Date: Mon, 17 May 2010 01:06:04 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: stuart@...erdelix.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows' future (reprise)

Malware is not "flooding". It only s much as "changes" and not at an
alarming rate neither.
Happens that any piece of [individual] malware is smaller than 5Mb (as in my
example) therefor what you call a flood is nothing more then a couple of
droplets of water in a lake.
Sometimes I do wonder whether some people actually know what a virus is. I
mean, this isn't eg, milk which you can market X times with different brand
names.
Besides, competent anti-viruses automatically clean their own signature base
from systems immune to certain malware (eg patched).

Also, thankfully, I don't get infected with new malware X times per day, in
fact, I don't recall ever being infected in the last 6/7 years I've run
Windows (your point of focus).
I'm sure I'm not alone, so where do you put us in your equation? Surely you
can't infect non-existent workstations?

Cheers.



On Mon, May 17, 2010 at 12:49 AM, lsi <stuart@...erdelix.net> wrote:

> Imagine you are in an enclosed space.  It starts to flood.  As the
> water level rises, the amount of oxygen you have available falls.
> Unless it stops flooding, eventually you will have no oxygen at all.
>
> So, the CPU, RAM, diskspace, and network bandwidth of your machine,
> as well as limits imposed by integer math, are the enclosed space.
> Those specify the finite processing limits of your machine.  Malware
> is the flood.  Oxygen is what's left in your enclosed space/machine,
> once your malware defences have run.
>
> Malware is flooding at 243% (+/- error).  This is consuming the
> oxygen in your machine.  You can enlarge your enclosed space, with
> hardware upgrades, but that's not stopping the flooding.
>
> Eventually you will find it's not possible to upgrade the machine
> (usually a software dependency of some kind).  At this point the
> machine will run slower and slower.  Your alternatives will be to
> disconnect the machine from the internet, and partially/completely
> disable malware filters; or to replace the machine.
>
> As you can see you're spending money on upgrades and replacements,
> and losing productivity and/or capabilities (eg. internet access).
>
> Meanwhile, the malware is still flooding into your enclosed space.
> Every second that goes by, the rate of flooding increases.  Your boss
> is screaming at you for spending a zillion on hardware.  Your users
> are whinging because everything is running like a dog.  Your support
> staff are running around constantly fixing machines on which the AV
> has failed (yet again) to stop the latest 0-day variant.  Your
> company's customers are livid because you had to tell them you had a
> trojan on an accounts machine and their credit card data is now on
> the web.  Your wife has the hump because you're never home, except in
> a bad mood, your kids think you are a boarder, and the dog hates you
> because you never take it for walks anymore.
>
> And you now need to go to your boss and ask for more money for more
> upgrades.
>
> What are you gonna do?  Are you going to let your IT run like this
> forever?  Do you think your boss will like it when you ask him for
> more budget?
>
> What is your long-term strategy for fixing this problem?
>
> Stu
>
> On 16 May 2010 at 19:08, Thor (Hammer of God) wrote:
>
> From:   "Thor (Hammer of God)" <Thor@...merofgod.com>
> To:     "full-disclosure@...ts.grok.org.uk" <
> full-disclosure@...ts.grok.org.uk>
> Date sent:      Sun, 16 May 2010 19:08:26 +0000
> Subject:        Re: [Full-disclosure] Windows' future (reprise)
>
> > The error in your overall thesis is your failure to identify the
> difference between threat and risk.  You are interacting with Symantec's
> report of "x new threats" as if it actually means something, or more
> specifically, that these new threats somehow translate into some new level
> of risk.  They don't.
> >
> > According to Stephen Hawking, there are new threats emerging based on the
> statistical probability of the existence of aliens.  Therefore, a "threat"
> exists where I may be struck in the head by a falling block of green alien
> poo, frozen in the atmosphere after being flushed out by a passing
> pan-galactic alien survey ship.  However, the actual *risk* of me being hit
> in the head while walking to a matinée of The Rocky Horror Picture Show
> doesn't dictate that I apply a small mixture of Purell and Teflon to my
> umbrella and fill my squirt gun with alien repellent.
> >
> > The risk of me personally being struck by falling alien poo is *far*
> lower than the risk of any one of the almost 7 billion people on the planet
> being struck by falling alien poo.  You may be able to calculate the risk of
> my being poo'd in relation to any given human being poo'd, but no level of
> math will allow you to determine what my or any other person's individual
> chance of being poo'd is.
> >
> > Your argument would call everyone to change the way they protect
> themselves from falling alien poo out of the mere existence of a threat
> without really qualifying the associated risk.  That does nothing for
> anyone, and would only cause a rise in the cost of umbrellas and squirt guns
> and would probably result in the theater putting the kibosh on Rock Horror
> completely and charging people to watch Born Free.  (Insert clever
> association of "Born Free" with "free" open source products here.  See what
> I did there?)
> >
> > Further, the basis of this "threat" is that you would actually have to
> trust what Stephen Hawking is saying in the first place.  In his case, there
> really isn't any way to know that he's the one saying it, is there?  For all
> we know, the ghost of Carl Sagan could have hacked into his computer and has
> made Mr. Hawking's requests to have his Depends changed translated into "run
> for your lives, the aliens are coming, the aliens are coming"  when his
> computer talks.
> >
> > My point is that you are taking threat statistics from Symantec
> that don't mean anything on their own, as there is no definition of
> how those threats would apply to any given system, and directly
> converting them into some global level of risk - and you are doing so
> to such extremes that you actually conclude that the solution is to
> do away with Microsoft products based on some unproven and imagined
> postulate that closed source is somehow at the core of the issue
> while at the same time admitting you don't know anything about the
> platform.   The fact that you are actually using Windows and programs
> written with Visual Studio out of convenience to you critically
> damages your argument.  If you as the author of this idea refuse to
> migrate from Windows or applications written with Windows development
> products and frameworks just because it is *not convenient* for you,
> how could you possibly expect anyone supporting any infrastructure of
> consequence to take your advice or even consider your ideas as
> anything other than hysteria when they would have to engage in
> unfathomable expense, effort and time to create a total and complete
> paradigm change in their business simply to try to defend against
> being hit by falling alien poo?
> >
> > t
>
>
> ---
> Stuart Udall
> stuart at@...erdelix.dot net - http://www.cyberdelix.net/
>
> ---
>  * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists