Unpatched Windows PCs own3d in less than four minutes
Gone in 240 seconds
An unpatched PC is likely to last just four minutes on the internet before being attacked and compromised.
The time it takes for a PC to get itself owned varies by operating system and what activities a user engages in - but even allowing for this, putting an unpatched Windows PC directly onto the net in the hope that it downloads patches faster than it gets exploited give you "odds that you wouldn't bet on in Vegas", warns Lorna Hutcheson, a researcher at the SANS Institute's Internet Storm Centre (ISC).
The ISC maintains a survival time graph that gives an indication of how long a system might last on the internet before stumbling into the crosshairs of hackers, who routinely use automated tools to scan and commandeer vulnerable systems. Survival time, the ISC notes, has dropped markedly over the last two years, and is currently a fairly scary four minutes.
Security experts advise using a NAT (network address translation router) and personal firewall before connecting systems to the net on anything outside sacrificial systems. This best practice can create tensions between management, who want new systems up and running as quickly as possible, and security admins.
"More than once, I've dealt with a compromise of a system that was placed on the network before it was hardened," Hutcheson writes. "I got the same answer every time - 'We needed it working ASAP'. However, more time was spent playing clean up from it than if it was just done right the first time."
Thorsten Holz, of the German Honeynet Project, explains how exploits lead to system compromises. His analysis - complete with statistics and graphs - can be found here. ®
@AC - 65 year old
That is the biggest load of garbage I've ever read.
The idea of patching of Windows, Linux, Mac OS or whatever is to correct problems/plug holes that weren't known about when the OS was released or have been introduced as a result of previous patching/new features.
What you are referring to is a Linux Live CD but bear in mind that hardware that requires specific drivers may not work if the driver isn't present on the CD.
If my memory serves me correctly OEMs are not permitted to make their own build CDs anymore (as in the days of Win 95 so thats why there is no slipstreaming but there is nothing to stop you make your own build DVD :)
Woosh, the sound of the real point going straight over peoples heads.
The point of the research was not "lets prove that it's not a good idea to put an unpatched Widows computer on the net". After all, these computers were *meant* to invite infection.
This experiment demonstrated in a simple (headline grabbing) manner that despite over ten years of the Windows security industry and many fixes by Microsoft there are still so many *already* compromised Windows computers on the net that that a honeypot computer will be infected extraordinarily quickly.
Look at the research, these attacks weren't being made from some bunker in Siberia, the vast, vast majority were from the same net block that the computer was connected to. ie. ordinary peoples computers connected to the same ISP.
So forget about how great your computer practice is, or how you think people "ought" to use computers, it's not about *you*.
This is a peek into the real world of millions of Windows systems herded into botnets, spreading worms, compromising peoples privacy and security, degrading peoples experience on computers and the internet, and a certain part of the computer industry that seems either unwilling or incapable of solving it.
Not so long ago
There were computers which had their OS on a chip called ROMs (Read Only Memory) which couldn't be erased easily (you could fry 'em with static, I spose) then some bright spark decided (as there was a chip shortage) to bung the OS on hard disks. This, in my 14 year old mind was a recipe for disaster, but hey, folk wanted to make money. Anyway, us youngins should be doffing caps to the seniors, as it was they who started all this computing nonsense off. It's been fun over the last 30 years faffing about with biscuit tins of electronics and getting it all to work. The floppy disk is dead, if that's the case, why are they still being sold?