Here is something I’ve been thinking about lately: most (all?) security
vendors publish their “top-threats” periodically. Those lists are made
up by centralizing numbers reported by their clients. While it is safe
to assume that the majority of the enumerated threats are blocked
straight-away – before they can execute a single piece of code – there
is a certain percentage which is after-the-fact detection (ie. the
machine gets infected, a signature comes out later on at which point –
if you’re lucky – the security program will block the malware).
Now I have no idea about the relative size of this subset (or if the companies have it, or how they can collect it for that matter), but I find the idea that marketing material put “out there” can backfire amusing :-).
Picture taken from tigger1fic’s photostream with permission.