Tuesday, March 01, 2005

The Internet: A Rough Neighborhood

Listen ye well, fellow denizens of the blogosphere, for this tale of woe applies to thee:

:::::::: A Windows computer without the latest security patches is in big trouble.

That's the conclusion from a "honey pot" experiment conducted by StillSecure, a Louisville network security firm.

StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software.

The results show the Internet is a very rough place.

Over the course of a week, the machines were scanned a total of 46,255 times by computers around the world that crawl the Web looking for vulnerabilities in operating systems.

Let's do the math, shall we? 46,255 scans over 7 days. I won't bore you with all the iterations, but that comes down to 4.5 scans per minute. And remember, these computers were simply connected to the internet. They were not actively involved in any interaction beyond simply being connected. The article continues with a count of what inevitably comes after the scans: attacks. The machines were subjected to 4,892 directed attacks over that same time span using a variety of methods. What this demonstrates conclusively is that an unprotected computer sitting passively connected to the Internet is in extreme danger of being compromised.

The good news is that the updated variants of all the current operating systems resisted all of these attacks. The attacks may or may not have been automated and different systems got differing types and amounts of attacks. One of the more interesting items of note is that the out-of-the-box Red Hat Linux system didn't garner a single attack. The hackers knew better?

Here's the warning part of this story, however. The computer running Windows XP without the "SP2" upgrade applied was hit with 4,857 of those 4,892 attacks. It was infected with the Blaster and Sasser worms 18 minutes after being connected and, in an hour, had been infected with a program that turned it into an attack zombie launching denial-of-service attacks. All without having once sent or opened an e-mail and having never browsed a web page.

There are 2 morals to this story. First, protect your machine. Anti-virus, firewall, and anti-spyware software should be considered as indispensible as a power cord. Second, keep up to date with the patches. It's a pain sometimes, but it's critical. And remember, you're being a good Netizen, too, by keeping yourself protected. If your machine isn't compromised, it won't be compromising anyone else.