The findings come from the Internet Storm Center, basically a
tool that acts as an early warning system for internet security
threats, operated under the auspices of the SANS Institute (SANS
stands for SysAdmin, Audit, Network, Security.) The Institute,
based in Maryland, is a leading source for information security
training and certification.
The Institute calculates survival time as the average time
between the reports generated for an average target IP address. "If
you are assuming that most of these reports are generated by worms
that attempt to propagate," it explains, "an unpatched system would
be infected by such a probe."
The average time between probes will vary widely from network to
network. Some users subscribe to ISPs which block ports commonly
used by worms, thus lengthening "survival time". But those
connected to high speed services are frequently targeted with
additional scans from malware.
"If you are connected to such a network, your 'survival time'
will be much smaller," it explains. "The main issue here is of
course that the time to download critical patches will exceed this
survival time."
The SANS Institute has published a guide for home users and
small businesses setting up an XP-based system.
