According to recent research by the Internet Storm Cente, if you buy a flash new computer with Windows XP, take it home, plug it in and connect to the net, you have 20 minutes before it is compromised by malicious code. The malicious code in question is usually a virus like mydoom, sasser or bagle, some of which require no user help at all to infect a PC, just being connected to the net is enough to start the process.
Twenty minutes is not long enough to even begin the process of installing all the Windows updates required to give you some degree of protection, and many people who have just bought a new PC don’t even know that they should run windows update in the first place.
So what is a hapless user to do? Well the first thing is to turn on the ICS firewall. (something that the XP Service Pack 2 now does for you, but that makes no difference to people that don’t yet have SP2.)
You can read more about the problem at isc.sans.org and you can read their “Windows XP, surviving the first day” article here (PDF).
Regards
Franki
