Vmyths.com
Hoaxes, myths,
urban legends
Columnists
Newsletter
signup
Addictive
Update
Model
False
Authority
Syndrome
About us
Computer
security
humor
|
Truth About Computer Security Hysteria
Statistical dowsing rods
Rob Rosenberger,
Vmyths co-founder
Friday, 8 October 1999
A STORY ABOUT
this year's Virus Bulletin conference identified some key issues vendors now face. "Antivirus software is
quickly going the way of the browser," ZDNN reporter Rob Lemos declared in his opening sentence.
He spoke to industry gurus who believe protection will soon "be free and ubiquitous." Well, perhaps not
free: antivirus vendors may switch to "selling updates via the Internet at a monthly fee."
Various debates sprang up in a "Talkback" area where ZDNN readers can add their $0.02.
However, those readers didn't seem to care about an issue mentioned near the end of the story — namely, the utter
lack of virus metrics and related utilities.
"While finding and fixing viruses faster has
captured[1]
the interest of corporate network administrators," Lemos wrote, "an automated system's ability to
collect data on the number of virus incidents is equally valuable, said one administrator at the conference, who
asked to remain anonymous." I'll bet a soda he/she read my tirade
on this very subject. "Currently, the best source of such data is the Wildlist, and even that volunteer site
would like to see better and more accurate statistics, said Sarah Gordon, one of the directors of the
independently maintained Wildlist."
We need something "more accurate" than the WildList? Hey, we need something accurate to begin with.
The WildList doesn't accurately identify threats. It qualifies at best as a statistical dowsing
rod. Nowhere do we see its limitations better than in the reports distributed
before and
after Melissa struck.
|
Virus metrics stopped evolving years ago when the Dirty Dozen list died out STOP You can see stagnation in the
format of the WildList STOP It reads
like a telegram by today's standards STOP
|
Not convinced? Try to find Asia's (supposed) demise in the
reports distributed before and
after Chernobyl struck. Try to
find a looming media fiasco in the WildList report distributed
before Hare flopped. Try to find
a looming media fiasco in the report distributed
before Remote Explorer flopped.
I don't mean to slam the WildList itself — it serves a specific purpose and each report identifies its
limitations right up front. Problems occur because people read way too deeply into its way-too-little data.
"It's the best dowsing rod we've got," they say. Yeah, and the best we've got sucks.
Billion-dollar antivirus firms couldn't come up with anything to augment or replace it in the last six years?
Virus metrics stopped evolving years ago when the Dirty Dozen list died out STOP You can see stagnation in the
format of the WildList STOP It reads
like a telegram by today's standards STOP
Personally, I'd never bother to show the WildList reports to upper management. A vendor survey doesn't tell them
squat about their virus problems. Gordon (IBM)[2]
understands this: "it would be extremely useful to get
reports" directly from antivirus software, she told Lemos. She said
Big Blue[3]
plans to look into it, too. (Note to Gordon: Trend Micro beat you to the
punch.)
Virus metrics need to climb out of the evolutionary tar pit. For starters, Gordon's team could integrate the
WildList concept directly into antivirus software. Why collect data by hand only from vendors when you can
collect it automatically from every computer on Earth? Think of it: our PCs could generate reports at the local
level and forward them to the WildList, which in turn could evolve into a near-realtime "weather map" of
virus detections around the globe.
I tell you, TV reporters will orgasm the day they can "put the maps into motion" for
viewers. {sigh} Why didn't antivirus vendors think of it before I did? I mean,
come on — I swiped this idea from the Internet worm of 1988...
|