Worms put on burst of speed

The survival time of unpatched PCs has been halved, research has claimed

Unpatched PCs connected to the internet are being infected by malicious software twice as quickly as a year ago, according to new research.

The survival time for an unpatched PC connected to the internet averaged 20 minutes in 2004, compared with 40 minutes the year before, according to a survey by the US security body, the Sans Institute. The report said users of broadband or poorly secured public networks would be infected more quickly, sometimes in less than 10 minutes.

Security specialist Symantec estimated that it could take seconds rather than minutes to lose control of an unpatched PC.

"Blaster is still the largest source of these sort of attacks", said Tony Vincent, lead global security architect at Symantec Managed Security Services. "It's like space junk: everything we've launched from the Earth is still up there in orbit, circling. These attacks are all still out there due to unpatched servers and they never stop running."

Once worms infect a host PC, it can be used to build networks of zombie PCs that send out spam, or launch distributed denial of service attacks against web servers.

Chip vendor AMD began building Enhanced Virus Protection (EVP) into its processor line last year, and further hardware support has been promised by Intel and VIA. AMD?s 64bit processors are now fully EVP-enabled and Microsoft is also supporting EVP in its new Service Pack 2 for Windows XP.

Professor Neil Barrett, of Cranfield University's computer security department, said: "Nothing will kill off worms but EVP may slow infections. Worms are automated hackers using vulnerabilities and the main victims are unpatched servers. These are unlikely to be running the latest technology so will continue to harbour worms."