Windows Infected in 12 Minutes

Uber-Review writes "The speed with which PC's can become infected has now shortened. If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos. They have detected 7,944 new viruses in the first half of 2005, a 59% increase over the same time span last year."

Woop-de-freaking-doo.

[MasamuneXGP]

Honestly, who cares anymore? We've all seen this exact same story with some slightly different words or numbers in about 100 different places. Use a firewall or don't use windows, I get it. Let's get on with our lives plz.

Uh

[sheriff_p]

London-based? They're based in Abingdon, Oxfordshire, England. Does English now automatically mean London-based or what?

+Pete

Eat Your Own Dog Food

[Doc Ruby]

I'm tired of talking about tech fixes to Slashdot's dup plague. It would stop if the editors would just read the damn front page.

Editors - Question

[Phishcast]

I read Slashdot regularly, and I at least skim every headline that comes across. I must notice just about every duplicate article with simple skimming. I'm not nearly as annoyed as a lot of folks when I see a dupe, but my question is this:

Do the editors of Slashdot actually read the site regularly? If not, should they be posting articles to the front page?

Followup question: Isn't this common sense?

Re:I'm a little sceptical

[91degrees]

Have you done extensive tests on a range of IP addresses, or are you just extrapolating based on a single result?

Re:What'd I'd like to know

[dissolved]

but if I've managed to run Windows for many years without any major problems

...that you know of.
If you don't seek the spyware/malware/viruses you often do not find them.

not always enough - hardware firewalls are better

[CdBee]

I seem to recall some cases of software firewalls (if this is what you meant) which don't initiate before the NIC driver comes online, meaning the PC has a few seconds where it can acquire an IP and receive packets before protection commences.

Good design practice should prevent this but it'll never be quite as good as a hardware f/wall. Decent FW devices can be found for very cheap prices now.

If you really can't run a hardware firewall due to a need for many open incoming posrt, the 2nd-best solution is to use a modem with routing ability and direct ports 445, 593 and 135-139 to a dead address (remember to send them to an address outside the router's DHCP range so that address can never be assigned to an unprotected machine). These ports represent Windows file/print sharing, RPC Endpoint mapper (a major exploit target) and RPC comms ports. Killing those 5 ports stops 80-90% of remote attacks, although if you are running a web server, but not actually serving remote users, block ports 80 and 8080 as well to kill frontpage server extensions overflow attacks.

Re:Internet Storm Center is tracking "survival tim

[jedidiah]

This would be cool if the hunting actually culled the herd but it does not. The infested members of the herd continue ramble on like... zombies. In so doing they are able to impact the rest of the herd and slow it down rather than speed it up.

An Ebola type strain of computer virus might actually be a public good. It would kill off these flu ridden beasts, put them out of their misery and prevent them from continuing to harm the rest of the herd.

Ra's al Ghul anyone?

pre sp1

[Mr_Silver]

If your Windows computer is not properly protected,it will take 12 minutes before it becomes infected, according to London-based security company, Sophos.

By "Windows" they mean Windows XP pre-service pack 1 which was released in 2001.

So, what they're saying is: "if your unpatched 4 year old operating system is connected to the internet, it'll get infected pretty quickly."

Granted, pre-sp2 versions of XP has security that wasn't exactly the greatest and, granted, post-sp2 it still isn't perfect (and I'm not defending that) - but the above statement is like saying "if your vanilla install of Redhat 7.2 is connected to the internet, it'll get infected in a couple of hours".

The latter isn't fair to Redhat and so I don't see why it's particulary fair to Microsoft either.

Re:What'd I'd like to know

[ceeam]

Maybe you are on some strange subnet that bots don't scan too much. Maybe you don't visit sites that track your address for "who-knows-what-purposes" (OTOH - at least you've successfully posted to /. so you have your port 80 scanned back). Maybe your provider filters bad traffic (or even NATs you). Maybe your connection is so unreliable that they don't bother. Maybe you just don't know. Lots of options.

Re:oi vey...

[Anonymous Coward]

The problem may also be the websites themselves, If I can't put my browsers internet security slider on High and expect not to miss content, Sholdn't we also be blaming the technologies used by those sites ?
Anyone blaming the scripting or active content methods used?
Seem to me that the PC is only half the
problem !
How can a firewall or anything effectively stop what we must allow through to see content ?
Many people just lower the security bar to allow the missing content
What about technologies that pass though firewalls
including web content over http ?
What about buffer overflows that add bad stuff ?
How can any firewall or antivirus stop these?
When the content is allowed staring in?

When they are allowed through ?

i am now convinced

[circletimessquare]

that the editors of slashdot don't even read their own website

i'm a casual reader, and the dupes jump out glaringly at me just from reading the titles of articles

you would think then that an editor would have a little more exposure than me to the content coming into and out of slashdot, no?

hey editors: you have meta-moderation, how about meta-editting?

from your logs, identify readers who have read the website daily for a few months, and just as you randomly nab people for meta-moderation, randomly nab this pool of readers to review a story before it is published for dupes

leave the story in a holding area for a few hours, and if 5-10 of these regular readers look at it and don't have any dupe complaints, send it to the front page

because you have serious problem with all of these dupes

you need a solution

Re:Editors - Question

[Basje]

In the editor's defense: they also see the submissions, so they really read lots more slashdot than the readers do.

So when they post something they may just have missed it the first time: after 250 potential articles, you may skip over some posted during your holiday.

That said, procedures should include a quick check on the keywords. It would improve quality.

-2 Redundant

[part_of_you]

What's funny is that if there are more than 2 people that say this is a dupe, they get modded down to "Redundant" when in fact this article itself is a dupe. Catch-22?

What's even funnier is that the article is basicly saying that if you put an unprotected Windows box online, that within 12 minutes it's got problems. I want to know who is putting an unprotected Windows box online? All the Windows boxes that are sold today have the latest updates already installed on them, and I must say, Microsoft has stepped up it's game a bit. Days of Windows bashing should be near-end.

Re:I'm a little sceptical

[91degrees]

The thing is, to take them seriously, we need better evidence than we have. If it was an independent organisation, then we could reasonably assume that they had a reliable testing mechanism. Sophos are far from independent. They need to present better evidence, especially if they're going to be as specific as 12 minutes.

Anecdotal evidence does not make their result any more reliable. I can find dozens of people who will provide an example of just about anything happening. It doesn't make it any more likely. You may just have been unlucky. A single sample is by no means representative, especially a sample that is self selecting. All the people who didn't get a virus in less than 30 minutes would not bother to respond to my comment.

Is it possible that a computer will be infected in 30 minutes? Clearly it is. Will that happen to all computers? Perhaps. Is the average 12 minutes? We don't know. The only evidence is from a company that makes no mention of their methodology, and has a definite reason to be biased. It has as much validity as a Microsoft sponsored report on Windows cost of ownership vs. Linux. Nobody would believe that, so why believe Sophos?

What was the methodology?

[jockm]

I want to know what was the methodology used? Was this just a box plugged into the net without a firewall? Were they connecting to web sites (if so what ones?) Where they checking mail (what client, was the email address new)? Etc

It would be very easy to build up a system and get it infected though use, but there is no real information to tell us how real world it is, just to scare us (or make us happy we use a different OS).

Re:pre sp1

[Tim C]

If you want to make it a valid comparison, convince Microsoft to begin a program where you can trade in your version of Windows XP for Windows XP + Service Pack 2 + Updates, etc.

If the average user can't be bothered to go to the effort of obtaining a service pack on CD (or downloading it and burning it to one themselves, for that matter), what makes you think they'd take up such an offer?

Re:Woop-de-freaking-doo.

[Romeozulu]

Just run behind a router ($49) and you've solved most of those problems until you get the firewall up and running.

I installed Linux about a year ago and was infected due to an exploit in the ftp server before I could get everything current, so this is far from a Windows only issue.

Re:Editors - Question

[Petronius]

Why not just use different Reject codes: rejected, rejected-dupe, etc. instead of encouraging the practise?

Re:Internet Storm Center is tracking "survival tim

[ArcticCelt]

Remembers me the joke of the two guys in the jungle who see a lion.

The first one start immediately tying is shoes, preparing himself to make the run of is life.

The second one say: "What the hell are you doing, do you really think you can run faster than the lion?"

The first guy answer: "I am not planning to run faster than the lion but faster than you!"