MSFT researchers discover fundamental scientific failures in almost all data on cybercrime/spam/malware damages. 'In numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors -- or outright lies -- cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population. [...] The cybercrime surveys we have examined exhibit exactly this pattern of enormous, unverified outliers dominating the data. In some, 90 percent of the estimate appears to come from the answers of one or two individuals. In a 2006 survey of identity theft by the FTC, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined.' my opinion: this is what happens when PR drives the surveys -- numbers tend to inflate to make headlines

'Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives.'
hmm, not quite sure how that air gap is supposed to work

“This is the first instance that we are aware of in which online gamers solved a longstanding scientific problem,” writes Khatib. “These results indi­cate the potential for integrating video games [like FoldIt] into the real-world scientific process: the ingenuity of game players is a formidable force that, if properly directed, can be used to solve a wide range of scientific problems.”

on average across the AV industry, 40% block rates just after 0-hour of a new malware sample, rising to 60% after 5 days. sounds like the AV industry is losing, if this chart is valid. (via Terry Zink)