Slashdot Mirror


Survival Time for Unpatched Systems Cut by Half

UnderAttack writes "The Internet Storm Center published a graph showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet. Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year. The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe. The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long enough to download patches. The Honeynet Project did publish a paper with some stats back in 2001."

3 of 460 comments (clear)

  1. Re:Patch CDs by networkBoy · · Score: 4, Funny

    You know? That's actually a good idea . . .
    which means it'll never happen
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  2. But there is a secure microsoft system! by swordofstars · · Score: 4, Funny

    Microsoft Replies: In light of this new data, we would like to announce a new, more secure operating system. It is based on our Windows ME technology. By simply accelerating the timer for the essential bluescreen feature we feel confident that NO hacker will be able to make use of a corrupted machine.

    Further, we are offended by all the FUD spread about our products by the open source community. Our security features include and expanded install size, which severly limits the space available on disk available to anyone who co-opts your computer for use as an illicit server.

    Also, the times recorded by this survey are non-relevant and obviously flawed. They claim that their machines were only compromised after more than 15 minutes of CONTINUOUS uptime. This simply does not occur on our new ME+ varient. We cannot accept responsibility for those who remove our essential security features by removing 'buggy' components, or running a 'stable' GUI.

    End Sarcasm;

  3. Maybe the real problem is... by James+Turpin · · Score: 5, Funny

    ... that the high-speed Cable internet installation CD instructs the user to turn off all anti-virus and fire-wall software during installation. Talk about a security flaw! It's like telling somebody to remove all contraceptives before ... you know ... for the first time.

    --
    Mathematics is not a crime.