Re: [NTLK] [OT] Virus attacks on NTLK/Newton-related mailaccounts

From: Peter H. Coffin (hellsop_at_ninehells.com)
Date: Sat Apr 17 2004 - 09:09:41 PDT


On Fri, Apr 16, 2004 at 04:51:49PM -0700, Martin Joseph wrote:
> On Apr 16, 2004, at 1:53 PM, Peter H. Coffin wrote:
>
> > On Fri, Apr 16, 2004 at 11:32:06AM -0700, Martin Joseph wrote:
> >>
> >> On Apr 16, 2004, at 10:48 AM, Joel M. Sciamma wrote:
> >>>
> >>> I see that Apple's market share is now down to 2.5% and take-up of
> >>> Mac
> >>> OS X
> >>> is just 40% of the installed base - what self-respecting virus
> >>> creator
> >>> is
> >>> going to bother having an impact on so few? ;-)
> >>>
> >> This is a dangerously wrong attitude:
> >>
> >> http://www.caida.org/analysis/security/witty/
> >>
> >> All platforms are potential targets although using "obsolete kit"
> >> (macOS (preX))) is pretty safe :~)
> >
> > I'm curious as to what the attack vector to a Macintosh is for the
> > Witty
> > worm that you cite.
> Witty didn't affect mac. It's an example of a virus that attacks a
> small community though, much smaller then Mac in fact.
> > <snip> There's probably more Windows
> > machines "protected" by BlackICE on the net right now than there are
> > Macs of *any* vintage connected.
> >
> Not even remotely close.
>
> According the article I linked:
>
> " the vulnerable population of the Witty worm was only about 12,000"

Doubt it, since that's conveniently exactly the number of ISS's business
customers, as distinguished from home and small business customers.

Unless Witty doesn't attack BlackICE installations, in which case,
you've got a fundamental flaw in ISS's whole in-house product line, and
it smacks of "disgruntled ex-employee" and "inside information", which
is a situation so different from someone wanting to attack legacy kit
that they're not even comparable.

But, presuming that BlackICE *is* vulnerable...

> Can't say how many black ice installs and kin there are total as ISS
> doesn't release that info, but I would bet heavily it's no where near
> the number of macs Apple sells in a year (about 3.5M).

10-K SEC filing for ISS shows $107M in product licenses and sales.
They've got something like 12,000 business customers, which is where I
think the "vulnerable population" figure came from. Presume everything
else is home customers. Also presume that home customers aren't buying
hardware from them. Cost of the product licenses and sales is $10M.
Let's take a whack that they can mark up the hardware 100% and guess
that $20M was hardware, which leaves $87M for software purchases.
BlackICE home goes for about $25 per license once we average in new
purchases, renewals, and downloadable licenses. Home kit versus business
kit tends to be about 1:10 costwise, so the most pessimistic assumption
is that $9M is BlackICE, or about 250,000 licenses. That's hugely
different from a vulnerability window of 12,000.

-- 
CS is about lofty design goals and algorithmic optimization. Sysadmining
is about cleaning up the fscking mess that results.
-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
Official Newton FAQ: http://www.chuma.org/newton/faq/
WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/


This archive was generated by hypermail 2.1.5 : Sat Apr 17 2004 - 09:30:01 PDT