world." Other operating system's don't have these problems and associated costs and loss of productivity.

Re:You can't play the 'luser' card! (1)

easter1916 (452058) | more than 9 years ago | (#10956048)

So good of you to speak for all of us IT people. It's just that I don't remember voting you in as spokesperson.

Re:You can't play the 'luser' card! (1)

which way is up (835908) | more than 9 years ago | (#10956107)

You're right, i shouldn't speak for all IT people, i should have accounted for you by saying "however... there's always one asshole"

Re:You can't play the 'luser' card! (1)

Pxtl (151020) | more than 9 years ago | (#10956106)

We're not talking about your users, but home users, who don't have an IT guy to babysit their computer for them.

Re:You can't play the 'luser' card! (1)

Incoherent07 (695470) | more than 9 years ago | (#10956052)

So... what you're saying is that you consider a lock on the outer doors of your house, an alarm system, AND random police patrols evidence that your house has a "bad security paradigm".

I'm not going to deny that Windows has made a number of decisions over the years which contribute to this, but honestly if your house had the exact same lock and the exact same key as every other house in the neighborhood, you should not be surprised when you get burglarized.

White Knight Virus's (2, Interesting)

PktLoss (647983) | more than 9 years ago | (#10955920)

This kind of news kind of makes me wish for white knight virus's that run out there and plug the wholes (carefully) before the bot net virus's attack. Possibly even faking a Microsoft message requesting the use download all the newest patches from windowsupdate.com

With the recent news that lycos has publicaly released a DDOS (mince words if you want to, that's what it is) tool to use on spammers, I wonder if a corporate sponsored virus of this type is far off.

Re:White Knight Virus's (1)

bersl2 (689221) | more than 9 years ago | (#10955985)

Haven't those sometimes been more destructive than the worm that uses the hole the first one is trying to patch in the first place?

2:30 (5, Informative)

Nuskrad (740518) | more than 9 years ago | (#10955925)

I recently tested this on a clean install of Windows XP SP1, and it took just 2 minutes 30 seconds(give or take a few) after connecting to the internet for me to notice the system to be compromised, and that was with the Windows Firewall on.

My advice to anyone with Windows XP SP1 planning a clean install - get the SP2 CD (free from Microsoft) and install it before connecting to the internet.

This doesn't surprise me. (3, Interesting)

Sheetrock (152993) | more than 9 years ago | (#10955927)

I've been around the Internet for a long time -- since the early 90s in fact -- and am thus quite aware of the ruinous activities it has been subjected to by the typical user since then. You know, things like people popping into a random USENET group and treating it like a tech support line, or in the larger picture basically assuming the entire network is there to serve as some form of entertainment. The issues with machines getting infected within minutes is only another sign of the degree to which the abuse of the Internet has been risen up to.

When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.

It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.

Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.

It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?

uhzlox (1)

Corf (145778) | more than 9 years ago | (#10955934)

According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet.

...and about the same time for Avantgarde's server to be reduced to a smouldering pile of rubble. Go Slashdot!

I can confirm - happened to me last night. (2, Interesting)

CdBee (742846) | more than 9 years ago | (#10955935)

Last night I installed Windows 2000 SP4 onto a machine (not mine) connected to an NTL (British ISP) Cable set-top-box by ethernet.

Windows came up, I chose a username, and it froze due to gaobot infection.
I hasten to add that normally I unplug modems but I was under the impression that Set top box Cable access uses NAT and is thus secured against this sort of thing... I'll be recommending a Motorola Surfboard and router to my friend !

Re:I can confirm - happened to me last night. (0)

Anonymous Coward | more than 9 years ago | (#10956114)

No they don't use NAT at all. They only barely support DHCP requests. They're completely transparent for good or for bad. I'd suggest the D-Link 704 if you're going to use one of these.

Rule number 1 for doing an XP install: (3, Insightful)

theparanoidcynic (705438) | more than 9 years ago | (#10955937)

Zone Alarm and Firefox get on the system from a flash drive before ethernet cable is ever pluged in.

4 minutes? (1)

cwapface (835930) | more than 9 years ago | (#10955942)

When I was working for a large university, I could do a fresh install of XP SP1 and it would get infected before I even got a login prompt, about 10 seconds. I then learned the value of unplugging the network cable

Perfectly secure. (4, Funny)

Japong (793982) | more than 9 years ago | (#10955948)

Bah, that's a load -BUYVIAGRANOW2FOR1!- of BS. I haven't patched my PC since I bought it -FREEMORTGAGEQUOTES!- and it's running just -TIREDOFCONSOLIDATEDDEBT?- fine. No viruses, no trojans, -TIREDOFSPAM?BUYTHISCRAP!- nothing.

Today.. (1, Informative)

Searinox (833879) | more than 9 years ago | (#10955952)

I installed a fresh Windows XP (SP2 integrated) box with internet connection. The firewall was enabled by default so I didn't get any worms or viruses.
At least at the moment (and if you have at least a certain amount of brain in your head :) Windows can be quite, I don't want to say safe, but at least it is now safer than without SP2

Of course... (4, Interesting)

rpdillon (715137) | more than 9 years ago | (#10955954)

"The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks."

They act like how often it's attacked is a detractor from how secure it is ("it's not exploited because no one ever attacks it!") In fact, I'd say the systems that are attacked the least is *because* they are so difficult to exploit. Well, that and they only are about 2 or 3 out of every 100 systems you'll ping.

not just worms (5, Interesting)

TheSHAD0W (258774) | more than 9 years ago | (#10955956)

If you've installed any programs from Download.com, Cnet.com or ZDnet.com, beware.

I started getting reports of malware being attached to a program I work on [slashdot.org] and discovered the affected parties had obtained their copies of the program from Download.com. I had never submitted the program to them, but someone else had -- and they'd contaminated it with malware while they were at it. I complained, and the program was removed. (Actually, they first switched the links to the official server, but removed it when I complained further that they needed to tighten up their submission procedures.)

While Download.com is no longer distributing my program, they are still distributing malware attached to other programs (just went to their site to confirm it) via xeol.net and probably others. They don't seem too interested in fixing the problem. I also sent a complaint to the FBI's cybercrime division, and they apparently weren't interested, either.

This doesn't surprise me one bit (1)

zaffir (546764) | more than 9 years ago | (#10955961)

Of course an unpatched XP machine is going to be "compromised" quickly - look at how many worms have been going around exploiting remote vulnerabilities in the past year or two! Anyone who's installed XP on a machine that wasn't firewalled from the internet properly has had to deal with this.

Buy a DSL router. 'Nuff said. (0)

Anonymous Coward | more than 9 years ago | (#10956002)

Why is this still an issue? Come on, yes, we know XP out of the box is vulnerable. This is old news.

Buy a $30 DSL/cable modem router. I tell everyone I know to do this, it's worth it. 99% of all problems are solved with the DSL router. Once you have that in place, then the only thing you have to worry about is malicious web sites and email viruses.

Although it's not suprising... (1)

SpermanHerman (763707) | more than 9 years ago | (#10956023)


I would like to see the comparison of viruses/trojans written for windows vs. viruses/trojans written for Mac and Linux desktop. The ratio is probably something like 100:2:1

It's sad... (1)

cr0y (670718) | more than 9 years ago | (#10956030)

If only a fraction of all these people running unpatched windows systems would simply download a distributed computing client or something else to help the computing world instead of acting as a zombie on the internet...

My apartment would be too... (2, Insightful)

DogDude (805747) | more than 9 years ago | (#10956033)

My shit-hole apartment would be cleaned out in about 4 minutes if I didn't lock the door, too. So what does this prove? That there are nasty things out there? That shouldn't be news to anybody, especially not the Slashdot crowd. Lock down your computer the same way you'd lock your car doors and you'd lock your house.

Re:My apartment would be too... (1)

cakefool (801210) | more than 9 years ago | (#10956094)

I wouldn't expect my car to be stolen in the thirty seconds between me signing the contract and leaving teh forecourt. In fact, I would expect there to be some security in the vehicle to start with. Nah, I lie, Any car I buy is gonna be such a dog noone will want to steal it. Diesel badges work so far...

They should mention that no firewall was used... (1)

Assmasher (456699) | more than 9 years ago | (#10956036)

...as well. Without a firewall, no computer is safe and with one, no computer is safe (just slightly safer...)

Re:They should mention that no firewall was used.. (2)

Neophytus (642863) | more than 9 years ago | (#10956095)

Duh. They arn't testing how fast someone can install a firewall. They're testing how prone a typical user is to T3H H4X0RS - the same typical user will turn on and go which is why SP2 is a good thing (tm).

How can you tell? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#10956040)

For the average user, what tools are available to let them know what their computer is doing (spamming etc). By the same token, what can they use to find out what their firewall is stopping?

Task Manager seems pretty useless for that, since any system is going to be running a bunch of cryptically-named tasks about whose purpose the user is largely unaware.

What does netstat tell me? What does it mean?

The tools available for the average user to figure out what might be going on aren't well-known.

I have observed similar results myself (0)

Anonymous Coward | more than 9 years ago | (#10956071)

I do work in a test lab using several standard DOCSIS cable modems. Since the PCs used need to have fresh OS installs with various patch levels, they are ghosted frequently.

The 2000/XP boxes will often get infected before the software being tested ever finishes installing. (a small/simple software firewall being one of them)

The does not occur when behind a consumer NAT router, but is rather alarming that a typical PC on an unprotected cable modem does not even have enough time to download/install a small soft-firewall.

When you're ready to put an end to this (1)

mabu (178417) | more than 9 years ago | (#10956080)

Look up and contact your local Attorney General and demand that they start prosecuting the criminals that break into PCs [naag.org] . These activities have been felonious crimes since day one of the Internet. Even if our OSes were more secure, it doesn't excuse the blatant illegal activities that are continuously perpetrated that cause untold amounts of wasted bandwidth, time and other resources that our leaders in the criminal justice system should be doing something about. Contact your local AG and demand they start prosecuting these cases and this stuff will be dramatically less prevalent.

Delta Compression! (3, Informative)

cperciva (102828) | more than 9 years ago | (#10956116)

This is why operating systems should use delta compression [slashdot.org] for distributing security patches. You're never going to have a perfectly secure operating system; you can, however, make sure that you can fix the security flaws before they are exploited. Put another way: Size matters!

For the record, using FreeBSD Update [daemonology.net] and my binary diff [daemonology.net] tool, downloading all existing security patches for FreeBSD 4.8 (released April 2003) only requires 568kB of files to be downloaded -- which takes under 3 minutes even with a 28.8kbps modem.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...