The 12-minute Windows Heist

An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."

Scaremongering

[jfengel]

There are attacks which don't require your help; Sasser in particular goes through an open port rather than through Outlook or IE. There are a few others.

But that's pretty unlikely with a new PC, which presumably comes with the latest service packs. The article is incredibly short on actual data. There's nothing to support their 12-minute average. I get the impression that they chose the scariest headline to support an article which is mostly about phishing attacks, trojans, etc: attacks that require your help.

So for all I know they're talking about the fact that there are enough attackers that if you throw a Windows ME (or even unpatched XP) box on the Internet, yeah, you're hacked. That says a lot, but not about how insecure Windows is. It says that there are still plenty of computers running hacks like Sasser; if you're not protected against it, you're screwed.

That's mostly scaremongering, since unless you're installing a very out-of-date Windows, you're protected. You're not protected against new attacks, nor are you protected against many trojans. They're trying to convince you to buy software for that, which is relevant, by using scary but irrelevant numbers.