Remember when we went through the McAfee "Rootkit Report" and pointed out that their "statistics" were merely reflective of their product rather than actually reflective of what's going on in the real world? Well, today I stumbled across the headline Virus emails drop to record low informing us that virus-laden emails are at the "record low" figure of 1.5%:
...total number of virus-laden emails fell by 56 per cent compared to March's figures, with infected mail now making up just 0.79 per cent of inbound emails...
Bull. Why is it bull? Because this number (and others like them) don't reflect the reality, they only reflect a particular vendor's product - essentially the same point that I raised with McAfee's the rootkit numbers. These numbers reflect the unique nuances of the instrument used to take the measurements - they do not necessarily tell us much about what's going on outside of that. How do we know? Because the .79 percent figure is from the Blackspider statistics; but they're not the only people publishing this stuff.
According to some of their "peers", the April virus numbers were: Messagelabs - 1.5%, MX Logic - 3.8% (7 day window, not all of April), Sophos - 0.7%, EmailSystems - 0.42%, and so on. Look, these may sound like small percentages at first, but when we're talking about 60 billion emails a day, the difference between .8 percent and 3.8% is 180 million emails per day. Over the month, that's a range of error for these numbers +/- 5.5 billion. See what I mean? In my opinion, we would need to see all these different vendor numbers plotted out against each other over time in order to really make guesses about what's really going on under the hood.
Posted by Ed at May 5, 2006 09:35 AM | TrackBack