|
Posted by Daave on February 3, 2008, 5:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>> I'm sure many here are very familiar with the notion that there is "a
>> 50% chance of being infected by an internet worm in just 12 minutes
>> of
>> being online using an unprotected, unpatched Windows PC." As many of
>> you
>> know, this is a direct quote from a Sophos press release from July 1,
>> 2005:
>>
>>
http://www.sophos.com/pressoffice/news/articles/2005/07/pr_uk_midyearroundup2005.html
>>
>> Sophos got a lot of mileage from this press release. An interesting
>> side
>> effect I've seen is newsgroup posts warning users of the dangers of
>> going online to patch an older, pre-SP2 version of Windows XP
>> because it
>> will take more than 12 minutes, leaving many vulnerable to malware
>> infestation. Obviously, there are ways around this: download the
>> entire
>> service pack (using another PC) and burning a disk so that SP2 may be
>> applied while the PC is offline and safe. Or users may get the
>> equivalent disk from Microsoft for a nominal fee.
>>
>> But this begs the question: For the majority of people who choose to
>> obtain SP2 through automatic updates, *how* vulnerable are they
>> exactly?
>> Of course, for those running SP1 or Gold, Messenger Service (which
>> is on
>> by default) can be manually turned off. But again, for the majority
>> of
>> people who have performed a clean installation without knowing to
>> turn
>> off specific services, how vulnerable are their PCs?
>>
>> I'm sure the study referenced in the press release talks about
>> averages
>> and includes people who don't patch their systems and don't practice
>> other modes of safe hex. Messenger spam arriving informing a gullible
>> person that they have spyware or registry problems has happened many,
>> many times. People clicking on links in e-mails when they shouldn't
>> be
>> doing so... well, you get the picture.
>>
>> But what about a PC on the Internet that is not doing anything but
>> sitting there? Without the benefit of a firewall, hackers/bots can
>> attempt to do damage, for sure. But without any user input, is this
>> 12-minute figure reasonable? Or is it more a case of marketing hype?
>> Specifically, what specifically can happen to an unpatched system,
>> assuming there is no user input (clicking on links, OK buttons in
>> pop-up
>> windows, etc.)? Are there worms that can do damage this way, and if
>> so,
>> what are they and what is the mechanism by which they infect a PC?
>> How
>> common is real-time hacking in this sort of situation?
>>
>
> Using a NAT Router will mitigate the BOT/Worm threat as well as
> hacking attempts.
This is certainly true.
Not that I'm advocating that computer users not take proper precautions,
but I'm just curious if someone who has an ordinary modem and is not
running a software firewall, etc. will be in danger of being infected
within 12 minutes as is commonly believed, and if so, what is the
mechanism by which this can happen? In my scenario, the PC is just
sitting idle. Or sitting at Windows Update. :-)
| 
XML site map