Security specialist warns of threat to new PCs

By Matt Whipp

Posted on 5 May 2004 at 14:38

The latest PCs are sitting ducks for Sasser, warns Sophos

Anyone who has just struggled home with a brand new PC should avoid plugging it straight into the Internet, warns Graham Cluley, Senior Technology Consultant, Sophos. He said the network-aware worm is out there in such numbers that it will spot any 'vanilla' Windows installations and infect them 'within a couple of minutes'.

Computer manufacturers have written an image of the Windows operating system on to the disk in each computer they produce - an image that may not have any of the security patches regularly issued by Microsoft. Plugging such a machine into the Internet in that condition, even if only to download security updates, will most likely result in infection before protection in the current climate.

The safest option, said Cluley, is to use a fully patched and protected computer to download the updates to a CD and then install them to the new PC offline first.

Microsoft's Sasser removal tool has been downloaded more than a million and a half times - probably the tip of the iceberg but indicating just how many people haven't installed the April patches issued by Redmond.

And Cluley thinks that while high profile names like Amex and American Express have been hit, it's home users that will have borne the brunt of the infections, especially with the rise in broadband subscriptions.