Surfing the Web has never been more risky. Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.
Unprotected PCs can be hijacked in minutes
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
“From Sept. 10 to Sept. 25, online intruders made 305,922 attempts to break into six computers connected to the Internet via broadband DSL. Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. No other machines were breached.”
The total attacks on the OSX machine equaled those on the XP machines, yet there were no breaches. I hope this finally silences the people who think Microsoft OS’s are breached simply because they are attacked more frequently. They aren’t. They are breached because they are more vulnerable. Period.
and “has never been” is misleading….
back when i first found out about firewalls (several years ago) you could connect and not go in irc… not surf the web… do nothing but sit there and get hit by random port scans, dos attempts, hack attempts if they found anything open, trojan port scans, etc etc etc
yes, many new flaws have been found since that time… but many have also been closed up…
and its unknown how many holes that at the time hadnt beeen discovered by the white hats already had by the black hats…
all in all the risk level is about the same now as it was then
“The total attacks on the OSX machine equaled those on the XP machines, yet there were no breaches.”
That is because most attacks are people doing automated scans looking for insecure Windows machines. Those scans cover millions of computers.
“I hope this finally silences the people who think Microsoft OS’s are breached simply because they are attacked more frequently. They aren’t.”
If the ‘attack’ is designed for a different OS, it hardly counts as an attack. I’d expect the amount of OSX targetted attacks were around zero. The article is quite misleading in this way.
This does not mean OSX is less secure, just that there are few people actively attacking it, so it’s really an unknown at the moment.
The real reason the OSX boxes are not hacked is because, unlike the Windows boxes, they have no (ZERO) services/ports running/open by default. It doesn’t get any more secure than that.
With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?
Plenty of people on a daily basis. My phone doesn’t stop ringing which is fine by me.
Even after I set up a firewall, firefox, adware for my windows clients, they often disable the firewall because it asks them whether they want to allow a connection the first time an app makes an outgoing connection.
And they often refuse to use firefox because it isn’t IE. Go figure.
A good chuck of the reasonable ones,the ones willing to learn something new, I have successfully migrated to Linux.
how few attacks there are against the linux box? Curiously, at this moment the Linspire installation seems the safest of the three.
“Even after I set up a firewall, firefox, adware for my windows clients, they often disable the firewall because it asks them whether they want to allow a connection the first time an app makes an outgoing connection”
For the TRULY paranoid, would it not be best to simply run off a Live CD when going online?
recently i did a fresh install of windows xp (reformatting the hard drive, reinstalling all software, etc). stupidly, i setup my internet connection before installing my firewall and antivirus software. within a few minutes of going online to windows update the pc was unusable.
i was lucky, in a sense, because i was starting from nothing so it was a simple matter of reformatting the hard drive and reinstalling windows. i had no data to lose as it was already backed up.
Linux is safer?
Statistics say that, the machine stayed safely doing it’s job.
“With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?”
Yea as a matter of fact I do.
At my work we have a mixed enviroment. Windows NT4, 2000, Xp & MacOS9 & X.
Last year somebody took control of every windows pc we had.
Jerk even installed remote software on one of ours so he could move the mouse.
After we came back from the weekend, we spent a couple hours undoing his BS, & trace’d it back to his isp in Portugal.
After that, I was able to convince my boss to finally dedicate time & $ to a real firewall & intrusion detection.
Since then we haven’t had any problems execpt the typical windows virus.
I hate having a firewall in Windows! Nothing actually beats having a DSL modem/router combo with firewall enabled by default and you’re on an internal network (this is quite safe), or I could stand ipfw, which is also nice and unitrusive, but Zone Alaram – this is one wacky piece of software. For people whose time doesn’t cost anything it provides statistics for every random ping that occured. This is nonsense! One can gain SO MUCH more by studying HOW someone can break into his machine and just disabling all services than just know nothing with a firewall like that enabled shooting ‘HURRAH!!’ every time the firewall has intercepted an ICMP request. Besides, there was news about Windows firewalls being disabled with a sophisticated flood attack. Oh well.
I wonder how much “protection” is provided by being behind a NAT gateway (with not other explicit firewalling but no explicit holes either).
“It doesn’t get any more secure than that.”
Well, you’ll assuming that the network stack, drivers and hardware aren’t buggy either.
I’ve had the same experience. If I try to install XP on an unprotected machine that’s connected to my cable provider, the machine will be successfully attacked before the install completes.
>>That is because most attacks are people doing automated scans looking for insecure Windows machines. Those scans cover millions of computers.<<
Not so. We’re not talking about OS specific viruses. The bad guys are scanning for open ports and insecure services running on anything. From the article:
“Break-in attempts began immediately and continued at a constant and high level: an average of 341 per hour against the Windows XP machine with no firewall or recent security patches, 339 per hour against the Apple Macintosh and 61 per hour against the Windows Small Business Server. Each was sold without an activated firewall.”
The breaches occurred in the Windows boxes because open ports and insecure services were detected running on those boxes. Not so with the other honeypots.
“With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?”
Yes, I do. My sister’s machine was functioning as a zombie scanning other machies for vunl.’s. From what I remember, nmap and python scripts were running on her box. Alsa, she never took my advice on reinstalling the OS’. Once compromised, all files are suspect.
The total attacks on the OSX machine equaled those on the XP machines, yet there were no breaches.
And if you read the Slashdot discussion, where some of the people responsible were posting, you’ll find that pretty much all of those were probes for *Windows specific vulnerabilities* against OS X’s Samba service (which isn’t actually on by default, but was enabled).
I hope this finally silences the people who think Microsoft OS’s are breached simply because they are attacked more frequently. They aren’t. They are breached because they are more vulnerable. Period.
No amount of attempts to exploit Samba using a Windows specific vulnerability are going to succeed. Therefore, their logging such attempts as “attacks” – without doing the same for similarly irrelevant attacks on other platforms is at best meaningless and at worst deceptive. It’s like calling attempts to exploit, say, an NFS bug against a Windows machine an “attack”, even though Windows has no NFS capabilities without additional software.
Basically, their method was fundamentally flawed. They either need to count _every_ “attack” – as detected on an independant machine running, say, Snort – as an “attack”, or they need to _consistently_ filter out any attacks that aren’t relevant to the platform being “tested”. Counting some probes as “attacks” when the machines being probed are inherently invulnerable, but not others effectively renders all the results meaningless.
Automated attacks on open ports. Sorry to disappoint some folks. Windows/Samba shares can be infected by a virus or compromized. Apple has taken the time to either disable or secure the service for a local network.
Secure by default should be a right not a privilege.
I wonder how much “protection” is provided by being behind a NAT gateway (with not other explicit firewalling but no explicit holes either).
Assuming you’re just an Average Joe and not someone likely to be specifically and intensively targeted by crackers, almost 100%.
I’ve personally repaired three zombie machines in the last 4 months. All were windows machines, but not all were the same windows OS. Yeah, I know that they are functionally the same as far as their ease of use and ability to secure. I still don’t think that’s the rub though. I have two of the same OS’s I’ve came across, as zombies, running on my own machines without issue. It all boils down to how knowledgeable you are about computers and treat them as more than just an appliance. Every zombie machine I repaired belonged to an AOLer (Amateur On Line).
None of the users I helped had any idea about spyware, firewalls, antivirus programs, or did any windows updates, and all were on broadband connections. I liken these people to those that think that they don’t need to do a tune up, check the brakes, tires, fluids, or oil change on their cars and can’t figure out why they broke down on the side of the road. They think as long as it has gas, it should work. (Or in this case, as long as they have an internet connection, it should work).
Of the three I repaired, two had well over 70 viruses combined, mostly trojan horses.
Mac and Linux boxes don’t seem to have the same kind of problems, partially due to their design, but also it has to do with the number of knowledgeable users that are behind the screen of these machines.
I’d say the best protection for Windows users is a hardware firewall (NAT gateway).
Also, I confirm that Windows XP SP1 machine while connected to high-speed Internet gets infected with spyware/adware/viruses in minutes (with NAV2004 running, but no additional protection). I’ve switched to Linux since then.
I think the article really needs to make its methodology a little clearer. What does it count as an ‘attack’? As it stands, the massive discrepancy between the count of ‘attacks’ on OS X and Linspire is curious and hard to explain; it may have something to do with the default firewall on the Linspire machine. Maybe they don’t count probes blocked by the firewall as ‘attacks’?
I work for a cableco here in Vancouver. Spoke to a technician today hooking a broadband connection up directly to a – get this – Windows 95 machine. No firewall, hardware or software. Anyone taking bets on how long before THAT one gets cracked?
Also, I confirm that Windows XP SP1 machine while connected to high-speed Internet gets infected with spyware/adware/viruses in minutes (with NAV2004 running, but no additional protection).
Did you consider doing something that might actually be effective – like maybe turning on the builtin firewall ?
well, something I would like to ask :
I’m running OS X with the NetBarrier firewall. I’ve only activated the port I really use (web, mail, ftp client…) and blocked the others. If I take a look in the log, I can see there’s a ton of people who try to connect to Samba here. What does that means ? Is these guys are looking for a way to enter or it’s just a ‘normal’ internet traffic ?
(most of this seems to come from the same provider than me..)
If I take a look in the log, I can see there’s a ton of people who try to connect to Samba here. What does that means ? Is these guys are looking for a way to enter or it’s just a ‘normal’ internet traffic ?
These days, both – it’s people looking to connect and that *is* “normal internet traffic
.
ok, thanks
I wonder how much “protection” is provided by being behind a NAT gateway (with not other explicit firewalling but no explicit holes either).
“It doesn’t get any more secure than that.”
At home I have several machines behind a Linksys broadband router. When I look at the FileZilla log on my FTP server (which is not exposed to the internet – it only gets exposed across the VPN when I am connected to the office) I see that it is under continuous attack. The IP addresses are usually unreachable.
I have run all the spyware and anti-virus software to ensure that there are no backdoor programs on the workstation (XP with SP2). It happens even when it is the only machine on the network. The Linksys router is configured to be invisible to the internet, I don’t use the default addresses (192.168.0.X), the workstation is not in the DMZ, and there is no port forwarding to the workstation.
I do not get warm and fuzzy feelings from running behind a NAT server, which should be invisible to the internet, but it is not. It is as secure as not using the NAT server at all.
Just installed FC3 w/ firewall and SELinux defaults. I feel secure. Am I?
At home I have several machines behind a Linksys broadband router. When I look at the FileZilla log on my FTP server (which is not exposed to the internet – it only gets exposed across the VPN when I am connected to the office) I see that it is under continuous attack. The IP addresses are usually unreachable.
Where are you seeing these attacks logged ?
I do not get warm and fuzzy feelings from running behind a NAT server, which should be invisible to the internet, but it is not. It is as secure as not using the NAT server at all.
Well, there’s something funny going on. Either your NAT device or your ISP’s upstream router is misconfigured, or you’re misinterpreting your logs.
if I run nmap and scan my pc, and no ports are open, does that mean that my pc is secure? just curious.. been wondering about this for a while.
Personally, I went from a Linksys router (BEFSR41v2) to a old machine (K6-2 450, 128MB RAM) running SmoothWall Linux and I feel significantly safer. However, I still periodically check for updates in case somebody found a vulnerability in the software… In my opinion, security is a pro-active thing. You just can’t do nothing and hope everything will stay fine forever.
After going through a box at work I can tell you it takes under 2 minutes to run a sasser exploit and install an ftp server.
I know, Iknow, it’s one of those things you just have to see, so here it is then:
(000014) 11/21/2004 22:58:55 PM – (not logged in) (81.169.181.250)> Connected, sending welcome message…
(000014) 11/21/2004 22:58:55 PM – (not logged in) (81.169.181.250)> 220 this is a private server and your access attempt has been logged…
(000014) 11/21/2004 22:58:55 PM – (not logged in) (81.169.181.250)> USER anonymous
(000014) 11/21/2004 22:58:55 PM – (not logged in) (81.169.181.250)> 331 Password required for anonymous
(000014) 11/21/2004 22:58:56 PM – (not logged in) (81.169.181.250)> PASS [email protected]
(000014) 11/21/2004 22:58:56 PM – (not logged in) (81.169.181.250)> 530 Login or password incorrect!
(000014) 11/21/2004 22:58:56 PM – (not logged in) (81.169.181.250)> disconnected.
(000015) 11/22/2004 2:44:10 AM – (not logged in) (202.85.152.24)> Connected, sending welcome message…
(000015) 11/22/2004 2:44:10 AM – (not logged in) (202.85.152.24)> 220 this is a private server and your access attempt has been logged…
(000015) 11/22/2004 2:44:10 AM – (not logged in) (202.85.152.24)> USER anonymous
(000015) 11/22/2004 2:44:10 AM – (not logged in) (202.85.152.24)> 331 Password required for anonymous
(000015) 11/22/2004 2:44:11 AM – (not logged in) (202.85.152.24)> PASS [email protected]
(000015) 11/22/2004 2:44:11 AM – (not logged in) (202.85.152.24)> 530 Login or password incorrect!
(000015) 11/22/2004 2:44:11 AM – (not logged in) (202.85.152.24)> disconnected.
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> Connected, sending welcome message…
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> 220 this is a private server and your access attempt has been logged…
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> USER anonymous
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> 331 Password required for anonymous
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> PASS [email protected]
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> 530 Login or password incorrect!
(000016) 11/22/2004 22:11:18 PM – (not logged in) (82.55.209.187)> disconnected.
(000017) 11/23/2004 0:29:05 AM – (not logged in) (69.140.73.183)> Connected, sending welcome message…
(000017) 11/23/2004 0:29:05 AM – (not logged in) (69.140.73.183)> 220 this is a private server and your access attempt has been logged…
(000017) 11/23/2004 0:29:05 AM – (not logged in) (69.140.73.183)> disconnected.
(000018) 11/23/2004 0:43:52 AM – (not logged in) (198.64.140.152)> Connected, sending welcome message…
(000018) 11/23/2004 0:43:52 AM – (not logged in) (198.64.140.152)> 220 this is a private server and your access attempt has been logged…
(000018) 11/23/2004 0:43:52 AM – (not logged in) (198.64.140.152)> disconnected.
(000019) 11/23/2004 0:45:59 AM – (not logged in) (198.64.140.152)> Connected, sending welcome message…
(000019) 11/23/2004 0:45:59 AM – (not logged in) (198.64.140.152)> 220 this is a private server and your access attempt has been logged…
(000019) 11/23/2004 0:45:59 AM – (not logged in) (198.64.140.152)> disconnected.
(000020) 11/23/2004 0:49:22 AM – (not logged in) (198.64.140.152)> Connected, sending welcome message…
(000020) 11/23/2004 0:49:22 AM – (not logged in) (198.64.140.152)> 220 this is a private server and your access attempt has been logged…
(000020) 11/23/2004 0:49:22 AM – (not logged in) (198.64.140.152)> disconnected.
How could I possibly have misinterpetted events that are not supposed to happen?!?!?
Again, this is behind a Linksys Cable/DSL router, with no port forwarding to this machine nor is it in the DMZ. This happens when it is the only machine running on the network, and the machine has been scanned for spyware and viruses.
The total attacks on the OSX machine equaled those on the XP machines, yet there were no breaches. I hope this finally silences the people who think Microsoft OS’s are breached simply because they are attacked more frequently. They aren’t. They are breached because they are more vulnerable. Period.
You need to draw a line between theory and practice and practice does not support your theory because yours ignores the testing circumstances.
The reality is that these attacks take place, and apparently ‘OSX attacks’ are not common. In this reality, which is how the Internet is for average consumers, the headline ‘Unprotected PCs can be hijacked in minutes’ is true although the term ‘PC’ is not very specific.
That doesn’t say anything about OSX or Windows its (standard) security though. It says something about the likeliness of being compromised by bots or otherwise automatic attacks when no security pre-cautions are taken beyond the default. Although that statement is not entirely correct, because in the timeline, one could have manually attacked [Windows or OSX or whatever] as well.
The study is useful though, for 2 reasons:
1) It shows Windows PC users need to take more security precautions than normally. Great, good thing to point out. The less zombies the better.
2) It shows alternative platforms are in practice less vulnerable to bots or otherwise automatic attacks. Thats good for diversity and lowers #1 otherise.
Just installed FC3 w/ firewall and SELinux defaults. I feel secure. Am I?
It’s not impenetrable, but you’re probably several orders of magnitude safer than most internet users. Most attacks are automated and specifically target Windows users (you’re safe there).
A firewall and SELinux can’t protect you from everything, though; if you want security you’ll still have to keep everything up to date and be careful about other things (if you have a wireless network, please use WEP, at the very least). As long as you don’t develop a false sense of security and slip into complacency, you should be (comparatively) fine.
If you’re truly paranoid though, you may want to step it up a bit, perhaps check this out:
http://www.seifried.org/lasg/
A modern computer makes no real distinction between instructions and data.If a processor can be fed instructions when it should be seeing data,it will happily go about executing the passed instructions.This characteristic makes system exploitation possible.This isn’t exclusiv to win32 machines.
My LAN consists mainly of Linux workstations and a linux / gateway / everthing-else-bar-the-kitchen-sink server which is connected to an ADSL router. I have configured iptables by just modifying the good ol dialup modem setup everybody always refers to (ie. no incoming traffic allowed at all, unless LAN user initiates connection.. etc…).
I have 0 services open to the Internet, and according to grc.com I am completely “stealthed”, and I cannot even ping my dynamic IP from a remote internet site, can I rest eas(y)/(ier)?
I have 0 services open to the Internet, and according to grc.com I am completely “stealthed”, and I cannot even ping my dynamic IP from a remote internet site, can I rest eas(y)/(ier)?
I went a little further and placed a transparant OpenBSD bridging firewall in a DMZ.All traffic gets past the BSD box without ever knowing.Furthermore i altered iptables to block all traffic both inbound and outbound by default.Then the only outbound traffic which is needed is tollerated.UDP to port 53
on the perimeter firewall and nothing else,the rest:http,https,ftp,pop3,smtp.I quess it’s now only a matter of keeping up2date and carefully select and install the apps which are really needed and filter all garbage out.
I run my network without WEP, but my accesspoint/router isn’t going to let anything connect to it if it doesn’t have one of the two MAC addresses I specified for my two laptops. How safe is that? Can a hacker get my network cards’ MAC addresses in a different way than actually being in front of my pcs and checking it himself?
“With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?”
Hmmm… Do my 3 roommates’ systems count? One was 98 ( I know, don’t tell me ) and the other 2 guys were XP. Mine didn’t get hit because I locked them down a bit more. The guy on 98 was rebuilt with 2k and separate admin and user accounts. He bitched so much about having to type in the admin password to install stuff I just set him up as an admin. At least his system is set to auto patch. Still, some people just don’t learn…
“With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?”
Funny… try to find something called “KAHT II” and try it with a unpatched win2K, and you’ll see what a take over is… Or perhaps can you give us you’re ip
Seriously, there is many way to get into a machine, most of them use simple technics (like buffer overflow) and when a virus is using one, you can be sure the technics was well known month before, and used for less visible tasks.
I believe getting MAC addresses is fairly trivial, you can simply snoop the raw wireless transmissions and extract them from that. MAC filtering is a good thing and so is WEP; a combination of the two is much better. A combination of WPA and MAC filtering is doubleplusgood.
Windows Small Business has fully stealthed firewall
as default . It is not sold without an activate firewall.
Draw the necessary conclusion.
If you are running windows.
Thanks for the info.. Thats what I did a few moments ago..set up my network with MAC restriction, designated IP and 128bit WEP. I could’ve gone with WPA, but one of my laptops has an older Dlink pcmcia card which doesn’t support that, so I had to use WEP.
Does my current setup sound safe enough against the impatient hacker?
A combination of WPA and MAC filtering is doubleplusgood.
Call me stupid but… what is the difference between WEP and WPA? To me, WPA is Windows Product Activation…
if I run nmap and scan my pc, and no ports are open, does that mean that my pc is secure? just curious.. been wondering about this for a while.
A) Best way is IMO to understand your firewall rules and use an authentic netstat, lsof (the latter is a great application, check it out). B) You could use Nmap from a remote computer, eventually as support for your findings in A, provided that 1) this is legal and/or you are allowed to do this (ISPs, its illegal in some countries to portscan) 2) you trust every provider to not mangle traffic between the 2 computers, given you generate traffic 3) you do not have explicit firewall rules for the IP address you use to scan (ie. no discriminatory rules which match this IP address) 4) this traffic gets through the same firewall as your one (and presumably only) WAN interface 5) don’t forget there’s more than IPv4, which Nmap may support, too.
I have an amd64 FC1 server that went online beginning of October. Due to my own newbie incompetence this server was online for nearly 2 weeks with the firewall configured such that the adsl link to the internet was a “trusted device”! That means the only thing that prevented this server from getting rooted was the password and closed ports! The security log for that period of time shows thousands of ssh login attempts from all around the world, but mostly from Asia (Korea and Taiwan primarily), on many different ports. The login attempts were mostly as “root” although many were as “admin”. As well, many different common names were tried. Nothing got in. But this Linux server was attacked relentlessly. So I don’t buy the Microsoft specific attack argument. The bad guys are trying to get control of any computer they can and it’s just a whole lot easier for them to root a windows box. IMHO anyway.
http://www.webopedia.com/TERM/W/WPA.html
Ah, I see. I am going to check if this is supported by my WAP… Thanks.
With all this fear mongering about the dramatic “the hacker can take over your computer!!!!” bullshit, does anyone here personally know anybody who has their “computer taken over”?
Aside from my issues of attacks behind my Linksys router (which is not a firewall), I just spent a couple of hours helping my brother over the phone this afternoon. He just connected his Windows 98 machine to the internet, all excited about getting cable modem access. It seems his machine just slowed down and things weren’t working right. In the end, we found that his machine was loaded with viruses and trojan horses. Takes the fun out of getting connected to the internet, now doesn’t it?
I always thought it was an exaggeration about how quickly Windows machines are compromised when they are exposed to the internet, but now I know better…
against the impatient hacker, yeah, you’re safe enough. Especially since there’s probably two or three people nearby with completely unsecured networks (I can see two other wireless networks from my house, both with no security whatsoever). However, if someone remotely clued had a grudge against you for whatever reason, they could probably hack in if they could park outside your house unnoticed for a couple of hours.
The bad guys are trying to get control of any computer they can and it’s just a whole lot easier for them to root a windows box. IMHO anyway.
Not really. There is a difference between
* Automated attacks (bots, worms)
* Scriptkiddies
* Crackers.
The former and the 2nd are much alike (they want mass infection) but the 2nd group have actual interaction which is why they’re different. Scriptkids who’d like to deface don’t target your home computer but those who’d like to spam, DDoS would. The latter are -in general- not interested in home computers.
My point is that, if you manage to secure yourself from these mass attacks, you are more or less safe. A so-called ‘0-day’ in software you use can me minimized by futher security measures, but for a home user the likeliness of that is negligible.
Wrong conclusions based on bias.
1) It shows Windows PC users need to take more security precautions than normally.
Wrong! It shows that a user of any OS that does not enable firewall by the default (refresh your memory with when Red Hat Desktop started enabling firewall)- that user must take more security precautions than normally. That precautions is: enable the damn firewall!
Wow! Rocket science!
Not so hard to do in Red Hat Desktop Linux (any version) and in Windows XP (any version).
Thanks to both finally their OSes now come with firewall is forced on the user, by default.
The less zombies the better.
True. If Red Hat Linux won desktop in 2000, you’d be having Linux zombies all over the world. Can you tell the class what “Ramen” is and how did it let itself into Linux boxes?
Also, what year it was? Also, what year XP (with firewall off by the default) was released?
It shows alternative platforms are in practice less vulnerable to bots or otherwise automatic attacks.
Wrong! It shows that any OS protected by the firewall (Linspire, XP SP2, fresh Linux distros) is less vulnerable to bots.
That is so breakthrough finding that it deserves USA Today article!
Thats good for diversity
Has nothing to do with the diversity. Has everything to do with the firewall enabled.
Proof: if there were no other desktop OS in the world, and if every OS were XP SP2, and if USA Today tested the only OS available (XP SP2) in its default configuration, how many successful breaches they would report? Answer: 0.
Meaning, in 100% monopolistic OS Universe the security of an OS protected by the firewall against remote attacks is the same as in the Universe with 100 different OSes, each firewalled.
Not hard to grasp that concept, unless you have some bias against some OS, somehow.:)
A NAT router (which is not a firewall), such as Linksys, is only a speed bump against anyone trying to hijack your workstation. I have done a little bit of homework to find that a NAT router using stateful inspection will be better protection, but can be bypassed. See http://www.nwfusion.com/net.worker/reviews/2002/0610revside.html.