and here are some answers [was: Quarantine your infected users spreading malware]

Tue Feb 21 06:41:58 UTC 2006

On Mon, 20 Feb 2006 23:54:38 EST, Sean Donelan said:
> On the other hand, the number of infected computers never seems to spiral
> out of control. I've been wondering, instead of trying to figure out why
> some computers get infected, should we be trying to figure out why most
> computers don't become infected?

I've seen more than one estimate that most computers *are* infected by at least
one piece of malware/spyware/etc, (including numbers as high as 90%) and if the
site that was tracking 1M new zombies/day is to be believed, they *are*
spiraling out of control.

And when a significant fraction of all new computers are bought as a virus/worm
control method, things *are* out of control:

http://www.nytimes.com/2005/07/17/technology/17spy.html?ei=5090&en=5b2b6783f66a7422&ex=1279252800&adxnnl=1&partner=rssuserland&emc=rss&adxnnlx=1121859260-edx1SJD7lWy7D6PMipItjw

I suspect that in fact, a *lot* of computers have crud on them, but people's
expectations have dropped - as long as the virus doesn't actually kill the
host, it's tolerated.

If Aunt Matilda is avoiding all this stuff, the most likely reason that Aunt
Matilda doesn't get more crudware on her system is because she wouldn't be
caught dead visiting non-reputable websites that you're likely to get caught in
a drive-by fruiting - and none of her friends would either, so she never gets
her e-mail address scraped and used as a target...

But we already knew that, and there's no good way to leverage it when everybody
who *isn't* an Aunt Matilda *does* visit those kind of sites, or knows people
who do...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060221/b09802ba/attachment.sig>