Re: FBI Virus Alerts

[Chris Salter <securityfocus () loncps demon co uk>]

In article <3.0.5.32.20010928222108.05228d70 () pop fuse net>, dated Fri,
28 Sep 2001 at 22:21:08, David Kennedy CISSP <david.kennedy () acm org>
writes
> At 08:38 AM 9/28/01 +0200, info wrote:
> > [Viruses & Worms] Sophos and Trend Micro report a "severe outbreak" 
> > of a variant of day before yesterday's W32/Vote-A alias 
> > Win32.Vote.A@mm, W32.Vote.A@mm, that deletes files from infected
> > hard  drives.
>
> Except neither Sophos nor Trend are reporting a severe outbreak:
>
> http://www.sophos.com/
>       Click on the links for the three Vote variants and they report just
> one report of Vote.A and zero of Vote.B and zero of Vote.C
>
> http://wtc.trendmicro.com/wtc/
>       Neither the real-time nor the daily include any flavor of Vote
>
> Message Labs reports zero Vote.

This prompts me to ask a question that I have been meaning to ask for
sometime. My apologies if it has been addressed before. Are these report
statistics published by the AV vendors accurate representations of virus
activity in the field? I can see that during the period before
definitions have been updated, the reports may give some indication of
the virus prevalence. However, how many AV customers report viruses
successfully detected and dealt with? Do the AV vendors have a
representational sample of their customers reporting *all* viruses? Are
just corporate customers providing stats? I am assuming of course that
automatic definition updates processes aren't collecting such
information without the customers permission!

Chris
-- 
Christopher P Salter              mailto:security () loncps demon co uk

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com