Counting tells you if you are making progress

Mailman List Mirror (Read Only)
1

People with access to the ppp, dhcp or nat logs for a network can de-dup the counts based on IP addresses to come up with better surveys of infected computers. They can further correlate the reports with contact
with the computer owners of how many computers were found with known or unknown malware. But we rarely hear data from them.

Although I disagree with some of the survey counts, finding zombies isn't a problem. Figuring out if a computer is actually fixed and stays fixed is still the problem. Sometimes it feels like an episode of "House." Except House wraps up the case in 60 minutes.

2

Because this is a circular problem: such providers want to deny the
problem until there's a sufficient number, and once they take notice,
the de-dup ... reduces the number.

This isn't a technology problem, it's a *business approach* problem.

But now I'm straying OT.