funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No AV? Shock, horror!

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 29 Sep 2009 09:37:36 +1300
Toralv_Dirro () mcafee com wrote:


All logs from a central AV-management console listing what has been
detected by the OnAccess scanner on the workstations would qualify
as that source of data (after sorting out the things that actually
infect a machine from the things AV is expected to detect nowadays
in addition). Without AV most entries in that log would have
resulted in an infected machine... 


No -- that only tells "half" the story.

Unless you happen to have a perfect virus detector (and you don't) then 
these stats fail entirely to tell us about the infection rate of the 
machines _with_ AV installed,

Given recent trends in malware development, the infection rate of AV-
running systems will be far from zero.



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: