Unprotected PCs can expect infection in minutes

By William Jackson, Government Computer News (GCN) Staff

The average survival time for an unprotected networked computer dropped from 40 minutes to 20 minutes over the last year, according to the SANS Institute of Bethesda, Md. That means that an unprotected PC can expect to become infected by a worm within 20 minutes of being connected to an unprotected network.

“The actual time it will take for a specific computer to be compromised will vary widely depending on any filters applied by the Internet Service Provider and the configuration of the operating system,” the institute said.

But the trend reflects the narrowing window of opportunity for users to adequately protect networked computers from known vulnerabilities.

Survival time is figured from daily reports submitted to SANS’ Internet Storm Center by volunteers in 70 countries. ISC receives more than 1 billion reports of probes each month from organizations that manage more than 500,000 Internet addresses. The 20-minute figure represents the overall average time between probes on a targeted PC.

Actual probe activity varies over time and according to the level of protection a network provides its users. For instance, users with ISPs that block ports commonly used by worms will have longer survival times.

Monthly averages reported by ISC over the past year ranged from a high of 65 minutes in December 2003 to a low of 15 minutes in April and May. Over the last month, average survival time bottomed out at less than 14 minutes on July 19 and 26, and peaked at about 22 minutes Aug. 1.

To help users protect themselves from online attacks, SANS has published a free survival guide for users of Windows XP. It is available at the SANS Reading Room.

The guide, “Windows XP: Surviving the first day,” leads users through safe procedures for configuring hardware and software on a new PC and connecting with a network.

Scroll to Top