How Prevalent are Computer Viruses?Jeffrey O. Kephart and Steve R. White
Abstract:
We are interested in understanding the extent of the computer virus problem in the world today, with an eye towards being able to predict what it will be like in the future. We discuss in detail the sorts of questions that must be answered in order to form an accurate picture of the situation. One approach to collecting such data, taken by Dataquest and Certus, is to survey security experts responsible for many PCs within their organization. We recommend a number of improvements that can be made to such surveys, and present a different methodology for measuring various aspects of the computer virus problem which possesses some important advantages. We have studied a large, stable population of PC DOS users for the past several years, recording information about virus incidents as they occurred. While the number of viruses that have been written has increased dramatically, only a small fraction have been seen in real incidents. Of this fraction, just a few viruses account for most of the incidents. While the number of incidents caused by all viruses each quarter is increasing, its increase is not nearly as dramatic as some have predicted. Some viruses are responsible for more incidents than in the past, while others are stable or declining in number. We conclude that, although there are ongoing infections by a number of viruses in the world as a whole, the susceptibility of our particular sample population to infection has decreased measurably as a result of user education, widespread dissemination of anti-virus software, and centralized reporting. Although we have learned much from our study, considerably more work is required before we can reliably forecast the most important aspects of the computer virus problem.
|