Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Reading the Symantec exploit numbers
January 7, 2006, 3:32 pm
rate this thread
and click any of the threats in the left column.
All the exploits I clicked have the same numbers, 0-49 infections and 0-2
Clicking the 'infections' brings up a glossary that says,
Number of infections: Measures the number of computers known to be infected.
Number of sites: Measures the number of locations with infected computers.
This normally refers to organizations, such as companies, government offices,
and so on.
Okay, so it seems clearly defined, yet the numbers for the infections seem
awfully low and it's odd they are the same. Is Symantec *really* saying, "we
know of somewhere between 0 and 49 computers out there that have this
threat"? This would make Symantec's feedback or knowledge of the wild
Or maybe it is, "we think between none and 49 per cent of all Windows
computers have this." This is a pretty darned broad range, with zero being
way to low and 49 too high.
Is there some hidden legend to these numbers?
Re: Reading the Symantec exploit numbers
The fact that they include zero instead of one in the ranges, suggests
to me that they may actually be counting only official ITW (In The
Wild) spotters. These official spotters are separated geographically.
Thus, with zero included, you could have a situation where no official
spotters have reported the malware ... zero official reports and zero
official incidents. Yet they know the malware is ITW because
unofficial spotters have sent them (or other av vendors) samples.
Another situation might be two official spotters where one reports
five incidents (in a governement or industrial site) and another
reports ten incidents in such sites. Then the numbers would be
two and fifteen.
Just my guess and speculation.
- » Kerio Winroute Firewall adds WMF Vulnerabililty Protection
- — Next thread in » Anti-Virus Software