Sunday, September 19, 2004

Windows worm vulnerabilities

Just to followup the news from the last Crypto-Gram that most Windows PCs get hacked within 20 minutes of connecting to the Internet, here's a story that my friend SL told me yesterday.

Our advisor recently bought our research group a brand-new ThinkPad, with Windows XP Professional, fresh from the factory, for SL (and others) to use on the interview circuit. SL plugged the laptop in, connected to the UW-CSE wireless network, and immediately went to the Windows Update web site to download the patches. After it finished downloading, he rebooted. Crash. The notebook was already infected with a worm.

He had to wipe the ThinkPad and restore its original configuration (fortunately IBM provides a fairly convenient way to do this), and install Service Pack 2 from a burned CD-ROM.

This is amazing. You read the studies, but you think: "Well, OK, it won't happen to me." But it does happen to you. The vast majority of Windows users worldwide who aren't served by an active IT support team --- which is to say, basically all home Windows users --- are probably infected already.

Microsoft Windows: Unsafe at any speed.

No comments:

Post a Comment