Re: Worms, Air Gaps and Responsibility

["Paul D. Robertson" <paul () compuwar net>]

On Fri, 7 May 2004, Devdas Bhagat wrote:

> > That's $2400/year for licenses, add in $1200 for a gateway, and another
> 60*400 is USD 24000, not 2400.

Doh, note to self, don't do math half-awake...  I was looking at bundle
and 250 user license fees and fubar'ed the end result.  :(

> > $1000 for 400 mailboxes of gateway AV- we've got $4600/year for 400 nodes
> 24000 + 1200 + 1000 = 26400 USD.

So, that's one ~$18,000 employee, and if you put the server in place of
their desktop, you're probably going to wash the hardware numbers (desktop
software vs. server hardware.)

If you capitalize the server costs, you get ahead of the game pretty
quickly in most labor markets.

Now, I'm not sure where you are, but I'm sure that in the DC metro area,
getting someone competent enough to run around and clean viruses (who
you'd want to trust with access to every desktop) year round would be a
feat unparalleled with an annual salary of ~18,000.  5 people at
~$2400 each/year full-time is well below the minimum wage here.

> > of protection, desktop and main e-mail gateway.  If you're getting someone
> > who's competent enough to clean out tricky viral programs for a
> > loaded cost of $4600/year (so, ~75% of that,) then you're in a unique
> I am saying 12000 USD is the cost of enough people to keep the network
> running and staff working. I will not say it runs well, but it runs
> enough to let people get their work done.

But I'm saying if you reduce your people costs by 20% (that cheap but good
AV person,) even if you end up paying the same (and I don't think you
would) you'd be dealing with the same failure mode (mass infections) at a
better or even cost point (for >90% of the list readership, obviously, if
you're getting technical competence for ~83 cents an hour, AV costs suck
for you (but you should probably think about getting people 100 times
better and putting out a product ;).)

> > spot.  If that single person can keep up with the infection rates when you
> > get a mass infection, they're not likely to be around for long.
> A mass infection is their only issue usually. And those are rare.

Well, I remember trying to "clean" Nimda (non-production, playing
around) before everyone realized it was truly viral- it was basically
not cleanable without AV tools (now, after a while, those tools were
freely available, but you'd have taken an entire day of downtime in the
interim.)  So, if you have users who are candidates for catching viral
code, you're going to overload that one person with a pretty low number of
concurrent infections.

Yes, widespread infections of well-run companies are rare, but 300
people not doing their jobs for a day would probably about cover expenses-
and it looks to me that continuing AV support is about 30% the cost of the
first year (I'm just browsing one of the common software resellers.)  So
the AV costs should decrease going forward, while the personnel costs will
rise.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards