and here are some answers [was: Quarantine your infected users spreading malware]

Gadi Evron ge at
Tue Feb 21 12:33:57 UTC 2006

Simon Waters wrote:
> I've seen 95% quoted - certainly my experience if you go looking for malware 
> in recent Windows desktop machines using IE and Outlook it is pretty much a 
> certainty you'll find it. Most of these tools I was using didn't detect the 
> Sony Rootkit, or other malware, so this will always be an underestimate of 
> the true extent of the problem, unless one uses fingerprinting and packet 
> inspection as the tools of choice for malware detection.
> This is very much a Windows only problem, it doesn't affect desktop users of 
> other systems at all, possibly in part because they lack critical mass, but 
> also because they have more sensible security models. Largely it is an 
> Outlook and IE problem.

Hi Simon, this is indeed a Windows problem due to Microsoft being a 
mono-culture in our desktop world. Still, there are botnets constructed 
from other OS's as well. Also, C&C servers are mostly *nix machines.



"Out of the box is where I live".
	-- Cara "Starbuck" Thrace, Battlestar Galactica.

More information about the NANOG mailing list