Truth About Computer Security Hysteria
Entertainment vs. computer security
Thursday, 7 July 2005
THE FINAL "STAR Wars" prequel raked in some interesting numbers — not interesting in their size, but rather their accuracy. Hollywood can track movie ticket sales on a near-realtime basis. Every Monday morning, CNN Headline news reports dollar figures for the top five movies. In a case like "Star Wars" or "Spiderman," they'll even report the European sales. And they report it to an accuracy of $0.1 million.
Mind you, that's an accuracy of ±14,000 bijou tickets.
Ironically, the entertainment industry has better insight than the computer security industry. Why do we know so much more about ticket sales than computer infections? How hard could it possibly be to track, say, the number of infected computers in a company with its own full-time computer security team?
How many tickets were sold for "Star Wars Episode I"? Hollywood knows the answer with near certainty. How many computers got infected by the ILoveYou virus? Antivirus firms can offer nothing more than a wild guess. What percentage of moviegoers saw "Star Wars Episode II" more than once? Hollywood uses scientific sampling to gauge the answer. How much monetary damage was caused by the Melissa virus? Computer security experts can offer nothing more than a wild guess. How many people saw "Star Wars Episode III" on opening day? Hollywood knows the answer with near certainty. How many computers with up-to-date antivirus software got infected by the Nimda virus on its opening day? Even the White House admits no one knows the answer.
All sports leagues at all levels keep detailed stats on all of their players. We know, for example, who has hit a home run every May 20th for the last five years. But in the computer security world, we don't know the infection history for any given computer in any given company.
The average high school keeps a lot of statistics on its girl's softball team. The average computer security expert keeps no statistics on virus/worm infections. What's wrong with this picture?
Entertainment. Security. This should be a no-brainer, folks!
The average high school keeps statistics on its girl's softball team. The average computer security expert keeps no statistics on virus infections. What's wrong with this picture?