Windows 2k how insecure???

joePC

Hi all,

I done a little experiment tonight just to see what happens.

OK,

1. 1 PC clean install windows 2K + all updates.
2. ADSL connected to internet through IOL.

OK so I disabled the firewall (BlackICE) and left it for 3 hours while I was out.
Test: to see if some script kiddie would fook up my PC.

3hrs later, I find my PC unresponsive because about 150 error messages telling me that a program failed to start. I take a look at my task manager (2 minutes to load) and find about 50 processes & applications running. (All trogens)

OK so it took me about 10 minutes to clear all infected files & PC is back to normal.

My Point:

A PC with 2K & all updates is Not Secure, I know what I was doing but what about the 1000's of plp that dont. My advice for gods sake always use a firewall, & become your own sticky honeypot if someone like this is trying to get access

I hope the newbies take this very seriously.

Thanks JoePC

MOD: Please move to security if you must, I posted here to get the point across to as many plp as possible.

Thanks joePC

BloodBath

I don't think any OS is secure without a firewall. It's good to see some of the BB providers providing free firewall and virus software with their packages (esat bt package comes with Norton)

I have avg, norton antivirus and norton internet security running constantly. I also have a few other programs like spybot that I run once a week and the system is clean.

The one beside me though is riddled with trojans and adware from running a couple of weeks without a firewall and antivirus.


BloodBath

Cake Fiend

That's not quite what I'd call a highly controlled, informative test

Dempsey

No firewall and I get no viruses

Chad ghostal

i also frequently turn off my firewall for a day or two, to stop it arguing with bittorrent and i never get any viri/trojan/malware crap..

i use windows2000 w/ latest service pack..

i have nothing except what im downloading on that drive so there is no security risk even if it was destroyed ..

Serbian

Originally posted by Sico
That's not quite what I'd call a highly controlled, informative test

I agree Sico, but I think the point is that many people who are getting Broadband for the first time would have no idea that these kind of threats exist.

From personal experience I am often asked to fix PCs that are unresponsive or some other odd problem with them, and more often than not, the problem is caused by some virus / adware / trojan on the machine. I tell them that they should run a firewall which is usually followed by 'What's that?'.

Serb

uberwolf

I've been charged with fixing a mates pc that runs absurdly slowly and that PCSuperstore have consistently handed back to him saying no probs gov. I reckon its most likely due to trojans etc slowing up the system due to his exotic but not unusual web browsing habits.

What would be your tips and downloads to find these various pieces of software, any apps you've found useful, etc and restore his pc to its former 'glory'

cheers

Cake Fiend

I just don't like the way he's trying to insinuate all Win2K installations will be inherently insecure. Don't get me wrong, I'm most certainly no admirer of The Beast (TM), but I admin several 2K and XP workstations and servers, many with no firewall protection, and I can't say I've ever seen an infection like that, but I take good care of those machines. It all depends on the individual user and how savvy (or not) they are, firewalled or not. Fair play to joePC for trying to warn people, but I just think he's going about it in a vague and slightly sensationalist manner.

SirLemonhead

Seems amazing that all that happened to you in 3 hours. Not that I don't believe you.

I've been running XP without a firewall for....almost a year maybe and i've had no problems. The occasional spyware reported in Adaware but they haven't actually done anything bad to my system.

joePC

Fair play to joePC for trying to warn people, but I just think he's going about it in a vague and slightly sensationalist manner.

I'd have to agree, I posted @ 1.05 AM so the brain was a little slow.

This type of attack where someone just fills the PC with trogens, vir's etc... Is quite rare in most cases but as some of you posted, you are asked to fix PC's that have the same type of problem, maybe no on the same scale. This is the same for me.

TBH I didn't think it would be this bad. But someone must of got luckly.
The attack they used was the well know DCOM (Remote activation hack) Heres the info.

Thanks JoePC

SantaHoe

Originally posted by joePC
3hrs later, I find my PC unresponsive because about 150 error messages telling me that a program failed to start.

That's gas tbh.
I reckon it'd be quite a larf if you'd had some monitoring software running that could tell you everything that they did... make a mini-documentary.
11:15pm - Script Kiddie from 123.123.x.x is port-scanning me.
And so on...

Capt'n Midnight

Irish honeynet project reckoned about 15 minutes for an unpatched copy of windows to be hit if on broadband. (don't have their web site handy)

you can use winpcap and windump to see what is bouncing against your network interface (NIC / modem etc)

Gerry

Originally posted by joePC
I'd have to agree, I posted @ 1.05 AM so the brain was a little slow.

This type of attack where someone just fills the PC with trogens, vir's etc... Is quite rare in most cases but as some of you posted, you are asked to fix PC's that have the same type of problem, maybe no on the same scale. This is the same for me.

TBH I didn't think it would be this bad. But someone must of got luckly.
The attack they used was the well know DCOM (Remote activation hack) Heres the info.

Thanks JoePC

If it was fully patched up, it would not have been vulnerable to that attack. If you don't patch it up properly, the machine will get bombed out of it. This happened to a new win2k install I did over the weekend in a friends house, as I didn't have all the patches to hand, and it got hit by a worm while downloading stuff from windows update. In future I'll be installing a firewall first.
But on the other hand, my own win2k machine has never had a virus, or a worm. I just keep it patched up, and run a hardware firewall.

ronanp

Patching isnt the biggest problem - in UCD about 90% of compromised machines have no Administrator password

Cake Fiend

Originally posted by joePC
as some of you posted, you are asked to fix PC's that have the same type of problem, maybe no on the same scale. This is the same for me.

I reckon that has more to do with user ignorance/incompetence than anything else. I keep our machines here patched regularly; any time one of them is infected or compromised in any way, it's almost always because of something some idiot has run on the computer, e.g. an email attachment (although the antivirus software will usually pick up on that). I'd be willing to bet that most of the people who have asked you to fix their PCs were running spyware-supported p2p software, browsing porn, opening emails from unknown users, etc etc and got infected through that.

This seems to be the general rule for computer security - the weakest link in the security chain is the humans who use the computers.

(BTW, as Gerry has mentioned, that particular vulnerability is ancient and has been issued a patch long ago. The very first instance of the Blaster worm used this vulnerability to spread almost a year ago)

OfflerCrocGod

Originally posted by ronanp
in UCD about 90% of compromised machines have no Administrator password

Could you elaborate on that?, all the machines I've ever seen were not in anyway compromised - do you mean personal machines?, because the Uni machines are OK - they have one or two viri but nothing that has ever really made itself a nuisance.