Here’s a question: if you connect an unprotected Windows computer to the internet, how long will it take before it is infected by malicious software? The answer is: much more quickly than most lay users think. In 2003, the average time was 40 minutes. A year later it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 minutes of freedom. The Internet Storm Centre (ISC) provides a useful chart of what it calls “survival time” for Windows machines. It suggests that a PC currently can expect between 40 and 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated. The numbers for other operating systems (such as Unix and Linux) are better (from 400 to 1,400 minutes), but the moral is the same: the only way to have an absolutely secure computer is not to connect it to the net.
On the back of statistics like this, a huge global industry has grown up – the PC “security” business – dominated by companies such as Norton, Symantec, Sophos and Kaspersky. They offer software tools for blocking computer viruses, worms and Trojans (programs that look innocuous but compromise the computer in some way, rendering it controllable by an external agent).
The PC security business does offer a degree of protection from the evils of malware, but suffers from one structural problem: its products are, by definition, reactive. When a particular piece of malicious software appears, it is analysed in order to determine its distinctive “signature”, which will enable it to be detected when it arrives at your machine. Then a remedy is devised and an update or “patch” issued – which is why your PC is forever inviting you to download updates – and why IT support people always look pityingly at you when you explain sheepishly that you failed to perform the aforementioned downloads.