[unisog] zotob and returning students, what are you going to do?

Dave Dittrich dittrich at u.washington.edu
Thu Aug 18 21:33:39 GMT 2005

> I suspect that there are a lot of corporate sites that did the following:
> 1) Stayed on W2K rather than move to XP (I seem to recall a survey that
> said that close to half of corporate nets were still on W2K because the
> IT management didn't see any must-have features in XP worth the cost of
> upgrading multiple 10K's of users).
> 2) Are now suffering in silence unless the worm burpage is enough to cause
> an externally visible issue (always a problem when gathering the stats on
> hacks/etc).
> It's kind of like trying to get an accurate measurement of how many
> adults in the US have herpes, and for many of the same reasons...

Interesting.  So the conjecture is that a business decision was made
to NOT upgrade before, to "save" costs.  Now a security problem has
occured, which only affects the hosts that were not upgraded so as to
"save" money.  Those businesses now incur a cost for cleanup of each
host, PLUS they will likely now do the upgrade they avoided before,
incurring the upgrade cost ANYWAY (and at an inflation adjusted rate
that is higher then before)!

My gut says that decision to save X dollars in the past has now
resulted in a real cost of (X*Y)+Z dollars (where Y is 1 + the
inflation rate, and Z equals the cost of mitigation and damages
from downtime, which could well be larger than X to begin with,
more than doubling the cost of just upgrading before.)

Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5

More information about the unisog mailing list