As I sit down to write this column, I have just finished reading a 30-page report entitled “Of Black Swans, Platypii And Bunyips. The outlier and normal incident in risk management.” This whitepaper, published in 2010 by the SANS Institute, examines trends in computer malware infecting Mac and PC systems. Researching and reading are much of what I have to do in my profession.
The report details the findings of an exhaustive two-year study, testing more than 600 computers running Microsoft Windows, to determine factors affecting how vulnerable a computer is to being infected with malware when it is connected to the internet. When these Windows computers were placed online without installing any of the available operating system updates available from Microsoft, and with the Windows firewall turned off, the mean amount of time before it was compromised was just over 18 hours!
Next, the study examined the effect of turning back on the Windows firewall, and this one change increased the mean time before infection to 336 days, with no system compromised in fewer than 108 days. Since 2007, the Windows firewall has been turned on by default, and so this is likely the configuration most Windows users have.
The last finding of the test was the most dramatic. Examining all the infections that occurred among the 640 test systems, no system was compromised with a “zero-day” attack. A zero-day bug is one that is new and previously unknown. Each and every computer infected in this test was hit with a known vulnerability Microsoft had already fixed, some as far back as 2004.
Just to reconfirm this, an additional experiment deliberately configured Windows systems with some critical vulnerabilities. The result was that no system with six or more unpatched network- accessible vulnerabilities remained uninfected longer than 15 days. Just as before, all the infections were well-known, so proper updating of Windows would have stopped the attacks before they ever started.
This study puts forth tremendous evidence to support the view that regular updating is the single most important element in any security program. A fully patched system behind a firewall offers almost complete protection against viruses, worms, and other malicious software being installed without user interaction. DISCLAIMER: The studies were performed without human interaction and had there been a user who was browsing high-risk websites and clicking on various things they should not click on, then the infection rates would have obviously been much higher.
Still, the bottom line here is that if your operating system (Mac or Windows) is updated, as suggested, then your likelihood of infection is much lower than if you had ignored updating your system. Knowing this, you should learn how to apply all of these updates to your computer on a regular basis or contact a professional to do this for you.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 044 415 101 8528 or email FAQ8 (at) SMAguru.com.