Posted on 08/18/2004 10:04:30 AM PDT by glorgau
Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.
According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.
"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.
"We are giving the people the ability to remediate before connecting to the network," Conti said.
The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.
If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.
"On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."
In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.
One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.
Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.
"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."
Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."
"If the human body did patch management the way (companies do), we'd all be dead."
Matt Loney of ZDNet UK reported from London.
I've been on computers since '82, with my old IBM PS2/50, and have never had a virus hit any of my machines.
Norton and a few other apps do all the heavy lifting. I just make sure they're properly installed.
Macs have their own set of problems. I worked on them at an evening course learning Photoshop, Illustrator and Quark. They were always crashing and we spent way too much time re-loading software. Never again.
If 90% of households had a mac then we will all be talking about mac problems with security.
By the way, the new G5 iMacs will be announced in 11 days. The case will have a major redesign - with the main circuit board mounted behind the flat-panel screen. It should have a lot of power without taking a lot of desk space.
And, yes I can't stand Steve Jobs.
I got a few minor ones in the early 90s.
That's true, but since the Mac OS is a Unix variant, its architecture vastly diminishes its potential security exposure.
Who wants to waste time doing that stuff every day? It simply reinforces the fact that Mac OS is better than Windows.
A five-year-old Imac will work fine for surfing the net, word processing & fit in easily with any home network.
Sorry, but Macs are inherently more secure and stable. Being Unix based, one cannot bypass permissions and compromise the system.
I'm on RoadRunner (Cable Modem) here in Houston. I connect the cable modem to a 802.11b AP and run everything wirelessly.
Good advice...I haven't had much trouble with popups. I run ad subtract..I have all the stuff you reccomend plus pest patrol (paid version/quite good worth the $19.00). Yet Trojan Downloader got in..I suspect my kids took down Zone Alarm while on EBay...I put a password in so this can't happen again. This downloader is causing havoc. I went on a couple of threads and as of Saturday, there was no real fix. I know something about computers so between escan and manual removal I got rid of it. I hesitate to post my fix because if you don't know what you are doing, you can really damage your pc.
That is very interesting. I have heard this is a good way to go. I am sick of Bell South. They charge higher and higher prices and make no effort to improve security.
Norton? Don't need it. Download something from the internet? Of course! Install it? No worry.
Macs make life much easier.
I have an Apple Airport (wireless) network with 4 Macs and even 1 PC connected, but I would never use the PC for e-mail.
See #19. ZoneAlarm. Sptbot SD. Adaware (even though it's recommended, I have never found much with it, and Spybot picks up WildTangent and others that AA misses - even the new SE version). SypwareBlaster for sure. Along with "Hosts" file in Spybot (there are others that block more "bad/nasty" sites.
Add AVG antivirus from Grisoft. Update automatically daily. There's one or two better, but not for free.
It's worked well for me. I have 4 notebooks and one desktop all running wirelessly. One in the kitchen, one in the living room, two in the family room (the mrs and I surf while watching TV), and the desktop is really nothing more than a print server.
The notebooks are great cause we fold them up and slide them under the sofa..
Thank you for doing your part to keep my computing safe.
I suspect that a large number of people (including those who are "doing everything right") have no idea that their systems have been compromised. There was junk on my system that didn't show up until I tweeked scanners way beyond the default settings... It was enough to make me blanch considering the daily updates to everything I'd been running since my systems initial smoke test nine months ago...
Take a look at this post.
Oops. Hotlink was meant for another post.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.