Forgot your password?
typodupeerror
Windows Operating Systems Software Security

Windows Infected in 12 Minutes 355

Posted by CmdrTaco
from the now-that's-what-I-call-secure dept.
Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."
This discussion has been archived. No new comments can be posted.

Windows Infected in 12 Minutes

Comments Filter:
  • Nice... (Score:5, Funny)

    by j0nkatz (315168) * <anon@@@memphisgeek...com> on Tuesday July 05, 2005 @09:58AM (#12984826) Homepage
    And Slashdot can apparently be infected with a dupe in as little as 5 days [slashdot.org]!!!!
    • Re:Nice... (Score:5, Funny)

      by m4dm4n (888871) <madman@nofrance.info> on Tuesday July 05, 2005 @10:04AM (#12984881) Homepage
      Actually thats a well protected and patched uptodate slashdot. Some slashdots can dupe within hours.
      • Re:Nice... (Score:3, Funny)

        by mark-t (151149)
        But they haven't got MS beat yet.

        I have yet to see a dupe within 12 minutes.

        Maybe they just need to try a little harder.

    • Re:Nice... (Score:2, Funny)

      by thelost (808451)
      i don't usually complain about dupes but I'm almost sure this is actually a dupe of a dupe, and if this goes one we could end up with an all powerful dupe-sourceror and everyone knows that we're all fscked when that happens. I mean really, there must be a reasonable way to check for dupe stories before publication, this shouldn't be an issue on an important geek news website, really it shouldn't.
  • by Willeh (768540) * <rwillem@xs4all.nl> on Tuesday July 05, 2005 @09:59AM (#12984832)
    http://it.slashdot.org/article.pl?sid=05/07/01/021 8209&tid=172&tid=220&tid=218 [slashdot.org]

    Not to mention the original article was a lot better, and not a link to yet another news aggregrator that in turn links to another site: http://www.globetechnology.com/servlet/story/RTGAM .20050704.gtvirusjul4/BNStory/Technology/ [globetechnology.com]

  • by MasamuneXGP (824006) on Tuesday July 05, 2005 @09:59AM (#12984835)
    Honestly, who cares anymore? We've all seen this exact same story with some slightly different words or numbers in about 100 different places. Use a firewall or don't use windows, I get it. Let's get on with our lives plz.
    • by digidave (259925) on Tuesday July 05, 2005 @10:19AM (#12985011)
      I guess one of the problems is that you can be infected before you have a chance to download a firewall. Unless you're on the newest version of Windows you're pretty screwed unless you can configure packet filtering on the NIC.
      • by CdBee (742846) on Tuesday July 05, 2005 @10:31AM (#12985119)
        I seem to recall some cases of software firewalls (if this is what you meant) which don't initiate before the NIC driver comes online, meaning the PC has a few seconds where it can acquire an IP and receive packets before protection commences.

        Good design practice should prevent this but it'll never be quite as good as a hardware f/wall. Decent FW devices can be found for very cheap prices now.

        If you really can't run a hardware firewall due to a need for many open incoming posrt, the 2nd-best solution is to use a modem with routing ability and direct ports 445, 593 and 135-139 to a dead address (remember to send them to an address outside the router's DHCP range so that address can never be assigned to an unprotected machine). These ports represent Windows file/print sharing, RPC Endpoint mapper (a major exploit target) and RPC comms ports. Killing those 5 ports stops 80-90% of remote attacks, although if you are running a web server, but not actually serving remote users, block ports 80 and 8080 as well to kill frontpage server extensions overflow attacks.
        • by Anonymous Coward on Tuesday July 05, 2005 @10:42AM (#12985214)
          If you're running a router then just enable NAT and bingo - a simple firewall. I always deploy ethernet ADSL modems now for many reasons - but this is the main advantage.

          1. Go to new site
          2. Plug PC into modem
          3. Configure modem
          4. Plug phone line into modem
          5. Download latest windows patches

          Note that at stage 5 the PC is already protected by a firewall. Just need to AV and patches to protect against email, adware etc.

          But then I also configure Thunderbird - which limits the email viruses as well (the number of times I've been called becuase a user can't open an email containing a virus ...)
        • two words

          XP SP2

          and if you don't have:

          install XP, then switch on the damn firewall before you plug in the bloody ethernet cable
      • Just run behind a router ($49) and you've solved most of those problems until you get the firewall up and running.

        I installed Linux about a year ago and was infected due to an exploit in the ftp server before I could get everything current, so this is far from a Windows only issue.
    • I use Windows on an un-firewalled PC and don't install security updates much, yet somehow I don't get attacked every 12 minutes. In fact, I have had only one virus during the life of my computer (4 years) and have never been hacked.

      As anti-Windows as I am, I think the argument that Windows gets attacked a lot is weak. At least based on my personal experience.
  • by super_ogg (620337) on Tuesday July 05, 2005 @10:00AM (#12984846) Homepage
    So there are variants and minor changes... do we really count these as new viruses?
    ogg
    • They do on Windows. (Score:3, Informative)

      by khasim (1285)
      Each minor variation means that the old anti-virus signatures won't catch it.

      So new signatures have to be downloaded.

      The problem is that any error in that and you're vulnerable to these "new" viruses/trojans/worms.

      The real problem is that the infection routes on Windows still haven't been closed.
    • If you do, you'll also remember that they actually count.

  • by UnderAttack (311872) * on Tuesday July 05, 2005 @10:00AM (#12984848) Homepage
    The Internet Storm Center [sans.org] is tracking a similar number for while. See the "survival time" [sans.org]. It has actually improved over the last few months!

    • by savagedome (742194) on Tuesday July 05, 2005 @10:14AM (#12984965)
      A herd of buffalo can only move as fast as the slowest buffalo. And when the herd is hunted, it is the slowest and weakest ones at the back that are killed first. This natural selection is good for the herd as a whole, because the general speed and health of the whole group keeps improving by the regular killing of the weakest members. In much the same way, the Internet is only as good as the slowest Windows members. Excessive going online, as we know, gets Windows machines pwn3d. But naturally, it attacks the slowest and weakest Windows machines first. In this way, continuously going online eliminates the weaker Windows machines, making the Internet a faster and more efficient place.

      Shameless parody of the 'beer is good for you' joke
      • by jedidiah (1196) on Tuesday July 05, 2005 @10:37AM (#12985166) Homepage
        This would be cool if the hunting actually culled the herd but it does not. The infested members of the herd continue ramble on like... zombies. In so doing they are able to impact the rest of the herd and slow it down rather than speed it up.

        An Ebola type strain of computer virus might actually be a public good. It would kill off these flu ridden beasts, put them out of their misery and prevent them from continuing to harm the rest of the herd.

        Ra's al Ghul anyone?
      • I see someone disagrees with you, and others think it's funny, but I have to say that was precisely my experience this very weekend.

        As the family's official computer nerd, I'm called upon to fix all the infested and/or dead boxes. I've rebuilt my sister-in-law's box several times now due to spyware and virus infections. This last weekend I said "screw it" and refused to fix her stupid Windows ME box, and said it was scrap unless I could install XP SP2 and give her the windows firewall. (Before the Linux

      • Remembers me the joke of the two guys in the jungle who see a lion.

        The first one start immediately tying is shoes, preparing himself to make the run of is life.

        The second one say: "What the hell are you doing, do you really think you can run faster than the lion?"

        The first guy answer: "I am not planning to run faster than the lion but faster than you!"
  • Nits: picked (Score:2, Informative)

    by Jooly Rodney (100912)
    Speed doesn't shorten, kids; perhaps the OP meant "increased?"
  • by mindaktiviti (630001) on Tuesday July 05, 2005 @10:03AM (#12984870)
    "Windows infected in 12 minutes."
  • new virus (Score:2, Funny)

    by Anonymous Coward
    there is a new virus that causes the same news story to be posted twice
  • Time Loop (Score:5, Funny)

    by DanielMarkham (765899) on Tuesday July 05, 2005 @10:04AM (#12984874) Homepage
    Hey. I saw this episode on Star Trek. The same thing kept happening over and over again until Data finally kept the ship from blowing up.
    That's what's happening on /. Now we need to repeat all of our original posts, while sending a message with tachyon beams back to our original selves...

    Blog's Up! [whattofix.com]
    • by Lt Cmdr Tuvok (810548) on Tuesday July 05, 2005 @10:15AM (#12984969) Homepage Journal
      You are quite perceptive. Tachyon beams are exactly what I, myself, have been using, and am indeed using right now, to write messages on this very 'chatboard'.

      Perhaps we are indeed violating the Prime Directive in the most appalling manner by allowing geeks from your time to view 'Star Trek' unabatedly. Your knowledge of events and technology that occur and exist in our time grows ever greater.

      With this in mind, please disregard this comment. It does not exist.

    • Hey. I saw this episode on Star Trek. The same thing kept happening over and over again until Data finally kept the ship from blowing up.
      That's what's happening on /. Now we need to repeat all of our original posts, while sending a message with tachyon beams back to our original selves...
  • by DS_User (874465) on Tuesday July 05, 2005 @10:04AM (#12984879)
    12 minutes hey. Gee I thought IE opened up quicker than that.
  • Sophos telling us that we really need them, and providing some subjective numbers to make their case...

    I know Windows PCs get infected quite easily, but do we really have to:
    1. repeat this statement every few days?
    2. quote numbers from an organisation which is served well by making this look as bad as possible and present it as fact?

  • by AutopsyReport (856852) on Tuesday July 05, 2005 @10:07AM (#12984900)
    What I'd like to know is what are they doing during those 12 minutes for Windows to become "infected."

    For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).
    I can understand that Windows is vulnerable -- but if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

    • but if I've managed to run Windows for many years without any major problems
      ...that you know of.
      If you don't seek the spyware/malware/viruses you often do not find them.
    • by Anonymous Coward

      For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).

      You must run Windows Update religiously. Last year there was a worm, and if you hadn't already updated your machine, it was more or less impossible to avoid, because the time it took to download the update (a couple of minutes) was way more time than was necessary for your machine to be compromised and auto-reboot

    • What I'd like to know is what are they doing during those 12 minutes for Windows to become "infected."

      I think that is a fair question to ask. I was playing with BitComet last week, linked to Bitracker, or one of the other popular BT sites, and spent three days cleaning up the mess it left behind. In

    • by ceeam (39911) on Tuesday July 05, 2005 @10:50AM (#12985267)
      Maybe you are on some strange subnet that bots don't scan too much. Maybe you don't visit sites that track your address for "who-knows-what-purposes" (OTOH - at least you've successfully posted to /. so you have your port 80 scanned back). Maybe your provider filters bad traffic (or even NATs you). Maybe your connection is so unreliable that they don't bother. Maybe you just don't know. Lots of options.
    • Plugging in the ethernet cord.
    • by Dun Malg (230075) on Tuesday July 05, 2005 @11:11AM (#12985459) Homepage
      I can understand that Windows is vulnerable -- but if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

      I've had my "NAS pr0n box" (an old Athlon 1600+ w/250GB worth of misc drives) running un-updated WinXP Pro (the "reset5" 30-day hack precludes updates) for over a year on the same static IP, open to the whole intarweb, and it hasn't picked up a single virus. I use it for torrents, eMule, kazaa-- basically all and sundry untrustworthy site scouring-- and still it works. I recently installed McAfee on it, just to see what viruses I'd "collected", and there's nothing! I think the biggest deciding factor in how fast your exposed windows machine gets "pwned!" is whether or not it's in the IP address range assigned to a large ISP that caters to the Unwashed Masses (e.g. Comcast). Using an ISP that markets to the bespectacled nerd crowd puts your IP address in a range that probably won't be tapped for a "zombie harvest".

    • What version of windows are you running?

      I was running a Win98 PC as a gateway for the kids PCs connection at home, and it was generally fine, the odd virus, but nothing major.

      However, when I put in Win2K (SP1, no firewall or AV initially installed), it was virtuall unusable within an hour.

      According to the firewall, the machine gets attacked/probed maybe up to a hundred times a day, its ridiculous.
  • Uh (Score:5, Insightful)

    by sheriff_p (138609) on Tuesday July 05, 2005 @10:07AM (#12984902)
    London-based? They're based in Abingdon, Oxfordshire, England. Does English now automatically mean London-based or what?

    +Pete
    • Oxfordshire is on the East side of London, right?
      • Abindgdon is to the West of London and a good way away - being in a different county (Oxfordshire unsuprisingly).
        • There are puny towns in the states that easily spread over multiple counties. Are counties just bigger in the UK? If not then a suburb being in another county is entirely unremarkable.

          H*LL, in the US cities of that size (London) tend to spread over multiple STATES.
      • but you don't see anybody supid enough to claim something made there as coming "from the suburbs" of London.

        Actually to maintain proper parallelism, it should be the island of Formosa with Oxfordshire.

    • Putting London in the right country is probible a good as it is going to get in the US. Why do you think the New Mexico license plate have "USA" on them?
  • by Doc Ruby (173196) on Tuesday July 05, 2005 @10:09AM (#12984926) Homepage Journal
    I'm tired of talking about tech fixes to Slashdot's dup plague. It would stop if the editors would just read the damn front page.
  • Editors - Question (Score:5, Insightful)

    by Phishcast (673016) on Tuesday July 05, 2005 @10:11AM (#12984937)
    I read Slashdot regularly, and I at least skim every headline that comes across. I must notice just about every duplicate article with simple skimming. I'm not nearly as annoyed as a lot of folks when I see a dupe, but my question is this:

    Do the editors of Slashdot actually read the site regularly? If not, should they be posting articles to the front page?

    Followup question: Isn't this common sense?

    • I think they put the thing on autopilot back around 2001 or so.
    • by Basje (26968)
      In the editor's defense: they also see the submissions, so they really read lots more slashdot than the readers do.

      So when they post something they may just have missed it the first time: after 250 potential articles, you may skip over some posted during your holiday.

      That said, procedures should include a quick check on the keywords. It would improve quality.
    • > Do the editors of Slashdot actually read the site regularly? If not, should they be posting articles to the front page?

      There are multiple editors, dupes are bound to occur. Posting stories to slashdot is not all they do with their lives. Posting stories, keeping up with code, maintaining slashdot is already a huge job, which anyone who maintained even a very very tiny clone of slashdot, would know..

      I don't see what is the big frigging deal if there is a dupe every now and then. It only makes thin
    • After a recent go-round with CmdrTaco regarding dupes, he mentioned that they typically know it's a dupe, but that they repost it because they have lots and lots of submissions for the same story. The thinking being, I presume, that if tons of people are submitting it, they don't (and won't) realize it's a dupe.

      As far as technical fixes go, that's easy: add a "dupe" field to posts, and let users filter them out. Since it is claimed that the editors know it's a dupe most of the time, that would solve the
      • >The thinking being, I presume, that if tons of people are submitting it, they don't (and won't) realize it's a dupe.

        Another way to do it: only regged users can submit stories.
        When a person submits a dupe, ban the fucker from submitting anything for the next 180 days.
      • by Petronius (515525)
        Why not just use different Reject codes: rejected, rejected-dupe, etc. instead of encouraging the practise?
  • Blue screen (Score:5, Funny)

    by digidave (259925) on Tuesday July 05, 2005 @10:14AM (#12984959)
    My Windows blue screens in nine minutes, so I'm safe.
  • by broothal (186066) <christian@fabel.dk> on Tuesday July 05, 2005 @10:14AM (#12984966) Homepage Journal
    At least it's stable. It's exactly the same amount of time as the last time [slashdot.org] slashdot mentioned this.
  • by Jugalator (259273) on Tuesday July 05, 2005 @10:16AM (#12984979) Journal
    Here's a solution [winsupersite.com].

    *dodges flying tomatos*

    OK, OK, here's a patch [freebsd.org].

    *runs*
  • by cablepokerface (718716) on Tuesday July 05, 2005 @10:18AM (#12984999)
    pot. kettle. black.
  • Advice (Score:2, Informative)

    by ArchAngel21x (678202)
    That is why you unplug the computer while you install Windows and security programs. Have that stuff burned to CD or on a back up hard drive. You really don't want to be online right after a fresh install of Windows. I don't have my computer online until I have installed service pack 2, Anti-Virus, and Spybot.
  • You can get robbed in a little as three minutes in Downtown Detroit if you walk around counting large stacks of cash.

    The internet is not a nice place. Evolve or die.

  • So apparantly people start an email client _on average_ within 12 minutes after an install and catch a virus? That is pretty rough, and IMHO unrealistic. I don't know what most people do, but I'm usually still install drivers, turning off teletubby mode etc.

    Sounds like the vendors included a few old worms that snatch chronically unpatched systems, and gave it a spin to boost antivirus sales.
  • by Vapon (740778) on Tuesday July 05, 2005 @10:28AM (#12985093)
    When MS_Blaster was at its peak I had computers that were infected before the install finished if I left it connected to the internet.
  • I'm getting ready to install Fedora Core 4 on my laptop, and I can't find a driver for my wireless card yet. I was thinking about plugging straight into the cable modem, since I don't have an extra ethernet cable at the moment. Will I be okay, or should I just buy an extra cable and keep using the hardware firewall?
  • Finally! (Score:3, Funny)

    by Aumaden (598628) <Devon.C.Miller@g ... minus physicist> on Tuesday July 05, 2005 @10:34AM (#12985145) Journal
    Now, all you linux fan boys can just stfu.

    There's no way linux can beat windows speed record now!

  • pre sp1 (Score:5, Insightful)

    by Mr_Silver (213637) on Tuesday July 05, 2005 @10:44AM (#12985220)
    If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos.

    By "Windows" they mean Windows XP pre-service pack 1 which was released in 2001.

    So, what they're saying is: "if your unpatched 4 year old operating system is connected to the internet, it'll get infected pretty quickly."

    Granted, pre-sp2 versions of XP has security that wasn't exactly the greatest and, granted, post-sp2 it still isn't perfect (and I'm not defending that) - but the above statement is like saying "if your vanilla install of Redhat 7.2 is connected to the internet, it'll get infected in a couple of hours".

    The latter isn't fair to Redhat and so I don't see why it's particulary fair to Microsoft either.

    • Because if you bought your PC in 2002 and it came with a bright, shiny XP (no service pack) disk and you're rebuilding it, you use what you have. You have to bootstrap to something in order to download and install SP2. In the time it takes to get Windows Update going, you're too late -- the machine is infected.
  • i am now convinced (Score:3, Insightful)

    by circletimessquare (444983) <circletimessquare@NOSpAm.gmail.com> on Tuesday July 05, 2005 @10:59AM (#12985345) Homepage Journal
    that the editors of slashdot don't even read their own website

    i'm a casual reader, and the dupes jump out glaringly at me just from reading the titles of articles

    you would think then that an editor would have a little more exposure than me to the content coming into and out of slashdot, no?

    hey editors: you have meta-moderation, how about meta-editting?

    from your logs, identify readers who have read the website daily for a few months, and just as you randomly nab people for meta-moderation, randomly nab this pool of readers to review a story before it is published for dupes

    leave the story in a holding area for a few hours, and if 5-10 of these regular readers look at it and don't have any dupe complaints, send it to the front page

    because you have serious problem with all of these dupes

    you need a solution
  • German admits creating Sasser [bbc.co.uk]

    These infections are mostly direct host-to-host infections by Sasser, right?
  • Bah. I just finished this fresh install and I connected it to the Internet 22 minutes ago!

    These guys don't know what they're talki... [NO CARRIER]

  • by Master of Transhuman (597628) on Tuesday July 05, 2005 @11:14AM (#12985489) Homepage

    1) Start /.

    2) Post dupe.

    3) ???

    4) Profit!!!
  • The speed with which PC's can become infected has now shortened.

    Of course it's faster now than before! What did you expect? Considering how much Microsoft has invested in improvements, of course it's become more efficient!

    --
  • While I'm sure their numbers are pretty much correct, it's worth noting that Sophos sells a network anti-virus product and that may be coloring their findings.

    Only fair to mention it, just like it's fair when some company says Windows NT has a lower TCO than Linux...and the funding for the study came from Microsoft.

  • Most retarded story. (Score:3, Interesting)

    by RingDev (879105) on Tuesday July 05, 2005 @11:41AM (#12985716) Homepage Journal
    This is as wonderfull as the Zombie Dog story last week. No facts, no information about the PC, connection, patch history, viruses, etc. Just some random number and some advertising.

    Big suprise, the world most popular OS has the largest number of virus's written for it. Another big suprise, leave your machine unpatched and unprotected on a network and it'll get infected.

    -Rick
  • by jockm (233372) on Tuesday July 05, 2005 @11:42AM (#12985720) Homepage
    I want to know what was the methodology used? Was this just a box plugged into the net without a firewall? Were they connecting to web sites (if so what ones?) Where they checking mail (what client, was the email address new)? Etc

    It would be very easy to build up a system and get it infected though use, but there is no real information to tell us how real world it is, just to scare us (or make us happy we use a different OS).
  • Moore's law has proved accurate for three decades, so we can reliably predict that if Windows gets infected in twelve minutes today, in December next year it'll be six minutes, in June 2008 three minutes, and so on. By 2017 Windows will get infected in just 50 milliseconds.
  • Suggestion (Score:3, Interesting)

    by DrSbaitso (93553) on Tuesday July 05, 2005 @12:15PM (#12986080)
    For stories that subscribers can see from "The Mysterious Future", but a button that can be clicked on the story title if the poster thinks the story is a dupe. I realize that each Slashdot author doesn't read every story that is posted, but enough other people would notice that dupes could get caught before they make the main page.
  • Taco, read your own fucking site much?

    -b
  • Will a NATing router protect you sufficiently to download patches once you've turned off File & Print Sharing?

A holding company is a thing where you hand an accomplice the goods while the policeman searches you.

Working...