Tuesday, September 07, 2010

well mine's infinity big

so sophos seems to be a little late to the mine's bigger party, but at least they're following the go big or go home philosophy to make sure everyone notices them. which is unfortunate - for sophos.

see, while the numbers game that most vendors play sometimes has the faint aroma of snake oil, kris braun's bold statement that sophos 'currently detects an infinite number of malicious files' (with a big infinity graphic, no less) has an overpowering stench of snake oil.

it's one thing to use big but meaningless and impossible to verify numbers, it's another thing to claim things that are literally false. sophos can't currently detect an infinite number of malicious files because an infinite number of malicious files do not currently exist.

claiming to detect not only more than you can verify you detect, but more than actually exist is ridiculous. you might as well say you recognize 15 different boolean outcomes or can write out all 57 letters of the english alphabet.

sophos may, arguably*, have the potential to detect an infinite number of things, but that's a lot different than being able to currently detect an infinite number of things, and you can bet that the average person not only can't tell the difference but will look at the claim of infinite detection much like they would a claim of perfect detection (in spite of kris' explanations to the contrary).

so congratulations go to sophos for the ignominious feat of innovating in the field of snake oil. now please do yourselves a favour and stop being so boastful.

(*technically, an infinite number of files would require that some of those files be infinitely long, since limiting them to a finite length would also limit them to a finite number. since there is not yet a computer capable of holding an infinitely large file let alone indexing one, there's strong evidence to suggest that sophos cannot actually detect those malicious files that happen to be infinitely large and thus cannot currently detect an infinite number of malicious files.)


Vess said...

Well, using this logic, it can be claimed that Sophos' product causes an infinite number of false positives. :-) And so does everyone else's, of course.

Anonymous said...

It's not true that some files needet to be infinitely large. Just consider having file number 1 with length of 1 byte, file number 2 with 2 bytes, etc. (file n being n bytes long). All of those files are finite, but there are still infinitely many.

kurt wismer said...

your math is wrong.
file 1 = 1 byte [1 file so far]
file 2 = 2 bytes [2 files so far]
file n = n bytes [n files so far]
so long as n is a finite number there are only a finite number of files. under your own system you only get an infinite number of files until you reach an infinite number of bytes.