PC survival time 'down to 20 minutes'

Matt Loney, ZDNet UK

18 August 2004 08:19 AM

Tags: loney, microsoft teched, pc, sans, survival, time, average, patch

The time that an unpatched PC can survive connected to the Internet has dropped to an average of 20 minutes, down from 40 minutes in 2003.

According to the latest data from the Internet Storm Center at the US-based SANS Institute, which provides research and education on security issues, the historical trend is continuing its downward journey, and has now reached a point at which it does not provide enough time to download the very patches that would protect a system from malware.

SANS calculated the survival time of a PC using the average time between probes of an average target IP address from worms attempting to propagate for an average target IP address.

"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," said the Institute in a statement. However, it said, the result is only an average, and times will vary widely from network to network.

"Some of our submitters subscribe to ISPs which block ports commonly used by worms," said the Institute.

"As a result, these submitters report a much longer 'survival time'. On the other hand, university networks and users of high speed Internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller."

The main issue, said SANS, is that the time to download critical patches now commonly exceeds this survival time. Part of the problem, say security experts, is IT's reliance on patch management..

Speaking at the recent Microsoft TechEd developer conference in Amsterdam, Microsoft Security consultant Fred Baumhardt said the day is likely to come when a virus or worm brings down everything.

"Nobody will have time to detect it. Nobody will have time to issue patches or virus definitions and get them out there. This shows that patch management is not the be all and end all."

Baumhardt drew an analogy with the human body catching the 'flu. "Imagine if your body said 'Hmm, I have the flu, I've never had this before, so I'll die.' But that doesn't happen: your body raises its temperature and so on, to buy time while other mechanisms kick in."

"If the human body did patch management the way IT does we'd all be dead."

ZDNet UK's Matt Loney reported from London. For more coverage from ZDNet UK, click here.

Talkback (5)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 5 comments

Add your opinion

I wonder what the time is for Linux PCs....Anonymous -- 18/08/04

I wonder what the time is for Linux PCs....

I wonder how long it would take for a windows machine, if they had the market share of Linux and consequently, the number of crackers searching for vulnerabilities. Security by obscurity is no measure of a system's potential vulnerability.Anonymous -- 18/08/04

I wonder how long it would take for a windows machine, if they had the market share of Linux and consequently, the number of crackers searching for vulnerabilities. Security by obscurity is no measure of a system's potential vulnerability.

Jason your market share "excuse" doesn't work..... If you look at web servers, over 65% use Apache. Microsoft IIS has about 30% from memory. Guess which one has the most security holes? Linux is more reliable than Windows, sAnonymous -- 18/08/04

Jason your market share "excuse" doesn't work.....

If you look at web servers, over 65% use Apache. Microsoft IIS has about 30% from memory. Guess which one has the most security holes?

Linux is more reliable than Windows, simply because you aren't logged in with Administrator privileges by default.

The title should be "Windows survival time...". Your title suggests that all PC operating systems are similar, which they are not. Linux, BSD, Mac systems should NOT be cast under undue suspicion based on a report into Windows.Anonymous -- 19/08/04

The title should be "Windows survival time...". Your title suggests that all PC operating systems are similar, which they are not. Linux, BSD, Mac systems should NOT be cast under undue suspicion based on a report into Windows.

It's no excuse... It's a blindingly obvious fact that should be apparent to anybody with half a brain. Your rebuttal of my assertion is a joke... This article wasn't referring to web servers! What sort of rediculous comparison is that?? This is obviousAnonymous -- 19/08/04

It's no excuse... It's a blindingly obvious fact that should be apparent to anybody with half a brain. Your rebuttal of my assertion is a joke... This article wasn't referring to web servers! What sort of rediculous comparison is that?? This is obviously only relative to desktop machines, as no system admin with a brain would put an unpatched server onto the internet, regardless of the operating system. I await your next amusing attempt at explaining why the market share assertion is invalid.

Add your opinion

Latest Videos

Play now

Snow Leopard in the wild
It's a hands-on preview of Snow Leopard with a few goodies Apple hasn't shown off; iPhone 3GS' are now availab… Watch it now
Play now

Guy Kawasaki: What makes innovation?
At Cisco Live in San Francisco, Silicon Valley entreprenuer Guy Kawasaki, author of Reality Check, talks about… Watch it now
Play now

How the iPhone 3GS is faring
With earnings season looming, ZDNet correspondent Sumi Das and senior editor Sam Diaz look ahead at July and d… Watch it now
More videos »

Blogs

PayPal launches Aussie developer program
PayPal announced the opening of its certification program for Australian developers today, making Australia the first country outside of the US to offer certification.
Cash cow in a BigTinCan?
Around one third of Australia's telcos have shut their doors over time, but that isn't stopping new ventures hoping to chip away at carriers' mobile call bonanza. By fighting carriers at the smartphone rather than the home phone, could the latest two contenders be onto something big?
A third of the way to a zettabyte
This week on Twisted Wire we look at how internet usage is changing in Australia and around the world. How are we meeting this demand and how is the cost structure changing for the service provider?
More blogs »

Reader Services

Essentials

iPhone Centre
We bring you everything you need to know about Apple's latest iPhone including the latest news, photos and videos.
The Best Firewall is...
Read about unifited threat management under the microscope.
Audience Profile Survey
Take part in our Audience Profile survey for your chance to win $500!
Top 10 Laptops
Check out the latest and most popular products in laptops.
Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.

PC survival time 'down to 20 minutes'

Matt Loney, ZDNet UK

18 August 2004 08:19 AM

Tags: loney, microsoft teched, pc, sans, survival, time, average, patch

Talkback 5 comments

I wonder what the time is for Linux PCs....Anonymous -- 18/08/04

I wonder how long it would take for a windows machine, if they had the market share of Linux and consequently, the number of crackers searching for vulnerabilities. Security by obscurity is no measure of a system's potential vulnerability.Anonymous -- 18/08/04

Jason your market share "excuse" doesn't work..... If you look at web servers, over 65% use Apache. Microsoft IIS has about 30% from memory. Guess which one has the most security holes? Linux is more reliable than Windows, sAnonymous -- 18/08/04

The title should be "Windows survival time...". Your title suggests that all PC operating systems are similar, which they are not. Linux, BSD, Mac systems should NOT be cast under undue suspicion based on a report into Windows.Anonymous -- 19/08/04

It's no excuse... It's a blindingly obvious fact that should be apparent to anybody with half a brain. Your rebuttal of my assertion is a joke... This article wasn't referring to web servers! What sort of rediculous comparison is that?? This is obviousAnonymous -- 19/08/04

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia

News > Communications

PC survival time 'down to 20 minutes'

Matt Loney, ZDNet UK

18 August 2004 08:19 AM

Tags: loney, microsoft teched, pc, sans, survival, time, average, patch

Related stories

Alerts

Talkback 5 comments

I wonder what the time is for Linux PCs....Anonymous -- 18/08/04

I wonder how long it would take for a windows machine, if they had the market share of Linux and consequently, the number of crackers searching for vulnerabilities. Security by obscurity is no measure of a system's potential vulnerability.Anonymous -- 18/08/04

Jason your market share "excuse" doesn't work..... If you look at web servers, over 65% use Apache. Microsoft IIS has about 30% from memory. Guess which one has the most security holes? Linux is more reliable than Windows, sAnonymous -- 18/08/04

The title should be "Windows survival time...". Your title suggests that all PC operating systems are similar, which they are not. Linux, BSD, Mac systems should NOT be cast under undue suspicion based on a report into Windows.Anonymous -- 19/08/04

It's no excuse... It's a blindingly obvious fact that should be apparent to anybody with half a brain. Your rebuttal of my assertion is a joke... This article wasn't referring to web servers! What sort of rediculous comparison is that?? This is obviousAnonymous -- 19/08/04

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia