Counting tells you if you are making progress

• Previous message (by thread): Counting tells you if you are making progress
• Next message (by thread): Counting tells you if you are making progress
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/22/07, Sean Donelan <sean at donelan.com> wrote:
> On Wed, 21 Feb 2007, Todd Vierling wrote:
> > I'd say it's severely biased in the overestimation direction -- but
> > that's not to say it isn't a problem, because zombies Suck.
>
> People with access to the ppp, dhcp or nat logs for a network can de-dup the
> counts based on IP addresses to come up with better surveys of infected
> computers.  They can further correlate the reports with contact
> with the computer owners of how many computers were found with known or unknown
> malware. But we rarely hear data from them.

Because this is a circular problem:  such providers want to deny the
problem until there's a sufficient number, and once they take notice,
the de-dup ... reduces the number.

This isn't a technology problem, it's a *business approach* problem.

But now I'm straying OT.

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>

• Previous message (by thread): Counting tells you if you are making progress
• Next message (by thread): Counting tells you if you are making progress
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]