Eric, as you say, it is a multi part test. With fairly clear distinctions between a compromised node and one under the direct control of a criminal So while it is unrealistic when viewed in isolation, put together with other factors it starts to make a lot of sense. thanks srs On Wed, Sep 3, 2008 at 7:59 AM, Eric Brunner-Williams <brunner@nic-naa.net> wrote:
In a parallel universe we're considering profiles for "licit use" of some mechanism. One element of a multi-part test to distinguish "licit" from "illicit" was the presence or absence of known signatures for malware. After some thought it was understood that this test was equivalent to the node subject to the test being "cleaner" than the average for network attached consumer devices, and therefore not realistic.