Select Page

Our friends down under don’t like lists:

The problem, according to the Australian company, is that the lists — which are now regularly issued by almost every security software company — measure volumes rather than the underlying danger of a particular type of malware.

PC Tools, itself an anti-malware vendor in the same space, dismisses them as being “of no practical use for the security industry or consumers,” and, not surprisingly, advocates its own ThreatExpert analysis system that cross-references volume with other factors such as the design complexity of a threat, its innovation, and its payload.

Examples of threats that regularly turn up on some lists but which pose relatively little danger include the four year-old Netsky, and the packer NSAnti, which itself is merely a means of hiding malware, and shouldn’t even appear on such lists at all, the company said.

“Threat analysis is highly complex. There was a time when volume alone was an acceptable indicator of the level of threat. But the threat landscape has changed significantly and there are a number of additional parameters, besides volume, which are equally, if not more important in identifying and classifying top threats,” said PC Tools CEO, Simon Clausen.

They have a point. But irritating pieces of malware, like Srizbi (315,000 bots active) and Storm (85,000 bots active), have great exposure in security circles but aren’t nearly as widespread as, say, fake codecs. Fake codecs are a plague, and frankly, probably provide a lot of bread and butter money to security companies.

So what do we do? I suppose categorizing based on complexity is a reasonable idea. But these “top 10” lists are useful, to gauge prevalence, and they should not be thrown out. Look, would we want Billboard Magazine to list “most complex or interesting bands” rather than “most sold bands”? There’s room for both.

Alex Eckelberry