Re: [Full-disclosure] windows future



On Fri, 04 Sep 2009 15:46:19 BST, lsi said:

- approximate date when number of NEW threats reached 1 Million: 2008

- approximate date when number of NEW threats will reach 1 Billion: 2015

- approximate date when number of NEW threats will reach 2 Billion: 2016

This is assuming an exponential growth model, when there's no realistic
reason to believe it to be so. There are however good reasons to expect
that the correct model is the "logistics curve" (slow growth at first,
a steep middle section, then flattening out asymptotic to a horizontal line).

For starters, new threats have to come from *somewhere*, and there's only
a limited supply of dark-side code hackers, and a limited supply of people
worth fleecing (sure, OLPC may distribute 100M laptops - but those are going to
people who can't be monetized easily). From whence will the 1 billion
new threats in the 2015-16 span come from? Who will create these, and who will
make money from them? At what point will some of the marginal players leave
the game and find other avenues of making money? Remember - if the threat
pool is 100,000, and you have 1,000 threats, you have 1% of the market, and
can probably live well off that 1% if monetized. But if you have 1,000 threats
in a pool of a billion, you're a marginal player and not likely to get rich
fast doing that.

- charts showing this:
http://www.cyberdelix.net/files/malware_mutation_projection.pdf

- will the AV companies be able to classify 1 billion new threats per
year? that is 2.739 MILLION new threats per DAY (over 1900 new
threats per minute).

- will your computer cope with scanning every EXE, DLL, PIF etc 1
billion times, every time you use them?

You don't have to scan it a billion times. You need to scan it *once* for
one billion attacks. And proper pattern-matching should help a lot here - quite
often, you'll have 2,934 exploit codes in the wild, all using the same attack
code lifted from Metasploit or milw0rm or whatever. So only one check is
needed. A bigger danger here is if we start seeing *single* threats that
include a really good real-time polymorphism/obfuscator - *that* could really
suck.

- aside from the theoretical limits imposed by hardware and software,
there is one extra limit, imposed by users. Users will not tolerate
machines operating slowly, and will seek alternative platforms well
before 100% CPU utilisation (either as a direct result of the size of
the blacklist, or indirectly caused by swapping due to low RAM).
This user limit might be lower than 20% CPU utilisation. If users
figure out that 20% of their time is being wasted, and rising fast,
they will run for the exit.

Interesting statistic - year before last, around 10% of all new computer
purchases were replacements for malware-infested boxes. Just buying a new
one was easier/cheaper than trying to fix the old one for a lot of people.

Second interesting statistic - the vast majority of that 10% ended up using
the exact same operating system.

So even when it's well past the 20% mark and the box is basically unusable,
they *still* don't run for the exit.

Attachment: pgpIPCWvw3mHw.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: New member
    ... He has neither libeled you nor made terroristic threats. ... Using anti German, nazi, and wicked vindictive attacks will sagain ... I want only that you are punished according to the full extent of the law - ... I have emails from you where you threatened to deliberately attack my ...
    (rec.music.makers.trumpet)
  • Re: Threat remains after bin Laden killed by U.S. forces
    ... while there are no known credible threats, the risk of attacks ... “There is no doubt that al Qaeda will continue to pursue attacks ... attacks or any new threats. ...
    (talk.politics.misc)
  • Re: All the 9/11 True Believers Can Do Is Ignore This
    ... Warning fatigue is certainly a plausible reason! ... Look at the patterns of global terrorism. ... These were attacks, not threats. ...
    (sci.physics)
  • Re: First Haditha and now Ishaqi
    ... Paid by Saddam? ... Constant threats of SCUD attacks on anyone it suited him to do. ... The no-fly zones were an illegal infringement of Iraq's sovereign air ...
    (rec.martial-arts)
  • Still more complaints about the mindless pseudo-humans during chess
    ... the horrible mindless travesties posing as human beings attacked me ... Inherent in their attacks are various kinds of threats: ... the work of other pseudo-sentient defectives. ...
    (rec.games.chess.misc)