[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <208231.1274057369@localhost>
Date: Sun, 16 May 2010 20:49:29 -0400
From: Valdis.Kletnieks@...edu
To: stuart@...erdelix.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows' future (reprise)
On Sun, 16 May 2010 23:49:00 BST, lsi said:
> Malware is flooding at 243% (+/- error). This is consuming the
> oxygen in your machine.
The basic error in your analysis is that although there may in fact be
243% more malware samples, that doesn't translate into 243% more oxygen
consumption.
Consider a pizza cut into 8 pieces and somebody comes along and eats 6 of
them. Now consider an identical pizza cut 16 ways and somebody eats 12 slices.
The rate of slice consumption has doubled, but the actual amount of pizza
consumed hasn't changed.
Similarly, the fact there's (say) 5 million new malware samples doesn't mean
there's 5 million new holes in Windows this year. What you have is 5 million
new ways of poking the same 20 or 30 new holes. This makes it a lot easier for
the A/V companies. Although they may have 37 different samples, there's a very
good chance they were produced using a Metasploit-like mindset - "pick an
exploit, add a payload, launch". And 37 samples that use the same exploit but
have 37 different payloads need one detection rule (for the exploit), not 37.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists