Billion-dollar virus economics

When math attacks

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Let us now pause to praise the computer virus cost accountants. We pray they cease their counsel, which falls into our ears as profitless as water in a sieve.

Yeah and verily, the computer virus econometrics gurus join a royal college of experts who live primarily to feed statistics and figures to the news media. Well before the invention of the computer virus, I encountered cost and figures "experts" continually as a writer for a daily newspaper. No story describing a problem or social phenomenon was complete without a few meaningless statistics passed off as hard fact or proof of some assertion.

Every reporter knew that to avoid a rewrite it was always prudent to include numbers. Since journalism operations generally have no one trained in any of the hard sciences, engineering or accounting -- or even people adept at simple common-sense mathematics -- figures were excellent for drugging editors into thinking an article was stitching together a sampling of erudite modern thought rather than a loose pastiche of often quite flaky opinion.

To supply the necessary numbers one needed "experts." They were yahoos from local universities, newly elected pols of dubious intelligence but great ambition, members of professional associations, captains of business, anyone with a yearning to get their name into the news or Lex-Nex regularly. How figures were arrived at was of little actual consequence; what was key was that the utterer have some pompous title or residence at an institution setting him or her apart from the average citizen urchin.

An "expert" industry quickly expanded solely to furnish quotes and numbers for the process. Experienced reporters knew it was easy in such an environment to get even the most reactionary ideas passed off as statements of Delphic wisdom by coupling them to funny figures. Seasoned experts realized, conversely, that it was elementary to widely publicize even the most bizarre or self-serving epistles by merely packaging them with the same.

And once a statistic was vetted by publication as news, it could be cited ad nauseum without fear of second-guess, often ensuring its place as part of the received wisdom on any given subject.

When Math Attacks

Now that you have been briefed on the cynical process, I'm going to divert for a vanity exercise in computer virus costs and what they could mean. And while it is assuredly crazed, it's no more so than many I have seen meant to be drop-dead serious.

The first step in the exercise: Put together a grab bag of virus damage estimates culled from unimpeachable sources.

* Cost of the "LoveLetter" virus: "...as much as $10 billion." (ICSA.Net, October 23, 2000, "2000 Computer Virus Prevalence Survey")

* Cost of the Code Red and SirCam viruses: $3.8 billion. (Computer Economics)

* Overall cost of computer viruses in 2001: "...US $10 billion or $100 billion last year, it's hard to say." (Symantec mouthpiece, NewsFactor Network, February 21, 2002.)

Next, the humble correspondent gathers even more statistics from a somewhat different area of expenditure so that readers will have some framework in which to contrast and compare computer virus costs.

* "The price of the [Afghan] war could be $12 billion, half of what the federal government spends on medical research ... the bombing campaign against Yugoslavia in 1999 cost ... $3 billion." (Associated Press, November 12, 2001.)

* Combined military budgets of the "Axis of Evil": $11.5 billion. (Center for Defense Information)

* Fiscal year 2003 funding request for ballistic missile defense: $8.6 billion. (Center for Defense Information)

The final step in this exercise is synthesis: the mining of precious nuggets of wisdom and information from the conflation of numbers.

Yes, from these figures it can be seen that taxpayers and national leaders are spending on the wrong things. The cost attributed to a few specific computer viruses in the last two years eclipses the entire military budget of the "Axis of Evil" and has been more expensive to the nation than the Afghan war.

When one considers that computer viruses are written pro bono, the continued hemorrhaging of U.S. dollars on a large military encumbered with aircraft carriers, soldiers who must be paid and strategic bomb wings becomes incomprehensible. Indeed, it can be theorized that with the judicious employment of computer viruses, the entire military machine of the "Axis of Evil" might be expected to collapse.

It is simple arithmetic. Since the defense bureaucracies of the "Axis of Evil" can only devote a fraction of their budgets to anti-virus defense, viruses directed upon them and capable of causing more loss than the entire gross income must inevitably destroy them without the firing of a shot.

If similar comparisons are extended to the United States homeland, the conclusions are troubling. The Symantec quote of $100 billion in virus damages exceeds by three times the amount of money the U.S. government annoyingly spends on medical research. Obviously, to avoid the further bleeding of corporate America by malicious code, such scarce financial resources must be reallocated at once to computer network recovery.

© 2001 - 2002 SecurityFocus, all rights reserved.

Related Stories

The Code Red hype Hall of Shame
Code Red hysteria - $8.7bn in damage estimated

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.