Comments on: Shrinking Patch Timelines – The Need For HIPS http://blogs.mcafee.com/mcafee-labs/shrinking-patch-timelines-the-need-for-hips Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Mr.Goose http://blogs.mcafee.com/mcafee-labs/shrinking-patch-timelines-the-need-for-hips/comment-page-1#comment-21451 Mr.Goose Fri, 23 Jan 2009 23:33:45 +0000 http://www.labs.com/research/blog/?p=784#comment-21451 Why do people still run Windows at all? We dumped it entirely nearly two years ago in favour of Kubuntu Linux. We are a small business. Just 8 machines. But many if them run 24/7 and are permanently on-line. Care to guess how many viruses, worms, trojans, spies, keyloggers etc we had in that time? Zero! Why do people still run Windows at all?

We dumped it entirely nearly two years ago in favour of Kubuntu Linux. We are a small business. Just 8 machines. But many if them run 24/7 and are permanently on-line. Care to guess how many viruses, worms, trojans, spies, keyloggers etc we had in that time?

Zero!

]]> By: Bhaskar http://blogs.mcafee.com/mcafee-labs/shrinking-patch-timelines-the-need-for-hips/comment-page-1#comment-21450 Bhaskar Tue, 20 Jan 2009 10:26:10 +0000 http://www.labs.com/research/blog/?p=784#comment-21450 Well explicated true carks of Admins on every patch Tuesday Well explicated true carks of Admins on every patch Tuesday

]]> By: Matthew Wollenweber http://blogs.mcafee.com/mcafee-labs/shrinking-patch-timelines-the-need-for-hips/comment-page-1#comment-21449 Matthew Wollenweber Tue, 20 Jan 2009 03:38:12 +0000 http://www.labs.com/research/blog/?p=784#comment-21449 I think it would be more accurate to say that the chart doesn't show the time from public vulnerability to worm development. It shows the time from public disclosure to public identification of the worm. Tools and techniques used by the AV industy have improved over the years. Coincidentally, the rapid identification of bots correlates fairly well to the honeynet project. To further my point, Confickr/Downadup has only recently gained attention of the AV world. But estimates for it's size range upwards of 8.9 million -- which suggests to me that it's spent some time in the wild before it was picked up. At first glance, your chart appears to paint a bleak picture. I'd concede that bot developers have streamlined their tools and processes, but I think it's more likely that the majority decrease in time to discovery reflects more the AV's ability to detect bots. I think it would be more accurate to say that the chart doesn’t show the time from public vulnerability to worm development. It shows the time from public disclosure to public identification of the worm. Tools and techniques used by the AV industy have improved over the years. Coincidentally, the rapid identification of bots correlates fairly well to the honeynet project.

To further my point, Confickr/Downadup has only recently gained attention of the AV world. But estimates for it’s size range upwards of 8.9 million — which suggests to me that it’s spent some time in the wild before it was picked up.

At first glance, your chart appears to paint a bleak picture. I’d concede that bot developers have streamlined their tools and processes, but I think it’s more likely that the majority decrease in time to discovery reflects more the AV’s ability to detect bots.

]]>