ljknews wrote:
> My guess is that if a company actually is capable of analyzing
> binary code they only do it for the highest volume instruction
> sets.
>
They certainly will focus on larger markets first. If you want them to
focus on *your* market, make it worth their while :) SUSE Linux does a
lot for the Z series mainframe market because they are willing to pay
for it. The market for, say, Motorola 88000 CPUs is relatively sparse :)
> My guess is that attackers will go after machines they feel are
> less protected.
>
I fully disagree with that. There are 2 kinds of attackers:
1. Bottom feeders. These people troll for very common vulnerabilities
with scanners and worms, trying to build botnets. There are
*plenty* of people with unprotected x86 machines, so that is what
they target, regardless of any optional technology add-ons people
develop for that platform.
2. Targeted attackers. These people are professionals, and they are
going after a specific target. They don't select targets on the
basis of vulnerability, they select the target for external
reasons having nothing to do with the defenses deployed.
In between would be criminals of opportunity who seek targets that are
both valuable and soft. But that is really just a more sophisticated
variant of #1.
As a defender, you need to care about the strength of your defense in
proportion to the value of your assets. If your assets are not
particularly valuable, then only deploy the basic defenses to shed the
ankle biters in class 1. If your assets are more valuable, then deploy
more thorough/expensive defenses until the cost of the defenses exceeds
the calculated risk to your assets.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hacking is exploiting the gap between "intent" and "implementation"
_______________________________________________
Secure Coding mailing list (SC-L) [email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
