Network News

X My Profile
View More Activity

Windows 'Survival Time' on the Rise?

According to the latest data at the SANS Internet Storm Center, the average time it takes for an unprotected PC running Microsoft Windows (i.e., firewall off and missing critical security patches) to be compromised after being plugged into the Internet has more than doubled since September 2004. Trouble is, that time gap still isn't that large: An unguarded Windows computer can expect to be hacked within little more than 40 minutes of going online.

The "survival time" of Windows PCs has been steadily on the rise since last fall, when Microsoft released Service Pack 2, a comprehensive security upgrade for Windows XP that made it easier for users to take advantage of the operating system's built-in firewall, as well as automate the installation of security patches.

While Service Pack 2's deployment may explain the survival time in part, the data may also reflect another trend, according to Chicago-based security services firm LURHQ. In the latest edition of the company's "On the Radar" newletter, LURHQ analysts point to the "the lack of any new critical network-based vulnerabilities in Windows workstations since the LSASS exploit."

LURHQ is referring to a security flaw for which Microsoft released a patch in the spring of 2004. The flaw was quickly seized upon by hackers to launch the highly successful "Sasser" worm; since then, the LSASS flaw has become the de facto method for infecting Windows computers through automated attacks, which are typically designed to turn infected PCs into "bots" -- machines that give attackers the power to control an infected computer and link it to networks of "zombie" machines that they can control for a variety of nefarious activities.

While the LURHQ advisory notes that the pool of vulnerable Windows machines is slowly shrinking in the short run, it also stresses that hackers are increasingly finding other ways to hijack Windows PCs and convert them into bots, such as through instant messaging attacks and flaws in Microsoft's Internet Explorer Web browser.

All of which should serve as yet another reminder of how important it is for Windows users to take basic, preventative measures to stay safe online. If you need help with the basics, like choosing and installing a firewall, anti-virus software, and Windows updates, have a look at our video guides for securing your computer.

By Brian Krebs  |  June 24, 2005; 1:40 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: RealNetworks Patch Fixes Four Critical Bugs
Next: The Lure of an E-Mail Hoax

Comments

Don't get hacked. Get a Mac

Posted by: T man | June 27, 2005 6:42 PM | Report abuse

Yes, get a Mac and don't get hacked. Besides, I think Apples Tiger OS got rated #1 most advanced OS by PC World or some other PC magazine. If you want a Lexus of computers, get a Mac. Dave

Posted by: Veld House Man | June 27, 2005 6:47 PM | Report abuse

Wow, a whole 40 minutes! Someone in Sweden has put a completely unprotected Mac on-line (same conditions as listed above for the Windoze-based PC) and has posted a 1000 Kronen reward for anyone who can hack it. It's been almost a year and a half and no one has been able to do it! How's that for a guide on how to secure your computer?!

Posted by: Rob Watterson | June 27, 2005 7:58 PM | Report abuse

BTW MAC's suck...why do people by into this propaganda??

A PC running SP2 w/firewall aka ports 135,445 etc blocked, which is default now I believe is NOT going to be owned in 40 minutes...

Posted by: Give me a break!!! | June 27, 2005 11:31 PM | Report abuse

GMAB,

Dude, chill. Start an Ad-aware scan and pop a cold one. Your PC is probably protected. Your firewall is up and you know about ports, good for you.

But how about all those Mom and Pop users out there that plug in the PC they bought at the local big box retailer? They don't know from firewalls and anti-virus. All they know is that they plugged in the box to the DSL things are slowing down and there's a purple monkey on their screen.

You need your PC to run GTA, but maybe when that little old lady in your life asks you what computer to get so her kids can email photos of the grandkids, you'll think that an iMac might be a better recomendation than an XP box.

Posted by: virtual rick | June 28, 2005 2:12 AM | Report abuse

Oh yes, the mac fanboys are out in force on this. Wow. No one could see that coming.

Simple steps to not get hacked:

1. Use a firewall
2. Use a combination of anti-virus and anti-spyware.
3. With the exception of using windowsupdate, NEVER EVER UNDER ANY CIRCUMSTANCES USE MSIE. Opera is by far a superior product.
4. Never use MSOE. In fact, uninstall it.
5. Turn off UPnP.
6. Take some time to get educated on what not to click from emails and websites.

Posted by: Don | June 28, 2005 2:31 AM | Report abuse

Wow, the mac fanboys are out on this one. Couldn't see that one coming. Never.

Simple ways to not get hacked:

1. Use a firewall.
2. Use a combination of antivirus and anti-spyware.
3. Unless updating via windowsupdate, NEVER EVER UNDER ANY CIRCUMSTANCES USE MSIE. Opera is superior.
4. Don't use MSOE. In fact, uninstall it.
5. Turn off UPnP
6. Take the time to learn what not to click from websites and emails.

Posted by: Don | June 28, 2005 3:12 AM | Report abuse

In shock news, the Society for the Enumeration of the Completely Obvious has noted that people who walk outside in the rain without wearing a raincoat, carrying an umbrella or some other protective device get wet.

When contacted for comment researchers said that they really were not sure how people might avoid getting wet, that it was probably a critical flaw in the design of umbrellas and raincoats which were causing people not to use them.

Posted by: MT | June 28, 2005 6:59 AM | Report abuse

In yet another dispatch from the Society for the Enumeration of the Completely Obvious, it has been found that a small but growing number of people are able to walk in the rain for impossibly long periods of time without getting wet. Even more baffling and surprising is that they don't need to purchase, maintain, and configure raincoats or even umbrellas. Something about the design of these people has made it highly unlikely that a raindrop will strike them, or that it will have the effect of getting them wet.

Officials from the society have determined that we all should study these people in order to learn their secret. Because who wants to deal with raincoats and umbrellas if you don't need to?

Posted by: Chris | June 28, 2005 8:21 AM | Report abuse

My list of simple steps to not get hacked is not six steps long. It has only one step.

1. Buy a Mac

While most of the world watches video guides for securing your computer, the rest of us are using and enjoying our computers.

Posted by: Chris | June 28, 2005 8:30 AM | Report abuse

Windows has security features built in, turned on by default. Turning them off then claiming that that machine is then easily hackable is just idiocy.

The Mac argument goes something like this, A tee shirt is better than a bulletproof vest for protection against bullets, because I've been wearing tee shirts all my life and nobody's ever shot me. Meanwhile I hear about a lot of police who wear bulletproof vests being shot.

Trouble is that argument breaks down the minute somebody tries.

Follow the advice of:

1) Buy a Mac
2) Don't install the latest OS/X service packs

And see how long your Mac lasts against even a casual attack. Hint: it won't last 5 minutes.

Bottom line:

With any O/S: keep it patched and keep any of it's inbuilt firewalling features active.

Posted by: MT | June 28, 2005 1:34 PM | Report abuse

I just switched to a Mac a few months ago. It's such a blessing... not one freaking problem. Nothing, nada, zilch! I'll never switch back. All the years of problems, headaches, lost time, gone. It's heaven!

Posted by: Mike the Mac | June 28, 2005 3:09 PM | Report abuse

"Windows has security features built in, turned on by default."

MT: If that's true, it's a recent development. What about all those people still running W2k? Traditionally, Windows comes out of the box open to the world. The firewall is new to XP SP2.

Do some research on OS X. Find one, go try to hack it (if you know the admin password going in, you haven't cracked it). Take a look at SARC. How many Mac threats are listed?

I've no dout that the people that read "Security Fix" have secure, firewalled PCs.

All I'm saying is, if you want a computer and not a security hobby, get a Mac. The CEO of Intel said at a conference last month that he spends hours every weekend cleaning his daughters PC. When asked about adware and spyware fixes, he said that if you want something soon, you should look to another OS, not Windows.

Posted by: Virtual Rick | June 28, 2005 3:25 PM | Report abuse

Windows can be pretty secure, but you have to take care of it. You have to get anti-virus software, a firewall, because microsoft's firewall sucks, addware protection, and still this is not enough. You still have to know what you're doing. If you click on everything you see in your browser or email client it's all useless.
I don't know about OS X, but linux, BSD etc. are more secure. If you put a red hat box on the net with no firewall and all the services up and running, chances are you will get hacked even faster. But if you configure your firewall, stop all the un-necesary services, you can make it allmost impossible for someone to hack it. And you have no addware, and no viruses. The same is true for OS X. Miscrosoft should concentrate on improving overall security rather than making an anti-virus. Maybe you don't know, but OS X, linux, BSD, Unix etc. have no viruses, only windows has.
Why is that? More advanced filesystem and directory structure. They don't have viruses now, and they never will have!

Posted by: dick | June 28, 2005 5:47 PM | Report abuse

If you look at my earlier post I was referring to Windows XP SP2.

The firewall of course existed in XP pre SP2 too, just wasn't turned on by default. Because the average user didn't know the first thing about how or why he might need it, and was lazy or unaware of the need for patching, both of these are automatic in SP2.

Check out the CERT tips for connecting MacOS X PCs to the Internet, not too different in terms of recomendations from the XP instructions...

http://www.cert.org/tech_tips/before_you_plug_in.html#II.B.2

If you have the belief that WinXP or MacOS or Linux or any other Unix is safe for direct connection to the Internet even if you don't properly configure it and continually patch it, then good luck to you...

Posted by: MT | June 28, 2005 5:57 PM | Report abuse

Dick, maybe you don't know, but viruses, worms and trojans do exist for Linux and the Mac.

Posted by: MT | June 28, 2005 6:06 PM | Report abuse

Yo.
With all this posturing about Macs and Linux etc., one would assume this organization has run the same tests on OS X and the penguin.

So, Mr. blog author or anyone else who knows, instead of anecdotes and true belief, what are the measured comparable metrics??

Posted by: bigpics | June 29, 2005 2:17 AM | Report abuse

BTW, it seldom gets mentioned, but one single step did more to secure my computer than my Firefox, firewall, A/V, anti-spy and spamware put together.

I bought a cheap wired router (<$20 after rebate) and disabled the ping response and stealthed the one unstealthed port. And since that day, NONE of my programs listed above has found or detected a single damn thing even as I blithely click on some of the from god knows where attachment from friends I know with no protection on their systems at all.

Just try this simple test: Go to Shields up! (a great site and free service) at https://image.grc.com/x/ne.dll?bh0bkyd2 and run their suite of tests on your computer with your current configuration.

THIS is the result you want to see:

"Your system has achieved a perfect 'TruStealth' rating. Not a single packet -- solicited or otherwise -- was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to 'counter-probe the prober', thus revealing themselves. But your system wisely remained silent in every way. Very nice."

See anything else and you're vulnerable.

Posted by: bigpics | June 29, 2005 2:32 AM | Report abuse

OS X, Linux, and Unix type systems have worms and trojans, or r00tkits. You will not get a trojan if you click on a link in your browser, or if you open an email. Viruses can not spread on unix type systems. If you think you can write a Linux virus then please show me the source code, I'm very curious. Worms exploit vulnerabilities in some networking services, like a http server, or and ftp server, or ssh server, or the windows file sharing service. This can be stopped by disabling the service, or by a firewall. Windows has a lot of services turned on by default. If you don't have a firewall, you will get hacked, no matter what OS you are using. Give me the name of a linux virus. A simple virus that spreads by email or whatever and installs itself on my computer. I cand name 100.000 windows viruses, how many linux viruses can you name, if any?

Posted by: dick | June 29, 2005 6:24 AM | Report abuse

Let's go with Linux.Svat, interesting mechanism for infection.

Or Linux.Jac.8759, Linux.Hyp.6168 theres are more like a typical Windows virus.

Or a proof of concept multi platform Viruses that will infect both Windows or Linux: Linux.Peelf.2132, Linux.Simile

Of course if you're wanting to infect a bunch of Linux systems, I'd go with a worm approach rather than a virus.

Agree with the guy who says get a cheap firewall, any firewall, because defense in depth is a good strategy, and a home firewall on a broadband connection is the minimum step you should take. But don't assume just because your firewall doesn't respond to pings, you're invisible or unhackable.

Posted by: MT | June 29, 2005 8:23 AM | Report abuse

Re the comment about never saying now you have ultimate and true security, I agree entirely. In fact I expect my system to be fried by creeps any second now just because my comments sounded so smug.

It's a dangerous web out there. As the man said, defend in layers, monitor... ...and cross your fingers.

Posted by: bigpics | June 29, 2005 11:01 AM | Report abuse

Ok so you've got about 5 linux viruses. Now tell me how can you infect my programs in /bin, /sbin, /usr/bin etc. If I am not running as root. Of course if you're a total idiot, and have a lot of useless and probably vulnerable services running anything is possible.
Unix like systems just aren't vulnerable to this kind of primitive atack. If you only have a desktop computer, you can make it allmost unhackable. I don't even have sshd running. How are you gonna hack me? Send me an email in wich you tell me how to disable my firewall, and how to install a rootkitt myself?

Posted by: dick | June 29, 2005 3:42 PM | Report abuse

OK Dick, now we're down to well actually those viruses exist, but you're not dumb enough to get caught by any of them.

It's hard to beleive that could be the case because you only learned yesterday that the possibility of infection existed, so presumably havn't been taking any precautions.

But even if you aren't, a lot of people are.

So lets say you are not running any services, but are recieving mail and web browsing on the box.

If I can get you to view a specific tiff or png image on an unpatched linux box, I can easily get that code on your system.

So now do you plan live in a cave and never use email or browse the web? Nice that you have a secure box though...

To compromise those files you mention all I need is root access, or a virus which modifies something a privileged user eventually executes. And if you've never seen an exploit for a Unix box which gives you root access, well, you just haven't been around Unix long enough.

But anyway, with what you suggest we're a long way from the intial topic of what happens when Grandma pulls her brand new Mac out of it's box and connects it to the 'net. Lets say Gramdma has connected straight to the cable modem, She doesn't patch, she hasn't turned the firewall on, she web browses. She views mail.

She thinks she's wearing a bulletproof vest but it's actually a tee shirt. She's only less vunerable because fewer people are trying to attack her, a fact she finds to her dismay sooner or later.

Smart Grandma on the other hand buys a home firewall router, turns on the software firewall and automatic patching on her box (if her O/S vendor hasn't already) and installs a decent adware and virus scanner and sets it to scan real time and update signatures daily.

Then Smart Grandma gets left alone (for now), because everyone's going after the people who didn't perform those simple few steps.

Posted by: MT | June 29, 2005 5:35 PM | Report abuse

Of course I knew those viruses existed, but they are just too rare to be taken seriousely. And of course I knew about local root exploits. And I patch my system. But still, if grandma just takes the computer out of the box and plugs it in, no matter what OS she is using, she is going to get hacked :)

Posted by: dick | June 29, 2005 7:52 PM | Report abuse

the best way not to get hacked is by assembly, build your own OS for private use! noone would know it excists, make it so that it can run windows based programs, mac based programs and linux based programs, but that you have to aprove every step it wants to make. also make it a the system itself (the root) on a live CD, so that only the programs go to the HDD. then use something like opera or firefox and you'll never get hacked again!

Posted by: link0007 | June 11, 2006 3:27 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company