Re: No AV? Shock, horror!

[Dan Kaminsky <dan () doxpara com>]

> We would agree:
>
> http://countermeasures.trendmicro.eu/in-security-reputation-is-key/

I guess the real question is this:

How large is the long tail of viruses?

Suppose, if you will, that there are "hits" in the malware space --
individual pieces of malware that get spread all over.  Suppose we
grant that AV has a reasonably good chance of catching the hits.

Suppose also that there's some infection rate, below which a
particular attack vector or payload will not have a signature
generated for it because nobody will find it.

Infections by these rare payloads would constitute a sort of "long
tail" of malware -- too rare for a signature, but in aggregate,
possibly common enough to represent a significant number of
infections.

But how common?  I mean, we know the long tail doesn't work exactly as
promised in the media space.  We also know there's a lot of infected
boxes out there running AV.  It'd be really interesting if we had data
around this question.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.