Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 17 May 2010 03:48:36 +0100

On 17 May 2010 at 1:06, Christian Sciberras wrote:

Malware is not "flooding". It only s much as "changes" and not at an
alarming rate neither.

It is mutating at approx 243% per annum, a rate which is more than 
twice as fast as Moore's Law (200% every 24 months).  I do find this 
alarming, because I want my CPU back.  So does everyone else I know.

Happens that any piece of [individual] malware is smaller than 5Mb (as in my
example) therefor what you call a flood is nothing more then a couple of
droplets of water in a lake.

Did you ever try and use your computer when it was doing a virus 
scan?  That's much more than a droplet of CPU that you are missing.

Besides, competent anti-viruses automatically clean their own signature base
from systems immune to certain malware (eg patched).

Nice.  That would improve things I think (assuming the patch does in 
fact make the machine invulnerable to the malware that it can no 
longer detect).

Also, thankfully, I don't get infected with new malware X times per day, in
fact, I don't recall ever being infected in the last 6/7 years I've run
Windows (your point of focus).
I'm sure I'm not alone, so where do you put us in your equation? Surely you
can't infect non-existent workstations?

I'm not analysing infections, I'm analysing "new threats" (as defined 
by Symantec).  

However if I was analysing infections, I'd call you an outlier 
(anomaly), and exclude you from my computation.  You would be one of 
the few.  Impressive though.

Stu

On Mon, May 17, 2010 at 12:49 AM, lsi <stuart () cyberdelix net> wrote:

Imagine you are in an enclosed space.  It starts to flood.  As the
water level rises, the amount of oxygen you have available falls.
Unless it stops flooding, eventually you will have no oxygen at all.

So, the CPU, RAM, diskspace, and network bandwidth of your machine,
as well as limits imposed by integer math, are the enclosed space.
Those specify the finite processing limits of your machine.  Malware
is the flood.  Oxygen is what's left in your enclosed space/machine,
once your malware defences have run.

Malware is flooding at 243% (+/- error).  This is consuming the
oxygen in your machine.  You can enlarge your enclosed space, with
hardware upgrades, but that's not stopping the flooding.

Eventually you will find it's not possible to upgrade the machine
(usually a software dependency of some kind).  At this point the
machine will run slower and slower.  Your alternatives will be to
disconnect the machine from the internet, and partially/completely
disable malware filters; or to replace the machine.

As you can see you're spending money on upgrades and replacements,
and losing productivity and/or capabilities (eg. internet access).

Meanwhile, the malware is still flooding into your enclosed space.
Every second that goes by, the rate of flooding increases.  Your boss
is screaming at you for spending a zillion on hardware.  Your users
are whinging because everything is running like a dog.  Your support
staff are running around constantly fixing machines on which the AV
has failed (yet again) to stop the latest 0-day variant.  Your
company's customers are livid because you had to tell them you had a
trojan on an accounts machine and their credit card data is now on
the web.  Your wife has the hump because you're never home, except in
a bad mood, your kids think you are a boarder, and the dog hates you
because you never take it for walks anymore.

And you now need to go to your boss and ask for more money for more
upgrades.

What are you gonna do?  Are you going to let your IT run like this
forever?  Do you think your boss will like it when you ask him for
more budget?

What is your long-term strategy for fixing this problem?

Stu

On 16 May 2010 at 19:08, Thor (Hammer of God) wrote:

From:   "Thor (Hammer of God)" <Thor () hammerofgod com>
To:     "full-disclosure () lists grok org uk" <
full-disclosure () lists grok org uk>
Date sent:      Sun, 16 May 2010 19:08:26 +0000
Subject:        Re: [Full-disclosure] Windows' future (reprise)

The error in your overall thesis is your failure to identify the
difference between threat and risk.  You are interacting with Symantec's
report of "x new threats" as if it actually means something, or more
specifically, that these new threats somehow translate into some new level
of risk.  They don't.

According to Stephen Hawking, there are new threats emerging based on the
statistical probability of the existence of aliens.  Therefore, a "threat"
exists where I may be struck in the head by a falling block of green alien
poo, frozen in the atmosphere after being flushed out by a passing
pan-galactic alien survey ship.  However, the actual *risk* of me being hit
in the head while walking to a matinée of The Rocky Horror Picture Show
doesn't dictate that I apply a small mixture of Purell and Teflon to my
umbrella and fill my squirt gun with alien repellent.

The risk of me personally being struck by falling alien poo is *far*
lower than the risk of any one of the almost 7 billion people on the planet
being struck by falling alien poo.  You may be able to calculate the risk of
my being poo'd in relation to any given human being poo'd, but no level of
math will allow you to determine what my or any other person's individual
chance of being poo'd is.

Your argument would call everyone to change the way they protect
themselves from falling alien poo out of the mere existence of a threat
without really qualifying the associated risk.  That does nothing for
anyone, and would only cause a rise in the cost of umbrellas and squirt guns
and would probably result in the theater putting the kibosh on Rock Horror
completely and charging people to watch Born Free.  (Insert clever
association of "Born Free" with "free" open source products here.  See what
I did there?)

Further, the basis of this "threat" is that you would actually have to
trust what Stephen Hawking is saying in the first place.  In his case, there
really isn't any way to know that he's the one saying it, is there?  For all
we know, the ghost of Carl Sagan could have hacked into his computer and has
made Mr. Hawking's requests to have his Depends changed translated into "run
for your lives, the aliens are coming, the aliens are coming"  when his
computer talks.

My point is that you are taking threat statistics from Symantec
that don't mean anything on their own, as there is no definition of
how those threats would apply to any given system, and directly
converting them into some global level of risk - and you are doing so
to such extremes that you actually conclude that the solution is to
do away with Microsoft products based on some unproven and imagined
postulate that closed source is somehow at the core of the issue
while at the same time admitting you don't know anything about the
platform.   The fact that you are actually using Windows and programs
written with Visual Studio out of convenience to you critically
damages your argument.  If you as the author of this idea refuse to
migrate from Windows or applications written with Windows development
products and frameworks just because it is *not convenient* for you,
how could you possibly expect anyone supporting any infrastructure of
consequence to take your advice or even consider your ideas as
anything other than hysteria when they would have to engage in
unfathomable expense, effort and time to create a total and complete
paradigm change in their business simply to try to defend against
being hit by falling alien poo?

t


---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]