Windows Infected in 12 Minutes

Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."

variants... do they count?

[super_ogg]

So there are variants and minor changes... do we really count these as new viruses?
ogg

What'd I'd like to know

[AutopsyReport]

What I'd like to know is what are they doing during those 12 minutes for Windows to become "infected."

For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).
I can understand that Windows is vulnerable -- but if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

Re:Woop-de-freaking-doo.

[digidave]

I guess one of the problems is that you can be infected before you have a chance to download a firewall. Unless you're on the newest version of Windows you're pretty screwed unless you can configure packet filtering on the NIC.

Re:oi vey...

[harrkev]

But what I want to know is how do these machines get infected???

It is certainly easy to get infected while using e-mail or surfing. But now that SP2 comes with a firewall turned on by default, shouldn't it now be impossible to infect a SP2 machine without some sort of user intervention?

Does the SP2 firewall have some holes pre-poked in it already? Are there flaws in the firewall?