lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4BF0AE84.19562.6DEE5DFB@stuart.cyberdelix.net>
Date: Mon, 17 May 2010 03:48:36 +0100
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows' future (reprise)

On 17 May 2010 at 1:06, Christian Sciberras wrote:

> Malware is not "flooding". It only s much as "changes" and not at an
> alarming rate neither.

It is mutating at approx 243% per annum, a rate which is more than 
twice as fast as Moore's Law (200% every 24 months).  I do find this 
alarming, because I want my CPU back.  So does everyone else I know.

> Happens that any piece of [individual] malware is smaller than 5Mb (as in my
> example) therefor what you call a flood is nothing more then a couple of
> droplets of water in a lake.

Did you ever try and use your computer when it was doing a virus 
scan?  That's much more than a droplet of CPU that you are missing.

> Besides, competent anti-viruses automatically clean their own signature base
> from systems immune to certain malware (eg patched).

Nice.  That would improve things I think (assuming the patch does in 
fact make the machine invulnerable to the malware that it can no 
longer detect).

> Also, thankfully, I don't get infected with new malware X times per day, in
> fact, I don't recall ever being infected in the last 6/7 years I've run
> Windows (your point of focus).
> I'm sure I'm not alone, so where do you put us in your equation? Surely you
> can't infect non-existent workstations?

I'm not analysing infections, I'm analysing "new threats" (as defined 
by Symantec).  

However if I was analysing infections, I'd call you an outlier 
(anomaly), and exclude you from my computation.  You would be one of 
the few.  Impressive though.

Stu

> On Mon, May 17, 2010 at 12:49 AM, lsi <stuart@...erdelix.net> wrote:
> 
> > Imagine you are in an enclosed space.  It starts to flood.  As the
> > water level rises, the amount of oxygen you have available falls.
> > Unless it stops flooding, eventually you will have no oxygen at all.
> >
> > So, the CPU, RAM, diskspace, and network bandwidth of your machine,
> > as well as limits imposed by integer math, are the enclosed space.
> > Those specify the finite processing limits of your machine.  Malware
> > is the flood.  Oxygen is what's left in your enclosed space/machine,
> > once your malware defences have run.
> >
> > Malware is flooding at 243% (+/- error).  This is consuming the
> > oxygen in your machine.  You can enlarge your enclosed space, with
> > hardware upgrades, but that's not stopping the flooding.
> >
> > Eventually you will find it's not possible to upgrade the machine
> > (usually a software dependency of some kind).  At this point the
> > machine will run slower and slower.  Your alternatives will be to
> > disconnect the machine from the internet, and partially/completely
> > disable malware filters; or to replace the machine.
> >
> > As you can see you're spending money on upgrades and replacements,
> > and losing productivity and/or capabilities (eg. internet access).
> >
> > Meanwhile, the malware is still flooding into your enclosed space.
> > Every second that goes by, the rate of flooding increases.  Your boss
> > is screaming at you for spending a zillion on hardware.  Your users
> > are whinging because everything is running like a dog.  Your support
> > staff are running around constantly fixing machines on which the AV
> > has failed (yet again) to stop the latest 0-day variant.  Your
> > company's customers are livid because you had to tell them you had a
> > trojan on an accounts machine and their credit card data is now on
> > the web.  Your wife has the hump because you're never home, except in
> > a bad mood, your kids think you are a boarder, and the dog hates you
> > because you never take it for walks anymore.
> >
> > And you now need to go to your boss and ask for more money for more
> > upgrades.
> >
> > What are you gonna do?  Are you going to let your IT run like this
> > forever?  Do you think your boss will like it when you ask him for
> > more budget?
> >
> > What is your long-term strategy for fixing this problem?
> >
> > Stu
> >
> > On 16 May 2010 at 19:08, Thor (Hammer of God) wrote:
> >
> > From:   "Thor (Hammer of God)" <Thor@...merofgod.com>
> > To:     "full-disclosure@...ts.grok.org.uk" <
> > full-disclosure@...ts.grok.org.uk>
> > Date sent:      Sun, 16 May 2010 19:08:26 +0000
> > Subject:        Re: [Full-disclosure] Windows' future (reprise)
> >
> > > The error in your overall thesis is your failure to identify the
> > difference between threat and risk.  You are interacting with Symantec's
> > report of "x new threats" as if it actually means something, or more
> > specifically, that these new threats somehow translate into some new level
> > of risk.  They don't.
> > >
> > > According to Stephen Hawking, there are new threats emerging based on the
> > statistical probability of the existence of aliens.  Therefore, a "threat"
> > exists where I may be struck in the head by a falling block of green alien
> > poo, frozen in the atmosphere after being flushed out by a passing
> > pan-galactic alien survey ship.  However, the actual *risk* of me being hit
> > in the head while walking to a matinée of The Rocky Horror Picture Show
> > doesn't dictate that I apply a small mixture of Purell and Teflon to my
> > umbrella and fill my squirt gun with alien repellent.
> > >
> > > The risk of me personally being struck by falling alien poo is *far*
> > lower than the risk of any one of the almost 7 billion people on the planet
> > being struck by falling alien poo.  You may be able to calculate the risk of
> > my being poo'd in relation to any given human being poo'd, but no level of
> > math will allow you to determine what my or any other person's individual
> > chance of being poo'd is.
> > >
> > > Your argument would call everyone to change the way they protect
> > themselves from falling alien poo out of the mere existence of a threat
> > without really qualifying the associated risk.  That does nothing for
> > anyone, and would only cause a rise in the cost of umbrellas and squirt guns
> > and would probably result in the theater putting the kibosh on Rock Horror
> > completely and charging people to watch Born Free.  (Insert clever
> > association of "Born Free" with "free" open source products here.  See what
> > I did there?)
> > >
> > > Further, the basis of this "threat" is that you would actually have to
> > trust what Stephen Hawking is saying in the first place.  In his case, there
> > really isn't any way to know that he's the one saying it, is there?  For all
> > we know, the ghost of Carl Sagan could have hacked into his computer and has
> > made Mr. Hawking's requests to have his Depends changed translated into "run
> > for your lives, the aliens are coming, the aliens are coming"  when his
> > computer talks.
> > >
> > > My point is that you are taking threat statistics from Symantec
> > that don't mean anything on their own, as there is no definition of
> > how those threats would apply to any given system, and directly
> > converting them into some global level of risk - and you are doing so
> > to such extremes that you actually conclude that the solution is to
> > do away with Microsoft products based on some unproven and imagined
> > postulate that closed source is somehow at the core of the issue
> > while at the same time admitting you don't know anything about the
> > platform.   The fact that you are actually using Windows and programs
> > written with Visual Studio out of convenience to you critically
> > damages your argument.  If you as the author of this idea refuse to
> > migrate from Windows or applications written with Windows development
> > products and frameworks just because it is *not convenient* for you,
> > how could you possibly expect anyone supporting any infrastructure of
> > consequence to take your advice or even consider your ideas as
> > anything other than hysteria when they would have to engage in
> > unfathomable expense, effort and time to create a total and complete
> > paradigm change in their business simply to try to defend against
> > being hit by falling alien poo?
> > >
> > > t


---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ