Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Study: Unpatched PCs compromised in 20 minutes
News.com ^ | August 17, 2004, 12:22 PM PDT | Matt Loney and Robert Lemos

Posted on 08/18/2004 10:04:30 AM PDT by glorgau

Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.

The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.

"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.

The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.

Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.

"It's a tough problem, and it's getting tougher," Conti said.

One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.

The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.

"We are giving the people the ability to remediate before connecting to the network," Conti said.

The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.

If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch.

"On the other hand, university networks and users of high-speed Internet services are frequently targeted with additional scans from malware like bots," the group stated. "If you are connected to such a network, your 'survival time' will be much smaller."

In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall. Microsoft's latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.

One problem, experts say, is network administrators' reliance on patching and their assumption that users will quickly patch systems.

Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.

"Nobody will have time to detect it," he said. "Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be-all and end-all."

Baumhardt stressed the importance of adaptability, using the human immune system as an example: "Imagine if your body said, 'Hmm, I have the flu. I've never had this before, so I'll die.' But that doesn't happen: Your body raises its temperature and so on, to buy time while other mechanisms kick in."

"If the human body did patch management the way (companies do), we'd all be dead."

Matt Loney of ZDNet UK reported from London.


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: exploit; getamac; internetexploiter; lowqualitycrap; microsoft; microsoftwindows; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-87 next last
To: glorgau

After reading thru all the posts on this subject, i'm leaning toward an e-mac. I agree with the policy of pre-emption... :o) Are there any pics out there of the upcoming G-5 e-Mac?


61 posted on 08/18/2004 11:49:22 AM PDT by Liberty Valance (witty little tagline diversion - under construction)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sweetliberty
how do you do this if you have to have the patch to get on the internet safely and you can't get the patch without getting on the internet?

I should have taken more time to answer your question. Seeing ShadowAce's post caused me to come back for a serious suggestion:

1) Wait several weeks/months for MS to come up with a stable PROVEN patch in downloadable form.

2) Boot into another OS and download it to burn to a CD.

3) Nuke your installation with a HD reformat and reinstall XP from scratch with your system disconnected from the internet.

4) intall the patch from CD onto your virgin system.

5) Only then enable networking.

In the meantime, disconnect your modem anytime you are running Windows and only browse using something like Knoppix.

62 posted on 08/18/2004 11:55:07 AM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Ernest_at_the_Beach

its an excellent program, they have a free trial available to try out. It checks for registry changes, start up changes, browser changes an all round excellent program. The only problem is that you have to have the ability to recognize what belongs and doesnt belong on your computer. It has a built in dictionary but it doesnt always have the information on a particular file.


63 posted on 08/18/2004 11:56:51 AM PDT by aft_lizard (I actually voted for John Kerry before I voted against him)
[ Post Reply | Private Reply | To 44 | View Replies]

To: Swordmaker
Swordmaker, do you still have that column showing that Windows' market share (and the Mac's lack thereof) has nothing to do with why Windows machines are hacked every second of the day, while most Macs are never hacked at all?

There are a number of people on this thread that could use a clue.

64 posted on 08/18/2004 11:57:24 AM PDT by Dont Mention the War (we use the ¡°ml maximize¡± command in Stata to obtain estimates of each aj , bj, and cm.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: hobson

Can you run a virus scan on Mcafee's website? Or is that where you were getting the access denied message?


65 posted on 08/18/2004 12:01:19 PM PDT by Leatherneck_MT (Goodnight Chesty, wherever you may be.)
[ Post Reply | Private Reply | To 51 | View Replies]

To: ShadowAce
You are assuming that the security models for Windows and Mac (and Linux) are identical. They aren't. It's like saying that the damage would be identical if a tornado went through a brick home community rather than through a trialer park.

You're right, but don't spend too much time trying to convince them. The "it's all about market share" canard is the only rationalization they have to hang their hats on, so they're going to keep beating it into the ground like a child going "LA LA LA LA I can't hear you! LA LA LA LA LA!"

If people want to use Windows, fine. I use it too, as well as Macs. But I don't defend Windows against the indefensible.

66 posted on 08/18/2004 12:01:35 PM PDT by Dont Mention the War (we use the ¡°ml maximize¡± command in Stata to obtain estimates of each aj , bj, and cm.)
[ Post Reply | Private Reply | To 42 | View Replies]

To: All

Another program I would highly suggest anyone getting if they are going to be connected to the internet is Spyhunter (not to be confused with spybot)

In my professional experience this has done more to keep malicious cookies off of computers than any of the other spy ware preventive programs out there.

It costs 29.95 and you can get it at this website

www.enigmasoftwaregroup.com

Also, someone else suggested installing mozilla instead of IE. That is a good idea. With Mozilla and Spyhunter running on my 2 computers I do not have the problems that I used to have with spyware. Any of them that get passed mozilla are picked up and destroyed by spyhunter.

Pretty good protection at the start, but there is alot more that you need to do.


67 posted on 08/18/2004 12:07:19 PM PDT by Leatherneck_MT (Goodnight Chesty, wherever you may be.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: nyconse

Ok, this is just too frustrating. I went to download eScan, filled out the form, got to the download page, the words "Download Escan 2003" are there but it's not a link. View Source? nope, no link there, just text. There's no link anywhere, nada, zero zip, to download. I tried going to download.com but they don't have it. Tried in both IE and Firefox ....I'm getting paranoid now...

Maybe Tucows has it. I'll be back.


68 posted on 08/18/2004 12:14:49 PM PDT by hobson
[ Post Reply | Private Reply | To 58 | View Replies]

To: steplock
May I also suggest you add the following to your list?

Peer Guardian

You'd be surprised if you knew how many hits were getting through. I have nearly the same software but this is a primary precaution and must be loaded before I even touch a browser.

I recommend downloading the most recent IP list as well.

69 posted on 08/18/2004 12:18:38 PM PDT by Caipirabob (Democrats.. Socialists..Commies..Traitors...Who can tell the difference?)
[ Post Reply | Private Reply | To 19 | View Replies]

To: LTCJ
Seeing ShadowAce's post caused me to come back for a serious suggestion:

I must admit--my post carried my tongue firmly in cheek. I don't really expect him to go to that extreme.

70 posted on 08/18/2004 12:24:17 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 62 | View Replies]

To: HAL9000

If you've got no reason to own Windows - such as you have to run programs from your work - do yourself a favor and get a Mac.


71 posted on 08/18/2004 12:28:00 PM PDT by Musket
[ Post Reply | Private Reply | To 4 | View Replies]

To: hobson

Also, what is the name of this virus?


72 posted on 08/18/2004 12:28:55 PM PDT by nyconse
[ Post Reply | Private Reply | To 68 | View Replies]

To: glorgau; All

Alternative browsers:
http://www.mozilla.org/
http://www.opera.com/

Free anti-viral protection:
http://www.grisoft.com/us/us_dwnl_free.php

Popup ad killers:
http://www.bayden.com/popper/

Close that friggin' Messenger in Windows XP:
http://grc.com/stm/ShootTheMessenger.htm

Spyware removers:
http://www.safer-networking.org/index.php?lang=en&page=download
http://www.lavasoftusa.com/
http://www.wilderssecurity.net/spywareblaster.html

Good for pre-screening & bouncing SPAM:
http://mailwasher.net/

Script Defender ( stop that nonsense from running unwelcome scripts ):
http://www.analogx.com/welcome.htm
_________________

73 posted on 08/18/2004 12:31:12 PM PDT by backhoe (1990's? Decade of Frauds. 2000's? Decade of Lunatics...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ciexyz

That's exactly what you have to do. People have forgotten how to practice safe computing. I went to a friend of a friend's house one time and the guy was letting his son run peer to peer sharing on the same machine where he ran quickbooks pro for his customers. I told him politely as I could that this wasn't a good idea.


74 posted on 08/18/2004 12:31:43 PM PDT by Liberal Classic (No better friend, no worse enemy. Semper Fi!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Liberty Valance; HAL9000

Sorry HAL, my post #71 was for Liberty. My bad.


75 posted on 08/18/2004 12:39:18 PM PDT by Musket
[ Post Reply | Private Reply | To 2 | View Replies]

To: ShadowAce
I must admit--my post carried my tongue firmly in cheek. I don't really expect him to go to that extreme.

I saw your Stealth/Sarc using my X-ray glasses - but it did cause a gamma ray to bounce off a neuron triggering the Knoppix angle.

As for extremes, the pain of maintaining Windows security exceeded my personal threshold about two months ago. I'm at the point now where keeping up with Windows is tougher than the Linux learning curve. SuSE is my primary go-to OS now but I realize that's not a generic solution for most...

76 posted on 08/18/2004 12:54:05 PM PDT by LTCJ (God Save the Constitution.)
[ Post Reply | Private Reply | To 70 | View Replies]

To: steplock

"If everyone had a mac, then MAC's would be getting destroyed - there is NOTHING better about a mac -- maybe the price is higher? A LOT higher!"

Thanks for answering the question I was wondering about before having to ask it.


77 posted on 08/18/2004 12:54:21 PM PDT by Lee'sGhost (Crom!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: glorgau; cyborg; King Prout; Darksheare; Slings and Arrows; nyconse; KangarooJacqui; backhoe; ...
Hey guys, look at this.

I'm on a computer-related thread.

WOO-HOO!

How neat is this?(!)

78 posted on 08/18/2004 1:01:08 PM PDT by The Scourge of Yazid (Oompa-loompa, doopity-doo. I've got another puzzle for you. You can live in happiness too if you...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: steplock
I use everything you listed along with Popup Popper and Mailwasher.

I'm still a computer illiterate but am trying to learn security and have been helping others put safeties on their machines.

.

When "updating" the safety programs,should anything else be shut down as you do when putting the original security program on?

Also,is it OK to use AdAware,Spybot,AVG Antivirus,etc. in safe mode?

79 posted on 08/18/2004 1:02:06 PM PDT by Free Trapper (Because we ate the green mammals first!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: HAL9000

'm thinking about getting a Mac.

Good idea. It's great to have a computer that works right out of the box.



Yeah its also good to support radical liberal facist POCs like Jobs and Al Gore who are part of Apple. I dont care if Rush has an Apple too; Rush can talk the talk but he never walks the walk. Liberals have learned long ago that boycotting a company goes alot farther than protesting a company. Its a lessen that needs to be learned by some here on FR.


80 posted on 08/18/2004 1:17:23 PM PDT by sasafras (sasafras (The road to hell is paved with good intentions))
[ Post Reply | Private Reply | To 4 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-87 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson