What's The Actual Cost of A Virus?

ThosLives writes "CNN Money just posted a story that says the MyDoom virus may cost businesses $250M. My favorite quote is that for small to medium businesses with 400 or less employees, the estimate is between $48,000 and $58,000 cost to 'secure themselves' from the particular virus. Does anyone know where that number comes from? If one can charge a year's salary to fix one virus, I'm in the wrong job! Any input out there on the real, hard costs of things such as virus protection?"

Re:I suspect the viruses aren't the worst

[irokitt]

I agree that stuff like this is serious. Take a 30-computer lab, allow students to access it, and 27-29 will have Gator or its ilk on them after about two weeks. I remember a particularly nasty one (xlime) that would start ~100 new IE windows, maxing the CPU and using up all of the swap until the machine crashed. It's all preventable. Teach people to avoid banner ads, naked pictures, and strange .exe/.scr files. And then threaten them with something serious if they don't listen.

Re:Actual Cost of a Virus / SCO

[PowerBert]

We use MailScanner which can work with Sendmail or exim and it supports many different AV programs.
It doesn't just do viruses though, it can run Spam checks (with or without the help of spamassassin), Filter out (and remove) dangerous HTML, filter/remove file attachments and has lots of other useful features.

Definately worth checking out.

Re:Inflated costs AGAIN - that trick never works

[dbIII]

You are misquoting The Hacker Crackdown.

Paraphrased, don't have it hand to quote.

When the defence discovered that the top secret, confidential valuable document was being sold by the company to any Tom, Dick or Harry for $19.99, the prosecution's case collapsed.

Especially with the elaborate cost breakdown that had been prepared. I don't have a link to the online version of the book, but google will help.

Re:The most interesting statistic

[mlefevre]

No. MyDoom (and most other recent viruses) don't use your MS address book particularly - they search the entire hard drive for a whole range of files and pick up email addresses from all of them. They also use their own SMTP code to send emails.

Re:Wasted time!

[Kris_J]

to ignore the ten dozen "virus has been nuked" warning emails.

This tech staff turned that message off today. Not that I had wasted more than 10 minutes total handling such phone calls.

Re:Actual Cost of a Virus / SCO

[thesupraman]

Well, lets see.

I provide consultance and external admin to a 'mid sized company' who got hit by this in the last couple of days. This is a company with around 50 on-site employees and an anual turnover in the region of $40 Million.

My filters let through two instances of the virus before they automatically updated their defs.
One went to a windows machine and infected it.
One went to a mac, and did not.
None of around 7 internal Linux servers were affected of course.

I knew very quickly which machine had an infection, as it was trying to send more viruses via the smtp server (which was by then blocking them) - we are not NEARLY stupid enough to give employees direct internet access via NAT!.

I blocked the access to the smtp server for that single machine (didn't even need to track down who it was) and they called me about 30 minutes later, when they next tried to send an email, letting me know who they were.

I asked them to download and run the cleaner program, which they did, so I re-enabled them. Their machine made no further attempts, so I suspect it is fine.

I also installed another layer of virus scanning just for the hell of it, and re-tuned their anti-spam setup with the latest versions.
(clamav, http://www.clamav.net)

Total cost to them:
2 hours of my time at $60US/hour.
1 hour of employees time (overestimating here), say $60US/hour.

A moderate amount of traffic on their link (we are blocking around 1/minute at present for this virus, but it is dying pretty fast) - they pay a fixed link cost, so don't really care.

So there we go - lets call it $200US total cost, and they got some usefull systems updated as part of that.

I didn't even have to leaave my home office.

So, your point was?

Re:Actual Cost of a Virus / SCO

[Twylite]

Your costs need a little inflating ;) Add the following:

• It tends to cost a company three times your salary to employ you (including office space, equipment, salary and benefits, etc). That's closer to $120 per hour for your hypothetical worker.
• Losing 1/2 hour productivity means paying out $120 without getting in the minimum of $150 the company should be trying to make out of your time. This means an actual cost of $120, but an economic cost of $270, per employee.
• Annual subscription to a commercial desktop antivirus: $25 per employee. Without this you have no hope of cost-effectively containing a virus that hits you before there is a patch for the mail/file server anti-virus. Add extra for commercial products with easy-to-use remote administration for all those end-user desktops; and even more for network admin time if there is no remote administration.
• Any company that has to take down their mail server due to volumes generated by a worm (and it happens a lot), and that is reliant on e-mail for internal communication (also very common), can write off $270 per employee per hour that the server is down. That's up to $27000 per hour in a 100-person company. Ouch.
• Now image a multinational with +2500 employees that has to take all their mail servers offline for 36 hours to clean up. It's happened. It's expensive.

Re:Actual Cost of a Virus / SCO

[Spellbinder]

or give him the needed money to do his job right

Re:Actual Cost of a Virus / SCO

[NetJunkie]

Filter attachments. We stopped this virus and all the ones before it since I've been at my present job. Usually AV updates are several hours behind..even though we use AV engines based in different parts of the world (to hop time zones on updates).

I filter anything that can be executed by the user. That's the best defense you can do.

Re: Actual Cost of a Virus / SCO

[rizzo420]

any smart company would have some sort of enterprise anti-virus program that allows you to run an anti-virus server that sets how often they update the virus defs. set it to update once a day and you're all set. there's basically no need for cleaning up except for a few older machines taht aren't on the same image as the others. password protect the AV software so people can't go and change things and you're golden. i've seen it in place and i've seen it work. there's always a few taht get the virus still, but in reality, it's not a huge deal, you go and clean it up. put a virus filter on the email server for extra protection. depending on the size of your business, if it's really small, you just buy computers that come with anti-virus pre-installed and you keep up the subscription. larger ones, you do teh enterprise software with anti-virus server. last i used it, the enterprise norton dealt with something like 3000 clients connecting to one server, and the machine doesn't have to be extremely robust either. and you probably have at least a handful of people smart enough to run around and remove the viruses off the few comptuers that still happen to get them. so you're down about 2-3 hours worth or labor, not really a big deal.