http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9109938&source=rss_news10
"It takes less than five minutes for hackers to find and compromise an unpatched Windows PC after it's connected to the Internet, a security researcher said today. The SANS Institute's Internet Storm Center (ISC) currently estimates the "survival" time of an Internet-connected computer running Windows at around four minutes if it's not equipped with the latest Microsoft Corp.security patches, said Lorna Hutcheson, a researcher and analyst, in a post to the ISC blog." [...] "Another security researcher, however, said unpatched machines can last longer than just a few minutes before falling to attack. The German Honeypot Project, which sets vulnerable systems on the Internet to collect malware, estimates survival time in hours, not minutes. "Compared to the survival time from the Internet Storm Center which is currently below five minutes, we measure a higher survival time," said Thorsten Holz, a co-founder of the project and current a Ph.D. student at the University of Mannheim, in a post to the Honeypot Project's blog. The project's data estimates the average time between connecting to the Internet and compromise at under 1,000 minutes, or approximately 16 hours. "[But] the time is still short and you need to patch a system before taking it online," said Holz." ""While the survival time varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn't bet on in Vegas," added Hutcheson of the ISC." So how do you download the patches if you can't put an unpatched Windows computer on the internet? -- William T Goodall Mail : [EMAIL PROTECTED] Web : http://www.wtgab.demon.co.uk Blog : http://radio.weblogs.com/0111221/ "I wish developing great products was as easy as writing a check. If so, then Microsoft would have great products." - Steve Jobs _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
