Re: whitehouse cyber strategy review

[chris () blask org]

--- On Sun, 11/15/09, Dan Kaminsky <dan () doxpara com> wrote:
 
> Non-rhetorical question:

> What do we think the infection discovery rate is, and do we
> think it has increased or decreased in recent years?

More important than discovering infectious agents is discovering *infections themselves* (which may be what you meant).

I'm sure someone can quote some stats as far as discovering infectious agents goes, but at a certain level I think it 
becomes moot.  The best we will ever do as far as developing signatures is to identify the popular attacks, but what we 
need to worry about as individual companies are the hand-crafted ones (just for me?  how sweet!).  Don't use your 
homemade malware against more than a handful of sites and it will almost never be caught up in the signature discovery 
net.

My guess is that the rate of discovery for existing infections/compromises is meager, at best.  Whatever number you 
could find I would inherently assume is at best half as bad as the situation really is.  Most people are not equipped 
to determine that they have been infected at all, and as long as the lights keep blinking - even at a faster rate than 
legitimate usage would dictate - they aren't even going to look (don't make me invoke Heartland again).

-chris


      
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.