[email protected] wrote: > All logs from a central AV-management console listing what has been > detected by the OnAccess scanner on the workstations would qualify > as that source of data (after sorting out the things that actually > infect a machine from the things AV is expected to detect nowadays > in addition). Without AV most entries in that log would have > resulted in an infected machine...
No -- that only tells "half" the story. Unless you happen to have a perfect virus detector (and you don't) then these stats fail entirely to tell us about the infection rate of the machines _with_ AV installed, Given recent trends in malware development, the infection rate of AV- running systems will be far from zero. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
