Windows XP

On the 20th Safer Internet Day, what was security like back in 2004?

Today is the 20th Safer Internet Day. Since 2004, there’s been an annual event designed to “Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.”

2004 was a key year for several safety activities, encompassing both Safer Internet Day and the Safer Internet Forum. As it would turn out, a wide range of group security activities would follow hot on its heels the year after, not just through the public but also in professional security, legal, and government circles too.

You may be asking, why 2004? Was the general state of the Internet at the time so bad that all of these events sprang up almost out of necessity? Well, the answer to this makes a compelling case for a “yes”, because security was quite the mess back in the day.

Help required. Apply within

In 2004, a big slice of security advice was most definitely needed from somewhere. The dedicated security firms were primarily big antivirus organisations, some of which were struggling to keep up with the threats now spilling across the Internet.

You had very rich and powerful adware companies, making liberal use of bundled installers. Those meme pictures of someone’s browser filled with 50+ toolbars may be funny to look at now, but it definitely wasn’t at the time.

The adware was frequently incredibly invasive, with affiliate networks often in meltdown promoting every kind of rogue install under the sun. One day, the “agree to install” button would be missing. The next day, the adware would be installed via exploit without permission, something which the adware companies would swear is “not possible”. When it turned out to be entirely possible, and recorded on a Quicktime file, the same old excuses would be made and you knew it’d all be happening again a week later.

Exploits were rampant. People had pretty much no idea about even the most basic of scams as inventive fraudsters came up with everything bar the kitchen sink in the brave new world of social media, AKA “all my fish in one barrel”. Sometimes it felt like all you could do was read the Windows XP vs Linux comparisons while waiting for the inevitable infection to strike.

As for those “time it takes to become infected” numbers…well, they made for grim reading.

Spreading the infection

20 minutes was an important number in 2004. How so? It turns out that 20 minutes was the average amount of time it took your average, unprotected Windows XP installation to become infected with something horrible.

Data collected by the Internet Storm Center dug into “Survival Time History”, which is “calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe”.

Sounds bad, right? Well, it can certainly become more problematic. Before we discuss why, we need to experience a moment of hope in the form of what may be the most well known service pack ever released.

XP SP2: A new challenger enters the ring

2004 was a key turning point for Windows XP, as it happens. In August of that year, Microsoft rolled out a major weapon in the Operating System arsenal: Service Pack 2. XP SP2 was a response to criticism of Windows security and the ever-growing range of threats besieging desktop computers. Many of the additions and improvements brought in with SP2 survive in some form to this day. Some of its greatest hits:

  • The Security Center, a one stop shop for all of your security needs at a glance. Prior to this, you mostly went on a Frodo and Sam style journey to find crucial settings hidden away in the far flung corners of your desktop.
  • The Windows Firewall enabled by default, and the Internet Explorer popup blocker. The pop up blocker in particular was a big help with the proliferation of adware and spyware plugging into advertising networks.
  • Data execution prevention, helping to ward off buffer overflow exploits.

All this and much more, including a bundled collection of any and all security patches. If you’d fallen off with regard to your updating habits, this was the perfect way to fix all of those increasingly exposed security holes.

This all sounds great, and it was. XP SP2 was met with much joy in security circles at the time, and was a much needed playing field leveller to help get all of those unpatched systems back in the game.

However: Remember when I said things could become more problematic?

Things quickly become more problematic

If you were online back in 2004, do you remember how good your Internet was? Were you still on dial up? Incredibly slow broadband? Something else entirely? You can probably see where I’m going with this.

If the estimated time to infect an unpatched XP machine is 20 minutes, and you need to download a large service pack weighing in somewhere between 70MB to 260MB, you’re probably in a lot of trouble, because you’re almost certainly not going to get it onto your system in that magical 20 minute time frame.

To put this into some way-back-when context: If you were caught out by a malware attack which pushed 8 whole megabytes at you, this was treated as a cavalcade of malware. An attack which would potentially take forever to slowly crawl its way onto your system, likely tanking your ability to do anything online while the secret payloads did their thing from the shadows.

In 2005, one malware install which needed the .NET framework to run would helpfully install the whole thing for you if you didn’t have it. If there’s one thing you probably didn’t want downloading out of the blue, it was probably 65 MB or so of .NET framework alongside various bits and pieces of malware.

These numbers are nothing now, but back then it was a big deal! If your Internet wasn’t tanked by increasingly large malware hijacks, it was being gobbled up by increasingly large security updates in a desperate effort to keep people safe.

Say hello to the meet and greets

No wonder, then, that very big and visible safer day/week campaigns became such a huge deal. For one final slice of additional context, 2005 was also a key year for security happenings. The largely forgotten CNET/ Antispyware Workshop, held in San Francisco, was the first time many security folks in the antispy/mal/adware space were in the same room (myself included). As an added bonus, so were many representatives from the adware vendors.

Link Rot has done a number on pretty much all references to the event. If you want to delve into the mists of time and see an early collective response to the mess our desktops found themselves in, this is what I’ve dug up:

Now yes, I may be cheating a little by referencing an event from 2005 instead of 2004 when our Safer Internet Day events kicked into life. However, it was almost certainly thanks to big, well funded day/week awareness campaigns grabbing the public’s attention that news and media organisations started to consider putting their own events on. There was clearly an increasing appetite for it.

Many folks from that first event would go on to make regular appearances at everything from the Antispyware Coalition (ASC) Workshops to more mainstream events like RSA, warning of the dangers of malware and spyware. By curious coincidence, the ASC also came into existence in 2005. I guess there was just something in the air at this point.

I’d like to think a small contribution to all of the group activity in 2005 and beyond was helped along a little by the work done a year earlier with Safer Internet Day and other awareness campaigns.

Windows XP, possibly the most conspicuous presence on people’s desktops around the time that Safer Internet Day established itself, eventually fell into disrepair. Safer Internet Day continues to keep ticking over and help spread word of safe Internet practices for everyone. This can only be a good thing.

Stay safe out there!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.