Posted on 08/18/2004 10:04:30 AM PDT by glorgau
Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.
According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.
"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.
"We are giving the people the ability to remediate before connecting to the network," Conti said.
The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.
If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.
"On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."
In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.
One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.
Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.
"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."
Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."
"If the human body did patch management the way (companies do), we'd all be dead."
Matt Loney of ZDNet UK reported from London.
In ingles, por favor????? :> Mac's easier/shrugging... check on it anoche
You are assuming that the security models for Windows and Mac (and Linux) are identical. They aren't. It's like saying that the damage would be identical if a tornado went through a brick home community rather than through a trialer park.
I prefer the security of my brick home (linux) over trailers (Windows).
Okay, so how do you do this if you have to have the patch to get on the internet safely and you can't get the patch without getting on the internet?
That's one I haven't heard of .
That would be the Question Of The Day (TM), wouldn't it?
Is 'whistle past the graveyard' a valid answer?
I'm not surprised. Whenever I have to disconnect my NAT firewall for even a short period of time and later look at the ZoneAlarm log I see dozens of incoming attempts to get into my system.
Mac is far easier to defend, but not invulnerable. Windows is targeted bacuse the vulnerabilities exist on more desktops. Assume that you knew a secret combination to aparticular brand of safe - would you waste time attacking others when such easy pickings existed?
All these various programs (the ones I listed are all free) do is defend computer from attacks. Some are browser hijackers designed to generate income for a site, other are designed to record your keystrokes, credit card numbers etc.
Without protection, the only secure PC is one not attached to another, and no means of doing so.
Add Mailwasher to the list - preview email before downloading, prevent malware from loading when reading mail. Trask junk before it gets into 'puter.
The problem is Bell South, like other ISP's are in a catch 22. The real issue here is that hackers are getting more vicious in their attacks and there are not enough security people to weed them out, prosecute them and feed them to the sharks.
If you do not want your computer to catch a virus, worm, adware, get hacked, whatever there is only one solution.
Do not turn it on.
LOL the you-know-what here is goin' go look at e-machines in a few hours--gettin' nervous, ya know :-)
Unfortunately, you are absolutely correct about this.
Instead, try out Mozilla and configure to block popups.
Also, set your cache to zero. There is no reason to save 50 MB of ads and old pictures on your HD. Besides, if the browser sees zero cache, it will not spend time looking there and will load images faster.
Try this link-you can try it for free. It's called e-scan it found stuff that no other AV found.
http://www.mwti.net/antivirus/escan/escan.asp
Thanks! I'll try it.
Ok just wondering
Also, do you know how to check your permissions on the registry. Some of this stuff can actually deny you access to your own computer. You can fix this by going on as an administrator, but be careful. Someone I know goofed and no one could get in. I eventually found a way around it, but it took much work. If you know the name of your virus, type it into google. Lots of white knights out there who will help you. I learned plenty by lurking on those sites. If you are running xp-run e-scan first to see if it is in your restore files. If it is in these files. You need to disable system restore and run it again.
Ooops, wrong reply lol.
I've been working in computers and networking since 1987. The change I have seen in this industry in that amount of time is staggering.
We have come a long way in being able to defeat hackers and script kiddies, but we are still playing catchup.
Unfortunately anything that man can build, man can defeat.
I agree with all your posts. We are never going to get rid of this problem, but we can reduce it. I help people with their computers sometimes, and I am appalled at the fact they do not protect their computers. Viruses would not spread so fast if people would just update and run anti-trojan programs. many of these programs are free. You are still going to have problems, but you will have less trouble
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.