Slashdot Mirror

← Back to Stories (view on slashdot.org)

The 12-minute Windows Heist

Posted by CowboyNeal on from the open-like-a-door dept.

An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."

7 of 497 comments (clear)

  1. Old news by Cromac · · Score: 5, Informative
    This isn't news. There have been reports out for months showing unprotected Windows machines being compromised within a few minutes on cable or dsl connections.

    From 11/29/2004: Unprotected PCs can be hijacked in minutes

  2. Took my machine exactly two minutes by jerkychew · · Score: 4, Informative

    I love telling this story to people that ask why they should run Windows Update / run a firewall / get antitivirus, etc.:

    I was at a client's site, and needed to do some testing on their backup DSL line. Since it was a backup meant to plug into the main firewall in case of an outage, the line had no firewall - It was wide open.

    I had a laptop I had just rebuilt for an employee. Win2K, SP4. Unpatched, no antivirus. I planned on jumping on the line for all of five minutes to do some quick IP testing, and I just didn't think about it being vulnerable.

    So, I change the IP and plug into the DSL line. I'm plugged in no more than two minutes, and I get the damn "Windows is shutting down" dialog box. It reboots, and all hell breaks loose. Within those two minutes the damn machine had contracted the Blaster worm. I formatted and reloaded it to be safe, and learned a fun lesson that day. Good thing the laptop didn't have any important data on it.

  3. Re:50% chance? by poopdeville · · Score: 4, Informative

    They're probably looking at a normal distribution of times. If the mean is 12 minutes, then 50% are infected before then. If this is the case, the standard deviation must be pretty high. I hope.

    --
    After all, I am strangely colored.
  4. Re:And if you enable... by daveschroeder · · Score: 4, Informative

    This has only been an issue historically because:

    - Pre-SP2, most Windows users didn't know to enable the firewall

    - Router/firewall devices were much less prevalent

    Now, all new machines ship with SP2, and it's much more common for cable and DSL operators to provide firewall/router type functionality with the customer hardware, as opposed to just giving you a raw modem. In addition, more people in general are purchasing said devices (when not provided by their internet provider). The point is that Sophos is trying to pimp their antivirus software, and using somewhat unrelated and dubious methods to do it. Sure, you should have current AV software. But if you want to protect from the "remote" attacks they're talking about, the best protection is simply a hardware or host-based software firewall, both of which are loads more prevalent than they were even a year ago (the software firewall mostly because of SP2). Anyone can take an unpatched Windows host and put it on the network with no firewall and say "Look! It got owned in X minutes!" The point is, they're saying this with the implicit purpose of saying "Buy our software", when the "solution" to the problem they're pimping is to, first and foremost, keep your machine patched and either enable the software firewall if you're pre-SP (or ensure it's still enabled on SP2) and/or get a little personal firewall/router - *in addition* to having AV software.

  5. Re:Scaremongering by snuf23 · · Score: 4, Informative

    "So I brought it up again, pulled the network cable from it, setup the firewall and happily patched the box."

    I always make sure to be behind a firewall before bringing a Windows computer online. I use a hardware firewall in addtion to setting up a software one.
    Install Windows.
    Install latest service pack off CD.
    Instal anti-virus.
    Setup firewall.
    Plus into local router with firewall.
    Connect to net.
    Patch.

    --
    Sometimes my arms bend back.
  6. Which services? by freeweed · · Score: 3, Informative

    A whole slew of services: RPC, SMB/CIFS (file sharing), UPNP...

    Ports: 135, 137, 138, 139, 145, 500, 1025...

    Windows 2000/XP has a TON of default listening services, most of which have been exploited over the years by various worms. Only way to turn most of these "off" (other than to render your system unusable) is to run a software firewall, Microsoft's or 3rd party. They're turned on and listening for "convenience", I imagine. I will admit that in a corporate environment it's handy as hell to be able to admin just about anything on a box without doing a thing. Why the hell these were left on for home users is beyond me.

    Ah, Blaster, Sasser, et al, you will always have special places in my heart.

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
  7. Re:And if you enable... by Tim+Browse · · Score: 3, Informative
    For future reference, Startup Control Panel is a handy tool. You can probably also use MSConfig, but I don't know if that catches as many startup methods as the control panel applet.

    For preventative measures, you could try Startup Monitor by the same guy. I've not tried it - I'm trying MS Anti-Spyware at the moment, which does a similar thing as part of its protection.