You know, I thought I had blogged this back in November, but I can’t find it. In any case, here’s the story, trying to find the original AvantGarde report. There’s scary news (Windows XP SP1 machines on the Internet were owned – not hacked, probed, tested, but owned – on average in four minutes) and good news (Windows XP SP2 with the Windows Firewall on by default kept the machine from being compromised at all) and some duh news (no firewall in the world can save you from a weak or non-existant password). The main points here:
- If you’re not running the Windows Firewall on SP2, you should be.
- If you’re not running any firewall, you should be.
- Set strong passwords on all your accounts (combination of lower-case alphas, UPPER-CASE ALPHAS, numbers, and symbols, at least six characters long)