Internet Vision Technologies - IVT News - Windows survival time falls to 20 minutes

Windows survival time falls to 20 minutes
Fri, Aug 20 2004

It's obvious to most Internet users that the number of computer security problems has become quite overwhelming recently. There are email viruses which attempt to take over your computer, phishing scams that attempt to steal your personal data, denial of service (DOS) attacks that take websites offline, and just plain old spam that floods our inboxes.

If you read the security incident advisory notices published by organisations such as SANS, a highly respected security training and certification organisation, it's scary to see just how many security holes there are in Windows. With so many open doors it's a field day for malicious (black-hat) hackers who want to infect as many machines as possible.

But how do hackers find machines to infect?

One common approach is to set up computers that 'scan' all available Internet Protocol (IP) addresses, and poke and prod any machines they find to see if known holes can be opened. The addresses that are scanned include not just servers, but also any end user machines that are connected to the Internet. If you connect your computer to the Internet even for a short time to read email, browse the web, etc, you are vulnerable for the length of time you are connected unless you take very specific steps to keep your computer safe. If you happen to be online without a good firewall at the exact same time as a hacker scans your IP address, and your computer has a security hole that hasn't been patched, your machine can become infected.

In the past this hasn't been such a big problem because most people used dial-up modems to connect to the Internet, and so they weren't online for very long. The chance of being online at the exact moment your address was scanned was quite low.

However, things are different now for two reasons: broadband, and decreasing survival time.

Broadband users, unlike modem users, are online all the time. If you have a broadband connection at home or work your computer is connected live to the Internet 24 hours/day, 7 days/week. It doesn't matter how slow the hackers are, if you're online 24/7 they'll get around to scanning your address eventually. It's just a matter of time.

Survival time is the other problem. The SANS Internet Storm Center has been tracking scan frequency, measuring how often each IP address on the Internet is scanned by a hacker looking for a security hole. That time is considered the average 'survival time': ie, the period of time an insecure computer can survive without infection from the moment it's connected to the Internet.

SANS publishes the results online, where as you can see for yourself the current survival time is down around 20 minutes.

Just 20 minutes. Think about that for a moment. Every computer on the Internet is scanned every 20 minutes. That's not very long. Take a brand new Windows computer, connect it to the Internet, and it will survive no more than about 20 minutes before it's been hacked. Very scary indeed.

What makes this a real problem is that it takes longer than 20 minutes to download the latest security patches from Microsoft to secure your system. So, starting with a brand new machine which needs security patches applied, what do you do? If you connect to the Internet, it will get hacked. But you have to connect to the Internet in order to download the security patches that it needs to prevent it getting hacked while connected to the Internet.

Mmmm. Catch-22.

So what *are* Windows users to do? To have any hope of keeping a system clean it's necessary to get online and stay uninfected for just long enough to download and install the latest security patches, but that's not an easy task and most users don't know where to start.

To help users go through that process the SANS Institute Internet Storm Center has published a guide titled: "Windows XP: Surviving the First Day" which can be downloaded free from their website (please don't point out the irony!). The illustrated 13-page guide takes you step by step through the basic things you need to do in order to secure a new Windows XP system. It's far from being a definitive guide but it's certainly a good starting point.

You can grab the PDF from the SANS site.

Login to Dashboard