Posted on 08/18/2004 10:04:30 AM PDT by glorgau
Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.
According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.
"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.
"We are giving the people the ability to remediate before connecting to the network," Conti said.
The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.
If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.
"On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."
In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.
One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.
Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.
"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."
Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."
"If the human body did patch management the way (companies do), we'd all be dead."
Matt Loney of ZDNet UK reported from London.
I'm thinking about getting a Mac.
I have Norton/Symantec and so am protected. The intrusion attempts are not as frequent as they're reporting though. Every so often they get really frequent in the range of multiple attacks per hour, but most of the time I'll go a couple days between attempted attacks.
Good idea. It's great to have a computer that works right out of the box.
???
I run several computers for years without a firewall or a virus scanner and, when I finally put a virus scanner on, nada, not a single one.
I don't get colds either.
Zone Alarm Pro, firewall set to High.
Norton doesn't catch all the bad stuff. My computer was freezing..nothing reported. I was supsicious that the kids were on Ebay again without Zone Alarm...I went to e-scan (great product-going to buy that one when I can afford it) and found Trojan Downloader...just in the nick of time before it had allowed tons of junk on my computer. It took me four hours to get rid of this crap and then I had to repair my computer with a utility. I think hackers should be shot. I use Opera-this helps but in my area we use Bell South DSL and even people with hardwalls are getting the bad stuff. Bell South-do more to secure DSL-are you listening?
If everyone had a mac, then MAC's would be getting destroyed - there is NOTHING better about a mac -- maybe the price is higher? A LOT higher!
Are you on dial up? Dial up doesn't get hit as much. If not who is your DSL provider. I would like to switch to yours!
Haven't had a virus yet on my Mac's at home. (20 years)
If price is no object, by all means look at the G5 and PowerBooks. :-)
The computer I use for my home business isn't connected to the net. I won't even risk it getting infected.
PCs work right out of the box. First thing I did with my new PC was install the lastest EAsports Madden and hockey, then played for two days before worrying about the stupid old internet.
Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.
"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."
Zone Alarm blocks UNREQUESTED intrusions into you computer - that's all really. It cannot do anything if someone on your computer hits a button and it downloads a file. That is what anti-virus programs are for and that is to SCAN incoming traffic.
Scumware/adwarez/etc unfortunately are not designated as viruses thanks to LAWYER PIGS! who threaten million$ in litigation fees if someone calls these swine spammers. Theyt should all be castrated (the spammers also!) so they won't propogate. So we suffer so they can make millions - like JOHN EDWARDS does.
Besides your antivirus and ZoneAlarm you need:
AdAware
Spybot Search and Destroy
SpywareBlaster
Make sure you update your antivirus DAILY now manually also! Run the adAware/Spybot at least once/week and update everytime before you run it.
NEVER click anywhere on a popup window to close it EXCEPT the uppermost right corner "x"
WARNING! If clicking that "x" does not close the window, under no crcumstance click on their "Close" or "Exit" button - that will automatically load the virus!!!!
Use Alt-Ctrl-Del to close the application instead (Close explorer, etc totally).
Failure to use these procedures can cause your computer to become infected.
The best program out there is RegRun Gold, it allows you to view instant changes to your system block malware, ban and quarentine it, not allowing it to reappear on your system.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.