This only measures AV detected infections. If I take 10,000 machines that did have AV, and 10,000 machines that did not, and compare, say, botnet infection rates manually -- is there a difference?
I'm looking for: 'A node running AV is n% less likely to be running malicious software than a node not running AV.'. On Sep 28, 2009, at 2:34 PM, <[email protected]> wrote: > > All logs from a central AV-management console listing what has been > detected by the OnAccess scanner on the workstations would qualify > as that source of data (after sorting out the things that actually > infect a machine from the things AV is expected to detect nowadays > in addition). Without AV most entries in that log would have > resulted in an infected machine... > > > cheers, > Toralv > > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Dan Kaminsky >> Sent: Monday, September 28, 2009 7:56 PM >> To: [email protected] >> Cc: [email protected]; [email protected] >> Subject: Re: [funsec] No AV? Shock, horror! >> >> Non-rhetorical question: >> >> Is there a source of data showing 10,000 machines with AV are >> less likely to be infected than 10,000 machines without? >> >> >> On Mon, Sep 28, 2009 at 7:38 PM, <[email protected]> wrote: >>> There are plenty of AV products for *nix platforms. It's >> not that there is a *huge* amount of viruses for those >> platforms, it's that those platforms are often accessed by >> Windows platforms and the merchant should want to provide a >> clean file to a customer... >>> >>> Mike B >>> >>> >>> Michael P. Blanchard >>> Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of >>> Information Security & Risk Management EMC ² Corporation >> 4400 Computer >>> Dr. >>> Westboro, MA 01580 >>> >>> >>> -----Original Message----- >>> From: [email protected] >> [mailto:[email protected]] >>> On Behalf Of Drsolly >>> Sent: Friday, September 25, 2009 5:13 PM >>> To: Rob, grandpa of Ryan, Trevor, Devon & Hannah >>> Cc: [email protected] >>> Subject: Re: [funsec] No AV? Shock, horror! >>> >>> Maybe some merchants don't use Windows? >>> >>> On Fri, 25 Sep 2009, Rob, grandpa of Ryan, Trevor, Devon & >> Hannah wrote: >>> >>>> PCI survey finds some merchants don't use antivirus software >>>> >>>> http://www.networkworld.com/news/2009/092309-pci-survey-finds-some- >>>> merchants.html?hpg1=bn >>>> >>>> (But absolutely no surprise whatsoever ...) >>>> >>>> ====================== (quote inserted randomly by >> Pegasus Mailer) >>>> [email protected] [email protected] >>>> [email protected] >>>> Living well is the best revenge. >>>> George Herbert, 16th century English >> clergyman >>>> http://victoria.tc.ca/techrev/rms.htm >>>> http://blog.isc2.org/isc2_blog/slade/index.html >>>> http://twitter.com/rslade >>>> http://blogs.securiteam.com/index.php/archives/author/p1/ >>>> http://twitter.com/NoticeBored >>>> _______________________________________________ >>>> Fun and Misc security discussion for OT posts. >>>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >>>> Note: funsec is a public and open mailing list. >>>> >>> >>> _______________________________________________ >>> Fun and Misc security discussion for OT posts. >>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >>> Note: funsec is a public and open mailing list. >>> >>> >>> _______________________________________________ >>> Fun and Misc security discussion for OT posts. >>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >>> Note: funsec is a public and open mailing list. >>> >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> > > Firmensitz: Muenchen > Amtsgericht: AG Muenchen > Handelsregister: HRB 144340 > Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice > Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 > UST-ID: DE168122444 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
