Interestingly enough, the SANS Institute’s Internet Storm Center site is estimating the time to infection of an unpatched Windows machine on the Internet.. is currently about 4 minutes. This is based on an un-patched Windows machine that is not behind a firewall or router of any kind (directly connected to the internet).
As many of my current clients know, I’ve pushed routers (in conjunction with other security measures) upon all of them for security reasons. A few have called me paranoid, so it’s nice to see a study backing up my paranoia! While they were more expensive several years ago, routers have come down to a point where even the simplest of home users can afford to have one protecting their computer system.
Concludes the ISC’s Hutchinson: “While the survival time varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn’t bet on in Vegas.“