I believe I've said this before - Grin with cat attached
|| I believe I've said this before
||Aug. 23rd, 2004 12:52 pm|
That's getting worryingly close to a survival time of 0.
Is there any data on the proportion of connection attempts/ TCIP traffic that's malignant?
It means that if you put a new, unpatched PC online without a firewall it will probably be infected before you have a chance to download the firewall, patches or A-V software.
This did, indeed, happen to Liz recently when she upgraded to XP.
To be fair, it actually only means the time between probe packets. I've seen an unpatched PC which has lasted 8 years without issues (though the campus firewall helped somewhat).
Hence the bit where I said "without a firewall".
Indeed... but I'm still sure that time before seeing probe packet and time before actual infection is still a few orders of magnitude apart.
Not really. I've seen other stats (also from SANS) that currently it takes about 25 minutes for an unpatched, unfirewalled, XP in default configuration to be infected by some worm.
AFAIK a "probe packet" generally *is* the attack (there's no seperate recon phase on most worms). As such, to have an "two order of magitude" difference you'd be expecting a box to survive dozens of attacks against which it has no defence.
*shrug* Again it is experience from coming round and seeing PCs belonging to computer non-aware people that have been unprotected, unfirewalled and unpatched and surviving.
What sort of connections, out of interest? Broadband? Always-on?
It's unfortunate that that site doesn't have more history of the survival times - I'd be interested to know how recently it's got this bad.
See below -- thinking about it, I'm guessing that having w98 rather than XP helps -- simply because it is listening on not so many ports by default.
Surviving, yes, but like most parasites, the worms don't kill the host machine - they just sit around generating spam, trying to harvest bank/card details, that sort of thing. Might slow the machine down, but is unlikely to make it actually fall over.
Sure -- I should have been clear about that. I'm thinking in specific about my parents' machine (no viruses and no malware -- but a dialup connection rarely used -- I reckon they probably only connect for an hour a week but that was over the course of several years) and a friend's machine on broadband, used about an hour a day I estimate unpatched and without firewall or virus checker -- riddled with malware (all installed by him) and one virus (contracted through email) -- no worm infection that I could detect.
And that's why you should enable the Internet firewall in XP -before- you plug in any network cable or phoneline.
A big problem, that.. I managed to build a new machine yesterday and put Windows on it, and then realised as soon as I configured it to connect to the house network so I could transfer software across, it'd be connected to the internet and totally unprotected. I got paranoid, and my solution was to use another safe machine to download and copy a free firewall onto a USB key. So I could transfer and install the firewall on the new machine before it ever touched the internet. Yay.
(and the main reason I'm putting Windows on there is to install software to burn CDs with the CD-writer in order to create some Linux install CDs to install Linux with.....)
Is your house network entirely routable-IP then?
Yes, shockingly. It's a security nightmare at times, but I like all my IP addresses and run various servers so its easier that way. I don't NAT even once, let alone twice. :)
This is why I have the DMZ/backroom combination. Which works now