[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on READ more on Viruses
Begin forwarded message: From: Johan <johan@ccs.neu.edu> Date: May 24, 2005 1:20:41 AM EDT To: dave@farber.net Cc: Ip ip <ip@v2.listbox.com> Subject: Re: [IP] READ more on Viruses Christian Huitema <huitema@windows.microsoft.com> writes:
The "small population" argument assumes that one can predict the psychology of malware writers. Incidents like the Witty worm show the limits of such predictions. In fact, one could just as easily make theopposite argument, "strength in numbers". Large populations are a largerattack target, but they are also actively testing and developingdefenses, and thus less likely to be swiped out by a catastrophic event.
Well,I dunno whether it's ease of infection alone, or a target-rich enviroment, that makes or breaks a virus.
A successful virus will be the one which as the highest chance of re- infection, which I'm going to posit is something like the product of the probabilities of finding an a suitable host and then infecting it, and for how long it can keep trying.
Windows viruses have a very easy time finding new hosts by just random guessing, while having a (hopefully) smaller probability of actually infecting the target, as it is likely running some form of virus protection.
Linux viruses (or Mac or OpenBSD) will in general have a harder time finding hosts at random, but may (?) have an easier time exploiting any holes found.
However, low population doesn't mean that it's hard to find a target.For example, if I had an exploit for apache web servers, I'd have no shortage of targets. I'm no firewall expert, but I wonder whether that wasn't the case with ISS. Firewalls are easy to find: just send traffic at a domain, and the firewall will intercept it.
The interesting part is that we've seen a marked shift in how viruses propagate. Think back to the days of sneakernet and floppies; A succesful one had to be subtle - lay low and be stealthy for a some time before activating, else it ran the risk of not having propagated before detection.
In contrast, todays email borne internet viruses are a bit "blunt". I'd like to posit that the virus that will eventually sweep through the mac or linux communities will be more like sneakernet viruses than internet viruses. Slow and subtle.
JohanPS: I purposefully left out zombie nets so to not muddy the waters, but of course there's nothing stopping a population from simultaneously having subtle and blunt infections. You just notice the blunt ones first.
------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC