By silicon.com, 18 August 2004 09:10
NEWS An unpatched Windows PC connected to the internet will last for only about 20 minutes before it's compromised by malware, according to security experts – down from 40 minutes in 2003.
The Internet Storm Centre, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.
"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the centre, which provides research and education on security issues, said in a statement.
The drop from 40 minutes to 20 minutes is worrying because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the centre's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the centre's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.
"We are giving the people the ability to remediate before connecting to the network," Conti said. The centre also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.
If the internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.
"On the other hand, university networks and users of high-speed internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."
In a guide to patching a new Windows system, the Internet Storm Centre recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.
One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.
Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.
"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."
Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."
"If the human body did patch management the way [companies do], we'd all be dead."
Matt Loney writes for ZDNet UK, Robert Lemos writes for CNET News.com
Comments
There are 12 comments. Join the discussion
1. anonymous
Even with 40 mins, SP2 is 80MB! This would take at least 4hours on 56K, and the full version of it is 266MB!
Users have no chance at patching pc's. Maybe Microsoft should split its updates into smaller chunks, so that users can get them, as well as come back later, without having to start from scratch!
20Mins, when I redid my own PC, with XP & SP1, I was attacked in 2Mins! We should BAN malware,spyware,adware, and also those annoying Messenger pop-up ads, and junk....
2. Juan Bencosme
This is very true, but it is worse than that. I am a computer technician and we were able to get infected by the Blaster Worm in less than 5 minutes after being online with unpatched systems.
3. Adam Filipowicz
Get a Mac...
no adware.. few virus's
makes life much easier
4. Bod
Conti's network must be wide open if 2 PCs were infected after being connected to it.
What's a firewall??
5. Adrian Lee
Some of that is absolute rubbish. Yes it is possible to get infected that quickly, but I wouldn't say it was almost certain at all.
My last work place didn't do patching at all. Until Nachi hit anyway. But Lovsan didn't do anything to it.
When I got to my current work place in November last year, very little patching was done, which I do not believe included the relevant patches for Lovsan and Nachi, yet no problems here at all.
Yes it's important, and yes you 'can' get infected that quickly, but I don't think it's as bad as they make out at all.
6. M Sperrin
Stick a firewall on a PC then connect it to the net. Once that is done head straight for Windows Update. I do this on all installations I do for friends etc and have never had a problem.
7. anonymous
I had a hard disk failure in June. On loading win2000 on my new hard disk, with security settings set not to allow user access from the network, I still got infected (from a pop-up) within 30 seconds of connecting to the internet.
If I'd had the luxury of 20 minutes grace the firewall and anti-virus would have been in place and I'd not have had to reformat and re-install the OS.
8. royston
to the mac user.........i dont want a mac i want a pc..try replacein the bits in a g5 etc........i can build a pc in less than an hour and it costs less if it breaks.......whats the point in bringing a mac into this problem.its a pc issue......to a pc user people that keep spouting off about macs every time is anoyeing. stick with your mac and keep out of pc users arguaments. your like an outsider interfereing in a married couples arguament. its got nothing at all to do with you.....go and work for apple like the advetiseing salespeople you are....GO AWAY PLEASE! ENOUGH SAID.
9. anonymous
3 seconds for a Trojan to get a new XP install...
I installed XP without modem connected, so it didn't activate the firewall.
Connected the cable modem from my old system to activate and download updates, and got Trojan'd before the connection to Symantec was made.
Re-installed with the modem connected so the firewall gets activated before the connection (to Symantec) is made
(an embarrassed techie)
10. Richard
These statements are VERY misleading. The compromises they are speaking of effect only unprotected systems, i.e., systems without a (good)firewall and antivirus. A system with a good(not great) measure of defense will last on the net at least 3 weeks, on average, before any attack has success. A well configured system is nearly inpregnable without direct human intervention by the attacker him/herself, and then the attack is successful only if person in question can figure out the system config and find a way to exploit it, which isn't likely.
11. Adam Filipowicz
To the mac basher ...take a pill
I run Windows Xp on HP Desktop and run a G5.. i can also put together a crapy pc in an hour..
macs are just better.
Your right ofcourse its better to keep complaining about something that never seems to work properly then it is to find a better solution
12. Samuel Brazier MSC
Easyest way to cope with setting up a new PC:
Get a FREE cd of SP2 from Microsoft fist. Then install XP and SP2, then install AdAware 6 (www.lavasoftusa.com). Connect to internet and update AdAware definitions which takes only seconds. That will keep them away so you can download all the XP updates. Just set automatic updating on then have a coffee and let it do its stuff.