It's a jungle out there
Jul. 1st, 2005 08:51 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
janestarzA story on Slashdot made me want to post this. Again. People, the internet is not a safe place. Your computer is continually in danger of becoming someone's ass-bitch. It could be used by hackers to hack into other people's unprotected servers and or computers. You could unknowingly spread viruses. All this, if you do not use protection.
From Slashdot:
The 12-minute Windows Heist
An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."
--------------------------------------------------------
And a few reader comments:
Took my machine exactly two minutes - by jerkychew
I love telling this story to people that ask why they should run Windows Update / run a firewall / get antitivirus, etc.:
I was at a client's site, and needed to do some testing on their backup DSL line. Since it was a backup meant to plug into the main firewall in case of an outage, the line had no firewall - It was wide open.
I had a laptop I had just rebuilt for an employee. Win2K, SP4*). Unpatched, no antivirus. I planned on jumping on the line for all of five minutes to do some quick IP testing, and I just didn't think about it being vulnerable.
So, I change the IP and plug into the DSL line. I'm plugged in no more than two minutes, and I get the damn "Windows is shutting down" dialog box. It reboots, and all hell breaks loose. Within those two minutes the damn machine had contracted the Blaster worm. I formatted and reloaded it to be safe, and learned a fun lesson that day. Good thing the laptop didn't have any important data on it.
*) Win2K SP4 = Windows 2000 with Service Pack 4 installed.
--------------------------------------------------------
The fifteen minute test... - by ktakki
I run a company that provides contract support and administration for small- to medium-sized businesses. We also do some work in the residential sector, but it's not our focus.
In order to test the malware-busting skills of new employees, I would routinely infect a test machine with adware and spyware. I had two methods, based on the two most common scenarios we've encountered:
1. Bored employee surfing pr0n and online casino sites or downloading free screensavers.
2. Teenaged child using P2P apps or browsing sites that offer song lyrics or buddy icons for IM apps.
I would use a stopwatch and time myself, stopping at 15 minutes. For Case 1, I'd search Google for "casino" or "sex" and hit those sites. For Case 2, I'd search for "lyrics" or "buddy icons" and hit the top ten or fifteen sites listed.
At no time did I ever click "yes" when prompted to install software.*) The point was to attract the "drive-by" malware, the ones that didn't put an entry in "Add/Remove Programs", the ones that were the hardest to remove (e.g., randomly named polymorphs, malware that sees if one tries to terminate the process or remove a registry key and re-installs, malware that prevents anti-spyware programs from running, etc.).
In fifteen minutes, I can infect an XP box with between 400 and 600 objects (by AdAware's count). That's the result of hitting between 10 and 15 sites. Often, that's enough to inflate the number of running processes from 30 or so to about 60. Pop-ups appear even if IE isn't explicitly running. Case 1 infections often leave the computer in an unusable state, and by unusable state I mean "tits and ass all over your screen".
I give a prospective employee two hours to disinfect the computer, though I do cut major slack if it takes longer but they've got the right attitude and methodology. If hired, I show them how to get this down to under an hour (AdAware, Spybot, UBCD, manual cleaning, etc.).
Malware removal is about 30% of our billable hours. Since our contracts with our clients call for a certain amount of hours of service and maintenance each quarter, bug hunting is a distraction from the real work of administration: keeping up to date with patches and software updates, implementing our infrastructure upgrade roadmap, and software support and training. In other words, nearly a third of the time we spend doing productive work for our clients is spent whacking malware that targets Windows PCs.
Finally, we do try to come to terms with the fact that sometimes this is a human resources problem and not a technological problem. In Case 1, Employee X should not be surfing pr0n or playing Texas Hold-em on the job. As contractors, we try to block certain sites at the firewall, though that's a game of whack-a-mole, and we encourage all workstations to have monitors that face a common area (knowing someone can randomly shoulder-surf you is a big deterrent). Case 2, the residential case, is more problematic, since the sites that install drive-by malware are pretty innocent (lyrics, IM buddy icons). Permissions/ACLs would help, but there are so many applications that need admin rights to run that it's a joke. I've steered a few residential customers towards Apple Mac Minis and iMacs and have had no complaints after the fact.
Bottom line: it's a fucking jungle out there.
*) Note: because clicking 'yes' when prompted to install software when just surfing by internet sites, is really the most stupid thing you can do. That will almost certainly install malware/viruses on your computer.
--------------------------------------------------------
I hope you all learned something today.
I always wonder the following: Windows isn't so stable that it can run forever. At one point, it needs a reinstall (with my machine on Win98 Second Edition and it being used daily, it took about a year for it to become unstable enough to require a reinstall). So when you reinstall, you have the clean package again. If you're lucky, you've bought the service packs in the store, they provide a little extra safety. But for your computer to be really safe, you need to have all critical upgrades installed, which you can download from the windows website.
Those poor people without a firewall will be infected as soon as they try to go there. How do you tell them? How do you make them see that it really is a jungle?
So, if you're reinstalling windows, make sure to have the service packs and a firewall on cdrom at hand. It will help.
Or go for linux.
From Slashdot:
The 12-minute Windows Heist
An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."
And a few reader comments:
Took my machine exactly two minutes - by jerkychew
I love telling this story to people that ask why they should run Windows Update / run a firewall / get antitivirus, etc.:
I was at a client's site, and needed to do some testing on their backup DSL line. Since it was a backup meant to plug into the main firewall in case of an outage, the line had no firewall - It was wide open.
I had a laptop I had just rebuilt for an employee. Win2K, SP4*). Unpatched, no antivirus. I planned on jumping on the line for all of five minutes to do some quick IP testing, and I just didn't think about it being vulnerable.
So, I change the IP and plug into the DSL line. I'm plugged in no more than two minutes, and I get the damn "Windows is shutting down" dialog box. It reboots, and all hell breaks loose. Within those two minutes the damn machine had contracted the Blaster worm. I formatted and reloaded it to be safe, and learned a fun lesson that day. Good thing the laptop didn't have any important data on it.
*) Win2K SP4 = Windows 2000 with Service Pack 4 installed.
The fifteen minute test... - by ktakki
I run a company that provides contract support and administration for small- to medium-sized businesses. We also do some work in the residential sector, but it's not our focus.
In order to test the malware-busting skills of new employees, I would routinely infect a test machine with adware and spyware. I had two methods, based on the two most common scenarios we've encountered:
1. Bored employee surfing pr0n and online casino sites or downloading free screensavers.
2. Teenaged child using P2P apps or browsing sites that offer song lyrics or buddy icons for IM apps.
I would use a stopwatch and time myself, stopping at 15 minutes. For Case 1, I'd search Google for "casino" or "sex" and hit those sites. For Case 2, I'd search for "lyrics" or "buddy icons" and hit the top ten or fifteen sites listed.
At no time did I ever click "yes" when prompted to install software.*) The point was to attract the "drive-by" malware, the ones that didn't put an entry in "Add/Remove Programs", the ones that were the hardest to remove (e.g., randomly named polymorphs, malware that sees if one tries to terminate the process or remove a registry key and re-installs, malware that prevents anti-spyware programs from running, etc.).
In fifteen minutes, I can infect an XP box with between 400 and 600 objects (by AdAware's count). That's the result of hitting between 10 and 15 sites. Often, that's enough to inflate the number of running processes from 30 or so to about 60. Pop-ups appear even if IE isn't explicitly running. Case 1 infections often leave the computer in an unusable state, and by unusable state I mean "tits and ass all over your screen".
I give a prospective employee two hours to disinfect the computer, though I do cut major slack if it takes longer but they've got the right attitude and methodology. If hired, I show them how to get this down to under an hour (AdAware, Spybot, UBCD, manual cleaning, etc.).
Malware removal is about 30% of our billable hours. Since our contracts with our clients call for a certain amount of hours of service and maintenance each quarter, bug hunting is a distraction from the real work of administration: keeping up to date with patches and software updates, implementing our infrastructure upgrade roadmap, and software support and training. In other words, nearly a third of the time we spend doing productive work for our clients is spent whacking malware that targets Windows PCs.
Finally, we do try to come to terms with the fact that sometimes this is a human resources problem and not a technological problem. In Case 1, Employee X should not be surfing pr0n or playing Texas Hold-em on the job. As contractors, we try to block certain sites at the firewall, though that's a game of whack-a-mole, and we encourage all workstations to have monitors that face a common area (knowing someone can randomly shoulder-surf you is a big deterrent). Case 2, the residential case, is more problematic, since the sites that install drive-by malware are pretty innocent (lyrics, IM buddy icons). Permissions/ACLs would help, but there are so many applications that need admin rights to run that it's a joke. I've steered a few residential customers towards Apple Mac Minis and iMacs and have had no complaints after the fact.
Bottom line: it's a fucking jungle out there.
*) Note: because clicking 'yes' when prompted to install software when just surfing by internet sites, is really the most stupid thing you can do. That will almost certainly install malware/viruses on your computer.
I hope you all learned something today.
I always wonder the following: Windows isn't so stable that it can run forever. At one point, it needs a reinstall (with my machine on Win98 Second Edition and it being used daily, it took about a year for it to become unstable enough to require a reinstall). So when you reinstall, you have the clean package again. If you're lucky, you've bought the service packs in the store, they provide a little extra safety. But for your computer to be really safe, you need to have all critical upgrades installed, which you can download from the windows website.
Those poor people without a firewall will be infected as soon as they try to go there. How do you tell them? How do you make them see that it really is a jungle?
So, if you're reinstalling windows, make sure to have the service packs and a firewall on cdrom at hand. It will help.
Or go for linux.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-07-01 12:36 am (UTC)And run the scans on weekly basis! And still things slip trought! I do not get it! What's the fun in this? Breaking computers of poeple you do not know or know. I hope all these things bounce back some how to therir own computers!
no subject
Date: 2005-07-01 02:01 am (UTC)no subject
Date: 2005-07-08 08:44 pm (UTC)