Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Christian Sciberras (uuf6429gmail.com)
Date: Sun May 16 2010 - 18:06:04 CDT
Malware is not "flooding". It only s much as "changes" and not at an
alarming rate neither.
Happens that any piece of [individual] malware is smaller than 5Mb (as in my
example) therefor what you call a flood is nothing more then a couple of
droplets of water in a lake.
Sometimes I do wonder whether some people actually know what a virus is. I
mean, this isn't eg, milk which you can market X times with different brand
Besides, competent anti-viruses automatically clean their own signature base
from systems immune to certain malware (eg patched).
Also, thankfully, I don't get infected with new malware X times per day, in
fact, I don't recall ever being infected in the last 6/7 years I've run
Windows (your point of focus).
I'm sure I'm not alone, so where do you put us in your equation? Surely you
can't infect non-existent workstations?
On Mon, May 17, 2010 at 12:49 AM, lsi <stuartcyberdelix.net> wrote:
> Imagine you are in an enclosed space. It starts to flood. As the
> water level rises, the amount of oxygen you have available falls.
> Unless it stops flooding, eventually you will have no oxygen at all.
> So, the CPU, RAM, diskspace, and network bandwidth of your machine,
> as well as limits imposed by integer math, are the enclosed space.
> Those specify the finite processing limits of your machine. Malware
> is the flood. Oxygen is what's left in your enclosed space/machine,
> once your malware defences have run.
> Malware is flooding at 243% (+/- error). This is consuming the
> oxygen in your machine. You can enlarge your enclosed space, with
> hardware upgrades, but that's not stopping the flooding.
> Eventually you will find it's not possible to upgrade the machine
> (usually a software dependency of some kind). At this point the
> machine will run slower and slower. Your alternatives will be to
> disconnect the machine from the internet, and partially/completely
> disable malware filters; or to replace the machine.
> As you can see you're spending money on upgrades and replacements,
> and losing productivity and/or capabilities (eg. internet access).
> Meanwhile, the malware is still flooding into your enclosed space.
> Every second that goes by, the rate of flooding increases. Your boss
> is screaming at you for spending a zillion on hardware. Your users
> are whinging because everything is running like a dog. Your support
> staff are running around constantly fixing machines on which the AV
> has failed (yet again) to stop the latest 0-day variant. Your
> company's customers are livid because you had to tell them you had a
> trojan on an accounts machine and their credit card data is now on
> the web. Your wife has the hump because you're never home, except in
> a bad mood, your kids think you are a boarder, and the dog hates you
> because you never take it for walks anymore.
> And you now need to go to your boss and ask for more money for more
> What are you gonna do? Are you going to let your IT run like this
> forever? Do you think your boss will like it when you ask him for
> more budget?
> What is your long-term strategy for fixing this problem?
> On 16 May 2010 at 19:08, Thor (Hammer of God) wrote:
> From: "Thor (Hammer of God)" <Thorhammerofgod.com>
> To: "full-disclosurelists.grok.org.uk" <
> Date sent: Sun, 16 May 2010 19:08:26 +0000
> Subject: Re: [Full-disclosure] Windows' future (reprise)
> > The error in your overall thesis is your failure to identify the
> difference between threat and risk. You are interacting with Symantec's
> report of "x new threats" as if it actually means something, or more
> specifically, that these new threats somehow translate into some new level
> of risk. They don't.
> > According to Stephen Hawking, there are new threats emerging based on the
> statistical probability of the existence of aliens. Therefore, a "threat"
> exists where I may be struck in the head by a falling block of green alien
> poo, frozen in the atmosphere after being flushed out by a passing
> pan-galactic alien survey ship. However, the actual *risk* of me being hit
> in the head while walking to a matinée of The Rocky Horror Picture Show
> doesn't dictate that I apply a small mixture of Purell and Teflon to my
> umbrella and fill my squirt gun with alien repellent.
> > The risk of me personally being struck by falling alien poo is *far*
> lower than the risk of any one of the almost 7 billion people on the planet
> being struck by falling alien poo. You may be able to calculate the risk of
> my being poo'd in relation to any given human being poo'd, but no level of
> math will allow you to determine what my or any other person's individual
> chance of being poo'd is.
> > Your argument would call everyone to change the way they protect
> themselves from falling alien poo out of the mere existence of a threat
> without really qualifying the associated risk. That does nothing for
> anyone, and would only cause a rise in the cost of umbrellas and squirt guns
> and would probably result in the theater putting the kibosh on Rock Horror
> completely and charging people to watch Born Free. (Insert clever
> association of "Born Free" with "free" open source products here. See what
> I did there?)
> > Further, the basis of this "threat" is that you would actually have to
> trust what Stephen Hawking is saying in the first place. In his case, there
> really isn't any way to know that he's the one saying it, is there? For all
> we know, the ghost of Carl Sagan could have hacked into his computer and has
> made Mr. Hawking's requests to have his Depends changed translated into "run
> for your lives, the aliens are coming, the aliens are coming" when his
> computer talks.
> > My point is that you are taking threat statistics from Symantec
> that don't mean anything on their own, as there is no definition of
> how those threats would apply to any given system, and directly
> converting them into some global level of risk - and you are doing so
> to such extremes that you actually conclude that the solution is to
> do away with Microsoft products based on some unproven and imagined
> postulate that closed source is somehow at the core of the issue
> while at the same time admitting you don't know anything about the
> platform. The fact that you are actually using Windows and programs
> written with Visual Studio out of convenience to you critically
> damages your argument. If you as the author of this idea refuse to
> migrate from Windows or applications written with Windows development
> products and frameworks just because it is *not convenient* for you,
> how could you possibly expect anyone supporting any infrastructure of
> consequence to take your advice or even consider your ideas as
> anything other than hysteria when they would have to engage in
> unfathomable expense, effort and time to create a total and complete
> paradigm change in their business simply to try to defend against
> being hit by falling alien poo?
> > t
> Stuart Udall
> stuart atcyberdelix.dot net - http://www.cyberdelix.net/
> * Origin: lsi: revolution through evolution (192:168/0.2)
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/