I've done some cursory searching, and I'm in the midst of a deeper lit review right now, but all signs point to there nit being empirical evidence for the effectiveness of any security measure. I'll say more when I've read more
Sent from my iPhone On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <n...@virus- l.demon.co.uk> wrote: > [email protected] to Dan Kaminsky: > >>> Is there a source of data showing 10,000 machines with AV are less >>> likely to be infected than 10,000 machines without? >> >> I'm sure there is, ... > > I'm not so sure there is -- in fact, I'm fairly sure there is no such > study. > >> ... but I would have to say that machine platform >> would play a major factor for infection along with user. > > If you treat "infction" as a purely binary state, then maybe not so > much... > > If you count each instance of "different" malware per machine, then > probably so... > >> If we're talking 10,000 windows home users without A/V, VS. 10,000 >> Windows home users with AV, I'd say for certain that those without >> are more likely to become infected. Would be interesting to see a >> formal study on this though.... > > As I said, the results are much less certain depending on how you > define "infected". > >> For *nix platforms there is a greater chance of having a file that >> is infected stored on it waiting for a vulnerable box to grab it and >> run it than the *nix box itself getting infected. > > But if we add "owned" to the things we count as "infected"... > > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
