BS ThreatCon Levels
Who else besides me thinks "ThreatCon" levels are bullshit? (not to be confused with vulnerability alerts) After checking out Slashdot this morning, I came across CERTStation, which attempts to aggregate current threat information into one page, entirely in Flash. I won't get into how much Flash sites irritate me, as we can debate for days and not get anywhere on it. Who knows what the site's true purpose is, selling you information in exchange for money or personal information? who knows..
But let's talk about threat levels. Why is it that A/V vendors tend to have elevated levels than anyone else? How do they determine these threat levels? Current number of infected machines, virus propagation time? For real now, who really acts differently when all of a sudden the threat level goes from green to yellow, or yellow to orange? Not to mention, the colors don't mean anything to me! What exactly is threatening me that I need to be more alert? Is it a new worm or exploit code that affects 99% of business systems? Come on, tell me! This is why I tend to be "always on alert," which would equate to the color red. I am always thinking there will be something out there that will cause havoc for me so whatever that is, I want to be prepared for it. Staying on top of the latest vulnerabilities, identifying and analyzing the ones that affect me I can determine what is critical and what is not.
This is what ThreatCon Levels mean to me:
Current Threat Level: