Survival Time for Unpatched Systems Cut by Half

UnderAttack writes "The Internet Storm Center published a graph showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet. Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year. The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe. The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long enough to download patches. The Honeynet Project did publish a paper with some stats back in 2001."

Re:Patch CDs

[networkBoy]

You know? That's actually a good idea . . .
which means it'll never happen
-nB

But there is a secure microsoft system!

[swordofstars]

Microsoft Replies: In light of this new data, we would like to announce a new, more secure operating system. It is based on our Windows ME technology. By simply accelerating the timer for the essential bluescreen feature we feel confident that NO hacker will be able to make use of a corrupted machine.

Further, we are offended by all the FUD spread about our products by the open source community. Our security features include and expanded install size, which severly limits the space available on disk available to anyone who co-opts your computer for use as an illicit server.

Also, the times recorded by this survey are non-relevant and obviously flawed. They claim that their machines were only compromised after more than 15 minutes of CONTINUOUS uptime. This simply does not occur on our new ME+ varient. We cannot accept responsibility for those who remove our essential security features by removing 'buggy' components, or running a 'stable' GUI.

End Sarcasm;

Untrue

[CDS]

That's not true at all.

I have a bone-stock winXP system here, and have been running online for almost an hou*(&^@ SD#&7*$^)_*( #$%@#&*() #

NO CARRIER

How about the foolproof way I use?

[Phil+John]

• Make sure all networking cables are disconnected (but if you have an external ADSL modem like me, make sure it's plugged into the computer at least)
• Install windows
• Either install ZoneAlarm which you have handy on disk, or enable the windows firewall on your internet connection.
• Go to windows update and start the patching process.
• Go out for the day
• Get back in to find out that it's only installed 1 patch and needs to reboot
• Swear profusely
• Reboot
• Lather
• Rinse
• Repeat
• and repeat
• and repeat
• Download/install anti-virus software
• Go in and disable all those services that you don't need (themes support for one), for a good list google elder geek, he's got a nice handy guide.

That's all there is to it, I've installed my fair share of XP machines and never ever had any problems with getting patched before getting pwned.

Re:20 minutes??

[ArbitraryConstant]

I have a friend at NYU. You pretty much have to keep yourself provably protected at all times.

I mean, they litterally plug in, said "fuck", unplugged, and they were already infected with something.

They want an iBook...

Re:Crap.

[PitaBred]

Ummm... please tell me you're just a kid playing, and not really a server admin. Pretty, pretty please...

Maybe the real problem is...

[James+Turpin]

... that the high-speed Cable internet installation CD instructs the user to turn off all anti-virus and fire-wall software during installation. Talk about a security flaw! It's like telling somebody to remove all contraceptives before ... you know ... for the first time.

Re:Update during Install

[dave420]

It does. I installed a 2K3 server the other day, and it asked to go on the net to download the latest update files. Of course there must be something horrid in that. Boo microsoft! how dare you waste my bandwidth like that! piracy! fascists! republicans! boo!

Re:Hardware firewall

That would be great! It would totally fuck up everything I do with my machine. Just what I want!

Re:Patch CDs

[golgotha007]

from my experience, if I install XP, and then only a few apps after that, I'm totally fine. If I keep installing and uninstalling stuff, XP just begins to drag a bit. Reinstalling makes it all snappy again.

Preparing to put a computer on the network

[Aram+Fingal]

As I read this article on my Mac, I also have a Windows notebook next to me which I am preparing for someone. I have a three page checklist of things which the IT department requires me to do before putting a Windows machine on the network. It involves installing patches, installing antivirus and firewall software and changing various settings.

BTW, I can plug a Mac into the network out of the box. They're safe.

Internet Weather

[Cyhwuhx]

.::: So basically we now have a sort of 'Internet weather', which tells wether your computer can go play outside or not?
Nice, I can see the evening news getting an extra report then.

"In North America we have some nasty worms raging across the Net spreading all the way to Europe, better close up those ports. Asian PC's may want to wear an extra layer of firewall as we got some heavy probes coming in. South-Afrika meanwhile has some lovely patchy weather."

Re:20 minutes??

>I mean, they litterally plug in, said "fuck", unplugged, and they were already infected with something.

Sounds like my first sexual experience.

hmm.....

[auspiv]

i think i'll go and update my compu8937589y43{ijjiouli_%jkln;'OPjlkjnken kwjqiohi~~~~ojhkl #"hioehq