Windows Infected in 12 Minutes 355
Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."
Holy Dupes, Batperson! (Score:5, Informative)
Not to mention the original article was a lot better, and not a link to yet another news aggregrator that in turn links to another site: http://www.globetechnology.com/servlet/story/RTGAM .20050704.gtvirusjul4/BNStory/Technology/ [globetechnology.com]
Internet Storm Center is tracking "survival time" (Score:5, Informative)
Nits: picked (Score:2, Informative)
Advice (Score:2, Informative)
Re:Irony (Score:1, Informative)
Same dumb post, same answer: (Score:1, Informative)
Re:What'd I'd like to know (Score:2, Informative)
For years I have run Windows straight out of the box (no firewall, no security software, nothing), and I've only ran into two viruses -- one through Kazaa, and one through IRC (both my fault).
You must run Windows Update religiously. Last year there was a worm, and if you hadn't already updated your machine, it was more or less impossible to avoid, because the time it took to download the update (a couple of minutes) was way more time than was necessary for your machine to be compromised and auto-reboot.
This worm automatically tried to infect random IP addresses near the host and was that prevalent that any given consumer connection was being attacked every minute or so.
if I've managed to run Windows for many years without any major problems, then I'm curious what they are doing during these 12 minutes to arrive to such a conclusion.
It need be as simple as "connect to the Internet to run Windows Update". It's nothing like "download spam and run random EXEs".
They do on Windows. (Score:3, Informative)
So new signatures have to be downloaded.
The problem is that any error in that and you're vulnerable to these "new" viruses/trojans/worms.
The real problem is that the infection routes on Windows still haven't been closed.
Re:not always enough - hardware firewalls are bett (Score:5, Informative)
1. Go to new site
2. Plug PC into modem
3. Configure modem
4. Plug phone line into modem
5. Download latest windows patches
Note that at stage 5 the PC is already protected by a firewall. Just need to AV and patches to protect against email, adware etc.
But then I also configure Thunderbird - which limits the email viruses as well (the number of times I've been called becuase a user can't open an email containing a virus
Re:email dangers and within 12 minutes? (Score:2, Informative)
Re:What'd I'd like to know (Score:3, Informative)
I was running a Win98 PC as a gateway for the kids PCs connection at home, and it was generally fine, the odd virus, but nothing major.
However, when I put in Win2K (SP1, no firewall or AV initially installed), it was virtuall unusable within an hour.
According to the firewall, the machine gets attacked/probed maybe up to a hundred times a day, its ridiculous.
It was much faster in my experience (Score:1, Informative)
Only 1 minute before fatal infection! That has to be some kind of a record! Imagine if we were that vulnerable to infection. We would all be dead!
That same Linux installation is still working great by the way, after two whole years and no firewall or anything.
Same story as a week ago, same reply from myself (Score:1, Informative)
APK Online Security 20-points basic checklist. A combination of things really, layered security is the idea!
DETAILS:
http://www.avatar.demon.nl/APK.html [demon.nl]
SUMMARY:
1.) IP Security Policy in place for adbanner servers blocking OR other "undesirable" IP addresses.
2.) A custom adbanner blocking HOSTS file with 35,000++ entries in it with known banner ad servers in it (which have been shown in some cases even as bearing malicious javascript etc. in them as well as just plain slowing you down as you surf the web by calling out to DNS' servers for URL to IP resolution & loading their remote data).
3.) Tcp/IP filtering @ the IP Stack levels (UDP & TCP) allowing ONLY port 80. Need others? Open then up, this is all I need personally here.
4.) Using up to date AntiVirus & AntiSpyware.
5.) Using
6.) IE Restricted Zones (added to via
7.) Custom adbanner filtering Cascading Style Sheets in webbrowsers when possible (via Opera).
8.) ZoneAlarm Pro or Native Windows Firewall. ZA is the better overall, the Windows one works though.
9.) Disable Java-javascript &/or ActiveX-activescripting in your webbrowsers.
Sorry webmasters, but too many holes popup here and ONLY IE gets that enabled here for Windows Update really only or sites that "demand" I use either.
10.) Making sure the Operating System is up-to-date/fully hotfix or service pack patched.
11.) Disabling uneeded services (especially remote oriented ones, e.g.-> Remote Registry) gaining not only memory & CPU cycles back, but also security:
Microsoft is even into this one now, evidenced by Windows Server 2003 Security Configuration Wizard run by the installation of SP #1 final onto it.
(I've been doing it for YEARS now, better than a decade since Windows NT 3.51 in fact: It WORKS!)
12.) Using restricted Registry &/or FileSystem ACL rights to disks/folders/files + Registry Hives.
13.) Amending secpol.msc & gpedit.msc security polices local to my system for better security.
14.) Using User-Rights & restricting them to my usual logged on user & the system entity SID itself only on most rights, denying all other groups.
15.) Applying registry hacks known to fortify the system BOTH remotely & locally per Microsoft guides for this on Windows Server 2003 for "OS Hardening" &/or "Tcp/IP Hardening".
16.) Being sure applications are up-to-date & patched current as well.
17.) Lastly here, by using a LinkSys BEFSX41 "NAT" & true CISCO technologies based stateful-packet-inspecting firewall router!
18.) Disabling NetBIOS over Tcp/IP & stopping Client for Microsoft Networks (all you need to get online IS Tcp/IP).
However, Ms Lans need these for file and printer sharing and networking properly/fully. THIS changes on LANS, but can be secured better than the default so IF you need it? Patch/harden for it IF you have to use it.
19.) ADDITIONALLY:
RUNNING IE in a "runas limited user class" sandbox effect, is possible -
It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.
Of course, it's a hassle to
Re:oi vey... (Score:2, Informative)