Chicken and Egg

William T Goodall wtg at wtgab.demon.co.uk
Mon Jul 14 11:53:36 PDT 2008 

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9109938&source=rss_news10

"It takes less than five minutes for hackers to find and compromise an  
unpatched Windows PC after it's connected to the Internet, a security  
researcher said today.

The SANS Institute's Internet Storm Center (ISC) currently estimates  
the "survival" time of an Internet-connected computer running Windows  
at around four minutes if it's not equipped with the latest Microsoft  
Corp.security patches, said Lorna Hutcheson, a researcher and analyst,  
in a post to the ISC blog."

[...]

"Another security researcher, however, said unpatched machines can  
last longer than just a few minutes before falling to attack. The  
German Honeypot Project, which sets vulnerable systems on the Internet  
to collect malware, estimates survival time in hours, not minutes.
"Compared to the survival time from the Internet Storm Center which is  
currently below five minutes, we measure a higher survival time," said  
Thorsten Holz, a co-founder of the project and current a Ph.D. student  
at the University of Mannheim, in a post to the Honeypot Project's  
blog. The project's data estimates the average time between connecting  
to the Internet and compromise at under 1,000 minutes, or  
approximately 16 hours.

"[But] the time is still short and you need to patch a system before  
taking it online," said Holz."

""While the survival time varies quite a bit across methods used,  
pretty much all agree that placing an unpatched Windows computer  
directly onto the Internet in the hope that it downloads the patches  
faster than it gets exploited are odds that you wouldn't bet on in  
Vegas," added Hutcheson of the ISC."


So how do you download the patches if you can't put an unpatched  
Windows computer on the internet?

-- 
William T Goodall
Mail : wtg at wtgab.demon.co.uk
Web  : http://www.wtgab.demon.co.uk
Blog : http://radio.weblogs.com/0111221/

"I wish developing great products was as easy as writing a check. If  
so, then Microsoft would have great products." - Steve Jobs

More information about the Brin-l mailing list