Slashdot Mirror
Survival Time for Unpatched Systems Cut by Half
UnderAttack writes "The Internet Storm Center published a graph
showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet.
Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year.
The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long
enough to download patches.
The Honeynet Project did publish a paper
with some stats back in 2001."
No, not joking. At work, somewhere, there is an infected computer and while rebuilding a computer I plugged it in to run the updates for 2K and antivirus. Less than a minute after pluging it in, I was crashing and burning.
Had to go to a patched computer, download the needed updates and burn them to CD and update the computer that way first before plugging it onto the network.
REALLY anoying.. and when I find the user with the infected computer.. well, lets say I'll have a new storage location for this dead notebnook hard drive...
...not suprised at all? This isn't intended to be a troll, but back when blaster was "new" and I was formatting, I was hit three times within two minutes of booting, which gave me a whopping 3 minutes to download (not an issue) and install (BIG issue) the corresponding patch.
In the end I had to swap some CD burners around, download+burn the patch, and then unplug the box from the internet while booting.
Microsoft should have an auto-update during install feature. (If you have broadband). During the install process it could run the windows update, blah blah blah once your nic was initialized for the first time and IP granted etc.
I boycott signatures
This is why the average broadband connection should be behind at least a consumer router, even if it's the only machine connected. Routers are too cheap and easy to skip.
I do all my machine builds and initial updates with the box sitting behind a netgear router, fully NATted and with no port forwarding - i.e. the box is invisible to the net. I've merrily built and updated many machines in this way and have never been compromised (and my last step is to virus, spyware, and trojan scan with several of each type of tool).
If you just throw a cheap hardware router/NAT/firewall in front of your box when you build, this isn't really big deal I've found.
Please Rate my comment (and help support Fre
Did you ever learn anything about computer security? On a machine that you do not want to be compromised, absolutely do not connect it to the network/internet. have all relevant patches available on removeable media - that has been verified authentic - and install sans network.
Then once you are certain that everything is hunky dory, plug it into the network or internet with a firewall (for both incoming and outgoing).
And this isn't an issue with Windows or Linux or FreeBSD for all the fanboys out there. This applies to all OS's. Windows is targeted more because there are more people using it. There are plenty of exploitable vulnerabilities in any OS. It's a matter of work / payoff ratio.
I'm just trying to understand how you don't see the need to reinstall the OS 'every few months' as being a problem.
not trying to start a flame/OS/holy war, but I would deffinatly see this as a problem
... that the high-speed Cable internet installation CD instructs the user to turn off all anti-virus and fire-wall software during installation. Talk about a security flaw! It's like telling somebody to remove all contraceptives before ... you know ... for the first time.
Mathematics is not a crime.