Gee, Turbo, you're right, if it wasn't for those darn users not knowing what to do immediately when they get their new Windows computers to safely surf the internet, everything would be peachy keen. Why not just get rid of those, oh, so ignorant, users? Then the problems will go away...
Or... maybe, just maybe... it might be better to use an operating system that is secure when you first turn it on after you take it out of the box???
From SecurityFocus' Scott Granneman:
. . . The Slammer worm did most of its dirty work in under ten minutes. A half an hour is all it took for Nimda to spread worldwide. The Witty worm took an almost leisurely 45 minutes - but in that time it managed to infect every possible machine in its threat portfolio. And the slowpoke of the bunch is Version 2 of the Code Red worm, which worked for almost 14 hours to infect 359,000 machines, but at one point it was taking over 2,000 new computers every minute, which ain't bad (be sure to check out the cool animations demonstrating the rapacious spread of the worm).
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway."Let's add a new time frame for computing disaster to the list above, one that every security pro should know: 20 minutes. . . . that's how long your average unprotected PC running Windows XP will last once it's connected to the Internet ... before it's compromised and effectively owned. . . .
The SANS Institute Internet Storm Center released those eye-opening numbers a few days ago [Aug. 18, 2004 - Swordmaker]. Go take a look at their graph, and you'll note that the current time of 20 minutes is half that of what it was a year ago, although, to be fair, the average has been both higher and lower - over an hour last Christmas and only about 15 minutes in the spring. That hour at Christmas seems like an aberration, and the overall trend has definitely been downward, towards far shorter times before your Windows box is not really yours any longer. [Some pundits are now claiming less than 4 minutes - Swordmaker].
As the SANS Institute notes, 20 minutes is not long enough to update your Windows PC before it is too late. If you take a new PC out of the box, plug it in to the Internet, and power it on, most people (most people? OK - a lot of people. Uh, alright - some people. Erm ... *sigh*. A few people. Happy?) know enough to immediately hie thee over to Windows Update and get the latest patches from Microsoft. Then reboot. And get more patches. And reboot. Ad infinitum. Oh, and don't leave out the latest anti-virus updates either. Gotta have those. Oh oh oh - don't forget Windows XP Service Pack 2, the gotta-have update from Microsoft, which "may be as small as 70 megabytes (MB) or as large as 260 MB". And users are supposed to download all this in less than 20 minutes?