How Flame virus has changed everything for online security firms
Here's a question: if you connect an unprotected Windows computer to the internet, how long will it take before it is infected by malicious software?
The answer is: much more quickly than most lay users think. In 2003, the average time was 40 minutes. A year later it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 minutes of freedom. The Internet Storm Centre (ISC) provides a useful chart of what it calls "survival time" for Windows machines. It suggests that a PC currently can expect between 40 and 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated. The numbers for other operating systems (such as Unix and Linux) are better (from 400 to 1,400 minutes), but the moral is the same: the only way to have an absolutely secure computer is not to connect it to the net.
On the back of statistics like this, a huge global industry has grown up – the PC "security" business – dominated by companies such as Norton, Symantec, Sophos and Kaspersky. They offer software tools for blocking computer viruses, worms and Trojans (programs that look innocuous but compromise the computer in some way, rendering it controllable by an external agent).