"Any" security measure is a bit much. The collection of fixes that went alongside XPSP2 was pretty epic (firewall by default, massacre of SMB's anonymous surface, windows update) and almost entirely killed worms -- and their company-wide-compromises -- quantifiably.
On Tue, Sep 29, 2009 at 4:15 PM, Michael Collins <[email protected]> wrote: > I've done some cursory searching, and I'm in the midst of a deeper lit > review right now, but all signs point to there nit being empirical > evidence for the effectiveness of any security measure. I'll say more > when I've read more > > Sent from my iPhone > > On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <n...@virus- > l.demon.co.uk> wrote: > >> [email protected] to Dan Kaminsky: >> >>>> Is there a source of data showing 10,000 machines with AV are less >>>> likely to be infected than 10,000 machines without? >>> >>> I'm sure there is, ... >> >> I'm not so sure there is -- in fact, I'm fairly sure there is no such >> study. >> >>> ... but I would have to say that machine platform >>> would play a major factor for infection along with user. >> >> If you treat "infction" as a purely binary state, then maybe not so >> much... >> >> If you count each instance of "different" malware per machine, then >> probably so... >> >>> If we're talking 10,000 windows home users without A/V, VS. 10,000 >>> Windows home users with AV, I'd say for certain that those without >>> are more likely to become infected. Would be interesting to see a >>> formal study on this though.... >> >> As I said, the results are much less certain depending on how you >> define "infected". >> >>> For *nix platforms there is a greater chance of having a file that >>> is infected stored on it waiting for a vulnerable box to grab it and >>> run it than the *nix box itself getting infected. >> >> But if we add "owned" to the things we count as "infected"... >> >> >> >> Regards, >> >> Nick FitzGerald >> >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
