USA Today recently sponsored some testing to determine how long various types of unprotected PCs could survive on the Internet. In at l;east one instance an unprotected PC running Windows XP was broken in to within 4 minutes of being started and attached to the Internet. It should be clear to all that this type of research is valuable in a couple of ways.
First off for USA Today it sells lots of papers and results in many, many hits at their web site. When a news outlet like USA Today gets behind a study like this many, many people will be able to get to the results.
Avantgarde, the Marketing and Design company that published the results of the "Time to Live on the Network" study did a first rate job. The published results of the joint study that were published at the Avantgarde website show that they did a very reasonable tests and they didn't suffer from any predetermined Windows bias. A Linux distribution (OK, but not one that I'm familiar with or would have suggested) was also used as part of this study. With that said the folks over at Avantgarde should also see much more traffic at their web site and probably more business.
Lost in the noise about the study results is the fact that Kevin Mitnick is credited as having participated in this study as one of the principal investigators. Many folks in the computer security business take issue with hackers who have been convicted of a crime later making there way back into the security business. I'm glad to see that Kevin put his skills to good work here and produced good solid work without making it all about a former hacker.
It should be noted that the PCs that did the best in this study had some sort of Firewall installed.
So where is the beef here? Hopefully the most important result of this study will be all the folks who see the headline and read the article in USA Today who are going to learn something about how bad the security of an unprotected PC really is. This work is another data point that highlights the problems of untargeted attacks over the Internet. It's up to users of PCs and developers of PC operating systems and security products to put the data together to realize the size and scope of the problem and work harder to it's resolution.
No comments:
Post a Comment