Sunday, August 17, 2008

look who's drinking the whitelist koolaid now

from a recent blackhat-related post on symantec's blog:
Symantec has been stressing for quite some time that we are on the cusp of a critical inflection point where the number of unique malicious code instances is surpassing the number of legitimate code instances.


the inflection point (shouldn't that really be an intersection of two curves?) will not and can not be reached... symantec is ignoring the figures provided by bit9 whose core business is application whitelists (so when they say good software is growing at a rate that is greater than what anyone says malware is growing at, despite the fact that it's in their interests to suggest the opposite, you better believe they know what the heck they're talking about)...

symantec is also ignoring the kind of basic logic i used 2 years ago when i said (without the benefit of figures) that good software outnumbers malware and grows faster than malware, and that i described in detail more recently: basically that malware writers are a small subset of the set of all programmers and there's no realistic way for a small group to outproduce a large group...

this reminds me of an earlier symantec gaffe wherein john thompson claimed the virus problem was solved... sometimes i wonder if symantec works on the philosophy of not letting the facts get in the way of good marketing...

2 comments:

Anonymous said...

Believing that there's more malicious than good code is like believing that criminals outnumber the rest of us. Certainly there would be people who would agree it. Yet, they usually belong to fringe subgroups.

kurt wismer said...

thank you - that's a great analogy, i must remember it in future...