Unknown Soldier
Veteran
According to the latest data at the SANS Internet Storm Center, the average time it takes for an unprotected PC running Microsoft Windows (i.e., firewall off and missing critical security patches) to be compromised after being plugged into the Internet has more than doubled since September 2004. Trouble is, that time gap still isn't that large: An unguarded Windows computer can expect to be hacked within little more than 40 minutes of going online.
The "survival time" of Windows PCs has been steadily on the rise since last fall, when Microsoft released Service Pack 2, a comprehensive security upgrade for Windows XP that made it easier for users to take advantage of the operating system's built-in firewall, as well as automate the installation of security patches.
While Service Pack 2's deployment may explain the survival time in part, the data may also reflect another trend, according to Chicago-based security services firm LURHQ. In the latest edition of the company's "On the Radar" newletter, LURHQ analysts point to the "the lack of any new critical network-based vulnerabilities in Windows workstations since the LSASS exploit."
LURHQ is referring to a security flaw for which Microsoft released a patch in the spring of 2004. The flaw was quickly seized upon by hackers to launch the highly successful "Sasser" worm; since then, the LSASS flaw has become the de facto method for infecting Windows computers through automated attacks, which are typically designed to turn infected PCs into "bots" -- machines that give attackers the power to control an infected computer and link it to networks of "zombie" machines that they can control for a variety of nefarious activities.
While the LURHQ advisory notes that the pool of vulnerable Windows machines is slowly shrinking in the short run, it also stresses that hackers are increasingly finding other ways to hijack Windows PCs and convert them into bots, such as through instant messaging attacks and flaws in Microsoft's Internet Explorer Web browser.
All of which should serve as yet another reminder of how important it is for Windows users to take basic, preventative measures to stay safe online. If you need help with the basics, like choosing and installing a firewall, anti-virus software, and Windows updates, have a look at our video guides for securing your computer.
News Source@ Washington Post
The "survival time" of Windows PCs has been steadily on the rise since last fall, when Microsoft released Service Pack 2, a comprehensive security upgrade for Windows XP that made it easier for users to take advantage of the operating system's built-in firewall, as well as automate the installation of security patches.
While Service Pack 2's deployment may explain the survival time in part, the data may also reflect another trend, according to Chicago-based security services firm LURHQ. In the latest edition of the company's "On the Radar" newletter, LURHQ analysts point to the "the lack of any new critical network-based vulnerabilities in Windows workstations since the LSASS exploit."
LURHQ is referring to a security flaw for which Microsoft released a patch in the spring of 2004. The flaw was quickly seized upon by hackers to launch the highly successful "Sasser" worm; since then, the LSASS flaw has become the de facto method for infecting Windows computers through automated attacks, which are typically designed to turn infected PCs into "bots" -- machines that give attackers the power to control an infected computer and link it to networks of "zombie" machines that they can control for a variety of nefarious activities.
While the LURHQ advisory notes that the pool of vulnerable Windows machines is slowly shrinking in the short run, it also stresses that hackers are increasingly finding other ways to hijack Windows PCs and convert them into bots, such as through instant messaging attacks and flaws in Microsoft's Internet Explorer Web browser.
All of which should serve as yet another reminder of how important it is for Windows users to take basic, preventative measures to stay safe online. If you need help with the basics, like choosing and installing a firewall, anti-virus software, and Windows updates, have a look at our video guides for securing your computer.
News Source@ Washington Post
