I'm not sure bad really describes it – how about I try to explain it this way. For those of us who work with computer technology every day and consider themselves knowledgeable about the process of securing a computer or networking environment; it's challenging. For those of you with less than that knowledge, I'd be be scared to death.
Here's an example: Suppose you just got a new computer for Christmas and you either dial up or hook up to your broadband connection. You're semi-knowledgeable about computers so you're busily surfing the net trying to download the latest anti-virus software and Windows XP updates for you new prized possession. Do you know that the survival time for a Windows XP computer is less than the time it takes to download all the updates? The survival time is the amount of time between computer attacks. Said another way, it's the time from when you first turn on your computer, acquire and IP address, till the first computer hack, virus, or worm hits your computer. The Internet Storm Center has been tracking this kind of data for years.
Once again we've received another wake-up call with the recent .WMF exploit discovered 12/31/2005. Microsoft again was slow to respond – not publicly releasing a security fix until 1/6/2006. With computer maintenance windows for corporate environment shrinking, more and more computer vulnerabilities being discovered daily, ever increasing capabilities and creativeness of the bad guys, and vendors slow to release necessary system fixes. One can't help but wonder, what exactly is it going to take to wake us all up.