On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 26 of 73:
Next »
« Previous
Re: Thanks
I'm sorry to say you still misunderstand the table. Companies like Immunity aren't auditing agencies that monitor for and count infected systems in the wild. Immunity does not go out and look for compromised systems.

Immunity is measuring how long it takes (in their case, an expert) to hack into a system correctly installed and configured according to the manufacturer's specifications.

The precise details of the vulnerability the hacker (who is a member of Immunity's staff) exploited to gain control at the root level of the system in question is the 0day.

Typically, these studies are done with more than one staff member attempting the hacks. The average time is the average of all of their times to a successful hack. This is standard in the computer security industry.

Immunity didn't find 3 infected Macs, they didn't look for infected Macs. They looked for exploitable vulnerabilities in OS X and found 3 which took on average an hour to discover.

What typically happens, then, is that they notify the software manufacturer about the vulnerabilities they found and provide the details of how it works.

In your Mac example, Immunty would alert Apple that they need to fix the three newly identified problems. In addition, Immunity would also be required to alert certain regulatory agencies about the newly identified vulnerabilities. Apple would then fix the problem, ensure that Mac users get the fix, and alert the regulatory agencies that the problem has been dealt with. Finally, the regulatory agencies publish the details of the exploitable vulnerability.

When this works correctly, there is no system that actually gets infected. The whole procedure is intended to prevent that from happening.

Regulatory agencies do put time limits on how long a software manufacturer has to close the potential exploit, and they will publish the details before an exploit is taken care of, if the software manufacturer takes too long to adequately respond to the alert.

I don't remember the precise number of Mac exploits (i.e., individual viruses, worms and trojans) that have actually made it into the wild (i.e., infected user systems), but I do know that it is more than 5 viruses but less than 50. I have never looked at the data on how many Mac systems were found to be compromised by each of the viruses. All OSes have many, many more identified vulnerabilities than have actually been exploited.

The differences in number of infected systems that you note (e.g., MSBlast vs the OS X exploit) has to do with whether the software manufacturer relies on "white hats" (i.e., companies like Immunity who try to prevent the exploit from ever reaching the wild) or if the company relies on "black hats" (i.e., virus writers) to alert it to vulnerabilities.

The various *nix programs (like OS X and Linux) rely heavily on white hats, and as a consequence solve the problems before they affect actual systems. MS is notorious for not acting until there is an actual exploit in the wild (i.e., a black hat has struck).
Posted by: dhk   Posted on: 08/16/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

this is nice and all....but where's the link?  Monkey_MCSE | 08/13/04
This is a white paper  dhk | 08/14/04
Talk about your misleading titles...  Michael Kelly | 08/13/04
Well, it's a staple for ZDNet..  Jeff Spicoli | 08/13/04
SP2  georgep_z | 08/13/04
Nope, you missed the point  AbsolutelyNot | 08/13/04
Don't any of you understand what constitutes data?  dhk | 08/14/04
Without data the whitepaper is opinion, not fact  balsover | 08/15/04
Linux is not for everyone -- so why are you worried about this paper?  dhk | 08/15/04
Here is the a link to the paper.  toadlife | 08/13/04
I think you missed the point  dhk | 08/14/04
Allow me to break it down for you  toadlife | 08/14/04
You just don't get it  dhk | 08/14/04
You take the paper too seriously  toadlife | 08/14/04
The paper is serious  dhk | 08/15/04
You might have a few misconceptions about me  toadlife | 08/15/04
My conceptions can only be based on what you say  dhk | 08/15/04
The servers weren't patched  toadlife | 08/15/04
I've just rechecked CERT & others -- you're incorrect  dhk | 08/15/04
I'm completely and utterly dumbfounded.  toadlife | 08/15/04
I believe you are dumbfounded  dhk | 08/16/04
Disagree re OS X  Fred Fredrickson | 08/15/04
You misunderstood the data in the table  dhk | 08/15/04
Thanks  Fred Fredrickson | 08/16/04
Still makes no sense  ITGuy04 | 08/16/04
Re: Thanks  dhk | 08/16/04
Re: Still makes no sense  dhk | 08/16/04
Thanks... again  Fred Fredrickson | 08/16/04
I agree...this paper was not for the lay reader  dhk | 08/16/04
I have to admit...lol..that was AWESOME..  DigitalKid | 08/13/04
The paper wasn't written to be serious...  el1jones | 08/13/04
Because...  toadlife | 08/13/04
Oh, but it was...  AbsolutelyNot | 08/13/04
And it sounds like he's unprofessional to me...  TimeBomb | 08/14/04
It doesn't matter  NonZealot | 08/14/04
You're not a zealot????  Mack DaNife | 08/15/04
Finally, some quality stuff on ZDNet..!  Xunil_Sierutuf | 08/13/04
So do you only accept articles that match your point of view?  Linux_Developer | 08/13/04
We see the light  NonZealot | 08/13/04
Please stop joking...  TimeBomb | 08/14/04
Dude  nomorems | 08/16/04
Ummm, monoculture,  FilledOut | 08/15/04
MSZealot  nomorems | 08/16/04
Far too slanted to be taken seriously  Cerowyn | 08/13/04
i think he's basing it towards MS papers on TCO  Monkey_MCSE | 08/13/04
TCO to implement???  voska | 08/13/04
implement is just one of those grey words  hipparchus2000 | 08/13/04
Why not  seosamh_z | 08/13/04
Longhorn  nomorems | 08/16/04
TC0 not TCO  dhk | 08/14/04
Hmmm...  ITGuy04 | 08/16/04
Wow, productive  FilledOut | 08/14/04
ms needs to go back to making great OSs  V Sanders | 08/14/04
Odd way of putting it...  AmusedAtItAll | 08/14/04
Hey!  toadlife | 08/15/04
re: ms needs to go back to making great OSs  TtfnJohn | 08/14/04
SP2 INCLUDE Media player 9  balsover | 08/15/04
Scary  tripolitan | 08/15/04
Re:ms needs to go back to making great OSs  tripolitan | 08/15/04
"go back to"?!? It'd be good if they start.  hayesk | 08/15/04
Mac point of view  frabjous | 08/22/04
Article based on opinion not fact  EnterPrise_Analyst | 08/15/04
Do Windows users have a sense of humour?  hayesk | 08/15/04
Some 'anti-microsoft' people are taking it way too seriously  toadlife | 08/15/04
If the show were on the other foot  FilledOut | 08/16/04
Lower cost of total ownership? (nt)  Fred Fredrickson | 08/15/04
Watch those Microsofties squirm  whisperycat | 08/16/04
Your job will be in INDIA  Hamburger Chef | 08/16/04
TAKE THAT NO_AX!!!  itanalyst | 08/16/04
you are anti-American join Abul  Hamburger Chef | 08/16/04
What The Title Of The Article Was Supposed To Be Was This:  itanalyst | 08/16/04
INDIA will own you and YOUR JOB  Hamburger Chef | 08/16/04
Degreed India Hamburger Chef  Hamburger Chef | 08/16/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here