Eric, as you say, it is a multi part test. With fairly clear distinctions between a compromised node and one under the direct control of a criminal
So while it is unrealistic when viewed in isolation, put together with other factors it starts to make a lot of sense. thanks srs On Wed, Sep 3, 2008 at 7:59 AM, Eric Brunner-Williams <[EMAIL PROTECTED]> wrote: > In a parallel universe we're considering profiles for "licit use" of some > mechanism. One element of a multi-part test to distinguish "licit" from > "illicit" was the presence or absence of known signatures for malware. After > some thought it was understood that this test was equivalent to the node > subject to the test being "cleaner" than the average for network attached > consumer devices, and therefore not realistic.
