Security Corner

Aug 15 2010   2:53AM GMT

What’s Your System’s Survival Time?

Ken Harthun Ken Harthun Profile: Ken Harthun

Since Microsoft began to ship versions of Windows with its firewall enabled by default (Windows XP Service Pack 2, August 25, 2004), there hasn’t been much attention put on system survival time. That’s not to say the issue is dead, it’s just not as big an issue as it used to be. I have often said that any system connected to the Internet is under attack 24/7; in fact, I have published some of my own statistics in the past (see Unpatched PC “0wn3d” in Four Minutes or 16 Hours; Which is it?). So, what is survival time? Thanks to for this excellent definition: “The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.”

How long would your unpatched system survive today if it’s plugged directly into the Internet? Let’s look at some historical data:

  • August 30, 2004 (five days after SP2 release) – 58 minutes
  • February 6, 2007 (1 week after release of Windows Vista) – 42 minutes
  • October 29, 2009 (1 week after release of Windows 7) – 74 minutes
  • August 7, 2010 (5 days after release of out-of-cycle patch for .lnk vulnerability) – 78 minutes

This tells me that while things appear to be improving, you still have an average of around an hour to get an upatched machine up and running on the Internet, assuming you’re not behind a firewall or NAT router (which would be the average consumer, I think).

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: