how vulnerable are you to hackers??

[dbarton]

I'm looking for realistic first hand actual knowledge. Please no scare info.

With all the press, I wonder just how vulnerable we all are to hackers. (crackers really, but for the masses, i'm using more common term)

Lets say I have a cable modem, with XP, and XP firewall. Updated anti virus, and don't run email attachements.

Can hackers/crackers actually get into my system without sending some kind of trojan I'd need to run?

Things like Back Orifice require a trojan/payload I assume.

The media would have us think we are all very vulnerable. With the above configuration, whats the real truth?

 

[lucky9]

i'd suggest a software firewall at least. windows isn't a great firewall. if you're on DSL or Cable a router is almost a requirement (and probably should be required by the cable co.) for safe use. and it's mandatory to keep windows updated!

 

[Mitzi]

My housekeeping tasking/good advice includes:

Update AntiVirus definitions nightly (as they become available)
Check WindowsUpdate site weekly
Full virus scan weekly
Defrag weekly
Spybot scan fortnightly
Regclean scan fortnightly
Don't open daft email attachments
Don't run IE/Outlook (I use Firebird/Thunderbird instead).

I don't run a software firewall as I'm behind a NAT router...yes, I know I'm not protected against outgoing traffic but I'm a firm believer that the above steps will eliminate most (all???) threats.

You have to remember that there are virus' around which don't need you to open an attachment/run an executable to get infected...the MSBlaster worm is a good example! It is vital to check WindowsUpdate regularly.

 

[drag]

Hmm... interesting question.

Yes crackers can break systems that don't have a pre-installed trojen or whatever.

For instance take a look at the DCOM vunerability that was built into windows. The worm is a automated program that seeks out this vunerability and breaks the software and inserts code into the memory of you machine enabling it to install itself onto your computer.

Now what if a cracker knew this before hand? Before LSD discovered it and told MS about it?

They could of crafted a program that would of done the exact same thing as the worm, but instead of being a generic program for every windows machine it would be customized for your computer making it much more effective. If a cracker knew about this before LSD he could of had free run of every Windows computer out there that was not secured behind a firewall.

Let me put this another way. Practicly all machines that were hit with the worm suffered from a lack of security. A human is 100x's more dangerous and harder to keep out.

A worm or virus is the most basic attack that could possibly be performed on a machine. And the easiest to counteract.

A dedicated attack by a expert is almost impossible to keep out using passive means like software firewalls or virus scanners. A hardcore professional --somebody who actually makes a living cracking computers-- will spend months and months studying every aspect of a computer/network system until they find that one weakness that will allow them in. Weither that weakness is human/hardware/software it doesn't matter. The only way to stop that is by having a equally knowledgable expert on your side.

People are paid sometimes hundreds of thousands of dollars sometimes to crack computers. And lots of times it's perfectly legal. Say you are in a large corporation and a VP is incharge of a critical business account worth millions of dollars. You buy the most secure custom peice of software and hardware possible to store info on. Something so secure not even the manufacturer could get the computer back under control without ruining your data, or maybe it is so top-secret you can't risk OEM'ing it. Corporate spys are everywhere.

Now that VP gets run over by a buss, and your locked out because only he had the password, memory only, and now he is dead. Or quit, Or sold out, Or in jail, Or got fired, Or whatever. Then you hire a professional hacker.

People like that are what you should worry about if you do security for a living. Viruses and worms are things of that nature are just nuiscenses. Now if you have a computer/network that was violated by a worm or a virus, then you've got some major problems if your lively hood depends on that information. A human attacker can get in and out probably unnoticed.

You know I am not trying to be all high and mighty or anything. Stuff happens, we are all humans. And to err is unavoidable. People will always make mistakes, weither it's windows, linux, unix, firewalls or whatever. Which is why crackers will always exist no matter what. Just remember when Software manufactures claime to have products that are hacker-proof... they are just blowing smoke up your you-know-what.

But this is just to answer your question.

The latest vunerability could allow any human to gain control of your computer. A cracker working your computer over has things like root kits (yes windows has root kits, win9x/NT wasn't complex enough to need root kits, there was no point. But w2k was enough so that some people actually created some.) That are so sophisticated that even the best virus scanners would not be able to detect it. (advanced root kits will actually sit between the kernel and the software of the OS and intercept system calls to mask it's identity from everything. Windows does not normally have tools advanced enough so that a knowledgable admin can detect it. A root kit is a trojan on steroids.)

Luckly most (95-99%) of what we have to worry about are rank amatures known as script kiddies. These little dorks think they are "hackers" because they can break a random computer out of 1000 using scripts created by more advanced people. A nice software firewall, or even better yet a physical router are enough to keep these jokers out.

PS. The only really good anti-virus software I can recomend with no hesitation is this

 

[lucky9]

too true
:wine:

 

[skyking]

The real truth? The media has it right this time. There are so many "helpful" protocols running by default in XP, conveniently tied to the OS by Remote Procedure Call (RPC), vulnerabilities will continue to crop up on an alarmingly routine basis. The issue is these RPC protocols cannot be messed with or disabled without crashing the OS.

Edit: A good software firewall is the best/cheapest solution, the built in one in XP is very weak in comparison.

 

[Barnaby W. Füi]

People are the weakest link, not software. Ignorant users will always be vulnerable.

 

[Mitzi]

Originally posted by: BingBongWongFooey
People are the weakest link, not software. Ignorant users will always be vulnerable.

I wouldn't say ignorant...I'd say uninformed and uneducated. Normal people just ain't aware that they need to patch their OS, software, games, drivers etc etc etc. Normal people buy a PC and software and expect it to work out of the box. Education is what's needed but whos' responsibility this is, I don't know.

 

[Barnaby W. Füi]

Originally posted by: Mitzi

Originally posted by: BingBongWongFooey
People are the weakest link, not software. Ignorant users will always be vulnerable.

I wouldn't say ignorant...I'd say uninformed and uneducated.

...That's pretty much the definition of ignorant.

But I agree with the rest of your post.

 

[lowtech1]

It isn't as bad as you think. Most bad a$$ hacker do not care about the average home user, because it doesn?t worth much bragging rights for the effort & time that they put in. However, patching your system is a good practice to keep out viruses/worm.

 

[drag]

Originally posted by: lowtech
It isn't as bad as you think. Most bad a$$ hacker do not care about the average home user, because it doesn?t worth much bragging rights for the effort & time that they put in. However, patching your system is a good practice to keep out viruses/worm.

Not unless it's conveinent for a high-end cracker to use your machine to probe from and launch attacks from. Therefore making it look like your the one doing the cracking, not him.... How many cable internet zombies does it take to launch a DOS attack to knock out a server?

edit: but your right. If you go thru ten percent of the effort needed to make a machine secure you make it 10x harder to break in. So it's easier to go after all those unprotected windows machines then try to circumvent/corrupt a household router/firewall.

 

[ITJunkie]

Originally posted by: BingBongWongFooey
People are the weakest link, not software. Ignorant users will always be vulnerable.

I agree though ignorant may sound harsh it is true none-the-less. Mitzi makes very good points as well. With that in mind however, MS could and should do a better job of securing their OS out of the box. Far too many services run wide open and the "normal" end user has no knowledge let alone cares about learning what those services mean/do. Yes, MS is pretty responsive to patching those flaws but there are still quite a few dial-up users out there who only get on long enough to check their email. Even with auto update on, some people aren't on long enough to complete the downloads.

In regards to the original question...I think it very important for "always on" connections have some type of firewall and antivirus in place and XP firewall isn't the way to go. Even the freeware version of Zone Alarm will give you better protection than the built in OS firewall.

Just my 2¢

 

[WobbleWobble]

Originally posted by: lucky9
i'd suggest a software firewall at least. windows isn't a great firewall. if you're on DSL or Cable a router is almost a requirement (and probably should be required by the cable co.) for safe use. and it's mandatory to keep windows updated!

Actually, Windows XP's firewall is just fine. It blocks all unrequested incoming requests, which is what other software firewalls do. It won't, however, block outgoing ports. But unless you have some trogans or something already in your system, you're fine from hackers.

But with software routers being cheap or free, it's hard to pass it up. It gives you more options than the built-in Windows XP firewall and more customizability.

I think I'm fairly safe.
- Behind a router
- Norton Internet Security
- Norton AntiVirus
- Always patching my system
- Never ran attachments (heck, I never get them)

I may be one of the few, but because most computer users are "ignorant", Windows should have automatic updates on by default and let the users turn it off. Most won't know it's there, let alone turn it off. It'll keep most of the old attacks at bay that way.

 

[dbarton]

So what I get from this conversation so far is that adding a hardware router as a firewall is much better than using XP's firewall. Am I correct?

These cost under $50 so seems easy to add one. Sugestions?

Also, opening one TCP and one UDP port for ruuning Edonkey or Overnet. Is that really asking for trouble?

 

[lowtech1]

Originally posted by: dbarton
So what I get from this conversation so far is that adding a hardware router as a firewall is much better than using XP's firewall. Am I correct?

These cost under $50 so seems easy to add one. Sugestions?

Also, opening one TCP and one UDP port for ruuning Edonkey or Overnet. Is that really asking for trouble?

Open a pin hole TCP/UDP for any service is relatively low risk compare to the use of Edonkey to down load (virus/trojans).

 

[lordex]

Originally posted by: Mitzi


I wouldn't say ignorant...I'd say uninformed and uneducated. Normal people just ain't aware that they need to patch their OS, software, games, drivers etc etc etc. Normal people buy a PC and software and expect it to work out of the box. Education is what's needed but whos' responsibility this is, I don't know.

I wouldn't call a regular user ignorant if he just forgets to keep updating the stuff, but for a system admin who doesn't vigrously check out all the security news/patches, I guess it's a bit too forgiving to just call it ignorant. :evil: (and BTW those admins who failed to do that *and* only start whining when their systems are hit are really pathetic)

 

[Electrode]

I think I'm quite safe.

1. Behind router.
2. Router is custom-designed, running only the latest version of OpenSSH and nothing else.
3. Web and FTP servers run in virtual machines.
4. I'm on the security mailing list for the Linux distro my web server runs, and apply all fixes the second I hear about them.
5. I keep my web browsers updated.
6. No windows machines.

 

[JustAnAverageGuy]

#6 being the most significant safety feature

 

[dbarton]

[q
Open a pin hole TCP/UDP for any service is relatively low risk compare to the use of Edonkey to down load (virus/trojans).[/quote]

Downloading mp3's is not an issue for virii.

 

[chsh1ca]

Originally posted by: BingBongWongFooey
People are the weakest link, not software. Ignorant users will always be vulnerable.

That implies that there will always be vulnerabilities. Factually speaking, that is an assumption, and your statement is factually wrong.

Conversely, I agree that ignorant users are a problem, however, I don't think taking the onus off of software developers to write properly secure software is the right step. A combination of geting developers to write proper secure software and user education would be ideal, however this system is impractical. The best we can hope for is 99% secure software.

99% secure software can be done, just look to Slackware and OpenBSD in default installs for examples. OBSD hadn't had a remotely exploitable vulnerability until the OpenSSH vulns in late 2002 (IIRC) came out (and that hit basically everyone who used OpenSSH), and I think Slack has had a similar record.

 

[GonzoDaGr8]

Originally posted by: dbarton
[q
Open a pin hole TCP/UDP for any service is relatively low risk compare to the use of Edonkey to down load (virus/trojans).

Downloading mp3's is not an issue for virii.[/quote]Big issue...Not too hard to rename a virus file/trojan to Britney_Spears.Mp3. Then you d/l it, open it thinking you are going to get Britney, Then BAM...Big o' virus time. Trust me I know. A friend d/l'd that stupid asss Kazaa onto my wifes machine and started d/l'ing all sorts of mp3.'s. One of those mp3s' happened to be the love virus. wiped out every single .jpeg off her system. I was pissed 'cause I had to fix it.

 

[Barnaby W. Füi]

Originally posted by: chsh1ca

Originally posted by: BingBongWongFooey
People are the weakest link, not software. Ignorant users will always be vulnerable.

That implies that there will always be vulnerabilities. Factually speaking, that is an assumption, and your statement is factually wrong.

I would love to think that someday software will be 100% secure, but that seems completely unrealistic to me.

Conversely, I agree that ignorant users are a problem, however, I don't think taking the onus off of software developers to write properly secure software is the right step. A combination of geting developers to write proper secure software and user education would be ideal, however this system is impractical. The best we can hope for is 99% secure software.

Definitely. People are a problem, but that doesn't mean you shouldn't try to make secure software as well.

99% secure software can be done, just look to Slackware and OpenBSD in default installs for examples. OBSD hadn't had a remotely exploitable vulnerability until the OpenSSH vulns in late 2002 (IIRC) came out (and that hit basically everyone who used OpenSSH), and I think Slack has had a similar record.

Dan Bernstein is a great source of inspiration when it comes to this issue. Much moreso to me than OpenBSD (although I do respect them, but djb has more of a prophet quality ).

 

[Nothinman]

One of those mp3s' happened to be the love virus. wiped out every single .jpeg off her system.

That's because it was a .mp3.vbs, she should have wondered why the icon was different from all the rest before running it.

 

[Mitzi]

Originally posted by: dbarton

Downloading mp3's is not an issue for virii.

FYI virii isn't a real word, the plural of virus is viruses..See Dictionary.com

vi·rus ( P ) Pronunciation Key (vrs)
n. pl. vi·rus·es

1.
1. Any of various simple submicroscopic parasites of plants, animals, and bacteria that often cause disease and that consist essentially of a core of RNA or DNA surrounded by a protein coat. Unable to replicate without a host cell, viruses are typically not considered living organisms.
2. A disease caused by a virus.
2. Something that poisons one's soul or mind: the pernicious virus of racism.
3. Computer Science. A computer virus.

 

[EeyoreX]

Downloading mp3's is not an issue for virii.

FYI virii isn't a real word, the plural of virus is viruses..See Dictionary.com

vi·rus ( P ) Pronunciation Key (vrs)
n. pl. vi·rus·es

1.
1. Any of various simple submicroscopic parasites of plants, animals, and bacteria that often cause disease and that consist essentially of a core of RNA or DNA surrounded by a protein coat. Unable to replicate without a host cell, viruses are typically not considered living organisms.
2. A disease caused by a virus.
2. Something that poisons one's soul or mind: the pernicious virus of racism.
3. Computer Science. A computer virus.

LOL Amen! (See my sig, for another "alternate" definition)

\Dan