Since my last post about patching Windows using Knoppix before connecting it to the net, a new study has come out that finds the time until intrusion is as little as 4 minutes for a fresh Windows XP machine.
Once compromised, the machine was then used as a zombie to further spread and otherwise do the bidding of the attacker. The machines used for this study were honeypots–they were taken off the net once compromised to prevent the attack spreading to other machines–but this same thing happens to new machines (or old machines with a fresh install) every day. Today’s Internet is full of zombies looking for fresh brains.
If this doesn’t give you a reason to look into methods for patching machines before you connect them to the Internet, I don’t know what will. There are a number of hardware and software methods to protect against zombies at your disposal. The hardware method is to get a rifle or a cricket bat and aim for the head. If you don’t have either of those handy you will have to fall back to software methods. I’ve already discussed patching Windows with Knoppix so I won’t go over that again here, but other options include slipstreaming a patch into your Windows install. The steps are pretty well laid out, and involve creating a copy of your Windows install disk, extracting the latest Service Pack so that the new files overwrite the current system files you have extracted, and then creating a new bootable CD based on those files.
Of course, slipstreaming assumes you have a second computer with Windows already installed, in which case you could just download a copy of the latest Service Pack, burn it to CD, and then apply it to your fresh install before you hook it up to the network.
Whatever method you choose, be sure to keep the machine disconnected from the net until it is protected. Now that time-to-infection is as short as 4 minutes, there’s less chance you will be able to patch your machine before it turns into a zombie.