Risk: Informational
A Windows computer without the latest security patches is in big trouble.
That's the conclusion from a "honeypot" experiment conducted by StillSecure, a Louisville network security firm.
StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software. The results confirmed opinions that the Internet is a very rough place indeed.
Over the course of a week, the machines were scanned a total of 46,255 times by computers around the world that trawl the Web looking for vulnerabilities in operating systems.
Once the vulnerabilities were identified, the remote computers launched 4,892 direct attacks with a staggering variety of worms, Trojan Horses, viruses, spyware and other forms of malware.
The test only examined what happens when computers are turned on and connected to the Internet. It didn't evaluate additional dangers that computer users face when they use email, surf the Web, click on Internet links or use file-sharing programs.
The good news is that none of the up-to-date, patched operating systems succumbed to a single attack. The Windows Service Pack 2, or SP 2, system is the most up-to-date Windows operating system. It received 16 direct attacks. The Macintosh system received three attacks. Two of the Linux systems received eight attacks each, though Red Hat's version of Linux received no attacks at all. But in the end, none of the attacks were successful.
The Linux and Macintosh systems were installed out of the box without any additional security patches. Windows SP 2 automatically downloads the latest security patches from the Microsoft web site.
Windows Service Pack 1, or SP 1, however, was another story. It's an older version of Windows that was sold in computer stores until a few months ago.
SP 1 was attacked 4,857 times. It was infested within 18 minutes by the Blaster and Sasser worms. Within an hour it became a "bot," or a machine controlled by a remote computer, and began attacking other Windows computers.
Microsoft responded that the tests prove that any operating system is vulnerable when not patched. Microsoft stopped shipping SP 1 in August and replaced it with the more secure Windows SP 2. Most computers with SP 1 had been sold from stores by Christmas.
SP 2 comes with a firewall and automatic security updates. These features had to be manually turned on in SP 1, which meant that some users missed out on computer patches.
Many computers around the world are still running Windows SP 1, though exact numbers are hard to come by. Gartner research director Michael Silver estimates that by the end of 2005, half of the world's desktops used in businesses will still be using SP 1. However, most companies are pretty good about keeping their PCs patched and most have corporate firewalls.
Large companies are switching to SP 2 slowly because they have to make adjustments to thousands of different software programs first.
The honeypot test is a good indication that many small-business and home computers are still using older versions of Windows.
Using this information, we can now understand why worms like Blaster and Nachi are still in existence; this is due to unpatched and infected machines still existing on the Internet.
Microsoft is concerned about security issues surrounding Windows and Internet Explorer, and the resultant surge of Linux, which can be downloaded for free from the Internet. Most companies, however, choose to pay a Linux vendor in order to receive security patches.