Maybe it's related to browsing habits? IE? I mean, you aren't going to get hit by a drive-by attack on any major websites -- even in the heyday of malicious advertisements.
So, what I'm really asking is: where did this metric come from, and why does it get spread so often?
I witnessed this myself back in the day. I was probably about 14 at the time, had just freshly reinstalled a machine, installed AV (from a CD, hah.) and connected it to the internet for the first time via PPPoE DSL. Within minutes I had AV popups from having been hit by Blaster before I could even update Windows. In that day, few people had routers or WiFi, many, my family included just had a single machine connected to a modem directly and so had no NAT.
It was never individual attackers - it was worms running on other systems that had reached critical mass and were just hitting random IPs on the internet with the exploit in an attempt to infect more systems.
You're extremely unlikely to see something this bad with a modern OS - most of the time you're behind a NAT, provided by your router or your mobile provider which effectively blocks inbound connections. There's also exploit mitigations like NX and ASLR which are pretty much how the Stagefright bug didn't turn into a nice new MMS worm - it just sounded scary, but over a year later we've not seen any major attacks from it.
If you plug directly into the internet or DMZ your machine, you'll still see this type of stuff. I've heard it called "internet background radiation" - old worms out scanning for possible targets to this day.
You could check how frequent the attacks were by yourself. I was using a custom firewall software, called ZoneAlarm, to see how many attacks I was receiving in a day. The log said literally every few minutes, the infectious Blaster worm packet was received. It was like how frequent your SSH server is attacked with random passwords - you can see this from the SSH server log too.
Why did you turn it on in the first place?
Windows even included a utility to let people use it as a router on home networks to "share internet connections". https://support.microsoft.com/en-us/help/310563/description-...
At the peek couple of months your computer would BSOD _during_ installation process, right after initializing network interface and RPC service.
I had a single device and had to do a fresh install from factory settings. This meant I had about 30 mins before my 500kbps connection would grind to a crippling halt from all the accumulated malware.
This meant I had to incrementally procure protection, save it, then fresh install and repeat until I could access the Internet safely.
I don't miss those days.
Two minutes is probably too short, but an hour? Maybe not.
You will see random scanning attempts within minutes. Same principle , minus the effectiveness.
Today, yes. But back in those days? I'm not so sure. IIRC, almost everyone had a public IP.
At the peak it got so bad that IPSs were blocking affected ports on all consumer connections just to save bandwidth.
You could basically do "NET SEND 220.127.116.11 my spam message" and it would appear on the screen of your victim.
And i don't think the problem is so much that people do not value security, but that they approach a computer like it is an appliance. Meaning that they do not internalize that it can do things without them being physically present and setting things in motion (i find it unnerving that Windows 10 can apparently bring a laptop out of shutdown to do updates in the middle of the night, thanks to programmable timers embedded in the BIOS/UEFI).
I really wish that a modern PC got more "blinkenlights" not less (i hate helping my mom with her laptop, as the damn thing do not even have a HDD activity light).
Heh, I remember when Apple used that as a feature. Instead of updates, it downloaded your email and other things you'd want to have already available when you open your laptop.
Also, macOS does not force a system update schedule on you, unlike Windows 10 Home.
My work laptop and one or two of my private machines have no HDD light, either. It drives me crazy.
For Windows, there is a tool called HD Activity Indicator. It only works after logging in, obviously, but still better than nothing.
It does, but it's also operating in a much more hostile environment. At least windows had regular updates though, that's not the case for most android phones.