There is a study at Cnet which looks at how long it will take for an unpatched comp connected to the Internet to get infected:

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003

If you are wondering why the drop from 40 minutes to 20 minutes is so significant:

The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.

Get the full study here:

Study: Unpatched PCs compromised in 20 minutes (http://news.com.com/2100-7349-5313402.html)

Take Care,

Richard

Nice link, Richard - and 20 minutes is just an average. I was trying to get someone patched mid-MSBlaster (IIRC), and at times that machine was getting taken out in less than 60 seconds after startup :*

There are some quite interesting 'darknet' or 'network telescope' projects out there watching this problem. They occupy an unused corner of the internet, and just listens to inbound traffic. The network makes no requests, so no legitimate data should be sent to it and inbound traffic is almost completely due to malware looking for computers to infect.

When a new problem hits the internet (the Witty worm in this case) the darknet shows it clearly

http://www.cymru.com/Darknet/graph02.png

The scale and speed at which these worms spread is amazing; this is the Slammer worm 30 minutes after it started to spread

http://www.caida.org/outreach/papers/2003/sapphire/sql-after-small.gif

At its peak, the population of infected machines doubled every 8.5 seconds!

Evo,

It is getting pretty sad out there for the average user.

Take Care,

Richard

With regards to using Windows, do you feel lucky punk? ;)

goates

I have a router with a built in firewall and I have never, ever, had anything get through for my PC to deal with. Which considering I also have ZoneAlarm Pro and McAfee Pro on each PC behind it probably means I am wasting my money somewhere...... :{

Richard - I agree. It's not great for those of us called in to clean up either. :(

ORAC - that's the same setup I use and recommend too. Ideal for the home user :ok:

A hardware firewall set to block all unsolicited requests inbound is ideal, but it's a real pain to set it up to block all unrequired outbound requests (malware dialing home, for example) while allowing things you need - ZoneAlarm is so much easier for that. You know that already, of course :)

It is worth noting though that, although they are rare, there have been attacks which exploit flaws in the network code of the firewalls themselves. It's not just Windows that suffers from bad programming. :{ Hardware firewalls are typically much more robust than software though, because there's much less you can do once you've got code to execute.

If you're ever feeling like a bit of a geek, setup the hardware firewall to route all unsolicited inbound packets to a Linux box in the DMZ - your own mini network telescope. :)

I download the O/S patches on my office PC, save them to a memory stick and install them on my notebook without it being connected to the internet. I only rarely connect the notebook to the internet (using Mozilla, not IE) and then only after an O/S patch. The Blackice firewall slings out warnings of intruders every thirty seconds or so while on-line. Its become a sad, sad place, the internet. Maybe its close to outliving its usefulness?

I find the "Geek" mindset interesting. Why are so many geeky types fascinated by intruding into other peole's PCs? Its not only the bad guys, IT people - Sytem Administrators and so on - are just as guilty. My office desktop is packed with spyware installed by the IT department. Then there's the O/S itself - malicious hackers often make use of the information stored in all those tracking log files kept by the operating system; but why do Microsoft feel the need to embed these files into the O/S in the first place? They don't serve any really useful purpose that I can see. If anyone came into your house rummaging through the drawers and cupboards to find out what's in there, that would be a criminal offence. In some (wiser?) parts of the world it would be quite legal to shoot the intruder dead if you caught them at it. So why is it considered OK to crack into people's computers?

Why are so many geeky types fascinated by intruding into other peole's PCs? Its not only the bad guys, IT people - Sytem Administrators and so on - are just as guilty. My office desktop is packed with spyware installed by the IT department.

They aren't doing it for fun as most of them detest invasion of privacy at least as much as anyone else. Go to a site like Slashdot.org (http://slashdot.org) and look at articles about privacy invasion. Many companies, if not all, monitor what happens on their network for several reasons, not the least of which is liability for what it is used for. Industrial espionage is also high on the list as it could potentially be much easier with the internet. There is also the Big Brother aspect of just monitoring what their employees are up to.

The decision to monitor usually comes from the management or legal side, not the geeks. This just dumps more work on the geeks, that I'm sure they don't really want. Just another side effect of the wonderful world we live in.

I don't think the internet is "close to outliving it's usefulness" anytime soon. All that is needed is for all users to learn a little about their new toys before they take them out for a spin. This won't prevent all viruses, but will stop the mass email ones that rely on people to open them or ones that rely on unsecured systems etc., much like driver education cuts down on automobile accidents.

goates

Good God Evo, that map of the world shows the very sparsely populated outback of Oz and the jungles of South America as veritable hots spots of internet infections. :rolleyes:

Its not the viruses that bother me goates, its the intruders. I've been on-line for just over thirty five minutes and 87 intrusion attempts have been blocked, originating from 17 different countries. WTF do they all want with my PC? Collecting surfing history so they can target advertising? Judging by the random rubbish I get in my mailbox every day that's not very likely.

I don't have control of my machine any more and it can't be used for confidential communications. As for the IT department keeping the network secure, their spyware makes them the most likely source of security leaks. We've gone back to using faxes for a lot of messages, to keep them secure from prying eyes.

BTW I just had a stream of over fifty intrusion attempts while writing this....

How do you establish the amount and origin of intrusion attempts on your computer? I'd be interested to see what is going on here.

By the way I have a router with a built in firewall, plus XP is also configured with a firewall. I don't seem to have suffered any problems so far.


Regards
Exeng

If your firewall keeps putting up warnings about intrusion attempts, you should turn the alerts off. Many of these are probably from computers infected with the Blaster or a similar virus. In an ideal world none of this would happen, but I don't think it is an indication of the internet outliving any usefulness it has. I have a router between my computer and the internet, so it drops all the incoming scans.

There are people out there doing interesting things like mapping the internet by doing basic pings of all connected computers. This is completely harmless, but can show up as an intrusion attempt to some firewalls.

None of this will have anything to do with trying to target advertising. That is an entirely separate issue.

The main problem is that the internet and computers have evolved faster than most people and governments can adapt. Spammers etc. are taking full advantage of this. Once we can get governments to create better laws related to the internet and the population learn more about it, much of this should go away. There have been some attempts to outlaw spam, but they haven't proven very effective yet.

I won't hold my breath though, and will keep updating my anti-virus and firewall software while continuing to enjoy the many benefits of the internet.

goates

exeng, Blackice logs the IP address of every intrusion attempt, what they were trying to do, how many attempts they made and what ports they were scanning. The IP address identifies the origin and, if you were really interested you could run a WHOIS on them - but why try to communicate with a computer that's trying to force entry into your own? Better to keep your head down and stay in stealth mode.

As goates already pointed out, most of these intrusion attempts are from infected computers running random scans for a response from an unprotected computer - avionics people would call it 'squitter' - scanning port 135 for the MSRPC Service for example. But in amongst the random noise are other more dangerous scans, so I'm not inclined to turn the alerts off altogether. Then there's Cool Web Search, the dreaded hijacking trojan - firewalls are useless at keeping that out as the code is embedded in the website code and you invite it in by visiting the infected site.

Just along the forum from this thread someone is complaining about having a key logging trojan stuck in his computer. Can anyone here give a good explanation of any legitimate use for a key logger?

Meanwhile I'm reading a fax of a commercial proposal that a contact sent me. Not safe to e-mail it, see...?