In comp.os.linux.advocacy, Rex Ballard
<rex.ballard@xxxxxxxxx>
wrote
on Tue, 15 Jul 2008 11:35:10 -0700 (PDT)
<3a7feffc-5662-4845-80f1-9f3c075d5b70@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>:
> On Jul 15, 9:56 pm, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Unpatched Windows PCs own3d in less than four minutes
>>
>> ,----[ Quote ]
>> | An unpatched PC is likely to last just four minutes on the internet before
>> | been attacked and compromised.
>> `----
>
> The part I found more interesting was the good advice
>
> Security experts advise using a NAT (network address translation
> router) and personal firewall before connecting systems to the net on
> anything outside sacrificial systems. This best practice can create
> tensions between management, who want new systems up and running as
> quickly as possible, and security admins.
>
> Put another way - Put A LINUX box in front of your PC to give it the
> protection it can't provide for itself.
Uh...not necessarily. NAT units with a Web interface
are mass-produced; Earthlink gives 'em away, for example.
I don't know what OS they use, though it very well could
be a variant of Linux. (The only other candidates would
be a variant of Windows CE, and something proprietary.)
Of course a spare PC might be a good candidate for a
firewall unit, though I wonder if software on the user's PC
(assuming such is needed) would be more efficient.
> The article didn't say
> whether Vista fared any better or worse, but given the article below,
> it sounds like the 4 minute survivor WAS Vista.
If one can call "h4x0rd in 4 minutes" surviving. ;-)
>
>> http://www.theregister.co.uk/2008/07/15/unpatched_pc_survival_drops/
>>
>> 4 minutes? How does one even connect to get patched up without getting
>> compromised first? Maybe that's why *most* Windows PCs will soon be zombies.
>> Maybe that's why Gates and many others fled the company,
>> making Frankenballmer the Zombie King.
> ROFL
A thought.
>
>
>> Related:
>>
>> How Long Does It Take To Catch A Computer Virus?
>>
>> ,----[ Quote ]
>> | Would you believe only 8 seconds?
>> |
>> | In fact, after only 8 seconds, the unsuspecting little rascal was
>> | undergoing the machine equivalent of being turned into a "Pod
>> | person from the planet Mars!" First, it was hit by Sasser, one of
>> | the fastest spreading worms on the Internet. Then it started
>> | downloading strange programs from mysterious internet addresses.
>> | Then it started looking for other machines to infect.
>> |
>> | Within five minutes, the little rapscallion was running so many
>> | malicious programs that it was running totally choked up and its
>> | CPU was 100% occupied performing virus-related tasks.
>> `----
>
> This article did specify that it was running a Windows XP machine.
>
> Now, anyone want a guess as to how many weeks or months a Linux
> desktop system will run before it's infected?
I could see (part of) a Linux system being infected
in 8 seconds...but that would require some unusual
circumstances; for starters, Wine+IE6 or Windows within
VmWare would have to be involved; one can also contemplate
honeypots.
Both notions, of course, stretch "infected" beyond
reasonable limits, as the virus caught in the honeypot
or infecting the WinE/VmWare is carefully contained and
easily neutralized.
>
> Several of our COLA posters show uptimes of several months. The
> uptime counter recycles to zero after something like 481 days.
12:46:50 up 199 days, 19:52, 1 user, load average: 0.00, 0.00, 0.00
for me. Granted, he doesn't do all that much. ;-)
>
> There are BSD server systems which don't have this recycle issue that
> can claim up-times of up to 5 YEARS when connected directly to the
> public internet.
>
> Usually, when a BSD or Linux server is rebooted, it's not because it's
> been hit by a virus, it's because it's time to upgrade the kernel.
>
> Remember, all of those Linksys, D-Link, and other Linux router and
> WiFi boxes, have been working for years without a successful attack.
> Usually, they are replaced because the owner wants the new faster
> WiFi.
>
> The fact that there are hundreds of millions of WiFi hubs and NAT
> routers powered by Linux, and NONE of them have been successfully
> comprimised, pretty much dispels the myth that Linux would be as
> vulnerable if there were more Linux devices out there.
>
>> http://www.informationweek.com/news/showArticle.jhtml?articleID=19700...
>
Indeed, and fair enough. I'd frankly have to research the
issue, but certainly one of the virtues of Linux is its
flexibility and relatively small footprint. Put a Linux
kernel in EEPROM on a singleboard computer, set up Apache
(or lighttpd), whatever else is needed (e.g. RAM and a
NIC or two), and presto: NAT box.
--
#191, ewill3@xxxxxxxxxxxxx
"640K ought to be enough for anybody."
- allegedly said by Bill Gates, 1981, but somebody had to make this up!
** Posted from http://www.teranews.com **
|
|
