If you're one of those rare individuals with sufficient taste and intellectual joie de vivre to read this blog on a regular basis, you're probably aware that when I'm not being a propeller beanie type for Really Big Company, I'm a writer, radio broadcaster, theatre critic and actor. This means that in the Green Room, I'm likely to be the only carbon-based life form who knows enough about PCs to troubleshoot them for my fellow thespians. Like the proverbial doctor at the cocktail party, I get a lot of requests for free diagnoses and advice, except that in my case the patient has only artificial intelligence.
One thing I've taken away from these backstage conversations is that - as I noted in a minor jeremiad last year - there are an awful lot of computer users out there who, if they maintained their cars the way they maintain their PCs, wouldn't be allowed out on the street, much less on the (information) highway.
Last month, for example, while appearing in Stray Dog Theatre's production of Paul Osborn's lovely comedy Morning's at Seven, one of the actors complained that her Windows laptop had become so slow that she could hardly stand to use it and was thinking of buying a new one. My first question was, “Do you have anti-virus and anti-spyware software installed and if so, are they up to date?” The blank stare I got was all the answer I needed.
I was reminded of this recently when I saw a post by Lorna Hutcheson on the SANS Institute's Internet Storm Center blog indicating that an unpatched Windows PC connected to the Internet can expect to survive around four minutes before it's probed by a worm or other attack bot.
Four minutes. That's less time than it would take for the PC to download the latest patches from Microsoft. In fact, as Daniel Wesemann noted in a comment on the blog:
“While the survival time measured varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn't bet on in Vegas.”
I'm guessing that my fellow actor's PC had probably been on the 'net for years without proper protection. It's no wonder it was so slow; when your PC is busy pushing malware and spam to all and sundry, there aren't many processor cycles left for unimportant stuff like reading your email.
I offered to do a Spybot S&D scan on her PC for her but she had already decided to shell out for new PC. A week or two later she had it connected to the unsecured wireless access point that was available backstage, cheerfully logging on to her email server and doing heaven only knows what else without the benefit of encryption. Any bets on how long it takes this one to come to a screeching halt?
Her four minutes are already up, after all.
