[jfoutz]

Microsoft was really really bad at security. Then the internet became a popular thing. I think an fresh xp install would, on average survive 15 minutes before getting infected by blaster. Microsoft, to their credit, improved dramatically. I don't know if they're extraordinarily good compared to other software producers. Microsoft gets the mention because it was so very bad, back in the day.

It's kind of like when a very lazy person turns into a marathon runner. They made huge changes.

[kbenson]

There were versions of windows, 2000 if not XP, that could and would get infected in-between the time the network stack initialized and the local software firewall initialized a second or two later. This was actually addressed and fixed, because it was not a unique experience. That's how pervasive and wild the exploit network traffic was before MS got their act together.

Edit: My google-fu is failing me, and I can't find the right keywords to find a reference to this, but I distinctly remember it. Back in the days when firewalls weren't quite as pervasive, and especially not for small colo deployments.

[ConceptJunkie]

I saw this first-hand when installing Windows 2000 using Parallels circa 2006. I mistakenly believed the configuration I had chosen had the VM behind the Mac's firewall, but it wasn't. The VM was infected before Windows 2000 could install the latest updates... just a matter of minutes.

This is not as extreme as you are describing, but it was also on the corporate network of a large company, not the open internet.

[secstate]

Indeed. But becoming a marathon runner who finishes in 7 hours, after the finish line has closed, and doesn't get a medal because the cut off was 6:30 :)

No, it's a great achievement, but there's still room for improvement.