[email protected] to Dan Kaminsky: > > Is there a source of data showing 10,000 machines with AV are less > > likely to be infected than 10,000 machines without? > > I'm sure there is, ...
I'm not so sure there is -- in fact, I'm fairly sure there is no such study. > ... but I would have to say that machine platform > would play a major factor for infection along with user. If you treat "infction" as a purely binary state, then maybe not so much... If you count each instance of "different" malware per machine, then probably so... > If we're talking 10,000 windows home users without A/V, VS. 10,000 > Windows home users with AV, I'd say for certain that those without > are more likely to become infected. Would be interesting to see a > formal study on this though.... As I said, the results are much less certain depending on how you define "infected". > For *nix platforms there is a greater chance of having a file that > is infected stored on it waiting for a vulnerable box to grab it and > run it than the *nix box itself getting infected. But if we add "owned" to the things we count as "infected"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
