Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "lsi" <stuart () cyberdelix net>
Date: Sat, 15 May 2010 21:14:27 +0100

An interesting point - Unicode?  

I don't think 5Mb files are infeasible, especially as time passes, 
that'll be just a blip before long.

Stu

On 15 May 2010 at 14:59, Christian Sciberras wrote:

Date sent:      Sat, 15 May 2010 14:59:46 +0100
Subject:        Re: [Full-disclosure] Windows' future (reprise)
From:   Christian Sciberras <uuf6429 () gmail com>
To:     stuart () cyberdelix net

In a nutshell, I disagree. For one thing, that much variants would exhaust
the number of combinations per malware, unless we are talking about malware
in excess of 5 Mb.
I'm not disagreeing with the prediction of an increase, nor for a
possibility of a grim future for windows. I'm just saying that at those
numbers, there is more probability of a (very) wrong predication.

Cheers.






On Sat, May 15, 2010 at 2:11 PM, lsi <stuart () cyberdelix net> wrote:

Hi All!

Just a followup from my posting of 9 months ago (which can be found
here):

http://www.mail-archive.com/full-disclosure () lists grok org uk/msg37173.html

Symantec have released "Internet Security Threat Report: Volume XV:
April 2010".  My posting from last year was based on the previous
"Internet Security Threat Report: Volume XIV: April 2009".  So I
thought it would be interesting to check my numbers.  The new edition
of the Threat Report is here:

http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

You may recall that last year, the average annual growth rate of new
threats (as defined by Symantec) was 243%.  This enabled me to
predict that the number of new threats in this year's Symantec Threat
Report would be 243% of last years; eg. I predicted 9 months ago the
number of new threats in this year's Symantec Threat Report would be
243% * 1656227, or 3840485.87.

The actual number of new threats in this year's Symantec Threat
Report is 2895802, an error on my part of 24.6%.

This is quite a chunk, however it is not that far off.  My excuses:

- my number was based on averages, so it will never be exact.  There
will be a natural variance in the growth rate, caused by many
factors.

- in the new edition, Symantec have altered the raw data a little -
the number of new threats for 2009, 2008, 2007 etc is slightly
different to those same years, as listed in the previous version of
the report.  I have not updated my projection to allow for this.

- Symantec note that "The slight decline in the rate of growth should
not discount the significant number of new signatures created in
2009. Signature-based detection is lagging behind the creation of
malicious threats..." (page 48).

Am I retreating from my position?  Absolutely not.  I am now
expecting the number of new threats in next years' report to be
7036798.86. This is 2895802 * 243%.  This includes the error
introduced by Symantec's changes to the raw data.  I don't think it
matters much.

As this flood of new threats will soon overpower AV companies'
ability to catalogue them (by 2015, at 243% growth, there will be
2.739 MILLION new threats PER DAY (over 1900 new threats per
minute)), and as Symantec admits above that "signature-based
detection is lagging", and as Microsoft are not likely to produce a
secure version of anything anytime soon, I am not at all hopeful of a
clean resolution to this problem.

I continue to advise that users should, where possible, deploy
alternatives; that they should, if they have not already, create and
action a migration strategy; and that they should avoid like the
plague, any software which locks them into a Microsoft platform.
Business .NET applications, I'm lookin' at you.

Those failing to migrate will discover their hardware runs slower and
slower, while doing the same job as it did previously.  They will
need to take this productivity hit, OR buy a new computer, which will
also eventually surcumb to the same increasing slowness.  They will
need to buy new machines more and more frequently.  Eventually, they
will run out of money - or, for the especially deep-pocketed, they
will find they cannot deploy the new machines fast enough, before
they are already too slow to use.  The only alternative to this
treadmill is to dump Windows.  The sooner it is dumped, the less
money is wasted buying new hardware, simply to keep up with security-
induced slowness.

Why spend all that time and money on a series of new Windows
machines, without fixing the actual problem, which is the inherent
insecurity of Windows?  People can spend the same time and money
replacing Windows, and then they won't need to worry about the
problem any more.  The difference is that sticking with Windows
incurs ongoing and increasing costs, while a migration incurs a one-
off cost.

I don't think it takes a genius to see which approach will cost less.

Notes:
- see page 10 of the Volume XIV (2009) edition, and page 48 of Volume
XV (2010) edition, for the relevant stats

- since my post of last year, I have also noticed a similar
exponential curve in the number of threats detected by Spybot Search
and Destroy (a popular anti-spyware tool). This curve can be seen
here:

http://www.safer-networking.org/en/updatehistory/index.html

 - my projection of growth rates up to 2016 (written last year) is
here:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Comments welcome..

Stu

---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault