Just as corporate and government users are bonding together to provide mutual protection, however, a huge emerging class of users is expanding rapidly, and for the most part they are unprotected. As broadband Internet access becomes increasingly popular, more users set up home computers and leave them running 24/7. The result is they become targets for attackers.
One study estimated that the time between when a new computer is turned on and the first attack is underway is usually less than 10 minutes. This is because attackers often use automated scanning tools that probe constantly, looking for opportunity. An exploit can often be placed in seconds, often before countermeasures can be installed to complete an installation. Other studies claim the situation is worse still, figuring the time before attack is equal to 2 minutes. I’ve seen instances in which newly updated computers became infected by a virus within a few minutes, even though the computers were protected by a secure network. This happened because the infecting computers were inside the network, likely becoming infested by pathogens carried in on media workers brought from home.
As the pool of computer users has increased, ways are emerging to illicitly profit off of them. The computer of a naive user may be forced into participating in a distributed denial of service (DDoS) attack aimed toward a designated target and timed to fire off with hundreds of thousands of others so as to overwhelm the victim. Alternatively, users’ broadband computers can be turned into unwilling web sites for pornography or other products, or made into relays for unsolicited email (spam).
Fortunately, help is on the way:
Microsoft, for instance, offers easy software security updates over the Internet.
Help sites are available for every kind of Linux and Unix.
Many antivirus software publishers offer not only antivirus programs but also some kind of information service documenting viruses and what to do to prevent or handle specific attacks.
Most companies today are adding their own internal security forces. Increasingly, corporate want ads request a computer security certificate or two as a prerequisite for hiring.