The folks at Techweb claim that without SP2 or a third-party firewall, your computer will fall to hacker bots in just four minutes:
AvanteGarde deployed half a dozen systems in “honeypot” style, using default security settings. It then analyzed the machines’ performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet.
The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire’s distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing.
“In some instances, someone had taken complete control of the machine in as little as 30 seconds,” said Marcus Colombano, a partner with AvanteGarde, and, along with former hacker Kevin Mitnick, a co-investigator in the experiment. “The average was just four minutes. Think about that. Plug in a new PC–and many are still sold with Windows XP SP1–to a DSL line, go get a cup of coffee, and come back to find your machine has been taken over.”
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
Still waiting for more proof?
I’ll say it again: Tens of millions of computers are running SP2 successfully. If you try to install it and you have problems, that means you have an issue with your hardware or your software. In either case, it should be relatively easy to find and fix. That won’t be the case if your machine is compromised by a worm, a virus, or a virulent piece of spyware.