The BBC's Honeypot PC

Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.

Well Duh!

[fluffy99]

So we've learned that putting an unprotected windows box on the internet is a bad idea - well duh! It probably doesn't help that they didn't bother with any updates, or turning on the firewall.

Impressing

[ackthpt]

I set up a friend's new computer and installed a firewall, before attaching to to internet for the first time and he was stunned how fast the log of probes filled up. He'd never used a firewall before on his old XP machine.

What bugs me is why there doesn't seem to be any decent coordinated effort to track the bots down and shut them down and to go after the perpetrators. Really, it doesn't seem that hard, it just seems like no government is interested in doing anything about it.

Re:And the moral of the story is.

[Rob T Firefly]

We're not the target audience. Average home users probably aren't reading /., but they just might be BBC readers. Good "welcome to the real Internet" articles need to get out into the mainstream more, and I don't mean the standard "OMG INTERNETS BE AFARIAD OF PRON AND PEDOS AND ID THIEVES AND VIRUSESES IT GOING TO KILL YOU ALLS" that modern "news" seems to favor.

Re:Well Duh!

[Anonymous Coward]

The thing is, users do this EVERY DAY. So it is an important excercise. People here on Slashdot may know how to keep themselves protected, but I talk to Windows users ALL THE TIME who have their computer sitting on a broadband connection with no idea how to protect it (no hardware firewall, no spyware protection, whatever virus protection was bundled with the machine [but likely not updated with the latest signatures]).

It's still a HUGE problem. So, maybe it's a no-brainer for you, but it isn't for the average user.

Sorry but...

[Maxo-Texas]

I have windows XP and a $19 dlink router (and a lynksys before that) and I have had *zero* problems in 24 months.

So okay- a naked machine may have an issue but this is really a non-issue if you spend an extra 20 bucks for an inexpensive router with a built in firewall.

How vulnerable Windows XP really is?

[KingGuru]

This doesn't really show how vulnerable Windows XP really is, it shows how often it is subject to attack. Since all these are (mostly at least) worms and automated attacks, that's not really different from looking at the logs on my Linux boxes, where, for instance, my apache server is quite often "attacked" by a worm looking for IIS vulnerabilities.
I like to bash MS as much as most people here, but this choice of words really misleading. True, never ever put an unpatched box un the Internet, especially if it's running some version of MS Windows, but this hasn't got that much to do with the security of an updated Windows installation.
Here at /. we all know to never put an unpatched box on-line, but it is interesting when more mainstream media put focus on that, no need to attack Microsoft in order to make this story interesting.

Re:Well Duh!

[jacquesm]

The BBC is not exactly known for being beginners at IT, they're the people that brought a lot of us (including me) into the age of personal computing with their BBC Micro Computer.

The thing they've tried to do here is to accurately simulate what the average home user will do, and see what the consequences would be.

It's like a 17 year old nude virgin visiting the octoberfest and expecting to come away 'unscathed', I give you that much. But anybody that buys one of those HP internet ready pc's with XP pre-installed that goes home and plugs in his / her machine is doing the exact same thing.

The instructions even tell you to connect all that stuff *before* switching on in simple-to-use IKEA style no words diagrams. Don't be too quick to judge the beeb, they're pretty good at what they do.

Re:And the moral of the story is.

[kosmosik]

Yeah I *love* Linksys routers. Especially the few that pop up in my PDA using "linksys" ESSID without any access restrictions. ;)

Re:better question...

[Danga]

Seems to me that the microsoft firewall should be light, nimble and ALWAYS ON.

I do believe that the default should be for the MS firewall to be on after installation, that would have saved problems for MANY inexperienced users whose windows boxes ended up getting owned within minutes of them connecting them to the internet. The MS firewall definitely seems to be light, nimble, and does a decent job but for users like me who prefer to use a software firewall that is more customizable (I like Kerio Personal Firewall myself) I would hope that "ALWAYS ON" means by default and not that it can NEVER be turned off or disabled.

Duh

[MeanMF]

Well...I can guarantee that if you put a Linux or OS X box on the Internet that it would be attacked by exactly the same things. What's the point of this again?

Not just Windows

[pavera]

I love linux, but alot of this stuff pretty much pertains to anything on the internet. Do you have a linux box on the public net with SSH open? I gaurantee you are getting more than 1000 attempted logins per day. This article talks about alot of "attempted" attacks, well my linux machines on the net get port scanned at least 10 times a day, any box that has ssh running on the default port is being dictionary attacked pretty much 24/7. Sure the linux boxes aren't being turned into zombies, and I'm not sending out boatloads of spam, but my apache servers get hit with IIS attacks regularly. Putting a box with open ports on the net gaurantees you will be attacked. It doesn't matter if its linux or windows.

The difference is with windows you will probably get hacked, with linux you at least have a fighting chance.

Re:Their 'unprotected'=flawed

[garcia]

I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.

You're obviously confused by the definition of "average home PC". The "average" home PC user doesn't do jack shit other than put the CD in the drive and click OK a bunch. Do you honestly believe that an "average" PC user is installing their OS with the cable unplugged? Do you honestly belive that the first thing that goes through their head is "Windows Update and Firewall!" No, it's "myspace++, AOL Instant Messenger++, MSN Messenger, Yahoo! Messenger, oooh porno+++++++++++++, mmmmmm porno."

Give me a break.

where are all the attacks coming from ..

[rs232]

"This is a pretty bogus test. Obviously they didn't install security updates before going about their business,", not already in use

"we installed an unprotected version of Windows XP Home configured like any domestic PC."

"made apparent by the fact that the system was vulnerable to viruses that came out over 3 years ago", not already in use

But these three year old attacks were still coming from other already infected machines on the Internet. Are all these infected machines running three year old software.

was Re:I have plenty of reasons to dislike Microsoft..

Re:I have plenty of reasons to dislike Microsoft..

[joe 155]

whilst I will take your point about updates I have found a problem simlar to this personally and I think that you judge them too harshly. When you have a computer which is band new the first thing you will do is connect to the internet. It would take a couple of hours to download the updates for XP up to this point, especially if your on an old service pack (I must admit I don't know if they now sell them with SP2 or not...), even if you get it with the newest service pack if your on a 128K connection a couple of hours to get a few hundered MB is pretty accurate.

During this time you might just leave it unsecured because that's what your addressing, you might be fully intending to get a good windows version of a firewall up and running, but think that you'll get the windows updates first. This is pretty realistic I think... So just how many viruses etc could you have before you can sort this out?

Also, I would say most people just don't update at all anyway... I know people who don't and then question what's going on. Seems like a fair test to me.

A Premium of Paying Vicitms

[demo9orgon]

Despite all the Microsoft apologists who will wring their hands and point out that certain things were not done in order to safety the Microsoft honeypot, the genuine service this article demonstrated is that people who turn on their new computer with its Microsoft operating system connected to the Internet are vulnerable to exploits which are automated and exist in abundance, ready to pounce upon current Microsoft operating systems.

Even if you're a master of Microsoft "anti-ware" solutions and tweaks, what happens when someone who isn't takes a few wrong turns with their OS? It's toast, or worse, enslaved and used as a resource the end-user is paying for.

I stopped using Microsoft operating systems to directly connect to the Internet nearly 10 years ago, when the sophistication of the exploits had developed to the point where it was no longer safe to use any Microsoft OS online. Since then it really hasn't gotten much better, has it?

I think it's a shame that the company with the fattest pockets can't be bothered to get it right yet still demands to be on every PC made.

Re:Their 'unprotected'=flawed

[evilviper]

So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall.

What part of "The machine was attacked within seconds of being connected to the Internet," did you not understand?

How quickly can you apply the latest service pack and all the patches to your fresh installation of Windows?

Over 2 years ago, I was hearing from several people that experienced exactly that... They were incredibly frustrated that their freshly-installed systems were being compromised before they could even download a software firewall, or install necessary patches. It's unbelivable what a horrible situation Windows home users are in. Without a hardware firewall, they don't even get a CHANCE to secure their systems before someone else takes over.

RTFA

[Anonymous Coward]

Damn... WTF is wrong with you people? Most of the people here can't seem to see beyond their own generally computer literate viewpoint. This article is really for your average user out there that doesn't apply the latest security patches or keep their virus scan software up-to-date. It's just stressing how many attacks your average PC undergoes when on the internet. Am I one of the only people that gets this?

Indeed, AC

[QuaintRealist]

All of the "well duh" folks miss the point. There are a lot of people out there with reinstall CDs for older machines. When their machine gets hit with malware, many of them "reload" windows and some of these head for Microsoft update.

The point is that they are too late - they're perfectly likely to get hit before update can protect them, and perfectly likely to get hit with something as bad as what they had before.

This really is a problem.

Re:Indeed, AC

[Mister Whirly]

And this is why they should be letting a professional set their stuff up. If you knew nothing about cars, would you try to put an engine together and then drop it in by yourself, or would you take it to a mechanic? Most people seem to understand that, why should it be different just because we are talking about computers? Nothing like having your system owned as a way to hammer this point home. I certainly don't take the crass view of "well they get what they deserved for being ignorant" - but how do you combat naiveté among people? Especially with a technical subject that most people's eyes just glaze over when you start talking patches and firewalls? I think most folks just figure they can save $100 by setting it up themselves....Big mistake....

where are all the attacks coming from ..

[rs232]

"Well...I can guarantee that if you put a Linux or OS X box on the Internet that it would be attacked by exactly the same things. What's the point of this again?"

The point is thet the Internet is infested with compromised Windows boxen. Ok, where are all the compromized Linux web servers. Assuming they are running Apache under Linux. According to Netcraft [netcraft.com] Apache usage is at roughly 980,00,000 while IIS is at 490,00,000. Why don't we see an equivalent number of compromised Linux servers.

Yet another mod troll .. Doh

was Re:Duh (Score:5, Interesting)

Re:Well Duh!

[hador_nyc]

My grandmother has no way of knowing she's supposed to be running a firewall, or going to get a Microsoft Security update before doing anything else. WE know these things, because we hang out on Slashdot, but they're not obvious to the rest of the world

(puts on his Smokey the Bear hat) Only you can prevent forrest... er I mean viruses.

Seriously, it's really up to us in the know to help our friends and family who aren't.

Re:Well Duh!

[jacquesm]

I highly doubt there's malice on the part of HP involved. It's just that the time between manufacturing and hitting the consumers home is more than long enough to go through several software updates. The real problem is that early XP had no default firewall 'on' out of the box, in order to upgrade it you have to be online (sometimes for quite a while) to download security updates, or alternatively you have to know what you're doing.

But honestly, I highly doubt many of the buyers of consumer grade hardware have a clue, and frankly I don't think they should have, it should just work.

Another major issue is people that revert to their original 'rescue' or 'recover' cd while still having the network plugged in. That's another potential source of lots of trouble. Older compaqs and some Toshiba machines had a recovery partition on the HD or a CD which essentially restored the machine to off-factory condition. No handy 'you've registered your product so we'll send you an upgrade to your os in the mail' policy, that would cost $.

Re:better question...

[Blakey Rat]

The firewall (which is pretty good) is on by default on any computer bought in the last 2 years. And older XP computers typically have a firewall installed (and turned on) by the company that sold it.

Sure, the user could turn it off, but-- guess what?-- it's THEIR COMPUTER. You can turn off the firewall on your Linux or OS X machine, also. That said, Windows XP SP2 will make your life a pain in the ass if you do run it with no firewall. There are constant system tray messages reading "your system is at risk."

Microsoft could prohibit people from turning off the software firewall at all, and THEN imagine the teeth-grinding on Slashdot! "Microsoft is controlling the computer I bought! From mom's basement I STAB AT THEE!!"

Could people please learn a teeny bit about Windows before posting crud like this? How about intelligently considering issues like this instead of always making them into a lose-lose for Microsoft? They're doing all they can to secure the system. Microsoft has NO control over what people install on their own computers, nor do they have any control over what the computer maker puts on them.

Re:Well Duh!

[geoffspear]

Please shut off your computer until you can prove to me you have a PhD in Computer Science and have personally designed a computer with at least 5% of the world market share. If you can't, I judge you not competent to use a computer, and you're endangering the rest of society by doing so.