Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: Valdis.Kletnieks () vt edu
Date: Sun, 16 May 2010 20:49:29 -0400

On Sun, 16 May 2010 23:49:00 BST, lsi said:
Malware is flooding at 243% (+/- error).  This is consuming the
oxygen in your machine.

The basic error in your analysis is that although there may in fact be
243% more malware samples, that doesn't translate into 243% more oxygen
consumption.

Consider a pizza cut into 8 pieces and somebody comes along and eats 6 of
them.  Now consider an identical pizza cut 16 ways and somebody eats 12 slices.
The rate of slice consumption has doubled, but the actual amount of pizza
consumed hasn't changed.

Similarly, the fact there's (say) 5 million new malware samples doesn't mean
there's 5 million new holes in Windows this year.  What you have is 5 million
new ways of poking the same 20 or 30 new holes.  This makes it a lot easier for
the A/V companies. Although they may have 37 different samples, there's a very
good chance they were produced using a Metasploit-like mindset - "pick an
exploit, add a payload, launch".  And 37 samples that use the same exploit but
have 37 different payloads need one detection rule (for the exploit), not 37.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault