[vox] [OT] Length of time to infect a Windows computer?

Karsten M. Self kmself at ix.netcom.com
Sun Sep 26 04:25:34 PDT 2004 

on Sat, Sep 25, 2004 at 11:39:53AM -0700, Richard Crawford (rscrawford at mossroot.com) wrote:

> Last night I got a call from someone at our church.  Her brand new
> Windows XP computer, which she had just purchased a couple of months ago
> in pristine condition, was running really slow and returning strange
> error messages.  I spoke to her son, ....


I'm running herd over a small network of WinXP boxes at work, though
with copious helpings of Free Software applied, and a set of GNU/Linux
servers offering filtering, proxying, Samba, and other services.  This
constrasts with staff systems which are pretty much bare-ass to the Net.

I was quoted in last weekend's Sunday New York Times, front page of the
Business Section:

    http://www.nytimes.com/2004/09/19/business/yourmoney/19gator.html?pagewanted=all&position=

...also available outside the sell-us-your-soul registration at:

    http://business-times.asia1.com.sg/sub/bizit/story/0,4574,129329-1095969540,00.html


The article discusses the current state of adware / spyware / malware,
largely from the business perspective, but with some user impact
perspectives as well.

I address a number of technical and cultural issues in a companion essay
I wrote immediately following publication of the Times article:

     http://linuxmafia.com/~karsten/Rants/spyware.html

To sum it up:

  - The situation on legacy MS Windows simply *sucks*.  It also
    encompasses all releases of the OS I've encountered (Win98, ME, 2K,
    XP).  Though the DOS based versions' utter lack of user-level file
    security is slightly worse.  Though typical rollouts of NT-based
    'Doze gives users admin-level privs.  I simply don't understand why
    people put up with this.

  - The foundations, I feel, are cultural.  It's the logical outcome of
    a competitive, proprietary software distribution model, vs. a
    cooperative, collaborative model epitomized particularly by Debian.
    Discussed at length in the essay.  Malware is the logical result of
    today's competitive proprietary software market.  Though I probably
    should address Apple & Mac OS X to some extent.

  - You _can_ (with luck, and I emphasize, *luck*) keep exposure to a
    minimum by locking down stuff hard.  But it's a PITA, lots of stuff
    fails to work, and you've got to root out a lot of stock software
    and programs.  And I'm _still_ not at all comfortable with the level
    of control offered.  It's a bit like driving a car with dodgy
    steering and brakes, on a mildly graded, straight road.  Most of the
    time you think you can recover, but you never know when it's going
    to get away from you and wind up in the ditch.

I had a subsequent email exchange with Orion Hill (quoted at the very
end if you find a full version of the article), president of the Napa PC
User Group.  Orion discussed both spam and malware, and while I think
both are very significant problems, I _don't_ think they're insoluble.
I should probably post exerpts of my email with the article.


But yeah....   My current headache is a WinME box which "started acting
slow" last week (after I'd mentioned the Times article).  450+ AdWare
objects found, including at least a half-dozen applications (many AdWare
results are simply cookies or other relatively benign objects).  And the
doozy:  1350+ virus instances, mostly Netsky.C, but a healthy sampling
of other cruft for good measure.

The box (and older HP Pavillion) has probably been stressed by heat and
its own poor ventilation.  I suspect the system load of viruses and
malware, as well as the newly introduced constant scans, pushed it over
the edge:  the PSU shorted out spectacularly earlier today, when I
powered it up.  So yes, the stuff *can* physically damage equipment.

> It led me to wonder: how long does is the average Windows PC on-line
> before it's compromised?  

Per /. (and you *know* it has to be true) a few weeks ago:  20 minutes.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   TWiki:  documentation for the GNU millennium.
     http://twiki.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20040926/c2eeaebe/attachment-0001.bin

More information about the vox mailing list