there's a point of reference here ... unless a zero day exploit is EXTREMELY aggressive in propagating around the world ( and drawing even more attention to its vector ) it will NOT be the most pervasive and therefore not the largest cause of issues. Zero day exploits take time to propagate and by the time they have opportunity to reach the same saturation rates as other malware they are no longer zero day.
Spin it how you like. And 72.4% of all statistics are made up on the spot. On Tue, Oct 18, 2011 at 3:23 PM, Michael B. Smith <[email protected]>wrote: > I don't get it. Sorry, I don't. > > If (as the article says) only one-tenth of one percent of issues are caused > by zero-days; then that's not even a blip on the radar. > > That doesn't mean "don't be vigilant" and "don't have good processes and > procedures", at least not to me. It means that pursuing a well-rounded > defense in depth strategy is the proper course - as always. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Tuesday, October 18, 2011 3:19 PM > To: NT System Admin Issues > Subject: Re: Zero-day bugs overrated, Microsoft says > > From the article: > > "We're not saying don't worry about zero-days. But they need to be put > into context," said Jeff Jones, a director of security with > Microsoft's Trustworthy Computing group. "For the person who has > security as a day-to-day job, they need to worry about the things that > are most prevalent and most severe." > > Hmmm.... > > What is a zero-day except the most severe thing - caught, and not > merely with your knickers down, but effectively no knickers at all. > > Yes, patch - first, last and always - but the proliferation of > software diversity makes that very hard. > > Don't Panic? Well, that's only useful advice if you take it to mean > that you shouldn't start a full-bore linear run into whatever obstacle > is in your way. On the other hand, if your blood pressure isn't rising > to dangerous levels because of the situation, you probably don't know > what the hell is going on, or else your IT policy is hated by your end > users because they can't install their favorite malware magnets. > > Kurt > > On Tue, Oct 18, 2011 at 08:18, David Lum <[email protected]> wrote: > > Thoughts? > > > http://www.computerworld.com/s/article/9220705/Zero_day_bugs_overrated_Microsoft_says?taxonomyId=85 > > > > David Lum > > Systems Engineer // NWEATM > > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
