[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Was kosten Viren?
Joschka Fischer hat kürzlich die jährlichen weltweiten Kosten für
Cybercrime auf 40 Mrd. Dollar geschätzt (vgl.
http://zdnet.com.com/2100-1105-840925.html) - wo er die Zahl wohl her
In Search of the World's Costliest Computer Virus
By Jay Lyman
Part of the NewsFactor Network
February 21, 2002
Danger remains that a virus could seize control of millions of machines
to launch an attack that could cripple the Web.
A computer virus infection brings with it many costs, including the
staff time required to eradicate it; expensive hardware, software and
file damage; system downtime; and the most difficult cost to assess --
In terms of sheer expense, sources generally rate the same three worms
-- Nimda, Code Red and SirCam -- as the heaviest hitters of 2001, though
precise figures vary widely.
But antivirus and security experts agreed that they are more concerned
with fighting viruses and preventing their spread than with spending the
time and resources necessary to accurately assess the impact of a given
Trend Micro global director of education David Perry, who referred to
discussions with insurance companies calling for better metrics on the
subject, said antivirus firms are similar to other businesses when it
comes to assessing the impact of malicious code.
"We never assess the cost of damage," Perry told NewsFactor. "We're busy
keeping up with new viruses and expanding our technology in the face of
Between $10B and $100B?
However, Symantec Security Response director of research Steven Trilling
told NewsFactor that while antivirus companies are not in the business
of assessing the worldwide economic impact of large outbreaks, the
financial damage caused by worms is very real.
"The numbers certainly differ across the various organizations
evaluating them," Trilling said. "Clearly there is some cost, and it's
significant. Whether it was US$10 billion or $100 billion last year,
it's hard to say."
Trilling noted that from his company's perspective, the effect of worms
is best measured by the number of submissions the company receives from
clients, researchers and others infected by various viruses.
"That gives us some relative idea of the damage," Trilling said. "It can
give us an idea of the magnitude of a SirCam or a Nimda."
No Time or Money
Forrester associate analyst Laura Koetzle, who recently wrote a report
on incident assessment and response, told NewsFactor that companies can
accurately evaluate some "hard cost" impacts of a virus, such as
employee hours consumed and hardware replacement costs.
However, Koetzle said, other costs -- such as the price of downtime,
lost staff productivity and cost to reputation -- are often much more
difficult to measure. In addition, companies cannot devote IT staff
resources to assessing threats because they are usually busy trying to
"They can't pull their ITs and network administrators (to assess
damage)," she said. "They usually shove them on the front lines to fight
"They don't have the money or time to collect data," Koetzle added.
The Cost of Code
One source of computer virus cost data -- as well as controversy -- is
Carlsbad, California-based Computer Economics, which attaches dollar
figures to viruses and their variants. While the firm is referenced by
antivirus companies as a source of damage assessment, it also has been
criticized for its conclusions.
Michael Erbschloe, the company's vice president of research, defended
its figures, telling NewsFactor that costs as calculated by Computer
Economics tend to be "higher than any other published figures" because
many sources are factored in.
Erbschloe said the company's economic estimates come from three major
categories: the cost to clean infected machines; the cost to eradicate
viruses; and the impact of downtime on user productivity.
Erbschloe said that depending on the outbreak, his company takes in data
on infection rates from 20 to 25 sources and benchmarks damage in
hundreds of computing environments.
Love Letter Meter
Computer Economics reported that the most costly virus in 2001 was Code
Red and its variants, which had an estimated worldwide economic impact
of US$2.62 billion. Next was SirCam, which reportedly cost $1.15
billion, and then Nimda, which had a price tag of $635 million.
The company also rates worms on a "cyber attack index" scale of 1 to 10,
with the Love Letter virus of 2000 ranking as a 10, according to
Erbschloe. Code Red registered 2.9 on the scale, SirCam 1.31 and Nimda
0.73, according to Computer Economics, which pegged the worldwide
economic impact of the Love Bug at $8.75 billion.
"I think the numbers are conservative," Erbschloe said.
Different Numbers, Same Names
Regardless of actual dollar figures, antivirus experts tend to agree on
the most destructive viruses of 2001.
"Last year, Nimda, SirCam and Code Red were certainly among the most
high-priority, widely spreading, widely damaging threats," Symantec's
Perry told NewsFactor that Trend Micro does not estimate the cost of
viruses. In general, however, he agreed with the top threats listed in
economic impact reports.
"The proportions, from one year to the next and between one virus and
the next, are okay," Perry said. "It's hard to tell."
Contained Costs, Future Threat
Fortunately, while there is no doubt that the number and complexity of
virus outbreaks will continue to increase, analysts said the cost of
viruses is not likely to spike because corporations and government
agencies are spending more on defense and containment.
Experts said businesses and users are getting better at keeping up
defenses against viruses, but Trilling warned that the ultimate price of
a future virus might be "our way of life," referring to the commerce and
infrastructure that depend on the Internet.
For example, he said, a more sophisticated virus of the future could
seize control of millions of machines to launch an attack that could
cripple the Web.
"The potential downside of that is bigger than anything we're talking
about today," he added. "Imagine if [Code Red] spread to tens of
millions of home broadband machines. That could take down the business
transactions of every Fortune 500 company. That gives you an idea of the
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.