Hi, NANOGers. ] The old saying of "you get what you pay for" seems to be well directed when ] it comes to this topic. If you're willing to allocate $100K more than you ] currently spend to mitigating the effects from Worms and Viruses, I'm sure ] you will have some increased success. If you allocate 1 mill more, your ] success will increase substantially. The true cost really boils down to This sort of thinking, unsupported by any data, runs rampant in the security industry. I have yet to see anyone document the ROI on security tools and services. Do they help at all? Does an increase in security spending result in a decrease in pain? In some cases, as already documented here, an increase in security measures can actually increases costs. Let's not fall into the trap that more $$$ equates to greater security or awareness. I've seen many sites that installed numerous pods of the latest IDS at their borders, only to be owned from within or owned by a method not yet in the ever-behind signature database of the IDS devices. One can waste money on security just as easily as one can waste money on anything else. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);