Opinion What normally happens within twenty minutes? That's how long your average unprotected PC running Windows XP, fresh out of the box, will last once it's connected to the Internet.Oh, if you run your PC behind a router/firewall, you've got until you open your first web page or html-enabled e-mail to get the patches on.
The SANS Institute Internet Storm Center released those eye-opening numbers a few days ago. Go take a look at their graph, and you'll note that the current time of 20 minutes is half that of what it was a year ago, although, to be fair, the average has been both higher and lower - over an hour last Christmas and only about 15 minutes in the spring. That hour at Christmas seems like an aberration, and the overall trend has definitely been downward, towards far shorter times before your Windows box is not really yours any longer.
As the SANS Institute notes, 20 minutes is not long enough to update your Windows PC before it is too late. If you take a new PC out of the box, plug it in to the Internet, and power it on, most people (most people? OK - a lot of people. Uh, alright - some people. Erm ... *sigh*. A few people. Happy?) know enough to immediately hie thee over to Windows Update and get the latest patches from Microsoft. Then reboot. And get more patches. And reboot. Ad infinitum. Oh, and don't leave out the latest anti-virus updates either. Gotta have those. Oh oh oh - don't forget Windows XP Service Pack 2, the gotta-have update from Microsoft, which "may be as small as 70 megabytes (MB) or as large as 260 MB".
The SANS Institute tries to help by offering a free download of a great little 1.2 MB PDF wonderfully titled, "Windows XP: Surviving the First Day" (makes XP sound like a communicable disease, doesn't it?
Friday, August 20, 2004
Infected in 20 minutes
The Register recently ran an article on how quickly a new PC will get infected when attached to the Internet. It's worth reading the whole thing but I'm going to excerpt some of it here.
Posted by Ben Moore at 9:17:00 PM