>> A spam-spewing bot sticks out like a sore thumb, but a compromised system which is not making itself so readily visible may go undetected indefinitely. >>Given what we've observed during this decade about botnet operators, I think they are *easily* smart enough to hold huge numbers of systems in reserve.
First you complain about false positives, now you switch the subject to false negatives? Yes, the method Comcast is probably using probably only identifies the conspicuous ones. Just because it doesn't find them all is no reason not to find these ones. >> Of course there isn't. But do you really think that people clever enough to rewrite bank statements on the fly will have any technical difficulty at all deploying the code to block those pop-ups? Right, and when that happens and when it becomes a serious impediment then they'll have to deal with it. There's an awful lot of malware out there right now that doesn't do it. >>More broadly: one of the reasons we find ourselves where we do is that we think too much about what the adversary IS doing instead of what the adversary COULD be doing. It's a failure of imagination. It's why they're so far ahead of us and pulling further away every day. What do you actually expect Comcast to do by themselves, while still serving a broad market of clueless average users? They're in a tough spot and broad condescension like this doesn't contribute anything to the debate. Larry Seltzer Contributing Editor, PC Magazine [email protected] http://blogs.pcmag.com/securitywatch/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
