Right. And it includes money spent by those who bought protection and weren't hit by this particular outbreak. This shouldn't be counted. And it doesn't count those who didn't buy antivirus software and subsequently got hit. And it equats the anti-virus companies profits with the cost of clean up.
So, all things considered, your post is pretty irrelevant.
First off, it's just an estimation -- and in cases like this, whoever has the highest estimation "wins", because that's what media will pick up on, that's what will be repeated by press and forums like this one.
Second, this estimation includes costs that should not be directly attributed to the virus outbreak. E.g. cost of cleaning machines and getting them up and running - in many cases this was just waiting to happen. The virus just happened to triggered it, but it could just as well have happened due to a hardware failure.
Third, what you're presenting is not an objective way of measuring, as it's depending on the companies' reportin truthfully and accurately.
I'm not claiming that virus outbreaks do not have a cost, but any reports of cost must be taken with a grain of salt. Or two.
"release patches only as exploits are found in the wild while compiling fixes for deployment en bulk"
-- but this would require customers to be on 'stand by' mode 24-7, since a critical patch may be released any second. It's better if world+dog *expects* and plans for patching, say, every 2nd tuesday each month. No?
(posting in interest of accuracy, not of smart-ass-ness)
Actually, they are increasingly being distributed as diffs. I guess the idea is to increase the chance of 56k-ers actually installing patches.
The good news is -- modem-users might actually patch. The bad news is that more disk space might be wasted (to allow for roll back) and/or that users may need original media to install/rollback.
Btw, SP2 contains policies to determine how much disk space is used for the base files (pre-patched files, used to roll back).
"so complicated"... 1) Complex, not complicated. 2) nobody said that training was optional, regardless of OS.
"evil backdoors" -- the comparison you make between oss/css has nothing to do with oss/css -- it's a difference in process. There's nothing inherent in either oss or css that promotes/prevents trojans. Then again, with all these remote exploits we see, isn't that just trojans+plausible deniability?
"millios are paid" -- how on earth does anyone objectively measure that?
"Apache has not had a single worm comparable..." -- true, but this is not because Apache has not had remotely exploitable holes. The reason is something else.
Microsoft's security initiatives are not big success -- well, these patches notwithstanding, far as I can see the trend is that Windows actually is getting more secure. It's slow progress, but it _is_ progress. Only time will tell though..
Slashdot Mirror
Yes, quite. However, this time we're talking about a remote 'sploit, no user interaction required.
Of course you're not; you just said Norton is on there.
For legal reasons.
Right. And it includes money spent by those who bought protection and weren't hit by this particular outbreak. This shouldn't be counted. And it doesn't count those who didn't buy antivirus software and subsequently got hit. And it equats the anti-virus companies profits with the cost of clean up.
So, all things considered, your post is pretty irrelevant.
No, it is not that simple.
First off, it's just an estimation -- and in cases like this, whoever has the highest estimation "wins", because that's what media will pick up on, that's what will be repeated by press and forums like this one.
Second, this estimation includes costs that should not be directly attributed to the virus outbreak. E.g. cost of cleaning machines and getting them up and running - in many cases this was just waiting to happen. The virus just happened to triggered it, but it could just as well have happened due to a hardware failure.
Third, what you're presenting is not an objective way of measuring, as it's depending on the companies' reportin truthfully and accurately.
I'm not claiming that virus outbreaks do not have a cost, but any reports of cost must be taken with a grain of salt. Or two.
"release patches only as exploits are found in the wild while compiling fixes for deployment en bulk"
-- but this would require customers to be on 'stand by' mode 24-7, since a critical patch may be released any second. It's better if world+dog *expects* and plans for patching, say, every 2nd tuesday each month. No?
(posting in interest of accuracy, not of smart-ass-ness) Actually, they are increasingly being distributed as diffs. I guess the idea is to increase the chance of 56k-ers actually installing patches.
The good news is -- modem-users might actually patch. The bad news is that more disk space might be wasted (to allow for roll back) and/or that users may need original media to install/rollback. Btw, SP2 contains policies to determine how much disk space is used for the base files (pre-patched files, used to roll back).
"so complicated"... 1) Complex, not complicated. 2) nobody said that training was optional, regardless of OS. "evil backdoors" -- the comparison you make between oss/css has nothing to do with oss/css -- it's a difference in process. There's nothing inherent in either oss or css that promotes/prevents trojans. Then again, with all these remote exploits we see, isn't that just trojans+plausible deniability? "millios are paid" -- how on earth does anyone objectively measure that? "Apache has not had a single worm comparable..." -- true, but this is not because Apache has not had remotely exploitable holes. The reason is something else. Microsoft's security initiatives are not big success -- well, these patches notwithstanding, far as I can see the trend is that Windows actually is getting more secure. It's slow progress, but it _is_ progress. Only time will tell though..
MS classifies anything post-spN as spN+1. So, on the off-chance that there'll be a SP5, this fix will be included in it.