Interesting People mailing list archives
READ more on Viruses
From: David Farber <dave () farber net>
Date: Sun, 22 May 2005 18:04:00 -0400
Begin forwarded message: From: Christian Huitema <huitema () windows microsoft com> Date: May 22, 2005 12:11:42 PM EDT To: dave () farber net Subject: RE: [IP] more on Viruses Jason Weisberger repeats the often heard argument that malware writers do not target small populations, because the "return on investment" would be small: "There are so many millions of Windows users out there that they offer the entire playing field of whatever a virus author is looking for." Well, there is at least one well known counter example, the "Witty" worm (http://www.caida.org/analysis/security/witty/). The worm target's was buffer overflow vulnerability in several Internet Security Systems (ISS) products, including ISS RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE. According to CAIDA, the vulnerable population of the Witty worm was only about 12,000 computers. On Friday March 19, 2004, the worm infected all of these targets in about 45 minutes. The "small population" argument assumes that one can predict the psychology of malware writers. Incidents like the Witty worm show the limits of such predictions. In fact, one could just as easily make the opposite argument, "strength in numbers". Large populations are a larger attack target, but they are also actively testing and developing defenses, and thus less likely to be swiped out by a catastrophic event. Bottom line, safety on any platform requires code updates, firewall, and up-to-date anti-virus systems. -- Christian Huitema ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- READ more on Viruses David Farber (May 22)