SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Tech show lied.

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Sun Dec 16, 2007 3:22 am Reply with quoteBack to top

I cant remember the show but im sure some will.

It showed an unprotected windows xp based computer online for a few short minutes riddled by viruses.

So me did a little experiment which has just finished being scanned.

Windows xp sp2 *(updated) but no firewall or antivirus other than those supplied online 24 hours on virgin media 4mb/s cable

I did make a few dozen registry changes, and i did what belarc advisor suggested in way of admin name changes logs etc but no firewall / av

The poor box was attacked but the logs stopped recording after 16hours because all 120mb of log was full - but not a single virus or trojan

heres what it reads as

NOD32 scan - 0 infected files
Kaspersky - 0 infected files
Norton - Yea like i have that in my collection lol
McAfee - 0 infected files
CCleaner - 0 problems found
Regcleaner - 0 problems found
Hijack this - 0 unusual problems detected *2 warning unusual size of system log and security log

And that machine really wasnt protected, I only followed the belarc advisor security till it reached 8.33/10 (it would have been 10 had it had antivirus and firewall)

But that means windowx xp sp2 is more protected than people make out - well true and false, its true most people dont know how to use the really advanced local security policies, which can significantly reduce attacks, and false if someone really wanted access to a machine then nothing available today can stop them - no defence is 100%

Result - its worth getting belarc advisor and doing SOME of the suggestions, others do have warnings which i avoided as i wasnt sure if i did them that the machine would work but i guess others would do the same - if unsure leave it alone lol, but i was expecting to throw the machine anyway but it was a great test.

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
jxd
Master of Master Baiters


Joined: 09 Jul 2007
Posts: 756
Location: Altered by observation


PostPosted: Sun Dec 16, 2007 4:56 am Reply with quoteBack to top

Great stuff to know thanks! and a good reminder too.

I've got a firewall that shows intrusion attempts. It was in the thousands after just a week or two.

_________________
Welcome to 419eater.net "It's Dot Com!" Mortar x7

"I was brought up in a motherless babies home"

"I have the Consignment Code here with me which I will send to you and without this Code no Human Being can open that Box"

pony pony EmailParser pony pony
Ponies taste like cyanide and happiness.
View user's profileSend private message
Captain Oblivious
Wannabe Baiter


Joined: 18 Oct 2006
Posts: 87
Location: In an endless cornfield


PostPosted: Sun Dec 16, 2007 5:17 am Reply with quoteBack to top

You guys must be directly connected to your modem/router. My computer with wi-fi has a firewall that says 0 intrusions have been blocked, and it's been running since September-while another computer in the same house hooked up directly to the router has had almost 1000 intrusions blocked. Then again, I suppose if I didn't have a firewall, someone would have tried an intrusion, Murphy's law and whatnot. Rolling Eyes

_________________
Dear Captain Crunch, I verified the payment once again and the payment cannot be found.I took the payment slip to the western union office and i was held for 2hours because they thought i am impersonating. -James Hepp
You have been informed that you only have from now till Money, you are to send the money Via Western Union Money Transfer, that is your dead line of payment. Please take note. -James Lawrence
AND I DO NT WANT TO SEE THIS YOUR STUPID MAIL ANY MORE OR ELSE I WILL REPORT YOU TO THE F.B.I IN YOUR COUNTRY. USLESS THING -Thomas Akabike Robert, after one of his 13 trips to Moneygram
why most you ask again what do you go to western union to do, hope you are there to make a payment. -Shola Tan
DO NOT WRITE TO THIS OFFICE ANY LONGER.
We await your prompt response. -John Duke
View user's profileSend private message
rootuser
Elite Baiter


Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you


PostPosted: Sun Dec 16, 2007 5:24 am Reply with quoteBack to top

As long as you do regular updates, especially for the OS, but also updating other software (like Office, Adobe Reader, ...), you're quite safe.
Most exploits in the wild are for known vulnerabilities and thus only people who don't do the updates are attackable. Sometimes MS does take a bit long to fix problems, but usually it should be not too slow.
This also applies for other OSs, like Linux, if you don't patch, you're a potential target; although of course Windows still is the main target of those script-kiddies (yes, that's what they are, a real cracker simply isn't interested in our PCs and it's worthless data).

Also, using a host-based firewall is always praised as the solution to all problems. It isn't! Really! It might make you feel better when a window pops up telling you that somebody pings you (oh my god!!!), but pings, and not even port-scans, are evil in themselves.
It is much more important to have no services running that don't need to run. If there is nothing listening on your ports then a firewall will most likely only break the RFC-specified behavior by not sending proper ICMP-replies when a closed port is contacted.

All this said, there are a few cases where a host-based firewall might be useful, but I don't actually want to turn this post in a firewall-/security-tutorial.

@digital: Your PC was connected directly to the Internet or through a router? A router also gives extra security since it only forwards packages that are supposed to be for the client. That's either packages that have been requested by the client or packages that have to be forwarding based on certain criteria. The latter has to be set up manually, or sometimes automatically by some programs via UPNP.

If there are still questions I'll be ready and willing to do my best to explain further.
Of course after receiving a handling-charge and your bank details. Wink
View user's profileSend private messageVisit poster's websiteMSN MessengerSkype Name
scansum
Wannabe Baiter


Joined: 25 Nov 2007
Posts: 82
Location: In the depths and BEYOND!


PostPosted: Sun Dec 16, 2007 5:29 am Reply with quoteBack to top

OK, don't know the show, but know a few who have done similar as well as myself.
First lets differentiate, XP the original (totally unprotected) vs XP SP2 which has numerious fixes and the firewall turned on by default.
Making those reg changes also more than likely closed some holes.
(By default the administrator password is blank which is a BIG damned hole that was plugged)

From my own experience I done XP original and within seconds of being on the net (trying to get updates including SP2) I was being hammered with things that took advantage of the security holes.

XP SP2 is more secure, Undoubtedly.
BUT it still has alot of holes, you changing the default admin password would have plugged one of the biggest ones.
I'd be interested if you got the same results just with a pure XP SP2 install BUT with windows firewall turned off. I think you might get alot different results if you tried that.

_________________
Phishing sites killed : United States
Mugu sites killed : United Kingdom
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Sun Dec 16, 2007 11:51 am Reply with quoteBack to top

SP2 (I might be talking about SP1) plugged the Blaster hole. Before SP2 came on the installation disk you had to download it from Microsoft. In the time that it took to download you could guarentee that Blaster had got in. Kudos to Microsoft, (I don't write that very often;) the recent distributions of Windows don't appear to be quite that broken.

I don't think that your experiment was representitive though. The PCs that are destined to be pwned by bot-nets are the ones that are taken out of the shipping boxes and connected directly to the net without any configuration beyond what is absolutely necessary, and where the invariable response to "shall I let this application do X" is "yes, all the time and don't bother me again".

The problem is, that to secure those types of PCs, the OS has to be wrapped up so tight that it doesn't depend on the good sense, knowledge or interest of its user. That's fine for those users, but for power-users it is demeaning and a pain in the a***. It also <strike>gives Microsoft the opportunity</strike> makes it tricky to allow random free software to be run because one easy way to prevent dodgy programs is to ensure that all software executed is certified as safe. That costs more than private individuals can afford, while hardly inconvieniencing commercial producers.

There really are different markets, with different requirements. The danger is that in supplying the larger markets with safe PCs, we lose the economies of scale for the power and commercial users. We get a home PC that is safe for granny to use, but we have to pay much more for a PC that can run free/shareware software or can be used for software/webware development.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Ivor Grimey Colon
"Trophy slut"


Joined: 16 Jun 2005
Posts: 1338
Location: England


PostPosted: Sun Dec 16, 2007 12:37 pm Reply with quoteBack to top

Bearing in mind that not everyone on this forum is tech-savvy, it's probably not terribly responsible to try and prove that you don't get viruses whether or not you're running a firewall/AV. For instance, I don't run an AV since I'm on Linux, but that doesn't mean I'd tell other people not to, in case they don't understand why I don't need to.

My advice would always be to have a decent firewall (regardless of OS) and always run an AV (if on/connecting to Windows) along with any other measures you put in place. Also, contrary to popular belief, having Norton/McAfee/Kaspersky and similar anti-virus programs installed at once doesn't make you more protected than just having one. It can actually prevent any of them functioning effectively since they fight over memory reserved for AV programs.

Also, if you want to really protect yourself, DON'T log on as Administrator (that means any user with Administrator privileges) for everyday tasks. It's the simplest and most effective way to stop the majority of unwanted crap getting on your system.

_________________
Cellphone Mortar x25 Closed lad accounts x24 Pith Helmet Togo-Ghana "If i tell you that i am happy the way you are playing me i am a lier" - Uche Onwuka
"YOU ARE AN IDIOT AND SON OF A BITCH" - Barrister Melodie Bekee

"If your bait does not cause an ethics thread, you are not baiting hard enough." - YeaWhatever

Pimp My Number | A Donation a Day keeps Nurse Nasty at bay
View user's profileSend private messageYahoo Messenger
rootuser
Elite Baiter


Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you


PostPosted: Sun Dec 16, 2007 1:02 pm Reply with quoteBack to top

Well, I'm not saying everybody should switch off their firewall, I'm just saying that usually they are overrated for what they do.
View user's profileSend private messageVisit poster's websiteMSN MessengerSkype Name
Ivor Grimey Colon
"Trophy slut"


Joined: 16 Jun 2005
Posts: 1338
Location: England


PostPosted: Sun Dec 16, 2007 1:41 pm Reply with quoteBack to top

^^
I was more referring to the OP than your post rootuser (not that I'm having digs at people, just messages), I'm with you that having a firewall on your desk/laptop without one on/behind your router is a lot like fitting a lock to your door and leaving the door open.

_________________
Cellphone Mortar x25 Closed lad accounts x24 Pith Helmet Togo-Ghana "If i tell you that i am happy the way you are playing me i am a lier" - Uche Onwuka
"YOU ARE AN IDIOT AND SON OF A BITCH" - Barrister Melodie Bekee

"If your bait does not cause an ethics thread, you are not baiting hard enough." - YeaWhatever

Pimp My Number | A Donation a Day keeps Nurse Nasty at bay
View user's profileSend private messageYahoo Messenger
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Sun Dec 16, 2007 4:45 pm Reply with quoteBack to top

Yes i agree my experiment was flawed in many areas, but in my defence many do use the equipment shipped by the isp, so its fair i only used the bog standard connection to virgin.

The updates i did live online, my disk is genuine sp2 so many issues were already patched, but again this is a fair representation of how many fresh form the box updates would be done.

then i downloaded belarc advisor, and did as it recommended following only the step by step guide, and skipping any i didnt understand.

updates took 32 minutes - so no attacks in 32 minutes, which is still more than a "couple of minutes"

After 24 hours the machine was to all intents and purposes free of any CURRENTLY DETECTABLE virus/worms/trojans and malware.

You still need firewall and antivirus products, and some anti spyware too, but the experiment is reflective of what really happens to an unprotected box, remember the changes i made are only those available to windows users, so with those and a firewall and antivirus and a router your going to be really secure and less likely to be infected.

Ill rerun the experiment on the old box tonight with nothing changed (a really fair comparison)

EDIT: I should make it very clear i dont intend people not to use firewalls and antivirus they are as essential as the operating system is, i only mean to let people know theres more you can do too, and to also add the viruses are not as easy to get as people say.

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
lokie
Master Baiter


Joined: 30 Jun 2006
Posts: 123
Location: teh interweb


PostPosted: Sun Dec 16, 2007 11:06 pm Reply with quoteBack to top

I was one of the early closed beta testers for SP2 and it was clear during that year that Microsoft now understood security. Some of the early builds were somewhat temperamental, some had features that didn't make it, but it was clear they were taking it seriously.

So its nice to read after all this time that SP2 can hold its own long enough to pick up 2 years of updates, although that won't stop me from making sure that my current victim has the slipstream image upto date.

_________________
As always good luck with your bait.


Click here to support 419Eater.com
View user's profileSend private message
rootuser
Elite Baiter


Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you


PostPosted: Mon Dec 17, 2007 1:44 am Reply with quoteBack to top

@digital:
Problem with a firewall is that a common target of todays virii doesn't get protected. If you use your browser to surf to some evil site you can still get your sh..load of bad code, except your AV detects it. But the firewall, at least most firewalls, won't find anything suspicious here.

Well, don't want to go too much into detail.

@lokie:
It doesn't matter very much if MS understands security. The users have to understand the need for it.
I'm not somebody who loses a lot of good words about MS, but I do actually believe that they have some really qualified coders there.
The problem is that there is no user-education, and that some default-setting used to be quite disadvantageous, like Admin-users without password.

Many people like to install and try software, maybe they find it on the net or on a CD that came with a magazine (here in HK you sometimes see people give out CDs for free, I actually think might be a good way to spread a virus, because people love free stuff).
They need Admin-access to do that, so after a while they tend to do all their stuff as Admin.

On another forum I just had a user asking how to give his regular user root-permissions (Linux), permanently.

Of course security often is inconvenient for the user, but they simply have to be educated that this is necessary.

I've been working in a government back in Germany where most people at least understood the basic necessity why they can't have full permissions. But my last job by default gave them full permissions, although that was far from necessary.

I sometimes do some work as Admin, when it's absolutely unavoidable, but usually I work with a normal, restricted user and "use the force" only when I need to.

_________________
"..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."

United Kingdom (0.25 go to fake_buster)

Safari x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)

Mortar

pony pony
View user's profileSend private messageVisit poster's websiteMSN MessengerSkype Name
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Mon Dec 17, 2007 4:31 am Reply with quoteBack to top

@root im not surfing with the test box lol, i know that would fail my experiment its only "connected" to the internet which is what the show said a computer connected to the internet would "fall over in a few minutes" i think they quoted something like 20, well the box has now been connected 8 hours, and is showing still 31 of 31 (it began with 31) running processes.

Interestingly no one has yet tried a login, if they do ill have to shut the experiment down, at the end of the day im responsible for leaving it unsecure so i cant allow it to cause any harm, but just running and being connected it doesnt appear to be infected, obviously ive logged in here using my own machine which is much more secure.

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Tue Dec 18, 2007 9:02 am Reply with quoteBack to top

24 hours later, its picked up 1 worm.

No one tried to login.


Results now available:

A totally unprotected box connected to the internet with 0 changes will become infected just by being connected alone over time.

If you are in a situation where you get a box from a manu then you probably have enough time to download free AV/Firewall and do the updates before it gets attacked*

* this is based on it taking nearly 15 hours online totally unprotected, this time is probably flexible and luck comes into play.

Conclusion: The tech show lied still, the box wasnt riddled with viruses it took nearly 15 hours for it to be infected, but it does show you can be infected just by having it connected to the internet without using it.

Advice: I think the belarc advisor plugs enough holes to get your updates completed and your latest av definitions etc, so hopefully people wont be panicing as much - you do of course need a firewall/av but as long as you take those basic steps for now your going to be fine Smile

Tomorrow i dont know some idiot out there will create something again but today its kinda ok as long as you take the basic precautions your gonna be fine Smile

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT