http://www.wired.com/news/culture/0,1284,46417,00.html By Michelle Delio 2:00 a.m. Sep. 4, 2001 PDT Dead dot-coms are still alive in some ex-employees' computers. But these haunted hard drives harbor huge security holes instead of memories. Inexperienced home users running corporate-configured computers are a security disaster just waiting to happen, said Christopher Budd, a manager at Microsoft's Security Response Center. Many who worked for now-defunct businesses inherited or appropriated the computers they had been using at the office. These computers are typically configured for use on a corporate network protected by skilled system administrators, firewalls and other industrial-strength security measures. When removed from their network, taken home and hooked up to a modem, the computers are immediately transformed into easy targets for malicious hackers. And it's not just the recently fired who are running these highly vulnerable machines. Bargain hunters are also at risk, said Jack Danahy, manager of the Server Security Division at WatchGuard Technologies. "Take a look at how many powerful machines are suddenly for sale cheap at places like eBay. There are kabillions of these machines, and I'd guess that many come from closed-down businesses and haven't been reconfigured," Danahy said. "Chances are good that the systems administrator was fired before the accountant, and nobody was left to clean up these machines before they got sold for 10 cents on the dollar." Kerry Rondell took her laptop home when the Web design company she worked for suddenly went out of business in July. Employees were allowed to take computers and other office equipment in lieu of severance pay. Rondell said that after a week or so, her computer began "acting funny." Shortly after, she started getting e-mails warning her that her machine, which runs Windows 2000, was infected with the Code Red II worm. "I didn't know what to do so I took the computer to a repair shop," Rondell said. "They told me yes, my machine was infected with that Code (Red) worm, and it was also infested with programs that could let hackers look at whatever is on my computer. My whole life is on that machine. I feel like I've been raped." Microsoft's Windows 2000 and NT are the operating systems of choice for many networked business computers, but some security experts say that these systems are not the best choice for unskilled users. "I don't think NT/2000 is suitable for the average home user," said Robin Keir, chief software engineer of security firm Foundstone. "Many of these people can barely use AOL, so they don't stand a chance trying to configure their network protocols and security settings." Microsoft's Budd said Windows 2000 and NT operating systems are quite secure, but he is worried about people running machines that were configured for use on corporate networks. "Microsoft Windows 2000 and NT are proven secure platforms that are used successfully by millions of customers," Budd said. "In this case, though, people are using configurations that they've inherited from the previous owners. This is never a good idea and has the potential to lead to disaster." One of Windows 2000/NT's major selling points is that the systems allow knowledgeable users to configure the system to suit their individual requirements, Budd said. "But clearly, settings that are appropriate for an enterprise will not be appropriate for home use," Budd said. "This may lead to a number of problems, including security issues." Marquis Grove of Security News Portal thinks that the "more earnest" users will make the effort to reconfigure their machines for home use and will also perform other essential chores such as regularly patching their software and updating antiviral applications. But Grove believes that many of these "fully loaded" machines are now owned by people who have always relied on a systems administrator to secure and maintain their machines. "Most of them are totally unaware that computers can't just be turned on and left to their own devices," Grove said. Jerome DelVicchio, an accountant for a defunct pet supplies e-commerce site, said that he and other employees were allowed to take their "wonderfully powerful" laptops with them when the company closed. "Some of us keep in touch, and we all started to notice our machines were acting oddly - they were really sluggish, the screensavers or other settings would sometimes spontaneously change, and sometimes the disk drive light would be flickering when we weren't doing anything on the computer," DelVicchio said. "So I got ahold of our old systems guy, who was horrified that we were running network machines without changing the security settings to suit non-networked computers. He said it was like having unprotected sex with 100 hookers - you're bound to get infected with something." DelVicchio's ex-system administrator, who did not want to be identified, said in an e-mail, "These idiots are running machines that were specifically configured to make it very easy for them to share information with each other across the network. And most of them have high-speed Internet connections, but they didn't bother to install a basic firewall application. "I told them all this when the office closed, but they always thought I was paranoid. So now they are for all intents and purposes happily sharing whatever it is on their computers with the entire Internet. Way to go, guys." There are no statistics on how many corporate machines have made their way to non-corporate use, but many security experts thought that a significant number have recently moved from business to home machines. And security watchdog CERT issued an alert in July, warning of the "significant increase" in security compromises of home computers. Budd's advice to those who "choose to operate inherited software" is to start from the very beginning. "They should perform a new installation of the software from scratch and configure it appropriately using the tools and checklists available on Microsoft's website," Budd said. "This process of customizing software to operate securely in a new environment is crucial." That's a good plan, assuming you have access to the software disks. If not, the best thing to do is to scan the computer with Microsoft's new MPSA security tool and apply the suggested fixes and patches. The tool only works with Windows 2000 and NT operating systems. Radsoft, a company that makes security tools and other software, has posted a safe-computing checklist on its site to aid the overwhelmed. And all users, especially those with cable and DSL connections, should run personal firewall software and an antiviral utility, Grove said. "Running a home computer without these two essential programs is like trying to drive a car that is not equipped with brakes or a horn," Grove said. "You can't stop and you can't warn others." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 01:17:47 PDT