Here’s a scary statistic that I hadn’t considered before: SANS keeps a graph of the amount of time you can have an unprotected PC on the Internet before you get some kind of exploit probe. Since last year, this time has gone from 40-60 minutes down to around 20-30 minutes, which is less time than you usually need to download your service packs and patches for a new install.
The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer ‘survival time’. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your ‘survival time’ will be much smaller.
SANS includes a link to a PDF entitled ‘Windows XP: Surviving the First Day’. As always, a $60 broadband router/firewall box will deal with most of these problems for you.