On Thu, 13 Nov 2003, Braun, Mike wrote:
The old saying of "you get what you pay for" seems to be well directed when it comes to this topic. If you're willing to allocate $100K more than you currently spend to mitigating the effects from Worms and Viruses, I'm sure you will have some increased success. If you allocate 1 mill more, your success will increase substantially. The true cost really boils down to
Actually that is not true. There is substantial evidence that spending more does not change behavor when it comes to worms. Offering anti-virus software, firewalls, consulting, email, telephone calls, letters, etc have the exact same impact as doing nothing on the average ISP consumer. As Jared points out, doing "more" substantially increases the support costs for ISPs and doesn't reduce the number or severity of worms. On the other hand, individuals can have a dramatic impact on the security of his or her own computer. Unfortunately, computer security is a bit like the light bulb joke. How many psychologists does it take to change a light bulb? One, but the light bulb has to want to change.