Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Cost Estimate For 2001 Tops $10 Billion

Posted by timothy on from the say-ahhhhhh dept.

Snootch writes: "CNN has a story on the costs of virii - they're absolutely collossal, and remember that the $10 billion figure is just *so far this year*...scary. The article gives a pretty good breakdown by virus, and while it says little else that the average /. reader won't know by now, it's an interesting read all the same. To quote Red Dwarf's Kryten, 'Smug Mode,' but I note that every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus ..."

"My other thought was this: Considering that according to the article, nearly half the money was spent cleaning infected systems out, then the virus-checker industry, and therefore the implications of Symantec's recent patent, are even bigger than I realised ... *gulp*" Of course, estimates like these are often made by people with vested interests in the effect such numbers have, and there are a lot of costs that are very tough to estimate accurately -- like sysadmin time.

12 of 239 comments (clear)

  1. The cost to my company by Anonymous Coward · · Score: 1, Interesting

    We're a unix shop of 60 employees. The cost to us for CodeRed was, um, $0. I saw the entries in the logs as part of normal maintenance but did nothing else.

    Sircam cost about $50, which is the hour it took me to update the 4 Windows machines in our sales office. This figure might be a little low because I didn't include the cost of hitting the delete key. Oh, and I added a procmail recipe I downloaded, but this was something like 2 minutes worth of work.

  2. Let me be the first to tell the truth, here... by sticks_us · · Score: 1, Interesting

    Not to start up with the m$-bashing too early on, but frankly, let's be adults and admit it:

    Most virus damage is caused by half-baked, slipshod, poorly-thought-out products put out by our friends in Redmond.

    Period.

    As a unix sysadmin working at a very large enterprise hosting facility, I can tell you this, first hand. The Windows team is constantly chasing after red worms, melissa, various IIS exploits, and every imaginible form of macro virus, while the Solaris team calmly applies regular patches from Sun.

    I'd say for every single Solaris 8 box that gets pushed over or otherwise compromised due to a virus, there are *seriously* about 50 Windows boxes that need to be scanned/cleaned/reinstalled.

    Again, not trying to start a religious war, but viruses are a microsoft byproduct. Not that Microsoft is a bad thing, mind you, but I think its safe to say that most of the viruses in the world wouldn't exist without a little help from poor quality control at microsoft.

    --
    "Beware of bugs in the above code; I have only proved it correct, not tried it." -- Donald Knuth
  3. mechanism for accountability? by call+-151 · · Score: 2, Interesting
    It would be nice if there were some accountablility for these costs for the responsible parts. Maybe the idea of product liability in the case of defective products should apply somehow. Otherwise, what is the incentive for improvement?

    I'm not saying that MS should be ponying up billions for Outlook's defects (esp. since estimates of the value of "lost time" always seem to be generous; witness the costs of "being stuck in traffic" as being huge) but if there is some desire to reduce the widespread incidence of viruses, then there should be some mechanism, prefereably financial, for encouraging people not to create and sell vulnerable products.

    --
    It's psychosomatic. You need a lobotomy. I'll get a saw.
  4. Smug Mode by Tom7 · · Score: 5, Interesting


    My feeling is that most of these are Microsoft-based worms because that is the most popular platform. (And perhaps the users are less concerned about computers than we are.) There have been plenty of exploitable holes in pine, for instance; it's just that not enough people use the same version of pine for a successful worm to be built around it.

    I think perhaps this is an argument for diversity more than it is an argument against Microsoft.

    1. Re:Smug Mode by rknop · · Score: 3, Interesting

      just a quick not, Word & PowerPoint & Eceel docs can be read in other apps. You can live with out/

      They are never read in perfectly, in my experience. Sometimes it fails altogheter. It's still a proprietary format, and the controller of that format keeps it a moving target. You may argue whether this is the intent, but the effect is to thwart and delay those who try to make other products compatable.

      But while we're talking lost productivity costs: how much productivity has been lost by developers of other products (including open source ones such as KOffice and OpenOffice) by having to write import/export filters by reverse engineering Microsoft formats? How much further along would those products be if they only had to support an open, well-documented product?

      The fact that these things all have to be Microsoft compatable to be viable merely proves my point. Those of us who choose not to use Microsoft OSes and apps can't simply ignore Microsoft, but have to dance to their tune. Even if some have learned the dance, I regret that it was necessary.

      -Rob

  5. A Different Question by ewhac · · Score: 3, Interesting

    I'm inclined to believe that the figure of $10 billion is little more than a wild guess. But since we're spending time trying to put a price on lost time and data, I have a different question along the same general lines:

    Disregarding viral infections, how much money does American business lose annually to Windows crashing?

    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  6. 10 billion fooey. by mindstrm · · Score: 3, Interesting

    I'm not going to say viruses don't cost money....

    But I have little faith on the 'loss valuations' put forth like this.

    If I have to disinfect all 50 computers in here over the course of a year, I'm not going to claim my company 'lost' any money, even though my time IS worth money. I would have been here, and been paid, regardless of the virus being here or not.

    The same goes for cost valuations done because of website defacements 'cracking' etc.... they are rarely rooted in reality, but instead rooted in a numbers game to make it seem worse than it is.

  7. vmyths.com by Satai · · Score: 4, Interesting

    vymths.com typically has debunkings of numbers like this.

    It's definitely recommended reading for any geek. The introductory section is here.

    I don't buy these numbers. These exorbitant figures are created from generous estimates of downtime, repair costs, and so forth. In addition, they take into consideration elements only tangentially related; I think that anybody with their Michael Shermer hat on can tell that a more serious inquiry than this is required.

    (But, then again, this would be good fodder for anti-Microsoft arguments. Now how ethically responsible would that be?)

  8. Re:But but but Microsoft sorted this all out! by ch-chuck · · Score: 2, Interesting

    They release a security 'upgrade' (Msft insists the Outlook viruses were not a 'security hole' but 'an insufficient level of security') - the Outlook patch goes too far the other way and completely blocks access to 'unsafe attachments' like *.mdb's that could possibly contain a script. I thought the Outlook patch would just make it more difficult to execute an attachment, like you would have to save it somewhere and find it to run it instead of just launching from the preview pane, but NOOOOOO, they make it so you can't access the attachment AT ALL! Then you cannot uninstall this security upgrage w/o uninstalling Office and reinstalling it.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  9. Code Red - Use the Present Tense please... by Phrogman · · Score: 4, Interesting

    All of these articles that I have been reading lately discuss Code Red and Code Red II in the past tense. Its still out there folks and its still attacking systems. I just ran a scan of my log file for one of my systems and the following IPs attempted to attack the webserver (which is running Linux/Apache and doing just fine):

    216.175.70.25 which attacked at 31/Aug/2001:04:16:29 PST

    61.129.37.165 which attacked at 31/Aug/2001:10:47:55 PST

    216.254.153.209 which attacked at 31/Aug/2001:13:58:40 PST

    62.110.109.5 which attacked at 31/Aug/2001:14:01:40 PST

    216.75.67.200 which attacked at 31/Aug/2001:14:25:52 PST

    216.210.235.68 which attacked at 31/Aug/2001:14:32:04 PST

    216.254.2.43 which attacked at 31/Aug/2001:19:13:21 PST

    195.128.198.2 which attacked at 31/Aug/2001:20:40:38 PST

    200.204.61.28 which attacked at 31/Aug/2001:21:09:45 PST

    ip244.54.136.216.in-addr.arpa which attacked at 31/Aug/2001:22:30:24 PST

    209.88.144.24 which attacked at 31/Aug/2001:22:52:19 PST

    209.88.144.24 which attacked at 31/Aug/2001:22:53:36 PST

    216.72.50.157 which attacked at 31/Aug/2001:22:54:32 PST

    61.175.90.219 which attacked at 01/Sep/2001:01:18:38 PST

    24.176.223.88 which attacked at 01/Sep/2001:01:25:49 PST

    216.224.75.34 which attacked at 01/Sep/2001:01:49:07 PST

    212.38.187.178 which attacked at 01/Sep/2001:02:45:22 PST

    Now the number of attacks goes down on the weekenend and up during the week, which suggests that most of these addresses (if not all of them) are simply DHCP desktop boxes run by morons who are too stupid to download and install a patch that has been widely mentioned in the news. But the fact remains that this worm is out there and active on a ton of systems and should *not* be spoken of in the past tense.

    Just my 0.45 Cents Canadian...

    --
    "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
  10. Hidden Costs of Code Red by Anonymous Coward · · Score: 1, Interesting

    I consult at a major telephone and data services company. I remain anonymous to protect us both. The company is a Microsoft partner, and a very early adopter of Win2K. We sat smugly behind our corporate fire walls until CodeRed II slipped in on hibernating laptops from home, and from trusted partners and other corporate divisions.
    Internally, there were no barriers to its spread amongst an amazing number of workstations running IIS without the users knowledge. Even developers involved in web server development did not realize that their workstations could be infected.
    A botched software upgrade distribution, intended to protect against the worm, made some 5000 workstations unusable until individually repaired. Those of us whose workstations survived, faced delays due to the enormous flood of "ARP Who Has" messages as the infected machines scanned for new victims.
    The scariest, and potentially, the most damaging problem was degraded service in the support network for the 911 emergency service in our metropolitan area.

  11. All MS money belong to us, by blang · · Score: 3, Interesting

    I won't be a judge of whether the $10 Billion is an accurate figure. Consider what wold happen if damages was awarded to MS victims? (excluding punitive damages):

    Some Microsoft figures:
    Annual Sales: $25 billion
    Annual earnings before taxes: $11 billion
    Profit: 7.7 Billion

    This shows us that MS contributed approximately 0 dollars to the economy. That's what I call a well put together scam. If punitive damages were awarded, MS would soon be history, and Billy Boy would move from his mansion to some shelter.

    While the lottery is a tax on the mathematically challenged, MS is a tax on the computer illiterati.

    --
    -- Another senseless waste of fine bytes.