Unprotected PCs fall to hacker bots in four minutes

by Gregg Keizer , Gregg Keizer | Wednesday 1 December 2004

The lifespan of a poorly protected PC connected to the internet is a mere four minutes, research released this week claims. After that, it's owned by a hacker.

In the two week test, marketing communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analysed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the internet.

The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire's distribution of Linux.

Not surprisingly, Windows XP SP1 sans third party firewall had the poorest showing.

"In some instances, someone had taken complete control of the machine in as little as 30 seconds," said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment.

"The average was just four minutes. Think about that. Plug in a new PC, and many are still sold with Windows XP SP1, to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over."

Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

"If you're running a firewall so your machine is not seen, you're less likely to be attacked," said Colombano. "The bot or worm simply goes onto the next machine." Although Windows XP SP1 includes a firewall, it's not turned on by default. That security hole was one of those plugged, and heavily touted, by Microsoft in SP2.

The successful attacks took advantage of weak passwords on the target machines, as well as a pair of long-patched vulnerabilities in Microsoft Windows.

One, the DCOM vulnerability, harks back to July, 2003, and was behind the vicious MSBlast worm of that summer. The second, dubbed the LSASS vulnerability, was first disclosed in April, 2004, and led to the Sasser worm.

The most secure system during the experiment was the one running Linspire's Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.

The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows.

"The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added.

For the bulk of users who work with Windows, however, Colombano didn't recommend dumping Redmond's OS and scurrying for the protection of hacker-ignored platforms.

"Update Windows regularly with Microsoft's patches, use a personal firewall --third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks -- keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised.

Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks.

"No machine is immune," he counselled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine."

Comments: 18

photohounds 28 November 2010	So ... once again, the commercial operating systems form the "experts" are left behind in the security stakes. Once again, even Apple gains zero advantage from harking from a code base similar to Linux. True then and true now. Comment made about the PC Authority article: Unprotected PCs fall to hacker bots in four minutes? The lifespan of a poorly protected PC connected to the internet is a mere four minutes, research released this week claims. After that, it's owned by a hacker. What do you think? Join the discussion.
Slatts 28 November 2010	Gregg Keizer on Dec 1, 2004 wrote: "Update Windows regularly with Microsoft's patches, use a personal firewall --third-party firewalls still have their place, since Microsoft's isn't suited to guard against outbound attacks -- keep secure passwords, and use some type of anti-virus and anti-spyware software," he advised. Of the list, the firewall is the most important. The study concluded, for example, that Linux- and Windows-based machines using an application firewall were the best at preventing attacks. "No machine is immune," he counselled. "No human is safe from every virus, and it's the same for machines. That's why people have to have some personal responsibility about security. You have to be a good citizen on the network, so you're not only protecting yourself, but others who might be attacked from exploits originating on your machine." The above paragraphs pretty much say it all.
rubaiyat 28 November 2010	For heavens sake OSX 10.3.5!!!! At least we know now who is still using it. Some PC idiot representing to be an expert.
Slatts 28 November 2010	rubaiyat wrote: For heavens sake OSX 10.3.5!!!! At least we know now who is still using it. Some PC idiot representing to be an expert. Um... Did you read the date at the top of my quote from the article?
rubaiyat 28 November 2010	No. What was the point of an article from more than 6 years ago that says the Macs were not compromised by hackers? We're back on this generalised, "Oh but they could if they wanted to." Well they've had over 6 years. What's stopping them? When is this "obviously going to happen", actually going to happen?
Slatts 28 November 2010	The article was written and released near as bugger it 6 years ago. It seems that photohounds some how found it and dug it up. You know how dogs are with digging up dead and buried things and proudly dragging them into the house.. Edit; Oh and not so much not compromised, Gregg Keizer wrote: The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. "The automated bot/worm attackers were exclusively using Windows-based attacks," said Colombano, so Mac and Linux machines are safe. For now. "[But] it would have been very vulnerable had code been written to compromise its system," he added. But as you said, that was long ago on an old OS. like the unprotected XP SP1 also used in the test. Edited by Slatts: 28/11/2010 11:45:17 PM
rubaiyat 29 November 2010	'Assaulted' but not KOed. In fact not so much as hair ruffled. My conjecture, to match the conjecture of the "expert", is that they couldn't fart and talk at the same time. I am constantly forced into defending OSX, an OS in other forums I am only too happy to tear strips off, because of this brand of nonsense. It could present evidence of compromised security but just blandly asserts something with nothing to back it up except the usual confident "Just so!".
rubaiyat 29 November 2010	In fact I remember directly targeted hack challenges of the same period that left OSX unmarked. The only successful hack of OSX I recall, ever, was actually won by a Melbourne hacker with intimate knowledge of the specific set-up of the challenged Mac and succeeded using a social assault.
rubaiyat 30 November 2010	Here's something a little more current: http://www.pcworld.com/article/211765/microsoft_downplays_nightmare_windows_kernel_flaw.html?tk=hp_fv
gone4good 4 December 2010	Ummm... http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html And... http://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html What's that saying about people that live in glass houses?
rubaiyat 4 December 2010	So show me actual hacks! I'm perfectly willing to accept that these may exist but will only concede there is a problem when anyone actually demonstrates one. Frankly we have heard this for years, gunna, could, if, blah, blah blah… For heavens sake OSX is over 10 years old now and there are an enormous number of Macs all waiting to be targeted. These are all s'postas. Usually by individuals making a living out of scare campaigns. We get the same deal from the companies selling Anti-Virusware for the Mac. Never a live virus ever! Compare that to "secure" Windows. The sole reason to install Anti-Virus software on Macs is not to pass them on to Windows users. As a good citizen, I'd be more than happy to do this if only we got some courtesy from Windows users in return, and if we didn't then suffer the same problems with the Anti-Virus software that Windows users suffer.
gone4good 5 December 2010	rubaiyat wrote: So show me actual hacks! I'm perfectly willing to accept that these may exist but will only concede there is a problem when anyone actually demonstrates one. Frankly we have heard this for years, gunna, could, if, blah, blah blah… For heavens sake OSX is over 10 years old now and there are an enormous number of Macs all waiting to be targeted. These are all s'postas. Usually by individuals making a living out of scare campaigns. We get the same deal from the companies selling Anti-Virusware for the Mac. Never a live virus ever! Compare that to "secure" Windows. The sole reason to install Anti-Virus software on Macs is not to pass them on to Windows users. As a good citizen, I'd be more than happy to do this if only we got some courtesy from Windows users in return, and if we didn't then suffer the same problems with the Anti-Virus software that Windows users suffer. Read the 2nd article. He outlines how easy it is to break the security of a Mac and that he has been doing it for years. He even gives specific examples (such as using Preview to take over a system), examples that he's given to Apple of which they have taken to the head in the sand security model and crank the propaganda machine up to 100. Even at DEFCON the Mac has been the first to fall, and usually within a few minutes, since Vista was launched. Never a live virus?! http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html I found that website in 5 seconds. If you searched you would find a lot more too. It seems you've adopted the head in the sand model as well.
rubaiyat 5 December 2010	That is exactly what I said above. Sophos an Anti-Virus software publisher announces a virus, which nobody seems to have caught. It still comes down to where are the real live security breaches and attacks in the over 10 years that OSX has been out there. Show me someone, anyone, who has suffered an attack. These are all stories of people claiming things, which may or may not be true, but how is it possible they never materialise in the real world? How many secret viruses and vulnerabilities does Windows have? Or has everyone been distracted by the million or so out in your face viruses, trojans and security breaches Windows has to offer? If it is the tip of the iceberg that you claim for OSX, Windows must have billions of violations.
rubaiyat 5 December 2010	Look what I found in 5 seconds: http://www.buzzle.com/articles/yowie-man-or-beast.html http://www.convictcreations.com/animals/yowie.htm http://www.crikey.com.au/2009/04/24/gongs-for-herald-suns-over-eager-eulogising-and-a-yowie-expert/ http://www.sfgate.com/cgi-bin/blogs/pets/detail?entry_id=45672 http://www.youtube.com/watch?v=gSpKWzJIs4Y http://www.stuff.co.nz/oddstuff/4424792/Kiwi-adventurer-leads-Yeti-hunt http://www.google.com.au/search?client=safari&rls=en&q=loch+ness+monster+sightings&ie=UTF-8&oe=UTF-8&redir_esc=&ei=3xb7TOG8D4rxrQeYtLX6Bw How much do you need?
rubaiyat 5 December 2010	Now gone4good I don't want to bury my head in the sand, I can cast my eyes around me and see plenty who are already doing that. Don't stop so early in the hunt, you found an example of an Anti-Virus company reporting an OSX virus in 2006. Keep going. There must be much more to not just this, but the veritable writhing mass of virii swept under the carpet by the Mac community. Keep it comprehensive. Give me all the virii you find, working or non-working. Whilst you are at it, to keep this balanced, do the same for Windows. Be interesting to see the lists side by side.
gone4good 5 December 2010	Wow, three posts to respond! That's what I call dedication! If you take a look at that link above, it starts in 2006 and has details on virus threats since. There's lots of them, including exposure stats. But all of that is irrelevant. "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town," ` Charlie Miller That sums it up. He's a dedicated Mac user and started looking for holes because he was tired of Apple's spin. He's even documented all these holes to Apple, all of which they ignore. Even something as simple as DEP which has been around since XP SP1 has only been added to Mac in Snow Leopard. There's no denying that there are massive security threats to Windows based PCs. Everyone knows that and protects themselves from them. It's on over 90% of the world's computers so that makes it a pretty big target. Sure, Microsoft didn't help at all taking the early lead in head in the sand approach to security, but a LOT has changed since the release of Vista. In fact most exploits aren't found by hackers anymore but Microsoft employees. When the Windows 7 machine is the last to fall at DEFCON it gives a pretty good indication of how much things have changed. The issue here is that Mac users seem to have this misconception that their platform is unbreakable. That nothing can touch them. Even you, and you seem like an intelligent bloke, are beating the Apple propaganda machine on security, all while they are completely ignoring threats that are exposed to them. Whether you want to believe it or not, is your choice. But believe me, actually don't believe me. Believe the security experts that say the only thing protecting the Apple platform is a lack of market share.
rubaiyat 6 December 2010	In this oft repeated rationalisation, at what threshold does the Mac suddenly become vulnerable? 10% marketshare, 15%, 20%…? After 10 years, 15 years, 20 years…? I've been hearing this excuse from Windows users for 15 years. Given Apple's huge iOS marketshare why are we not seeing the same problem as Windows on the iPhone/iPad/iPod Touch? 7 billion downloads later, what does it take? I'm not denying that OSX could never possibly be under threat, I am simply asking for the evidence of actual real life executed threats. It's not like the hackers don't know where Apple lives and it is hardly a small target, just a smaller target. The Mac had viruses when it was an even smaller target in the Classic OS. So I simply do not buy the frankly ridiculous assertion that all the Mac haters just can't make the effort to put their money where their mouths are. PS I tracked down Miller's successful hack attack on a Macbook Air. It took a while to locate and even longer to digest what was there. It is hard to tell exactly the extent of the damage, which was achieved in the social attack I mentioned once before here, where the user was lead to a target website. I agree that it does not look good for Apple's security. The question is what has happened in the 2 1/2 years since then. Obviously the sky has not fallen in yet.
DJ... 28 December 2010	Ummmm... Both of "gone4good"'s references refer to the same guy and his one statement. Miller is an 'expert' that appears to be pushing his own barrow without any substantiation. He never explains why Windows, with countless thousands of security breaches every day, is more secure than MacOSX that has never been breached by a virus. Security breaches of MacOSX have been due to 'operator stupidity' and not due to any weakness in the OS. The old argument 'that MacOSX has only a small market share' doesn't cut it any more. There are millions of Macs out there and many people have offered considerable financial rewards to anyone who can hack a Mac but no-one has yet claimed the glory or the money. Even taking an 8% market share then simple maths would tell us that at least 8% of OS hacks should affect Macs because 8% of hackers would target the Mac. Or is the 'marketplace' of hackers different to the marketplace of computers? Even if only 1% of hackers attacked Macs, given there are thousands of Windows hacks, surely there would be at least a couple of hundred readily available hacks of the Mac on the 'Net. Perhaps the reason why not is that MacOSX is more secure than any version of Windows.