Software // Enterprise Applications
News
11/30/2004
02:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Unprotected PCs Fall To Hacker Bots In Just Four Minutes

The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.

The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker.

In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.

The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.

Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.

"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. "The average was just four minutes. Think about that. Plug in a new PC--and many are still sold with Windows XP SP1--to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."

Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged--and heavily touted--by Microsoft in SP2.

The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows. One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.

The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.

"Update Windows regularly with Microsoft's patches, use a personal firewall--third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks--keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.

"No machine is immune," he counseled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.