The Patching Game

A new study released last week by the SANS Institute’s Internet Storm Center that found that an unpatched computer running Windows XP will be compromised in under 5 minutes if directly connected to the Internet. German PhD candidate and co-founder of the German Honeynet Project, Thorsten Holz, found during his tests that it takes closer to 16 hours for an unpatched PC running Windows to be compromised. In either case, this is bad news.

One could argue with their methodologies and in fact, the conclusions aren’t all that surprising given the configuration of the PCs. First, the PCs were installed with Windows XP without any service packs or security updates. That basically makes the system equivalent to a system installed in 2001 since that is when Windows XP was first released. During the past 7 years numerous worms have been written that take advantage of the vulnerabilities in Windows XP including Sasser, Bagle and Blaster just to name a few. There is little doubt that it is one of these worms that is compromising unpatched systems.

The second issue contributing to the quick compromise of the systems in this study is the fact that they are directly connected to the Internet. This means there is no firewall in front of them to protect them from the worm attacks. This certainly is rare in corporate environments and even in many homes. Nearly all companies use firewalls today as do many home users. Doing so provides a level of protection from infected hosts attempting to worm their way into other vulnerable systems.

It seems clear that patching is an absolute necessity in today’s world. If managing an enterprise network, use patch management tools to keep the systems patched. Home users should take advantage of Windows Automatic update. Enabling this feature will ensure the PC downloads the latest operating system security patches when they are released and will help keep them safe from many of the threats on the Internet today. But don’t stop there, every application installed on the computer must also be kept up-to-date on patches because vulnerabilities in third party applications can also lead to system compromise. This includes applications such as Adobe Acrobat Reader, Microsoft Office, Java, IM Clients, Skype, and any other software installed on the machine. The attackers are frequently targeting these applications as vulnerabilities in Windows are getting harder to find and even harder to exploit.

Sounds like a lot of work, doesn’t it. Well it is. And in my next article I will discuss why this model of patch and pray is flawed.

No Responses to “The Patching Game”

Trackbacks/Pingbacks

  1. How Flame has changed everything for online security firms | - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  2. How Flame has changed everything for online security firms | IT Support London | SupportWizard.net - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  3. Lo scudo amico | La tua famiglia in rete - [...] Nel 2003 mediamente il tempo medio era 40 minuti. Un anno dopo già 20 minuti. Nel 2008 un computer …
  4. How Flame virus has changed everything for online security firms | Tech News - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  5. How Flame virus has changed everything for online security firms | Technology News - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  6. How Flame virus has changed everything for online security firms | IT Support London | SupportWizard.net - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  7. How the Flame virus changed everything for security firms | Datacentre Management . org - [...] it was 20 minutes. By 2008 an unpatched mechanism using Microsoft Windows XP could usually design five to 16 …
  8. Flame virus has changed everything | auicon.com - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  9. Flame virus has changed everything | IT Support London | SupportWizard.net - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  10. Flame virus has changed everything « Science Technology Informer - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  11. Flame virus has changed everything | Apple - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  12. rocksinfo.com – How Flame virus has changed everything for online security firms - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 minutes …
  13. How Flame has changed everything for online security firms | The Virus Defense Site - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …
  14. Flame virus has changed everything | Technology News - [...] it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 …

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>