Windows Infected in 12 Minutes

Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."

Holy Dupes, Batperson!

[Willeh]

http://it.slashdot.org/article.pl?sid=05/07/01/021 8209&tid=172&tid=220&tid=218 [slashdot.org]

Not to mention the original article was a lot better, and not a link to yet another news aggregrator that in turn links to another site: http://www.globetechnology.com/servlet/story/RTGAM .20050704.gtvirusjul4/BNStory/Technology/ [globetechnology.com]

Internet Storm Center is tracking "survival time"

[UnderAttack]

The Internet Storm Center [sans.org] is tracking a similar number for while. See the "survival time" [sans.org]. It has actually improved over the last few months!

Nits: picked

[Jooly Rodney]

Speed doesn't shorten, kids; perhaps the OP meant "increased?"

Advice

[ArchAngel21x]

That is why you unplug the computer while you install Windows and security programs. Have that stuff burned to CD or on a back up hard drive. You really don't want to be online right after a fresh install of Windows. I don't have my computer online until I have installed service pack 2, Anti-Virus, and Spybot.

Re:Irony

[Anonymous Coward]

No, no it isn't. [tri-bit.com] Not even in the slightest.

Same dumb post, same answer:

[wirehead78]

Get a cheap Linksys router from CompUSA.

Re:What'd I'd like to know

[Anonymous Coward]

For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).

You must run Windows Update religiously. Last year there was a worm, and if you hadn't already updated your machine, it was more or less impossible to avoid, because the time it took to download the update (a couple of minutes) was way more time than was necessary for your machine to be compromised and auto-reboot.

This worm automatically tried to infect random IP addresses near the host and was that prevalent that any given consumer connection was being attacked every minute or so.

if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.

It need be as simple as "connect to the Internet to run Windows Update". It's nothing like "download spam and run random EXEs".

They do on Windows.

[khasim]

Each minor variation means that the old anti-virus signatures won't catch it.

So new signatures have to be downloaded.

The problem is that any error in that and you're vulnerable to these "new" viruses/trojans/worms.

The real problem is that the infection routes on Windows still haven't been closed.

Re:not always enough - hardware firewalls are bett

[Anonymous Coward]

If you're running a router then just enable NAT and bingo - a simple firewall. I always deploy ethernet ADSL modems now for many reasons - but this is the main advantage.

1. Go to new site
2. Plug PC into modem
3. Configure modem
4. Plug phone line into modem
5. Download latest windows patches

Note that at stage 5 the PC is already protected by a firewall. Just need to AV and patches to protect against email, adware etc.

But then I also configure Thunderbird - which limits the email viruses as well (the number of times I've been called becuase a user can't open an email containing a virus ...)

Re:email dangers and within 12 minutes?

[drc500free]

No, this has nothing to do with an email client. This is for a system connected to the internet and just sitting there with a default install.

Re:What'd I'd like to know

[clonmult]

What version of windows are you running?

I was running a Win98 PC as a gateway for the kids PCs connection at home, and it was generally fine, the odd virus, but nothing major.

However, when I put in Win2K (SP1, no firewall or AV initially installed), it was virtuall unusable within an hour.

According to the firewall, the machine gets attacked/probed maybe up to a hundred times a day, its ridiculous.

It was much faster in my experience

[Anonymous Coward]

I had just finished installing Windows 2000 Professional on my older computer when it happened. All of a sudden, internet traffic became completely saturated, CPU utilization was at 100% and the system became completely unresponsive. Needless to say, I was forced to hit the reset button, pop in a Linux CD and install that instead.

Only 1 minute before fatal infection! That has to be some kind of a record! Imagine if we were that vulnerable to infection. We would all be dead!

That same Linux installation is still working great by the way, after two whole years and no firewall or anything.

Same story as a week ago, same reply from myself

[Anonymous Coward]

Take 30 minutes and do this, never get infected AGAIN (on Windows no less), ever, & most certainly NOT in 12 minutes... not again, ever!

APK Online Security 20-points basic checklist. A combination of things really, layered security is the idea!

DETAILS:

http://www.avatar.demon.nl/APK.html [demon.nl]

SUMMARY:

1.) IP Security Policy in place for adbanner servers blocking OR other "undesirable" IP addresses.

2.) A custom adbanner blocking HOSTS file with 35,000++ entries in it with known banner ad servers in it (which have been shown in some cases even as bearing malicious javascript etc. in them as well as just plain slowing you down as you surf the web by calling out to DNS' servers for URL to IP resolution & loading their remote data).

3.) Tcp/IP filtering @ the IP Stack levels (UDP & TCP) allowing ONLY port 80. Need others? Open then up, this is all I need personally here.

4.) Using up to date AntiVirus & AntiSpyware.

5.) Using .PAC file proxy filters in all web-browsers vs. adbanners & such.

6.) IE Restricted Zones (added to via .reg files which the first body of code in the HOSTS file I use is prepped for the .reg filedata for via a program I built in ObjectPascal delphi console mode ripping away the URL from the 127.0.0.1 loopbacks I equate adbanner servers to, etc. & then insert these here and into IPSecPols also).

7.) Custom adbanner filtering Cascading Style Sheets in webbrowsers when possible (via Opera).

8.) ZoneAlarm Pro or Native Windows Firewall. ZA is the better overall, the Windows one works though.

9.) Disable Java-javascript &/or ActiveX-activescripting in your webbrowsers.

Sorry webmasters, but too many holes popup here and ONLY IE gets that enabled here for Windows Update really only or sites that "demand" I use either.

10.) Making sure the Operating System is up-to-date/fully hotfix or service pack patched.

11.) Disabling uneeded services (especially remote oriented ones, e.g.-> Remote Registry) gaining not only memory & CPU cycles back, but also security:

Microsoft is even into this one now, evidenced by Windows Server 2003 Security Configuration Wizard run by the installation of SP #1 final onto it.

(I've been doing it for YEARS now, better than a decade since Windows NT 3.51 in fact: It WORKS!)

12.) Using restricted Registry &/or FileSystem ACL rights to disks/folders/files + Registry Hives.

13.) Amending secpol.msc & gpedit.msc security polices local to my system for better security.

14.) Using User-Rights & restricting them to my usual logged on user & the system entity SID itself only on most rights, denying all other groups.

15.) Applying registry hacks known to fortify the system BOTH remotely & locally per Microsoft guides for this on Windows Server 2003 for "OS Hardening" &/or "Tcp/IP Hardening".

16.) Being sure applications are up-to-date & patched current as well.

17.) Lastly here, by using a LinkSys BEFSX41 "NAT" & true CISCO technologies based stateful-packet-inspecting firewall router!

18.) Disabling NetBIOS over Tcp/IP & stopping Client for Microsoft Networks (all you need to get online IS Tcp/IP).

However, Ms Lans need these for file and printer sharing and networking properly/fully. THIS changes on LANS, but can be secured better than the default so IF you need it? Patch/harden for it IF you have to use it.

19.) ADDITIONALLY:

RUNNING IE in a "runas limited user class" sandbox effect, is possible -

It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

Of course, it's a hassle to

Re:oi vey...

[I'm Don Giovanni]

The retail and OEM versions of XP have been the SP2 version since Fall 2004.