Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Paul D. Robertson (
Date: 05/07/04

  • Next message: Eric Maiwald: "Re[2]: [fw-wiz] Worms, Air Gaps and Responsibility"
    To: Devdas Bhagat <>
    Date: Fri, 7 May 2004 11:14:16 -0400 (EDT)

    On Fri, 7 May 2004, Devdas Bhagat wrote:

    > > That's $2400/year for licenses, add in $1200 for a gateway, and another
    > 60*400 is USD 24000, not 2400.

    Doh, note to self, don't do math half-awake... I was looking at bundle
    and 250 user license fees and fubar'ed the end result. :(

    > > $1000 for 400 mailboxes of gateway AV- we've got $4600/year for 400 nodes
    > 24000 + 1200 + 1000 = 26400 USD.

    So, that's one ~$18,000 employee, and if you put the server in place of
    their desktop, you're probably going to wash the hardware numbers (desktop
    software vs. server hardware.)

    If you capitalize the server costs, you get ahead of the game pretty
    quickly in most labor markets.

    Now, I'm not sure where you are, but I'm sure that in the DC metro area,
    getting someone competent enough to run around and clean viruses (who
    you'd want to trust with access to every desktop) year round would be a
    feat unparalleled with an annual salary of ~18,000. 5 people at
    ~$2400 each/year full-time is well below the minimum wage here.

    > > of protection, desktop and main e-mail gateway. If you're getting someone
    > > who's competent enough to clean out tricky viral programs for a
    > > loaded cost of $4600/year (so, ~75% of that,) then you're in a unique
    > I am saying 12000 USD is the cost of enough people to keep the network
    > running and staff working. I will not say it runs well, but it runs
    > enough to let people get their work done.

    But I'm saying if you reduce your people costs by 20% (that cheap but good
    AV person,) even if you end up paying the same (and I don't think you
    would) you'd be dealing with the same failure mode (mass infections) at a
    better or even cost point (for >90% of the list readership, obviously, if
    you're getting technical competence for ~83 cents an hour, AV costs suck
    for you (but you should probably think about getting people 100 times
    better and putting out a product ;).)

    > > spot. If that single person can keep up with the infection rates when you
    > > get a mass infection, they're not likely to be around for long.
    > A mass infection is their only issue usually. And those are rare.

    Well, I remember trying to "clean" Nimda (non-production, playing
    around) before everyone realized it was truly viral- it was basically
    not cleanable without AV tools (now, after a while, those tools were
    freely available, but you'd have taken an entire day of downtime in the
    interim.) So, if you have users who are candidates for catching viral
    code, you're going to overload that one person with a pretty low number of
    concurrent infections.

    Yes, widespread infections of well-run companies are rare, but 300
    people not doing their jobs for a day would probably about cover expenses-
    and it looks to me that continuing AV support is about 30% the cost of the
    first year (I'm just browsing one of the common software resellers.) So
    the AV costs should decrease going forward, while the personnel costs will

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Eric Maiwald: "Re[2]: [fw-wiz] Worms, Air Gaps and Responsibility"