Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Study: Unpatched PCs compromised in 20 minutes
News.com ^ | August 17, 2004, 12:22 PM PDT | Matt Loney and Robert Lemos

Posted on 08/18/2004 10:04:30 AM PDT by glorgau

Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.

The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.

"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.

The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.

Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.

"It's a tough problem, and it's getting tougher," Conti said.

One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.

The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.

"We are giving the people the ability to remediate before connecting to the network," Conti said.

The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.

If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.

"On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."

In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.

One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.

Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.

"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."

Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."

"If the human body did patch management the way (companies do), we'd all be dead."

Matt Loney of ZDNet UK reported from London.


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: exploit; getamac; internetexploiter; lowqualitycrap; microsoft; microsoftwindows; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-5051-87 next last
This is what happens to the average user. It's like having sex in a San Francisco bath house.
1 posted on 08/18/2004 10:04:31 AM PDT by glorgau
[ Post Reply | Private Reply | View Replies]

To: glorgau

I'm thinking about getting a Mac.


2 posted on 08/18/2004 10:07:04 AM PDT by Liberty Valance (witty little tagline diversion - under construction)
[ Post Reply | Private Reply | To 1 | View Replies]

To: glorgau

I have Norton/Symantec and so am protected. The intrusion attempts are not as frequent as they're reporting though. Every so often they get really frequent in the range of multiple attacks per hour, but most of the time I'll go a couple days between attempted attacks.


3 posted on 08/18/2004 10:08:17 AM PDT by Numbers Guy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Liberty Valance
I'm thinking about getting a Mac.

Good idea. It's great to have a computer that works right out of the box.

4 posted on 08/18/2004 10:11:08 AM PDT by HAL9000
[ Post Reply | Private Reply | To 2 | View Replies]

To: 4ConservativeJustices

???


5 posted on 08/18/2004 10:12:16 AM PDT by Ff--150 (The masses have no habit of self reliance or original action. -- Anon.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: glorgau

I run several computers for years without a firewall or a virus scanner and, when I finally put a virus scanner on, nada, not a single one.

I don't get colds either.


6 posted on 08/18/2004 10:12:52 AM PDT by tje
[ Post Reply | Private Reply | To 1 | View Replies]

To: Numbers Guy

Zone Alarm Pro, firewall set to High.


7 posted on 08/18/2004 10:15:28 AM PDT by shezza
[ Post Reply | Private Reply | To 3 | View Replies]

To: Numbers Guy

Norton doesn't catch all the bad stuff. My computer was freezing..nothing reported. I was supsicious that the kids were on Ebay again without Zone Alarm...I went to e-scan (great product-going to buy that one when I can afford it) and found Trojan Downloader...just in the nick of time before it had allowed tons of junk on my computer. It took me four hours to get rid of this crap and then I had to repair my computer with a utility. I think hackers should be shot. I use Opera-this helps but in my area we use Bell South DSL and even people with hardwalls are getting the bad stuff. Bell South-do more to secure DSL-are you listening?


8 posted on 08/18/2004 10:16:56 AM PDT by nyconse
[ Post Reply | Private Reply | To 3 | View Replies]

To: Liberty Valance

If everyone had a mac, then MAC's would be getting destroyed - there is NOTHING better about a mac -- maybe the price is higher? A LOT higher!


9 posted on 08/18/2004 10:17:44 AM PDT by steplock
[ Post Reply | Private Reply | To 2 | View Replies]

To: tje

Are you on dial up? Dial up doesn't get hit as much. If not who is your DSL provider. I would like to switch to yours!


10 posted on 08/18/2004 10:18:29 AM PDT by nyconse
[ Post Reply | Private Reply | To 6 | View Replies]

To: steplock

Haven't had a virus yet on my Mac's at home. (20 years)


11 posted on 08/18/2004 10:22:34 AM PDT by aviator (Armored Pest Control)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Liberty Valance
There are plenty of good-value Macs out there. If price is a concern, take a look at the iBook and eMac. The iBook is a very solid machine. You can sometimes find older models of the iBook for very little (e.g., both MacMall and ClubMac currently have an older 12" iBook listed on their web site for about $700). Warning: the 12" 1024x768 resolution screen might be too small for people with poor eyesight and you'll probably want to add some memory. The eMac starts at under $800.

If price is no object, by all means look at the G5 and PowerBooks. :-)

12 posted on 08/18/2004 10:24:08 AM PDT by Question_Assumptions
[ Post Reply | Private Reply | To 2 | View Replies]

To: GeronL; martin_fierro; TechJunkYard; Ernest_at_the_Beach
What is "Shorter than the life expectancy of a World War I fighter pilot", Alex?
13 posted on 08/18/2004 10:26:01 AM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: steplock
Macs are different. To some people they are better, to others they are not. And you can get a solid Mac laptop for about $700 and a solid one-piece desktop for about $800.
14 posted on 08/18/2004 10:27:06 AM PDT by Question_Assumptions
[ Post Reply | Private Reply | To 9 | View Replies]

To: glorgau

The computer I use for my home business isn't connected to the net. I won't even risk it getting infected.


15 posted on 08/18/2004 10:27:42 AM PDT by Ciexyz ("FR, best viewed with a budgie on hand")
[ Post Reply | Private Reply | To 1 | View Replies]

To: steplock

check out http://www.macsimumperspective.com/more.php?id=353_0_1_0_M


16 posted on 08/18/2004 10:27:56 AM PDT by aviator (Armored Pest Control)
[ Post Reply | Private Reply | To 9 | View Replies]

To: HAL9000

PCs work right out of the box. First thing I did with my new PC was install the lastest EAsports Madden and hockey, then played for two days before worrying about the stupid old internet.


17 posted on 08/18/2004 10:28:07 AM PDT by discostu (That which does not make me stronger kills me)
[ Post Reply | Private Reply | To 4 | View Replies]

To: glorgau
Is Norton listening? What's the fallback? Send CD's to computer repair shops? Connecting to your local computer repair store (direct call -- not through providers) and download the fix? Norton needs back up for the inevitable disaster.

Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.

"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."

18 posted on 08/18/2004 10:29:49 AM PDT by GOPJ
[ Post Reply | Private Reply | To 1 | View Replies]

To: nyconse

Zone Alarm blocks UNREQUESTED intrusions into you computer - that's all really. It cannot do anything if someone on your computer hits a button and it downloads a file. That is what anti-virus programs are for and that is to SCAN incoming traffic.

Scumware/adwarez/etc unfortunately are not designated as viruses thanks to LAWYER PIGS! who threaten million$ in litigation fees if someone calls these swine spammers. Theyt should all be castrated (the spammers also!) so they won't propogate. So we suffer so they can make millions - like JOHN EDWARDS does.

Besides your antivirus and ZoneAlarm you need:
AdAware
Spybot Search and Destroy
SpywareBlaster

Make sure you update your antivirus DAILY now manually also! Run the adAware/Spybot at least once/week and update everytime before you run it.

NEVER click anywhere on a popup window to close it EXCEPT the uppermost right corner "x"

WARNING! If clicking that "x" does not close the window, under no crcumstance click on their "Close" or "Exit" button - that will automatically load the virus!!!!

Use Alt-Ctrl-Del to close the application instead (Close explorer, etc totally).

Failure to use these procedures can cause your computer to become infected.


19 posted on 08/18/2004 10:29:54 AM PDT by steplock
[ Post Reply | Private Reply | To 8 | View Replies]

To: glorgau

The best program out there is RegRun Gold, it allows you to view instant changes to your system block malware, ban and quarentine it, not allowing it to reappear on your system.


20 posted on 08/18/2004 10:30:01 AM PDT by aft_lizard (I actually voted for John Kerry before I voted against him)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Liberty Valance

I've been on computers since '82, with my old IBM PS2/50, and have never had a virus hit any of my machines.

Norton and a few other apps do all the heavy lifting. I just make sure they're properly installed.

Macs have their own set of problems. I worked on them at an evening course learning Photoshop, Illustrator and Quark. They were always crashing and we spent way too much time re-loading software. Never again.


21 posted on 08/18/2004 10:30:56 AM PDT by 7.62 x 51mm ( Veni Vidi Vino Visa "I came, I saw, I drank wine, I shopped")
[ Post Reply | Private Reply | To 2 | View Replies]

To: aviator

If 90% of households had a mac then we will all be talking about mac problems with security.


22 posted on 08/18/2004 10:31:12 AM PDT by aft_lizard (I actually voted for John Kerry before I voted against him)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Liberty Valance

By the way, the new G5 iMacs will be announced in 11 days. The case will have a major redesign - with the main circuit board mounted behind the flat-panel screen. It should have a lot of power without taking a lot of desk space.


23 posted on 08/18/2004 10:32:17 AM PDT by HAL9000
[ Post Reply | Private Reply | To 2 | View Replies]

To: Liberty Valance
I have no religious view concerning computers but I stick with Macs for that reason among many.

And, yes I can't stand Steve Jobs.

24 posted on 08/18/2004 10:32:56 AM PDT by Tribune7
[ Post Reply | Private Reply | To 2 | View Replies]

To: aviator
Haven't had a virus yet on my Mac's at home. (20 years)

I got a few minor ones in the early 90s.

25 posted on 08/18/2004 10:34:04 AM PDT by Tribune7
[ Post Reply | Private Reply | To 11 | View Replies]

To: aft_lizard
If 90% of households had a mac then we will all be talking about mac problems with security.

That's true, but since the Mac OS is a Unix variant, its architecture vastly diminishes its potential security exposure.

26 posted on 08/18/2004 10:34:39 AM PDT by SedVictaCatoni
[ Post Reply | Private Reply | To 22 | View Replies]

To: steplock
Besides your antivirus and ZoneAlarm you need: AdAware Spybot Search and Destroy SpywareBlaster Make sure you update your antivirus DAILY now manually also! Run the adAware/Spybot at least once/week and update everytime before you run it.

Who wants to waste time doing that stuff every day? It simply reinforces the fact that Mac OS is better than Windows.

27 posted on 08/18/2004 10:35:49 AM PDT by HAL9000
[ Post Reply | Private Reply | To 19 | View Replies]

To: Liberty Valance

A five-year-old Imac will work fine for surfing the net, word processing & fit in easily with any home network.


28 posted on 08/18/2004 10:36:02 AM PDT by Tribune7
[ Post Reply | Private Reply | To 2 | View Replies]

To: steplock
there is NOTHING better about a mac

Sorry, but Macs are inherently more secure and stable. Being Unix based, one cannot bypass permissions and compromise the system.

29 posted on 08/18/2004 10:36:10 AM PDT by zeebee
[ Post Reply | Private Reply | To 9 | View Replies]

To: nyconse

I'm on RoadRunner (Cable Modem) here in Houston. I connect the cable modem to a 802.11b AP and run everything wirelessly.


30 posted on 08/18/2004 10:37:32 AM PDT by tje
[ Post Reply | Private Reply | To 10 | View Replies]

To: steplock
"NEVER click anywhere on a popup window to close it EXCEPT the uppermost right corner "x" WARNING! If clicking that "x" does not close the window, under no crcumstance click on their "Close" or "Exit" button - that will automatically load the virus!!!!" Not really. In face, you should never click the X on an unknown popup. It's too easy to design a window with an X where you think it should be. Instead, press - to close the window. It will close it immediately, and that's the end of it. Don't click on unknown popups at all. Period.
31 posted on 08/18/2004 10:39:47 AM PDT by MineralMan (godless atheist)
[ Post Reply | Private Reply | To 19 | View Replies]

To: steplock

Good advice...I haven't had much trouble with popups. I run ad subtract..I have all the stuff you reccomend plus pest patrol (paid version/quite good worth the $19.00). Yet Trojan Downloader got in..I suspect my kids took down Zone Alarm while on EBay...I put a password in so this can't happen again. This downloader is causing havoc. I went on a couple of threads and as of Saturday, there was no real fix. I know something about computers so between escan and manual removal I got rid of it. I hesitate to post my fix because if you don't know what you are doing, you can really damage your pc.


32 posted on 08/18/2004 10:44:08 AM PDT by nyconse
[ Post Reply | Private Reply | To 19 | View Replies]

To: tje

That is very interesting. I have heard this is a good way to go. I am sick of Bell South. They charge higher and higher prices and make no effort to improve security.


33 posted on 08/18/2004 10:46:00 AM PDT by nyconse
[ Post Reply | Private Reply | To 30 | View Replies]

To: HAL9000
I've never used spambot, spyware, adaware or antivirus software on my Mac and don't intend to.

Norton? Don't need it. Download something from the internet? Of course! Install it? No worry.

Macs make life much easier.

I have an Apple Airport (wireless) network with 4 Macs and even 1 PC connected, but I would never use the PC for e-mail.

34 posted on 08/18/2004 10:46:16 AM PDT by zeebee
[ Post Reply | Private Reply | To 27 | View Replies]

To: Ff--150

See #19. ZoneAlarm. Sptbot SD. Adaware (even though it's recommended, I have never found much with it, and Spybot picks up WildTangent and others that AA misses - even the new SE version). SypwareBlaster for sure. Along with "Hosts" file in Spybot (there are others that block more "bad/nasty" sites.


35 posted on 08/18/2004 10:47:47 AM PDT by 4CJ (||) Men die by the calendar, but nations die by their character. - John Armor, 5 Jun 2004 (||)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Ff--150

Add AVG antivirus from Grisoft. Update automatically daily. There's one or two better, but not for free.


36 posted on 08/18/2004 10:49:44 AM PDT by 4CJ (||) Men die by the calendar, but nations die by their character. - John Armor, 5 Jun 2004 (||)
[ Post Reply | Private Reply | To 5 | View Replies]

To: nyconse

It's worked well for me. I have 4 notebooks and one desktop all running wirelessly. One in the kitchen, one in the living room, two in the family room (the mrs and I surf while watching TV), and the desktop is really nothing more than a print server.

The notebooks are great cause we fold them up and slide them under the sofa..


37 posted on 08/18/2004 10:50:33 AM PDT by tje
[ Post Reply | Private Reply | To 33 | View Replies]

To: steplock
If everyone had a mac, then MAC's would be getting destroyed…

Thank you for doing your part to keep my computing safe.

38 posted on 08/18/2004 11:01:14 AM PDT by D-fendr
[ Post Reply | Private Reply | To 9 | View Replies]

To: nyconse
and found Trojan Downloader...

I suspect that a large number of people (including those who are "doing everything right") have no idea that their systems have been compromised. There was junk on my system that didn't show up until I tweeked scanners way beyond the default settings... It was enough to make me blanch considering the daily updates to everything I'd been running since my systems initial smoke test nine months ago...

Take a look at this post.

39 posted on 08/18/2004 11:06:52 AM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: LTCJ

Oops. Hotlink was meant for another post.


40 posted on 08/18/2004 11:08:05 AM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: 4ConservativeJustices

In ingles, por favor????? :> Mac's easier/shrugging... check on it anoche


41 posted on 08/18/2004 11:10:24 AM PDT by Ff--150 (The masses have no habit of self reliance or original action. -- Anon.)
[ Post Reply | Private Reply | To 35 | View Replies]

To: steplock
If everyone had a mac, then MAC's would be getting destroyed...

You are assuming that the security models for Windows and Mac (and Linux) are identical. They aren't. It's like saying that the damage would be identical if a tornado went through a brick home community rather than through a trialer park.

I prefer the security of my brick home (linux) over trailers (Windows).

42 posted on 08/18/2004 11:10:30 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 9 | View Replies]

To: glorgau

Okay, so how do you do this if you have to have the patch to get on the internet safely and you can't get the patch without getting on the internet?


43 posted on 08/18/2004 11:11:41 AM PDT by sweetliberty ("A wise man's heart inclines him to the right, but a fool's heart to the left." (Eccl. 10:2))
[ Post Reply | Private Reply | To 1 | View Replies]

To: aft_lizard
RegRun Gold,

That's one I haven't heard of .

44 posted on 08/18/2004 11:11:59 AM PDT by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: sweetliberty
Okay, so how do you do this if you have to have the patch to get on the internet safely and you can't get the patch without getting on the internet?

That would be the Question Of The Day (TM), wouldn't it?

Is 'whistle past the graveyard' a valid answer?

45 posted on 08/18/2004 11:16:03 AM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 43 | View Replies]

To: glorgau

I'm not surprised. Whenever I have to disconnect my NAT firewall for even a short period of time and later look at the ZoneAlarm log I see dozens of incoming attempts to get into my system.


46 posted on 08/18/2004 11:18:24 AM PDT by octobersky
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ff--150
In ingles, por favor????? :> Mac's easier/shrugging... check on it anoche

Mac is far easier to defend, but not invulnerable. Windows is targeted bacuse the vulnerabilities exist on more desktops. Assume that you knew a secret combination to aparticular brand of safe - would you waste time attacking others when such easy pickings existed?

All these various programs (the ones I listed are all free) do is defend computer from attacks. Some are browser hijackers designed to generate income for a site, other are designed to record your keystrokes, credit card numbers etc.

Without protection, the only secure PC is one not attached to another, and no means of doing so.

Add Mailwasher to the list - preview email before downloading, prevent malware from loading when reading mail. Trask junk before it gets into 'puter.

47 posted on 08/18/2004 11:21:22 AM PDT by 4CJ (||) Men die by the calendar, but nations die by their character. - John Armor, 5 Jun 2004 (||)
[ Post Reply | Private Reply | To 41 | View Replies]

To: All
In addition to a software firewall like Norton or Zone Alarm, one should also have a hardware firewall. Usually most routers have one built in and hardware firewalls provide a much higher level of protection than software ones do.
48 posted on 08/18/2004 11:22:16 AM PDT by COEXERJ145 (I Annoy Buchananites)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sweetliberty
Okay, so how do you do this if you have to have the patch to get on the internet safely and you can't get the patch without getting on the internet?


49 posted on 08/18/2004 11:22:44 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 43 | View Replies]

To: nyconse

The problem is Bell South, like other ISP's are in a catch 22. The real issue here is that hackers are getting more vicious in their attacks and there are not enough security people to weed them out, prosecute them and feed them to the sharks.

If you do not want your computer to catch a virus, worm, adware, get hacked, whatever there is only one solution.

Do not turn it on.


50 posted on 08/18/2004 11:23:09 AM PDT by Leatherneck_MT (Goodnight Chesty, wherever you may be.)
[ Post Reply | Private Reply | To 8 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-87 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson