Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, August 17, 2004

Study: Unpatched PCs compromised in 20 minutes

Don’t connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it’s compromised by malware, on average.  That figure is down from around 40 minutes, the group’s estimate in 2003.

The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute “survival time” by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.  “If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe,” the center, which provides research and education on security issues, said in a statement.

The drop from 40 minutes to 20 minutes is worrisome because it means the average “survival time” is not long enough for a user to download the very patches that would protect a PC from Internet threats.  The center also said in its analysis that the time it takes for a computer to be compromised will vary widely from network to network.  If the Internet service provider blocks the data channels commonly used by worms to spread, then a PC user will have more time to patch. 

In a guide to patching a new Windows system, the Internet Storm Center recommends that users turn off Windows file sharing and enable the Internet Connection Firewall.  Microsoft’s latest security update, Windows XP Service Pack 2, will set such a configuration, but users will have to go online to get the update, opening themselves up to attack.

One problem, experts say, is network administrators’ reliance on patching and their assumption that users will quickly patch systems.  Speaking recently at the Microsoft TechEd developer conference in Amsterdam, Microsoft security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.  “Nobody will have time to detect it,” he said.  This shows that patch management is not the be-all and end-all.”

Posted on 08/17