The Register® — Biting the hand that feeds IT

Feeds

Unpatched Windows PCs own3d in less than four minutes

Gone in 240 seconds

By John Leyden, 15th July 2008
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

An unpatched PC is likely to last just four minutes on the internet before being attacked and compromised.

The time it takes for a PC to get itself owned varies by operating system and what activities a user engages in - but even allowing for this, putting an unpatched Windows PC directly onto the net in the hope that it downloads patches faster than it gets exploited give you "odds that you wouldn't bet on in Vegas", warns Lorna Hutcheson, a researcher at the SANS Institute's Internet Storm Centre (ISC).

The ISC maintains a survival time graph that gives an indication of how long a system might last on the internet before stumbling into the crosshairs of hackers, who routinely use automated tools to scan and commandeer vulnerable systems. Survival time, the ISC notes, has dropped markedly over the last two years, and is currently a fairly scary four minutes.

Security experts advise using a NAT (network address translation router) and personal firewall before connecting systems to the net on anything outside sacrificial systems. This best practice can create tensions between management, who want new systems up and running as quickly as possible, and security admins.

"More than once, I've dealt with a compromise of a system that was placed on the network before it was hardened," Hutcheson writes. "I got the same answer every time - 'We needed it working ASAP'. However, more time was spent playing clean up from it than if it was just done right the first time."

Thorsten Holz, of the German Honeynet Project, explains how exploits lead to system compromises. His analysis - complete with statistics and graphs - can be found here. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (86)
Latest Comments
pctechxp

@AC - 65 year old

That is the biggest load of garbage I've ever read.

The idea of patching of Windows, Linux, Mac OS or whatever is to correct problems/plug holes that weren't known about when the OS was released or have been introduced as a result of previous patching/new features.

What you are referring to is a Linux Live CD but bear in mind that hardware that requires specific drivers may not work if the driver isn't present on the CD.

If my memory serves me correctly OEMs are not permitted to make their own build CDs anymore (as in the days of Win 95 so thats why there is no slipstreaming but there is nothing to stop you make your own build DVD :)

0
0
Andrew Wigglesworth

Woosh, the sound of the real point going straight over peoples heads.

The point of the research was not "lets prove that it's not a good idea to put an unpatched Widows computer on the net". After all, these computers were *meant* to invite infection.

This experiment demonstrated in a simple (headline grabbing) manner that despite over ten years of the Windows security industry and many fixes by Microsoft there are still so many *already* compromised Windows computers on the net that that a honeypot computer will be infected extraordinarily quickly.

Look at the research, these attacks weren't being made from some bunker in Siberia, the vast, vast majority were from the same net block that the computer was connected to. ie. ordinary peoples computers connected to the same ISP.

So forget about how great your computer practice is, or how you think people "ought" to use computers, it's not about *you*.

This is a peek into the real world of millions of Windows systems herded into botnets, spreading worms, compromising peoples privacy and security, degrading peoples experience on computers and the internet, and a certain part of the computer industry that seems either unwilling or incapable of solving it.

0
0
Anonymous Coward

Not so long ago

There were computers which had their OS on a chip called ROMs (Read Only Memory) which couldn't be erased easily (you could fry 'em with static, I spose) then some bright spark decided (as there was a chip shortage) to bung the OS on hard disks. This, in my 14 year old mind was a recipe for disaster, but hey, folk wanted to make money. Anyway, us youngins should be doffing caps to the seniors, as it was they who started all this computing nonsense off. It's been fun over the last 30 years faffing about with biscuit tins of electronics and getting it all to work. The floppy disk is dead, if that's the case, why are they still being sold?

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19