In article <3.0.5.32.20010928222108.05228d70at_private>, dated Fri, 28 Sep 2001 at 22:21:08, David Kennedy CISSP <david.kennedyat_private> writes >At 08:38 AM 9/28/01 +0200, info wrote: >>[Viruses & Worms] Sophos and Trend Micro report a "severe outbreak" >>of a variant of day before yesterday's W32/Vote-A alias >>Win32.Vote.A@mm, W32.Vote.A@mm, that deletes files from infected >>hard drives. > >Except neither Sophos nor Trend are reporting a severe outbreak: > >http://www.sophos.com/ > Click on the links for the three Vote variants and they report just >one report of Vote.A and zero of Vote.B and zero of Vote.C > >http://wtc.trendmicro.com/wtc/ > Neither the real-time nor the daily include any flavor of Vote > >Message Labs reports zero Vote. This prompts me to ask a question that I have been meaning to ask for sometime. My apologies if it has been addressed before. Are these report statistics published by the AV vendors accurate representations of virus activity in the field? I can see that during the period before definitions have been updated, the reports may give some indication of the virus prevalence. However, how many AV customers report viruses successfully detected and dealt with? Do the AV vendors have a representational sample of their customers reporting *all* viruses? Are just corporate customers providing stats? I am assuming of course that automatic definition updates processes aren't collecting such information without the customers permission! Chris -- Christopher P Salter mailto:securityat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Sep 29 2001 - 11:11:18 PDT