Re: No AV? Shock, horror!

[Nick FitzGerald <nick () virus-l demon co uk>]

Blanchard_Michael () emc com to Dan Kaminsky:

> > Is there a source of data showing 10,000 machines with AV are less
> > likely to be infected than 10,000 machines without?
>
>  I'm sure there is, ...

I'm not so sure there is -- in fact, I'm fairly sure there is no such 
study.  

> ... but I would have to say that machine platform
> would play a major factor for infection along with user.  

If you treat "infction" as a purely binary state, then maybe not so 
much...

If you count each instance of "different" malware per machine, then 
probably so...

>   If we're talking 10,000 windows home users without A/V, VS. 10,000
> Windows home users with AV, I'd say for certain that those without
> are more likely to become infected.  Would be interesting to see a
> formal study on this though.... 

As I said, the results are much less certain depending on how you 
define "infected".

>   For *nix platforms there is a greater chance of having a file that
> is infected stored on it waiting for a vulnerable box to grab it and
> run it than the *nix box itself getting infected. 

But if we add "owned" to the things we count as "infected"...



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.