Tick-tock...
Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Tick-tock...

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Tick-tock...

    I was looking at Information Security Magazine's November 2004 and noticed the following stat that they obtained from ISC/SANS:

    The average time from connection to the Internet before an unpatched, unprotected Windows PC is infected by malware is 20 minutes, down from 40 minutes in 2003
    It would have been interesting however to see what "malware" specifically constitutes and would have been worthwhile to see if there are any other OS comparisons.

    It'd also be interesting to see how long before someone (rather than a something) goes after a machine (that is, how many "attackers" are actually actively looking for a machine to compromise because of a vulnerability that OS has rather than because it's a final target like Microsoft itself -- it makes me think of Lance Spitzner's first experience with building a honeypot).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I am sure your aware of this MsM, but the Internet Storm Center posts the "Average Survival Time" between attacks. They define their stats as:

    The survivaltime is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
    The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer 'survival time'. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller.
    As of today, they are listing the average survival time at 17 minutes.

    Cheers:
    DjM

  3. #3
    Member
    Join Date
    Dec 2003
    Posts
    97
    At this rate it's not whether or not you're going to be own3d, but rather who is going to own you.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    This is the perfect argument for those who shudder at the idea of spending $50 on a linksys or similar. The survival time statistic is the longest time between scans/probes that could infect. The norm would be closer to 8.5 minutes and the unlucky ones will be as low as less than a minute. The point being you don't have time to go online, download ZoneAlarm or whatever and install it all the while guaranteeing safety. But you just spent $600+ on that shiney new box and if you aren't careful it'll cost a trip to the store to have it fixed for you - minimum cost $70.... Hmm... You are out at least $20.... The linksys would have been worth it.... Ahhhh... yes... you super geeks that can fix it yourself..... Where will you get the trusted ZoneAlarm executable from?... But more importantly, how much is your time worth?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    It would have been interesting however to see what "malware" specifically constitutes and would have been worthwhile to see if there are any other OS comparisons.

    It'd also be interesting to see how long before someone (rather than a something) goes after a machine (that is, how many "attackers" are actually actively looking for a machine to compromise because of a vulnerability that OS has rather than because it's a final target like Microsoft itself
    I agree that it would be a better guide of TTL [ ], if they did break the data down into constituent parts.
    However, I feel that this might water down the FUD effect of this kind of headline.

    I'm not against this info, far from it. I would just prefer a more varied diet.
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    The catch 22? It takes much longer than that to patch the system by internet. Pray that your ISP blocks common worm ports or have a friend burn the patches. Oh or how about turning on that built in windows firewall then update update update.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    So,
    If we take all of the above into consideration. Is it not about time that Microsoft withdrew all copies of it's OS's pre known vulnerabilities and replaced with updated versions?? (including oem).

    Let's face it, in what other sector of the manufacturing, supply of goods and service industries could trade successfully the way Microsoft do.

    What would you do if, your brand-spanking-new car got a flat tyre every few days. And everyone who had the same car had the same problem??
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    At this point with stats like that, I'm super glad I got both copies of the security cds MS was sending people for free. I have both SP1 and SP2 on separate disks so I can ignore the internet entirely.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  9. #9
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I have both SP1 and SP2 on separate disks so I can ignore the internet entirely
    So how does joe blow learne he can contact Microsoft and get these for free, if he can aford the international call.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  10. #10
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Is it not about time that Microsoft withdrew all copies of it's OS's pre known vulnerabilities and replaced with updated versions?? (including oem).
    ***cough*** and SuSe and RH are doing the same? get bloody real.. the OEM..the system builder is at the edge here and needs to have the systems patched b4 sale.. but that won't happen.. the home PC market is so tight on margins, no retailer will risk wasting the half hour to install updates.. and pass that cost on to customers.. mr Joe Average is getting what he pays for.. cheep computers..
    As for system Admins.. setting up a box with in their network or for their road warriers.. if they are stupid enough to put a virgin machine straight onto the net with out any patches or a firewall, they should apply for a salemans job at Walmart
    So how does joe blow learne he can contact Microsoft and get these for free,
    by not being a bloody lazy cheap skate when buyimng the computer and paying a little extra for the right advice..
    Everyone wants the equipment and software as cheap as possable.. but none are willing to pay for the oil to keep the machinery running.. technical support..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •