Random Entry: IE sploit threat growing
< Shoot to Kill Son, Shoot to Kill | Security Blog and Exploit Planets >
< Shoot to Kill Son, Shoot to Kill | Security Blog and Exploit Planets >
I wrote the comment below in response to a slashdot post asking how long the average user has to patch their machine before it is compromised. Beyond the usual Windows vs Linux survivability, it is quite an interesting gage of the state of security.
The field of research you are talking about is called survivability or 'time to live'.
The Internet Storm Center has a frequently updated page on it here [sans.org]. Currently they have survival time for an unpatched machine is at:
| Category | % | Adjusted Survival Time |
|---|---|---|
| Windows | 24.5000 | 133 min |
| Unix | 1.0000 | 3159 min |
| Application | 4.5000 | 720 min |
| P2P | 2.5000 | 1295 min |
| Backdoor | 0.0000 | 6307 min |
This varies a lot and at some points it has been as low as 15-20 minutes for an unpatched windows machine. Red Hat did a similar study
[redhat.com] and said they managed to run a locked down machine since
2003 without compromise, which is a little dubious. CERT has a list of
papers related to survivability here [cert.org].
My personal favorite paper [avantgarde.com] on the subject is published by Avantgarde security (co-authored by Kevin Mitnick) which tested six different systems:
My personal favorite paper [avantgarde.com] on the subject is published by Avantgarde security (co-authored by Kevin Mitnick) which tested six different systems:
- Windows Small Business Server 2003
- Windows XP Service Pack 1
- Windows XP Service Pack 1 with ZoneAlarm
- Windows XP Service Pack 2
- Macintosh OS X 10.3.5
- Linspire (Linux)
Then the winners were:"Results showed that all of the computers faced some
form of Internet attack during the experiment, with a combined total of
305,955 attacks recorded; the largest number of those attacks targeted
the regular Windows SP1 machine. The computers were successfully
compromised a total of ten times over the fourteen-day experiment period
with the very first compromise occurring on the regular Windows XP SP1
machine in less than 4 minutes immediately after placing the computer
live on the Internet."
"Four out of the six computers used in this
experiment were not successfully compromised by an Internet attack:
Linspire (Linux), Macintosh OS X 10.3.5, Windows XP SP1 with ZoneAlarm,
and Windows XP SP2. The Linspire (Linux), Windows XP SP1 with ZoneAlarm
and Windows XP SP2 systems placed first, second and third respectively,
when measuring systems with the fewest number of Internet attacks. These
systems provided the best protection against attempts to compromise the
computer during the two week period with each receiving less than 0.50%
of the total 305,955 attacks."
Trackbacks
Trackback specific URI for this entry
No Trackbacks