The 12-minute Windows Heist

An anonymous reader writes "Sophos has come up with some pretty interesting research: apparently, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."

And if you enable...

[daveschroeder]

...the built in Windows XP firewall (enabled by default on SP2 and assuming you don't have any other services enabled or open) and/or have a $30 personal firewall/router, there is a 100% chance you won't get compromised.

But wait, they're talking about spyware, viruses, and phishing. So, those things can install themselves now?

Don't get me wrong...viewed by itself, Windows has historically a dismally horrible track record. But a patched Windows XP SP2 machine behind a personal firewall/router with current anti-virus/anti-malware protection can be a secure system. Granted, it's been a long time coming, and it's easy for many users to fall into traps, but this seems like nothing more than a typical scare tactic by an AV vendor.

Never trust an AV vendor saying the sky is falling.

Re:And if you enable...

[ScrewMaster]

Never trust anyone who says the sky is falling if they happen to have a vested interest in it. The day will come (if it hasn't already) where antivirus vendors start releasing homegrown viruses to increase sales. It's already happened in the spyware world.

Actually, the SOP for government and business here in the U.S. has increasingly fallen into a crisis/scare-tactic mode. That is, if you don't get what you want, simply magnify an actual problem to Biblical proportions (the Bush Administration and the War on Terror), or simply manufacture a crisis (the RIAA/MPAA and the War on P2P) to deflect interest in your own failings. Either way, it seems to work pretty well.

Impressive

[dedazo]

And the last time someone "measured" this, it was 23 seconds or something like that.

And the next time it will be 23 minutes. And so on.

You could not pay me to put a Windows or Linux machine on my DMZ. They're all behind my $30 NAT router and they can be patched to my heart's content without having to worry about them getting p0wn3d. Oh, and to all you Linux fanboys who are going to be insulted by this - try putting a fresh RH9 (off ISOs) on your DMZ, and let's see how long it lasts.

Re:50% chance?

[g-san]

If you want a shocker, sniff your internet connection. Go download ethereal from www.ethereal.com, and open your internet connection with your firewall turned off (make sure your patches are up to date please :). Don't browse, don't do anything. Start a capture, select your PPP interface for a modem or ethernet for a broadband connection, turn on "Update list of packets in real time," and "Automatic scrolling in live capture," and turn off all the name resolution options. Click OK.
Look for TCP SYN packets to port 135 or 445. You may have to wait a few minutes. That is something trying to make a connection to your machine, ports 135 are the main ports for Windows Networking. Heh, I turned did it while I was typing this and already got a connection attempt to 135. That is most likely a virus on some poor sods unpatched machine, running through IP addresses looking for more systems to infect. If you want to know what all that stuff is, search for it on google. And for all you hackers out there, try writing (connection to port 139 scrolling in background, hehehe) a simple TCP listener in your favorite programming language to see more than just a TCP reset.
Bad things are living in the internet nowadays.