alt Hacker NewsAt internet scale, this would roughly be equivalent to not doing any warning or detection at all.
Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.
Replies
donmcronald • yesterday at 8:51 PM
> Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
Giving everyone a fair trial just doesn't scale. It costs too much.
Then that heuristic is your evidence in court. If it's a good heuristic, you win the case. If it's a bad heuristic, you lose the case.
"Your Honor, we banned this person's website because his web page contained the word 'bitcoin' more than 5 times" will not hold up.
"Your Honor, we banned this person's website because it contains a bitcoin miner script. See, here is the script, and it matches the hash value found in these other attacks" hopefully holds up.