Elite Frontier

We believe that our computer anti-virus software will protect our computer and our data. Is that belief justified? Let’s take an informal look:

First some definitions

Let’s define the term “unknown virus/worm” as a virus that is “in the wild” and the anti-virus companies do not know about it because the behavior of the virus/worm is so stealthy (or so targeted, or just new) that it does not call attention to itself.

Let’s define the term “known virus/worm” as a virus that has a virus signature and can be scanned and found.

Now some numbers:

Symantec reported in 2007 that a little more than 700,000 computer viruses were identified. Let’s say that the 700,000 viruses represent 99.99% of all virus/worm (known and unknown), leaving at least .01% unknown . The number of unknown virus/worm would then be about 70.

Let’s divide that 70 by 12 months, that comes out to 6 unknown virus/worm per month or about 0.2 viruses a day. To make this simpler, let’s say on average there is 1 unknown virus/worm that is produced each 5 days.

Let’s say that of each unknown virus, it takes about an average of 72 hours for it to become detected and a virus signature created.

Now for the kicker:

Such an unknown virus/worm would have an infection rate of 100% during those 72 hours. This suggests that the larger the computer network, the higher the probability of infection.

The true horror:

Since the infection rate, of that virus/worm is 100%, during those 72 hours, this means you’ve most likely been infected but you just don’t know it (yet), and your anti-virus software is running perfectly. This means for at least 72 hours, your computer is under the control of the virus/worm writer.

Are we doomed?

The majority of experts believe that the vast majority of virus/worm writers are not state sponsored, which means state resources (human, equipment, material) are not being actively used to create viruses/worms for the purposes of world computer domination of the average person. That is not to say, such resources are not being actively used to target specific computers in particular governments.

If you are considered an average target, then you are at risk. An average target consists of computer users that run active-content from the Internet, either by receiving non text-e-mail, downloading and installing questionable free tools and utilities, or running non text-based browsers that run active-content either through client-side or plugin technologies.

What if you are directly targeted?

Sucks to be you. If you think you are actually targeted (if your paranoia is really justified), the only hope is to go totally offline. Otherwise the following may help:

• Don’t be an average target
• Maintain multiple backups of your data
• Maintain archives of your data
• Subdividing your network results in a reduction of risk, on average; a network consisting of one computer is the safest (but still not 100% safe).