Comments on: Study: Unpatched PCs compromised in 20 minutes

The average "survival time" is not even long enough to download patches that would protect a computer from Net threats.

Microsoft viruses: faster than Dominos

Your PC 0wned in 20 minutes or less or else its FREE Linux!

[Jonathan]

Ya then it just takes 20 days to fingure out Linux

Whatever. Wake me when Linux actually becomes easy to use and admin.

[Dachi]

When Nachi was at its peak this time was 6 seconds

If installing a new box you literally had to turn the firewall on before connecting the network cable. It will be interesting to see if this number changes much over the next year as more people move to SP2 and the number of zombie machines comes down.

[Tex Murphy PI]

Firewalls don't address the root problem

of user ignorance.

You can pile on the latest anti-viral and firewall software on your PC, shut down file-sharing and all the other useless services crammed into windows, but all it takes is one stupid move such as openning an infected attachment - and it's game over.

With over 50 million lines of code in Windows, you can bet that there are a lot of day-zero exploits just waiting to happen.

I don't know which is worse - the bugs we don't know in Windows (because nobody has seen the source code), or the fact that a smart hacker could find a hole in open-source Linux. Hey, it's a tight OS, but I'm sure there are holes in that OS too.

[wrwjpn]

RE: Direwalls don't address the root problem

"I don't know which is worse - the bugs we don't know in
Windows (because nobody has seen the source code), or the fact
that a smart hacker could find a hole in open-source Linux. Hey,
it's a tight OS, but I'm sure there are holes in that OS too."

Pretty obvious, I can see the code in OSS, so I have a better
chance of protecting myself. Imagine you are going to a foreign
country that is know for certain sicknesses, you know in advance
so you get certain inoculations before you go. The point being
that yes no one OS is perfect but if you can see everything then
you might have a better chance of survival. Using MS is like
putting all your eggs in one basket and letting your 2 year old
carry it home.

[dwhite25]

who's got Windows source?

The republic of China

An interesting addendum

Would be to create a similar chart for Mac OS X and for Linux.
Then c|net could write about that.

Oh wait... a story that might put Apple in a positive light? I
forgot this was c|net! Never mind!

[R Me]

Patches and the human body

What a poor misguided piece.
Not one word about the real root of the problem...MS
If the human body had to depend on MS to insure birth I certainly wish Bill G. would be the first nural implant.

[arthur-b]

Duh!

As long as people choose to ignore causes and opt for symptom fighting instead the world will see no end to spam, spyware, zombied PCs, worms and what not.

For years the world has seen a steady increase in attack vectors and still the only answer to all that is symptom fighting. The blaming finger has been pointed to almost anyone and anything: users, administrators, managers, third-party software, developers, vendors, hackers, crackers and even politicians.

Is there any end in sight?

Realisticly speaking no. As long as plenty of people are willing to jump through hoops and see improvement in that then that's exacly the kind of customer demand that will be satisfied. Hey, it keeps the stock holders happy so why change the game plan?

In the mean time alternatives are getting spin doctered because they are not part of the business plan. But then who would expect Ford to recommend BMWs? Or even a Ford driver to admit that he would rather like to drive a BMW but is afraid of having to handle gears?

Lucky enough for us the alternatives are getting harder and harder to ignore though. Also because other stock holders (and tax payers) would like to improve their bottom line.

[KDoggMDF]

A large missing point

Dont you think that there is a large portion here that is being missed though? yes, Viruses can travel networks without opening any file or downloading anything, but what about when you do visit a website and ad-ware or spyware is dropped onto your computer? It can be just as harmful, if not worse. Why? Well, for one, it bugs the crap out of you. Two; it sends your personal data to who knows where to who knows who. Three; it can just as easily compromise your system and turn off your firewalls and virus protections to allow other threats to invade your PC and the other PCs on your network. Until someone decides to make a program that has the best antivirus, firewall, spyware removal and protection, and tips on how to have a safe computer, and it is easily accessible and cheap or free, there is always going to be this problem and it is going to get worse and worse.

Firewall will extend survival time

It's NOT everything you need to secure your machine - but installing a firewall BEFORE you connect the machine to the Internet will significantly lengthen its survival time when you connect it afterwards.

That's why I keep a copy of ZoneAlarm/etc handy in a CD.

by the way - I've seen machines infected in as quick as 5 minutes. At the height of a worm's outbreak, this may fell down further to even seconds.


Thanks,
Harry

Close to being accurate

Sufehmi points out importance of using or at least taking advantage of a firewall. Our experience, however, extends this concept to installing new systems, FIRST - Install totally offline, if possible. SECOND - Connect and install to any network on the protected side of an effective dedicated firewall. THIRD - Install and update antivirus software. Lastly - D/L and apply critical updates then add spyware protection.

Critical updates are NOT the first line of defense. That's part of the stratigic package.

The tactical key, we've found, is utilizing a dedicated firewall without exception. While software firewalls can be effective for single users, they simply can't be installed and configured fast enough at the onset to afford the necessary protection. Plus, they slow down even fast machines to the point of making it frustrating for the user.

Further, as has been pointed out, it takes only moments for an 'online' install to become virus infected and/or malware infested - how very true!

Our firewalls? Stripped down Linux and IPChains/IPTables, of course, with some logging and Intrusion Detection. Installed on an older Dell PII-350, for instance, net surfing speed is restored and protection is maximized because of dedicated fast throughput (100BaseT on both the protected and unprotected ports).

The only better protection method is the power switch and a yellow notepad.

[dwhite25]

viruses

useing Windows XP as your OS means you shouldn't be
on the net. Why doesn' t Joe Public catch on
Linux,Unix,BeOS,just about any thing but Windows is
immune hear me, IMMUNE to all Windows viruses.

Immune?

First, I'd like to state that I am not against Linux by any means. I've used it, many of my friends use it, and in general, it's an exceptional OS. However, your statement ignores a major fact. Over 90% of PC's connected to the Internet run a Microsoft Operating system. It's a fact...and no amount of griping, education, or outright hounding end-users is going to change that fact.

Linux is not immune to worms or viruses....it's simply a matter of time. Hackers, crackers, worm writers, (and whomever else) are only interested in maximizing their effect. Now tell me, whats the best way to do that. To write a worm that attacks less than 5% of computers connected to the Internet, or a worm that has the potential to infect up to 90% of computers connected to the Internet? --Hm....let me think...

So your statement that Linux and Unix are immune seems rather assinine and naive to me. And lets not forget that there are just not enough applications that run on Linux (at this point) to make it a feasible OS for everyday use by the average person.

[roadiebob]

be carefull what you ask for

be careful, if you get your wish, and all these fine hackers that are pounding on windows everyday turn their attention to Linux, your very own pet operating system will be the one going down in flames. There are no perfect operating systems.

[dwhite25]

Correction

Running Windows . My PC doesn' t run windowsso it
wouldn't be compramised at all(the patches wouldn't
work either).

An older article...but it's coming...

update Six vulnerabilities in a common code that handles an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X.

The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.

And...

The most critical vulnerability crashed two open-source browsers, Evans said. "A scarier possibility is targeted exploitation by e-mailing a nasty PNG to someone who uses a graphical e-mail client to decode" images, he added.

Link to article

http://news.com.com/Image+flaw+pierces+PC+security/2100-1002_3-5298999.html?tag=cd.hed

[arthur-b]

already fixed for some

Example: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2

And IE? Has that been fixed already? Or do you have to wait 200+ days again?