READ more on Viruses

[David Farber <dave () farber net>]

Begin forwarded message:

From: Christian Huitema <huitema () windows microsoft com>
Date: May 22, 2005 12:11:42 PM EDT
To: dave () farber net
Subject: RE: [IP] more on Viruses


Jason Weisberger repeats the often heard argument that malware writers
do not target small populations, because the "return on investment"
would be small: "There are so many millions of Windows users out there
that they offer the entire playing field of whatever a virus author is
looking for."

Well, there is at least one well known counter example, the "Witty" worm
(http://www.caida.org/analysis/security/witty/). The worm target's was
buffer overflow vulnerability in several Internet Security Systems (ISS)
products, including ISS RealSecure Network, RealSecure Server Sensor,
RealSecure Desktop, and BlackICE. According to CAIDA, the vulnerable
population of the Witty worm was only about 12,000 computers. On Friday
March 19, 2004, the worm infected all of these targets in about 45
minutes.

The "small population" argument assumes that one can predict the
psychology of malware writers. Incidents like the Witty worm show the
limits of such predictions. In fact, one could just as easily make the
opposite argument, "strength in numbers". Large populations are a larger
attack target, but they are also actively testing and developing
defenses, and thus less likely to be swiped out by a catastrophic event.

Bottom line, safety on any platform requires code updates, firewall, and
up-to-date anti-virus systems.

-- Christian Huitema


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/