Broadband boom makes UK worst for hacked PCs
Summary: Symantec claims that hackers have been taking over more PCs in the UK than in any other country
The explosion in broadband take-up in the UK has been blamed for a sudden rise in the number of computers that have been taken over by hackers, according to Symantec's latest Internet Security Threat Report.
Between July and December 2004, Symantec tracked the number of computers that have been compromised by malicious software. More than a quarter (25.2 percent) of all compromised computers it discovered were based in the UK, with the US following closely behind with 24.6 percent, and China in third with 7.8 percent. Symantec says this is because many high-speed Internet users don't have sufficiently robust security.
Symantec wasn't able to say how many bots it discovered in total during the period, or how many were based in the UK. It did say, though, that in July 2004 it was finding an average of 30,000 new compromised PCs each day, which fell to 5,000 per day by December.
"The fact that Britain has the highest percentage of bot infections is significant because it is directly linked to the rapid roll-out of broadband in this country,” explained Nigel Beighton, Symantec’s director of enterprise strategy. "Unfortunately, new broadband users may not be fully aware of the additional safety precautions that need to be taken when using an always-on high-speed Internet connection. Clearly, awareness around security issues is improving and it’s making a notable difference, but education still remains the number one challenge."
Broadband users often leave their home PCs connected to the Internet for many hours, putting them at greater risk of attack than dial-up users who are more likely to only go online intermittently. "We would stress the importance of using firewalls, virus checkers and very good security practice," said Malcolm Hutty, regulation officer for the London Internet Exchange, which handles over 90 percent of UK Internet traffic.
Symantec defines a bot as a malware-infected computer that can be controlled remotely by a hacker. Hackers often use these machines to form botnets — thousands of compromised computers networked, typically for malicious use. The combined processing power of a botnet can be used to send huge quantities of spam or carry out denial-of-service attacks. Although the UK has more bots, the United States was found to be the top source of such malicious attacks, followed by China and Germany.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Maybe ISP's shouldn't give out 'modems' that have no NAT or SPI firewall built in. A one off fee of
The average computer user in the UK, has no clue that connecting to the internet without adequate security measures in place is equivalent to walking around a wild-west town wearing a sign that says 'shoot me'.
The fabric of society is being slowly changed such that people no longer have to use common sense and act responsibly. If we carry on the way we are, we will have to station guards on every electricity pylon to prevent people climbing them, incase they electrocute themselves, manage to survive, and then sue for damages, or [insert obviously dangerous and life threatening situation, and an idiot willing to sue, here].
What I am getting at is this. If computer users were to be held responsible for the damage caused by their improperly secured systems, up to and including being held accountable as an accessory to fraud in the case of most computer crime (Yes, it is crime), then perhaps we would have a safer, faster network, to the benefit of all concerned.
Microsoft could help by not supplying gullible, inexperienced users with the computing equivalent of a chainsaw. XPSP2 was a start, but in common with most microsoft software, a buggy one at best, as any number of browser bugs can simply disable the firewall and download software, and the default out-of-the-box configuration makes all users administrators.
Ditto ISP's - If users want to be able to receive executables/incoming www/incoming smtp/etc, they should register to do so, otherwise the ISP has to assume the user is a drooling moron with no concept of security, and therefore has to be kept in a padded room incase they try and run with a chainsaw.
There is probably a market for ISP-managed systems in homes where the security management is performed remotely, and charged for on a monthly basis. The industry seems to want to work towards 'appliance' PCs, but doesn't seem to want to take this obvious route.
As for spammers, who attack my networks daily, I would like to see them shot, stapled, blown to bits, poisoned, electrocuted, mangled, munched, stomped, squished, pulverised, and killed, and then asked to leave the internet.
Only then??
From 1696 until 1851 England had a 'window tax' imposed on houses with more than six windows. Admittedly, it was not a popular tax.
Nevertheless I do wonder whether it might be appropriate to introduce a new 'Windows tax' that would be levied on anyone who is so _irresponsible_ as to connect a MS Windows computer to the internet, thereby making it slower, more dangerous and more compromised for the rest of us? There is little excuse for it any more.