[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4BEF00A3.2628.675F27DF@stuart.cyberdelix.net>
Date: Sat, 15 May 2010 21:14:27 +0100
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows' future (reprise)
An interesting point - Unicode?
I don't think 5Mb files are infeasible, especially as time passes,
that'll be just a blip before long.
Stu
On 15 May 2010 at 14:59, Christian Sciberras wrote:
Date sent: Sat, 15 May 2010 14:59:46 +0100
Subject: Re: [Full-disclosure] Windows' future (reprise)
From: Christian Sciberras <uuf6429@...il.com>
To: stuart@...erdelix.net
> In a nutshell, I disagree. For one thing, that much variants would exhaust
> the number of combinations per malware, unless we are talking about malware
> in excess of 5 Mb.
> I'm not disagreeing with the prediction of an increase, nor for a
> possibility of a grim future for windows. I'm just saying that at those
> numbers, there is more probability of a (very) wrong predication.
>
> Cheers.
>
>
>
>
>
>
> On Sat, May 15, 2010 at 2:11 PM, lsi <stuart@...erdelix.net> wrote:
>
> > Hi All!
> >
> > Just a followup from my posting of 9 months ago (which can be found
> > here):
> >
> > http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html
> >
> > Symantec have released "Internet Security Threat Report: Volume XV:
> > April 2010". My posting from last year was based on the previous
> > "Internet Security Threat Report: Volume XIV: April 2009". So I
> > thought it would be interesting to check my numbers. The new edition
> > of the Threat Report is here:
> >
> > http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
> >
> > You may recall that last year, the average annual growth rate of new
> > threats (as defined by Symantec) was 243%. This enabled me to
> > predict that the number of new threats in this year's Symantec Threat
> > Report would be 243% of last years; eg. I predicted 9 months ago the
> > number of new threats in this year's Symantec Threat Report would be
> > 243% * 1656227, or 3840485.87.
> >
> > The actual number of new threats in this year's Symantec Threat
> > Report is 2895802, an error on my part of 24.6%.
> >
> > This is quite a chunk, however it is not that far off. My excuses:
> >
> > - my number was based on averages, so it will never be exact. There
> > will be a natural variance in the growth rate, caused by many
> > factors.
> >
> > - in the new edition, Symantec have altered the raw data a little -
> > the number of new threats for 2009, 2008, 2007 etc is slightly
> > different to those same years, as listed in the previous version of
> > the report. I have not updated my projection to allow for this.
> >
> > - Symantec note that "The slight decline in the rate of growth should
> > not discount the significant number of new signatures created in
> > 2009. Signature-based detection is lagging behind the creation of
> > malicious threats..." (page 48).
> >
> > Am I retreating from my position? Absolutely not. I am now
> > expecting the number of new threats in next years' report to be
> > 7036798.86. This is 2895802 * 243%. This includes the error
> > introduced by Symantec's changes to the raw data. I don't think it
> > matters much.
> >
> > As this flood of new threats will soon overpower AV companies'
> > ability to catalogue them (by 2015, at 243% growth, there will be
> > 2.739 MILLION new threats PER DAY (over 1900 new threats per
> > minute)), and as Symantec admits above that "signature-based
> > detection is lagging", and as Microsoft are not likely to produce a
> > secure version of anything anytime soon, I am not at all hopeful of a
> > clean resolution to this problem.
> >
> > I continue to advise that users should, where possible, deploy
> > alternatives; that they should, if they have not already, create and
> > action a migration strategy; and that they should avoid like the
> > plague, any software which locks them into a Microsoft platform.
> > Business .NET applications, I'm lookin' at you.
> >
> > Those failing to migrate will discover their hardware runs slower and
> > slower, while doing the same job as it did previously. They will
> > need to take this productivity hit, OR buy a new computer, which will
> > also eventually surcumb to the same increasing slowness. They will
> > need to buy new machines more and more frequently. Eventually, they
> > will run out of money - or, for the especially deep-pocketed, they
> > will find they cannot deploy the new machines fast enough, before
> > they are already too slow to use. The only alternative to this
> > treadmill is to dump Windows. The sooner it is dumped, the less
> > money is wasted buying new hardware, simply to keep up with security-
> > induced slowness.
> >
> > Why spend all that time and money on a series of new Windows
> > machines, without fixing the actual problem, which is the inherent
> > insecurity of Windows? People can spend the same time and money
> > replacing Windows, and then they won't need to worry about the
> > problem any more. The difference is that sticking with Windows
> > incurs ongoing and increasing costs, while a migration incurs a one-
> > off cost.
> >
> > I don't think it takes a genius to see which approach will cost less.
> >
> > Notes:
> > - see page 10 of the Volume XIV (2009) edition, and page 48 of Volume
> > XV (2010) edition, for the relevant stats
> >
> > - since my post of last year, I have also noticed a similar
> > exponential curve in the number of threats detected by Spybot Search
> > and Destroy (a popular anti-spyware tool). This curve can be seen
> > here:
> >
> > http://www.safer-networking.org/en/updatehistory/index.html
> >
> > - my projection of growth rates up to 2016 (written last year) is
> > here:
> >
> > http://www.cyberdelix.net/files/malware_mutation_projection.pdf
> >
> > Comments welcome..
> >
> > Stu
> >
> > ---
> > Stuart Udall
> > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> >
> > ---
> > * Origin: lsi: revolution through evolution (192:168/0.2)
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists