Slashdot Mirror


What's The Actual Cost of A Virus?

ThosLives writes "CNN Money just posted a story that says the MyDoom virus may cost businesses $250M. My favorite quote is that for small to medium businesses with 400 or less employees, the estimate is between $48,000 and $58,000 cost to 'secure themselves' from the particular virus. Does anyone know where that number comes from? If one can charge a year's salary to fix one virus, I'm in the wrong job! Any input out there on the real, hard costs of things such as virus protection?"

5 of 526 comments (clear)

  1. Don't Forget Bandwidth by DotNM · · Score: 5, Interesting

    Another thing that's expensive and not to be forgotten is the bandwidth of sending all this crap spam. Why should the recipient of these messages bear the costs of the bandwidth essentially wasted because of these messages.

    --
    There's no place like localhost
  2. This is harsh, but it needs to be said by ajs318 · · Score: 5, Interesting

    Well, Mandrake Linux fits on three CDs, so I'd say the cost of securing a business against virus attacks is about 75p.

    The reason why so many attacks are against Windows is that Windows is usable by complete morons -- and, as an inevitable result, you get complete morons using it. Yes, we all know GNU/Linux requires a little tech savvy. You don't get smart enough to use GNU/Linux without first learning that running just any old programme when you don't have the faintest idea what it does, is a bloody stupid thing to do. On the other hand, any living advertisement for the pro-choice movement can fire up Windows XP and get their computer riddled with malware in a twinkling. Why? Because Windows is too easy to use.

    It's a perfect illustration of reverse evolution in action. You try to make something idiot-proof, then nature only goes and comes out with a dafter idiot.

    You could never make a car that a five-year-old could drive safely -- and even if you could, it would necessarily lack so much functionality it would barely be usable. Really, there's no point trying -- it's better to issue full driving licences only to adults and only on completion of a test. And then we don't have to suffer the consequences of cars that would be driveable by five-year-olds.

    The very fact that GNU/Linux naturally weeds out complete retards probably explains why there are not -- and will never be -- as many GNU/Linux exploits as there are Windows exploits.

    --
    Je fume. Tu fumes. Nous fûmes!
  3. Re:Actual Cost of a Virus / SCO by gujo-odori · · Score: 5, Interesting

    That's not even close to the cost, even if you work very, very cheaply.

    The cost of anti-virus and related is the least part of the equation, even factoring in the admin's time, and I don't care *how* cheaply you work. Not even if you're a volunteer.

    The real cost is factored more like this:

    - Staff hours that are lost looking at false bounces (or worse, getting infected, something which is very common) and having to correct that

    - Helpdesk hours that are lost answering questions from people with a mailbox full of bounces for stuff they didn't send (or we hope not);

    - Helpdesk hours that are lost disinfecting the
    machines of all those who clicked the attachment. Mostly, the same ones who fell for it last time, too.

    - Sysadmin hours that may be spent on watching over stressed mail queues to make sure they don't get full, and dealing with potential mail backlogs.

    Those are three broad areas, I'm sure the accounting department could tell me a bunch more of their favorites.

    Let's say you make $20 per hour at your job. The cost of your benefits is probably also about $20 hour, assuming health insurance, etc. Heck, it could be more. But lets go with $40/hour as the total cost of your compensation for this example.

    Now, let's say you lost 30 minutes of productivity to a worm. OK, $20 bucks that your company spent on having you do something other than your job function. But, you're way smarter than most of your colleagues. You didn't click it. You've just wasted 30 minutes initially looking at what it was, deleting more copies that came in, and deleting bounces, and you ever even called the help desk. Most people are probably at one hour, maybe more. Lots more, if they got
    infected.

    If by some chance it works out that the average cost of compensation (salary + benefits) in your company is $40/hour, and you have 100 employees and on average each person lost 30 minutes to the worm (again, I bet it's hard to get the number that low in most companies when a big wrom like this appears), that's $2000 right there. Antivirus software is not even factored in because you either had it already or not, but either way, it's not a directly related expense.

    OK, that was the first day. People will deal with more crap in their mailboxes tomorrow, and the day after and quite a few days after. At least for a week, you might expect to have a company-wide average of 30 minutes per person, per day, spent on things related to the worm.
    Now we're at $10,000.

    This all assumes that no data was damaged or destroyed (if it was, the monetary value of that data, if irreplaceable, is charged. For replaceable data, the cost of an admin restoring it is charged).

    And don't think your average will probably be that low. If a lot of people get infected, your helpdesk staff and sysadmin staff will probably be spending the majority of their time on this problem for at least a week. In a typical 100-person company with a Windows machine on every desk, you may be really lucky to get away with $10,000 chargeable to the worm.

    I work for a well-known mail filtering company, and I'm getting a front-row seat for the impact this is having. It's large, even for companies that have our services. If you have tens of thousands of employeeds, you're going to see a lot of bounces coming in, and those divert staff time to deal with them.

    Now, imagine you have tens of thousands of employees and you're not using a service like ours. You're going it alone. Your admins. Your equipment. Your anti-virus software which you hope gets the new signatures before the worm gets to you. Your admins and helpdesk staff are working their butts off for at least a week, probably more (not that they weren't already busy). You might have hundreds or even thousands of infected machines to deal with. Countless bounces. Suddenly, you find yourself looking at a cost reaching into the hundreds of thousands of dollars. Not a pretty sight.

    While

  4. Re:Actual Cost of a Virus / SCO by Snad · · Score: 5, Interesting

    The cost of 400 yellow post-it notes saying "DO NOT OPEN FILE IF EXE OR SCR!"

    You don't even need this one. Just strip all incoming executables at the mail server so the user never gets anything dangerous to click on.

    We did that (at an admittedly small - just under 100 user) site using MailMarshal, now known as NetIQ Marshal.

    There's never any good reason to send an executable file via e-mail anyway. Software updates etc are better accessed through ftp or straight off the web. Self extracting archives (zip files) are unnecessary given the number of free decompressors available if the company is too cheap to pay for licenses.

    Blocking all (Windows) executables is easy in most filtering software, removes the worry of not being up to date with anti-virus library files, and works 100% of the time.

    This was back in the days of the good old Anna Kournikova, ILoveYou and similar viruses. We had exactly zero infections, and zero problems.

    Yes you can still get viruses in other ways (if some damn fool downloads a virus direct from a website) but how often does that actually happen? They all come via e-mail, and propagate via e-mail - be it your server or their own SMTP connection.

  5. Re:+1 Funny Because It's True by bangular · · Score: 5, Interesting

    The argument I hear the most, without a doubt "Windows gets more viruii because it's more popular". I call bullshit! I know it's bullshit because of Apache. Apache, by almost any web server survey, has at least as many servers as IIS (netcraft says between 2x and 3x, but let's say just as many for sake of argument). So by this reasoning, apache should have as many worms as IIS. But, as far as I can remember, there have only been two Apache worms. Neither of which btw were as crippling as any IIS worm. In fact, I was running multiple apache servers at the time of both of them and got neither one. What about Oracle? IIRC Oracle has a larger market share than sql server. Do we know of any RDBMS worms as devistating as slammer?


    Microsoft still isn't taking security seriously. Although this virus requires user interaction, Microsoft shouldn't make it so easy to execute content. Hell, content can be executed just by looking at the preview pane in outlook. Check out the story over in developers. MS decided instead of fixing the url spoofing bug that phishers have been using since december, they are just going to not allow urls with an @ sign in them.


    Then you've got your idiots over at security focus, such as Tim Mullen (who is a security consultant for MS btw) who believes security shouldn't be an issue for MS to worry about. It should be the end user who worries about it. It's no wonder they do not take security seriously when you've got people with views like that advising you.


    Let's not forget the anti virus companies. Their lively hood is protecting people from virii. Not stoping them, protecting people from them. If we didn't have virii, then the anti virus companies would be out of business.



    When you've got all this political bullshit swirling around the only one that loses is the end user. The one who bought their computer to enhance their life. To get onto the internet and reasearch car safety because their teenager is about to drive. Or the grandma who wants to recieve pictures from her grand children. Or the first time user that gets a virus within 15 minutes of plugging in their new computer, ensuring they will probably hate it from that point on.