mailing list archives
Re: Windows' future (reprise)
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 17 May 2010 03:34:31 +0100
On 16 May 2010 at 12:22, Christian Sciberras wrote:
An interesting point - Unicode?
I don't think 5Mb files are infeasible, especially as time passes,
that'll be just a blip before long.
You call it a "blip" yet you are counting in infections for *everywhere* and
*anyone* so, what makes you think service providers (which have been comfy
in the last 6 years with a dialup-grade connection) to abruptly switch to
Well, just because network capacity is also growing at an exponential
rate. I take your point, some people don't have high-speed
connections. This will slow things down a bit, but that's all..
I'm just saying that your statistics are based on too little variables
What else could I use? x=time, y=amount. I'm not sure how I could
use more than two variables. Those are the only numbers I get from
You yourself mentioned an error margin of ~24%. This will only *grow* by
It's an average, so I thought it might auto-correct. There was a
similar dip in 2006.
Lastly, I stand my point: Malware cannot be taken is a combination (as you
and other certain "specialists" think of it). Reason number one being that a
software combination (hash) can vary from between "malware", "useful" or
"utterly useless"; ie, the combination of having only malware is so
undefinable that you can't put it in any equation.
I think I understand, you're saying a virus can't be a random string,
and I agree. That is the job of the obfuscator, to make the virus as
random as possible, while retaining the integrity of the logic.
I thought you were saying that the ASCII character set has
insufficient characters to permit x billion combinations, so I
wondered whether Unicode would.
The problem of defining malware is not mine. All I'm doing is
analysing Symantec's stats. Symantec have already examined the
sample and classified it as malware, before it gets included in the
stats. Symantec's stats might be dodgy, but I doubt it, surely they
wouldn't waste their time?
Symantec's results are not wrong, it is how you/people use them that may be
wrong, such as attempting to predict anything out of them.
The time-series analysis I did is commonly used to make forecasts.
It is an accepted practice to take time-series data and extrapolate
from it. Of course, there is an element of uncertainty, especially
if the data is weak (small sample size, bias in the data etc). I was
disappointed I only got 75.4%.
What I will concede is that the conclusions I have drawn from the
results of the analysis may well be wrong. I don't work in an AV
company and can only report what I see in the field. I can see those
numbers going up, and up, and up, and it's only natural to wonder
where it will end. I can also see my customers' computers running
slower and slower, and I know what sort of performance kick is
possible if AV is disabled, and I know that virus scans take longer
and longer to complete.
So I do think it's a fair question to ask - will my computer handle
billions of threats? Does it make sense to be relying on AV to
protect my customer's computers? Is this house really on fire, or is
that completely normal? What answer should I give, when my customers
ask me, how can I stop this from happening again? When my customer
is about to make an expensive strategic purchase, what points should
I make, concerning long-term planning? Is my business at risk, if I
say the wrong thing, and my customers go out of business because
their hardware/software combination is no longer viable? I imagine
these questions are on the minds of many IT managers, and with a
chart on the wall showing 243% mutation, it is only reasonable that
they be asked.
stuart at () cyberdelix dot net - http://www.cyberdelix.net/
* Origin: lsi: revolution through evolution (192:168/0.2)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Windows' future (reprise) BMF (May 15)
Re: Windows' future (reprise) M.B.Jr. (May 25)
Message not available
Re: Windows' future (reprise) shawn Davison (May 15)
Re: Windows' future (reprise) Thor (Hammer of God) (May 16)
- Re: Windows' future (reprise), (continued)