A common perception of malware is that it spreads at an exponential rate. This theory has been supported by the erroneous calculation based on trending between two points, one being an arbitrary point in the past and the other a more recent.
This logic is based on point A being the time at which one copy of a given virus existed and point B being the present. This practice of “curve fitting” is statistically naive and not only impedes our understanding of the situation but impedes our ability to take appropriate action as well.
When considering endpoint protection, it is wise to maximize the effectiveness of commodity solutions such as antivirus but the total solution requires that we remember that these valuable technologies are not a panacea for our malware woes. There is alway residual risk and careful calculation and planning can prevent draining your budget with out-of-control reactive measures.
Terry, thank you for this article. While making and attending security seminars the most often thought sparkles between the lines: 'this way of protecting computers against malware is reactive' - so is 'the backup policy', 'physical security' etc