[ISN] [Vmyths.com ALERT] mi2g issues absurdly precise guesstimates

InfoSec News isn at c4i.org
Thu Feb 17 04:47:00 EST 2005

Forwarded from: Vmyths.com Virus Hysteria Alert <virushoax_alert at lyris.mediaweave-news.com>

Vmyths.com Virus Hysteria Alert
Truth About Computer Security Hysteria
16 February 2005

CATEGORY: Hysteria related to a publicity stunt

On 16 February 2005, computer security firm "mi2g" unveiled its
guesstimates for "global economic damage" over the last nine years
resulting from "all types of digital risk manifestations."

Vmyths dismisses mi2g's figures as a blatant publicity stunt.

Every guess in mi2g's report is absurdly precise.  In 2004, for
example, they calculated the total "global economic damage" at
$456,134,500,000 to $557,497,700,000.  These figures reveal an
accuracy of plus or minus $100,000, worldwide, for "all types of
digital risk manifestations" in 2004.

mi2g used SEVEN significant figures in many of their guesses.  In
economic terms, it means mi2g's underlying data must be accurate TO
THE DIME, if not to the penny.  As in, "the MyDoom attack caused
precisely $368,714.2 in total economic damage to corporate site X,
while the Klez virus caused precisely $117,644.9 in total economic
damage to military site Y..."

No respected economics expert will declare five significant figures --
let alone seven! -- for the total cost of the World Trade Center
attack in September 2001.  It would violate the economic analogy for
Heisenberg's Uncertainty Principle.  Yet mi2g offers absurdly precise
global computer security economic damage guesstimates for every year
back to 1995.

mi2g has never explained how THEY ALONE can acquire enough absurdly
accurate microeconomic data to satisfy their macroeconomic forecast
model.  Assuming such a model even exists.

mi2g has repeatedly declared "$1,500.00" for the cost of one manday.  
But here's the catch: they won't call it a manday.  Rather, they call
it an "equivalent person day."  mi2g has never adequately defined this

We've highlighted mi2g in multiple Hysteria Alerts and we maintain a
"Hysteria roll call" resource on them dating back to 1999:

mi2g "Hysteria roll call" resource:
Hysteria Alerts archive:

mi2g has threatened to sue Vmyths for libel 
(see < http://Vmyths.com/rant.cfm?id=497&page=4 > for details).  For
the record: we stand by our criticisms.  However, Vmyths prides itself
for an industry-leading "corrections and clarifications" page.  
Anyone may write to VeaCulpa at Vmyths.com to contest our claims &
accusations.  Anyone may visit http://Vmyths.com/rant.cfm?id=470&page=4 
to rebut our opinions & criticisms.

Do the math, folks.  mi2g's guesstimates are a publicity stunt.  
Stay tuned to Vmyths.

Rob Rosenberger, editor
Rob at Vmyths.com
(319) 646-2800

CATEGORY: Hysteria related to a publicity stunt

--------------- Useful links ------------------

Remember this when virus hysteria strikes

Common clichés in the antivirus world

False Authority Syndrome

More information about the ISN mailing list