funsec mailing list archives
Re: No AV? Shock, horror!
From: Michael Collins <mcollins () aleae com>
Date: Tue, 29 Sep 2009 22:37:45 -0400
The problem is that we're still dealing with something that is pretty much anecdote - I don't disagree that it improved the security profile of a lot of networks, but I have no way to speak about it quantitatively. I can talk about such things qualitatively, but but it's still in the domain of anecdote. I'd be more comfortable with that except we've been speaking in anecdote for almost forty years, and the problem is that we don't really know if anything works besides these epic megafixes. On Sep 29, 2009, at 11:00 AM, Dan Kaminsky wrote:
"Any" security measure is a bit much. The collection of fixes that went alongside XPSP2 was pretty epic (firewall by default, massacre of SMB's anonymous surface, windows update) and almost entirely killed worms -- and their company-wide-compromises -- quantifiably. On Tue, Sep 29, 2009 at 4:15 PM, Michael Collins <mcollins () aleae com> wrote:I've done some cursory searching, and I'm in the midst of a deeper lit review right now, but all signs point to there nit being empirical evidence for the effectiveness of any security measure. I'll say more when I've read more Sent from my iPhone On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <nick@virus- l.demon.co.uk> wrote:Blanchard_Michael () emc com to Dan Kaminsky:Is there a source of data showing 10,000 machines with AV are less likely to be infected than 10,000 machines without?I'm sure there is, ...I'm not so sure there is -- in fact, I'm fairly sure there is no such study.... but I would have to say that machine platform would play a major factor for infection along with user.If you treat "infction" as a purely binary state, then maybe not so much... If you count each instance of "different" malware per machine, then probably so...If we're talking 10,000 windows home users without A/V, VS. 10,000 Windows home users with AV, I'd say for certain that those without are more likely to become infected. Would be interesting to see a formal study on this though....As I said, the results are much less certain depending on how you define "infected".For *nix platforms there is a greater chance of having a file that is infected stored on it waiting for a vulnerable box to grab it and run it than the *nix box itself getting infected.But if we add "owned" to the things we count as "infected"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: McAfee really DOES write new Malware! Wholey Moley!, (continued)
- Re: McAfee really DOES write new Malware! Wholey Moley! chris (Sep 29)
- Re: McAfee really DOES write new Malware! Wholey Moley! Blanchard_Michael (Sep 30)
- Re: McAfee really DOES write new Malware! Wholey Moley! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Kenneth L. Bechtel, II (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Toralv_Dirro (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Charles Miller (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 28)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 29)