Re: FW: Cost of Worm Attack Protection

[Sean Donelan <sean () donelan com>]

On Thu, 13 Nov 2003, Braun, Mike wrote:
> The old saying of "you get what you pay for" seems to be well directed when
> it comes to this topic.  If you're willing to allocate $100K more than you
> currently spend to mitigating the effects from Worms and Viruses, I'm sure
> you will have some increased success.  If you allocate 1 mill more, your
> success will increase substantially.  The true cost really boils down to

Actually that is not true.  There is substantial evidence that spending
more does not change behavor when it comes to worms.  Offering anti-virus
software, firewalls, consulting, email, telephone calls, letters, etc
have the exact same impact as doing nothing on the average ISP consumer.

As Jared points out, doing "more" substantially increases the support
costs for ISPs and doesn't reduce the number or severity of worms.


On the other hand, individuals can have a dramatic impact on the security
of his or her own computer.

Unfortunately, computer security is a bit like the light bulb joke.  How
many psychologists does it take to change a light bulb?  One, but the
light bulb has to want to change.