Skip to main content

Firewalls, Software Patches Block Almost All PC Infections

Two recent studies confirm what many security experts already know: Ninety-nine percent of Windows-based malware attacks can be stopped by the simple steps of turning on firewalls and applying routine software updates.

The first study, authored by Australian independent security researcher Craig S. Wright, found that firewalls drastically reduced the infection rates of otherwise identical Windows XP machines.

Without firewalls, none of Wright's 640 virtual machines escaped infection for more than five days — the maximum survival time without a firewall, as Wright put it. (One was infected in five seconds.) But with the default Windows Firewall switched on, it took at least 108 days — the minimum survival time with a firewall — for any machine to become infected.

"It is hard not to conclude that the Windows Firewall makes a statistically significant difference to the security of the system," Wright wrote.

None of the 640 virtual machines had any third-party software installed, including any anti-virus software.

The second study, conducted by the Danish security firm CSIS, examined "exploit kits," off-the-shelf hacking tools used by online criminals to infect Internet users, as well the 13,210 Danish users affected by those exploit kits.

The CSIS study found that nearly all drive-by downloads could easily be prevented by constantly applying security patches to just five applications: Adobe Flash Player, Adobe Acrobat/Reader, Java Runtime Engine, Microsoft Internet Explorer and Microsoft Help and Support. All five are well-known security risks.

"The conclusion of this study is that as much as 99.8 percent of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages," wrote CSIS security specialist Peter Kruse in a company press release.

Drive-by downloads occur when poisoned websites exploit security vulnerabilities in Web browsers and browser plug-ins to dump malware into users' PCs. CSIS estimated that drive-by downloads are responsible for up to 85 percent of all malware infections.

The results of the Australian study also back up the importance of keeping software fully patched.

"No attack without a patch was used to compromise any of the systems," Wright wrote in his results. "This means that if the systems had been patched, none of the attacks would have succeeded."

So if a user were to keep his firewall turned on and his software fully patched, would he need anti-virus software at all? Wright thinks he still would.

"Even the best-configured system fails in time," Wright wrote.