quote:
Originally posted by alegator
Say I install WinXP SP2 in a PC without any firewall/antivirus protection and leave it permanently connected to the internet with a broadband connection. How long does it take for it to become infected?
If you do exactly what you said and don't actively use the computer, especially if you also install all the updates after SP2 and/or configure it to update automatically -- it will almost certainly remain uncompromised forever.
While there seem to be a new "security updates" for Windows every week, historically there have been very few
zero-user-interaction remote exploits -- exploits that allow the computer to be compromised simply by someone connecting to an open port and sending some data. There certainly have been some, but you can count all those since Windows 95 on fingers of one hand.
There could be more such vulnerabilities not yet discovered and having a firewall may protect you against those proactively, but between how rare they are and how quickly they tend to get fixed, if you keep your Windows up to date and disable unnecessary services, odds are good without a firewall as well.
There have been far more vulnerabilities that can only be exploited through some user action (such as viewing a malicious web site or image/movie file). Firewalls and other security software may protect you if you make such blunders, but arguably, so can adequate degree of caution.
