"New machines: better than those on Richesse"

It's newsworthy, apparently, that older operating systems are more vulnerable to Internet-based attackers than newer ones.

The above is your standard "Windows received an inconceivably high number of attacks and the other OSes didn't" article, which I find written and rewritten with slightly different details about four times a year. At this point, the grand unified Windows honeypot experiment is so common that it resembles the properties of an Internet hoax or an urban legend.

The good news: despite what Felix von Leitner will tell you, firewalls work. Even the elementary packet filtering provided by the Windows Firewall is sufficient for most people's needs. (Microsoft could have taken a different approach and just disabled-by-default non-critical services such as "Messenger" and "Remote Registry", but that would convey a sense of intelligence and well-being. Best to slap the ol' firewall Band-Aid on the problem and call it a night.) If you're more of a power user, I recommend you graduate beyond a personal firewall and move straight to a firewall appliance running PF on OpenBSD. But you already knew that.

The bad news: this highly subjective honeypot experiment did not measure what kinds of attacks occurred or when. Other than stating matter-of-factly that the Windows XP SP1 system was compromised by both Blaster and Sasser worms in 18 minutes, you, the reader, have no idea what other attempts were made. Were any of the attacks manual? As in, did any of the attacks occur slowly over the course of several minutes, implying that there was a person at a keyboard trying to get in? The sheer deluge of automated PC exploiting going on is a serious problem, and the lack of a manual attack would tell me something.

Furthermore, the test used a two year old version of OS X as its only Apple OS. Where's the Panther system? Where's the System 9 system? Better still, where's the Tiger beta build? I'd have liked to have seen a representation by one of the BSDs on their list, but let's face it: we both know how that would have turned out. Yawn.

So in conclusion, a couple of guys left a bunch of unprotected PCs on the Internet for a week and the Windows system got hacked. Big freaking deal. What's important here is that this story isn't running on Slashdot or Ars Technica. It's in the Business section of a major newspaper. Even with this story's necessary-lack-of-any-real-substance that newspaper journalism requires, I'd call this progress.