Re: [Full-disclosure] Windows' future (reprise)

["Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>]

I am constantly amazed at posts like this where you make yourself sound like 
some sort of statistical genius because you were "able to predict" that since 
last year was %243, that this year would be %243.  Wow.  Really?

And for the record, these claims of 'inherent insecurity' in Windows are simply 
ignorant.  If you are still running Windows 95 that's your problem.  Do a 
little research before post assertions based on 10 or 20 year old issues.

This smacks of the classic troll, where you say things like "nothing that 
Microsoft makes is secure and it never will be" and then go on to say how easy 
it is to migrate, and how it's free, with only a one off cost, and how to move 
off of .NET.

Obvious "predictions," ignorant assumptions, and a total lack of any true 
understanding of business computing.  Yep, "troll."

t

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of lsi
Sent: Saturday, May 15, 2010 6:12 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Windows' future (reprise)

Hi All!

Just a followup from my posting of 9 months ago (which can be found
here):

http://www.mail-archive.com/full-disclosure@xxxxxxxxxxxxxxxxx/msg37173.html

Symantec have released "Internet Security Threat Report: Volume XV: 
April 2010".  My posting from last year was based on the previous "Internet 
Security Threat Report: Volume XIV: April 2009".  So I thought it would be 
interesting to check my numbers.  The new edition of the Threat Report is here:

http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

You may recall that last year, the average annual growth rate of new threats 
(as defined by Symantec) was 243%.  This enabled me to predict that the number 
of new threats in this year's Symantec Threat Report would be 243% of last 
years; eg. I predicted 9 months ago the number of new threats in this year's 
Symantec Threat Report would be 243% * 1656227, or 3840485.87.

The actual number of new threats in this year's Symantec Threat Report is 
2895802, an error on my part of 24.6%.

This is quite a chunk, however it is not that far off.  My excuses:

- my number was based on averages, so it will never be exact.  There will be a 
natural variance in the growth rate, caused by many factors.

- in the new edition, Symantec have altered the raw data a little - the number 
of new threats for 2009, 2008, 2007 etc is slightly different to those same 
years, as listed in the previous version of the report.  I have not updated my 
projection to allow for this.

- Symantec note that "The slight decline in the rate of growth should not 
discount the significant number of new signatures created in 2009. 
Signature-based detection is lagging behind the creation of malicious 
threats..." (page 48).

Am I retreating from my position?  Absolutely not.  I am now expecting the 
number of new threats in next years' report to be 7036798.86. This is 2895802 * 
243%.  This includes the error introduced by Symantec's changes to the raw 
data.  I don't think it matters much.

As this flood of new threats will soon overpower AV companies' 
ability to catalogue them (by 2015, at 243% growth, there will be
2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), and as 
Symantec admits above that "signature-based detection is lagging", and as 
Microsoft are not likely to produce a secure version of anything anytime soon, 
I am not at all hopeful of a clean resolution to this problem.

I continue to advise that users should, where possible, deploy alternatives; 
that they should, if they have not already, create and action a migration 
strategy; and that they should avoid like the plague, any software which locks 
them into a Microsoft platform.  
Business .NET applications, I'm lookin' at you.

Those failing to migrate will discover their hardware runs slower and slower, 
while doing the same job as it did previously.  They will need to take this 
productivity hit, OR buy a new computer, which will also eventually surcumb to 
the same increasing slowness.  They will need to buy new machines more and more 
frequently.  Eventually, they will run out of money - or, for the especially 
deep-pocketed, they will find they cannot deploy the new machines fast enough, 
before they are already too slow to use.  The only alternative to this 
treadmill is to dump Windows.  The sooner it is dumped, the less money is 
wasted buying new hardware, simply to keep up with security- induced slowness.

Why spend all that time and money on a series of new Windows machines, without 
fixing the actual problem, which is the inherent insecurity of Windows?  People 
can spend the same time and money replacing Windows, and then they won't need 
to worry about the problem any more.  The difference is that sticking with 
Windows incurs ongoing and increasing costs, while a migration incurs a one- 
off cost.

I don't think it takes a genius to see which approach will cost less.

Notes:
- see page 10 of the Volume XIV (2009) edition, and page 48 of Volume XV (2010) 
edition, for the relevant stats

- since my post of last year, I have also noticed a similar exponential curve 
in the number of threats detected by Spybot Search and Destroy (a popular 
anti-spyware tool). This curve can be seen
here:

http://www.safer-networking.org/en/updatehistory/index.html

 - my projection of growth rates up to 2016 (written last year) is
here:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Comments welcome..

Stu

---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/