Unpatched PC 'Survival Time' Just 16 Minutes

Part of the SANS Institute, the Storm Center calculated the average "lifespan" of an unpatched, unprotected PC by listening to IP addresses and tallying the number of probes run against them.

"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the Storm Center said in a statement.

In June 2003, the "survival time" of an unpatched PC was approximately 40 minutes. As of Wednesday, the average was less than half that: only 16 minutes.

Some systems, naturally, will have longer or shorter life spans. Users whose ISPs block ports typically used by popular worms report a much longer survival time, said the Center, while users of high-speed services are often specifically targeted by bot networks sniffing for broadband-connected PCs to compromise and turn into spam or denial-of-service platforms.

Sponsored post

"The main issue here is of course that the time to download critical patches will exceed this survival time," said the Internet Storm Center.

The under-20 minute period isn't long enough to pull down major updates, such as Windows XP Service Pack 2 (SP2), acknowledged Joe Wilcox, an analyst with Jupiter Research, in an online posting.

Microsoft's Automatic Update started feeding Windows XP Home Edition users the beefy -- more than 80MB -- SP2 update on Wednesday. (See CRN: WinXP SP2 Home To Be Available On Auto Update Aug. 18Users without a third-party firewall can protect their PCs by enabling the integrated firewall within Windows.

This story courtesy of TechWeb.