Slashdot Mirror


Survival Time for Unpatched Systems Cut by Half

UnderAttack writes "The Internet Storm Center published a graph showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet. Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year. The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe. The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long enough to download patches. The Honeynet Project did publish a paper with some stats back in 2001."

11 of 460 comments (clear)

  1. Patch CDs by Oculus+Habent · · Score: 4, Insightful

    Microsoft should make Patch CD ISOs available. You could swing by a friend's house and get one, drop into your local computer store and have them burn you one for a few bucks, or pick up a Microsoft produced copy at your local gas station, like AOL CDs.

    --
    That what was all this school was for... to teach us how to solve our own problems. -- janeowit
  2. Dodgy assumptions by Westley · · Score: 4, Insightful

    The name "survival time" suggests that it's the average amount of time an unpatched system would last before being compromised. That assumes that every single worm targets every single unpatched system, and is always successful. That's not exactly realistic - many worms target specific programs which may well not be on the unpatched system, or target specific operating system versions.

    It would be much more interesting to see average compromise times for a vanilla install of various different OS versions (with no ISP protection, of course). In the mean time, the name should be changed, in my view.

  3. Update during Install by funkdid · · Score: 5, Insightful

    Microsoft should have an auto-update during install feature. (If you have broadband). During the install process it could run the windows update, blah blah blah once your nic was initialized for the first time and IP granted etc.

    --

    I boycott signatures

  4. Re:C'mon now! The patch is out! by hattig · · Score: 4, Insightful

    Thing is, Both MacOS and Linux have had numerous RELEASE updates in the time that Microsoft haven't changed anything with the default XP install CD. Which means that if you need to reinstall XP now, you run the risk of being pwned, but if you install Linux or MacOS, you will be doing it from a much more recent CD that is far less susceptible.

    I don't know how often Mac users reinstall, but if they had to, and their hardware was good enough, I'm sure that they'd upgrade to the latest version at the same time. You simply can't do that with Windows, you have your 3 year old install CD. Of course, you didn't have to pay $120 each year since like with MacOS X, although you did get extra features with that as well as bug fixes.

    I doubt that many people would burn a specialised SP2 CD and do it right. Human nature - their current system has it installed via Windows Update, why download it again as a whole? They probably wouldn't even know about it.

  5. No big deal - just install behind a firewall by EricLivingston · · Score: 5, Insightful

    I do all my machine builds and initial updates with the box sitting behind a netgear router, fully NATted and with no port forwarding - i.e. the box is invisible to the net. I've merrily built and updated many machines in this way and have never been compromised (and my last step is to virus, spyware, and trojan scan with several of each type of tool).

    If you just throw a cheap hardware router/NAT/firewall in front of your box when you build, this isn't really big deal I've found.

    --
    Please Rate my comment (and help support Fre
    1. Re:No big deal - just install behind a firewall by MsGeek · · Score: 4, Insightful

      Exactly. Those little router boxes are so cheap, even if you only have ONE machine there is no excuse not to use one.

      Maybe they are not proof against all hacks, and a determined and skilled cracker might be able to get around it with ease, but the boxes will protect you against worms. Problem solved.

      --
      Knowledge is power. Knowledge shared is power multiplied.
  6. This again? by Otter · · Score: 4, Insightful
    Either way, 20 minutes is not long enough to download patches.

    Perhaps a "TURN THE GODDAMN FIREWALL ON BEFORE YOU CONNECT TO THE NETWORK!" notice somewhere on the front page would get the point across? I've done exactly two Windows installs in my life and I know how how to safely set up a new XP system.

  7. Re:What do they mean by survival time? by WWWWolf · · Score: 4, Insightful
    What do they mean by survival time?

    I'm guessing here, but time between when machine is first brought online and when it's first discovered/probed/found alive by a worm or hax0r scanners - in other words, time before worm infection or other kind of intrusion, because after it dawns to the world that there's an unpatched system right before their noses, there sure isn't much time left before that system is owned.

  8. False Analogy by XanC · · Score: 4, Insightful
    RedHat 5 is how many generations behind the latest?

    We're talking about people who want to install from the absolute latest Windows CD, and they have to take severe steps to avoid getting 0wned.

  9. this stuff has been said in other posts, but... by astrashe · · Score: 4, Insightful

    First of all, if you buy a new machine with the OS pre-installed, it will probably be patched almost up to date out of the box.

    Second of all, if you're installing your own OS, you're taking on the responsibility to do things in a minimally competent way. That might mean a NAT router, a slipstream installed CD, or just a CD with the service pack burned on it, so you can install it before you plug into the net.

    Third of all, you should be using a hardware firewall anyway.

  10. Re:Low survival time by Darth_brooks · · Score: 4, Insightful

    Walk down the street in downtown Detroit counting $20 dollar bills and see how long it takes for you to get mugged. Then do the same on mainstreet in West Bumblefuck, Iowa (population 15, if'n Pastor Smith isn't out of town). Betcha you last longer in Iowa. In other words that time is probably dependant on how nasty the computing environment is.

    IIRC Sasser and Blaster chose their target IP's at random, starting with IP addresses in the same subnet then moving to random IP's. So if a machine gets infected four seconds after it's plugged in, that's not just a product of how poorly secured windows is, it's also a product of U of Alberta having a network chock full of RPC 'sploiting goodness. Now, if they'd have plugged in the same in an environment that had been properly patched, firewalled, etc. The box would've been fine for hours, days, or maybe it would've never been comprimised at all.

    Firewall and Snort logs can give you the true tale of the tape. Some days my home firewall (SBC residential DSL) is turning away worm attempts like a goalie on speed. Other days I go 10-12 hours without so much as a nibble or a port scan.

    But it is so much fun to talk about how "WIUNDOWS IS TEH GHEY! IT GOTS PWN3D IN TEH SECONZ!!LOL!!!11ONE@!!!@!

    --
    There are some people that if they don't know, you can't tell 'em.