--- On Sun, 11/15/09, Dan Kaminsky <[email protected]> wrote:
> Non-rhetorical question:
> What do we think the infection discovery rate is, and do we
> think it has increased or decreased in recent years?
More important than discovering infectious agents is discovering *infections
themselves* (which may be what you meant).
I'm sure someone can quote some stats as far as discovering infectious agents
goes, but at a certain level I think it becomes moot. The best we will ever do
as far as developing signatures is to identify the popular attacks, but what we
need to worry about as individual companies are the hand-crafted ones (just for
me? how sweet!). Don't use your homemade malware against more than a handful
of sites and it will almost never be caught up in the signature discovery net.
My guess is that the rate of discovery for existing infections/compromises is
meager, at best. Whatever number you could find I would inherently assume is
at best half as bad as the situation really is. Most people are not equipped
to determine that they have been infected at all, and as long as the lights
keep blinking - even at a faster rate than legitimate usage would dictate -
they aren't even going to look (don't make me invoke Heartland again).
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
