test.doit.wisc.edu — 38 hours, nobody hacked it. Under fire from intermittent DOS attacks, nessus scans, ssh dictionary attacks and much else. The difference to the other competition? Nobody had local access to the machine except the machine's owners, as it would be in a realistic situation.
Mar 8, 2006 View in Crawl 4
t3hxMar 8, 2006Submitter
Let's now do a ZDNet style test, where we give everyone shell access to a Windows box. How long's it going to last before getting owned? 5 seconds?
aerorMar 8, 2006
The test was too short, and really those who cak crack it, why would they?
burstlagMar 8, 2006
Er, no, OS X uses the FreeBSD userland, not the FreeBSD kernel. The OS X kernel is based on Mach.
ctheoryMar 8, 2006
That, is a productive reply, no matter what you're biased towards. I'm a windows user, but I respect that opinion. Not peoples retarded replies of "teh macz our invinsibel!!1"
spider_manMar 9, 2006
The Challenge wasn't a total success judging from it's initial intent. The original plan was to have the system up and available to be compromised for several more days. Apparently the challange was in no way authorized by the university. <a class="user" href="http://news.com.com/University+nixes+Mac+hacker+contest/2100-7349_3-6047735.html">http://news.com.com/University+nixes+Mac+hacker+contest/2100-7349_3-6047735.html</a>That being said, it did last 30 some hours without getting compromised.
chimpanzeeMar 9, 2006
I understand your point about research. Then again, I feel if you're on a technological site like Digg where bias and upset is abound, it's pretty much a given. Not that anyone here needs to be told that twice.My claims stem from experience and common sense - I haven't been infected, ever. Not in 3 seconds, 3 minutes or 3 months. I've often strutted about on Windows without so much as a measly service pack, and while I wouldn't reccomend it to anyone on the planet who actually cares about their computer's health, nothing has happened. Ever. I sat through the Blaster worm sipping tea and dunking cookies, just like any unsavvy grandma.I simply cannot believe the ease that is being suggested here. I concede with you to a point. It is obvious to anyone who is not stuck in a 'religious' rut that being connected to the internet for long without doing anything is the equavilent of holding up a sign to the entire internet saying "HI, HACK ME", and you will get infected at some stage. No doubt about that. Nevermind what OS you are on; Mac OS, Linux, Windows, you will get screwed if you just sit there all smug.My real beef is with the duration. Infection in three minutes? I'm sorry. I really cannot believe that out there, ISP's address blocks are being scanned in 180 seconds. I really cannot believe you'd even DETECT being hacked so quickly. As has been mentioned, things are getting more subtle - there's becoming a sort of black market for controlled computers, so the last thing that's going to happen is a message to appear saying "I HACKED YOU!", which makes me wonder how people are getting these results.Do they sit there with a packet sniffer, potentially looking out for exploits that aren't even documented? I doubt it. You're right, I wasn't clear about what I said, and I'm sorry if you were offended - but as you probably already figured, I was running out of space fast. That, and, I supposed there would be few people ready to actively question something put in front of them, let alone respond to it with something constructive.I stand by what I've said, though. Infection in three minutes, durations up to probably a day (although by that point you should be primed with updates) is pretty ludicrous. Maybe if you're unlucky, yes, it can happen. I don't reccomend to anyone reading what I say to think "aha, this guy is right - I can just not install a single update, ever! Windows/Mac/Whatever is invicible" or the polar opposite. Nope, never.
mikmMar 9, 2006
Yeah. I've been using Windows for 15 years (3.1, 95, 98, 2000, XP) and the Internet daily for almost 10. I have yet to get infected.