An unpatched PC is likely to last just four minutes on the internet before being attacked and compromised.

The time it takes for a PC to get itself owned varies by operating system and what activities a user engages in - but even allowing for this, putting an unpatched Windows PC directly onto the net in the hope that it downloads patches faster than it gets exploited give you "odds that you wouldn't bet on in Vegas", warns Lorna Hutcheson, a researcher at the SANS Institute's Internet Storm Centre (ISC).

Security experts advise using a NAT (network address translation router) and personal firewall before connecting systems to the net on anything outside sacrificial systems. This best practice can create tensions between management, who want new systems up and running as quickly as possible, and security admins.

"More than once, I've dealt with a compromise of a system that was placed on the network before it was hardened," Hutcheson writes. "I got the same answer every time - 'We needed it working ASAP'. However, more time was spent playing clean up from it than if it was just done right the first time."

Thorsten Holz, of the German Honeynet Project, explains how exploits lead to system compromises. His analysis - complete with statistics and graphs - can be found here. ®

Related stories

• Crackers latch onto year-old Windows token vuln (18 March 2009)
• Firefox went ton up in bugs in 2008 (5 March 2009)
• Green Hills spins out military Integrity for masses (5 December 2008)
• Microsoft hopes third time is lucky with XP SP3 update (8 July 2008)
• Ankle-biting hackers storm net's overlords, hijack their domains (27 June 2008)
• 'Legit' website compromises reach epidemic proportions (5 June 2008)
• Fight malware by upgrading to Vista, urges MS (23 October 2007)
• Hackers target unpatched Office flaw (5 February 2007)
• Zero-day holiday (5 January 2006)
• Security Report: Windows vs Linux (22 October 2004)