Consumers buying PCs as holidays gifts and businesses purchasing new systems to squeeze capital expenditures under the tax wire may be putting themselves at risk as soon as they unwrap the machines, a security analyst said Monday.
"When you're buying a new PC, it's impossible to know how up-to-date its patches are," said Chris Belthoff, a senior security analyst with anti-virus vendor Sophos. "There's an assumption that a computer straight off the shelf will be ready to go, but I've seen people have to download a staggering 38MB of security patches onto a brand-new PC, a job that can take from dusk 'til dawn via a modem."
The problem with new PCs is that they might not be all that new, particularly their operating system. "Who knows how long it's been sitting in the warehouse?" he said. Because most computer makers only install the most recent service pack of Windows -- the OS on the vast majority of newly-purchased PCs -- there is a slew of fixes, those released since the last service pack, that are probably not on the new system.
"The last thing on buyers' minds is 'Are my patches up to date? Is my anti-virus up to date? Do I have a firewall?'" Belthoff said. Instead, users -- both those at home and in business -- are too eager to simply plug their machines into the Internet.
A new PC that's not been properly patched and secured with a firewall and up-to-date anti-virus software runs the risk of being the target of fast-moving exploits, some of which debuted months ago but are still circulating on the Web.