mike1813
commented
8 months ago Adjusted anti-malware strategies in branch 65. We should add other adjustments to the above list when they are identified, and make them when appropriate. This may include adjusting back again if different levels are needed for specific demos.
We should close the issue only when the system-modeller bug has been fixed, and all blocking effect levels set back to 'Safe'.
Some control strategies have a blocking level set to 'Safe' (meaning the chances of failure are negligible) when in practice they are not so close to being 100% effective. This is done for two reasons:
If the blocking level for these strategies were set to a lower level, it would not be possible to model situations where they are sufficient for all practical purposes.
For example, antimalware control strategies are not 100% effective, as novel malware could evade antivirus software defences until they have been upgraded to meet the novel threat. However, a typical consumer would not be targeted by such advanced malware right away, so unless there is some reason to think they are a target, there would be time for the antivirus developers to address the new threat.
The idea is that if you are not a target for novel antimalware, you can select the antimalware controls, and the risk calculation will confirm that would be a suitable defence. If you think you may be targeted, you can reduce the coverage level of the antimalware control to make the control strategy weaker, and better represent your situation.
There are two problems with this:
Due to the system-modeller bug, it seems we should reduce control strategy effectiveness in the domain model to reflect some kind of 'average' situation. Otherwise the system-modeller bug will mean some controls are assumed to be too effective for most users.
Specifically,
In the longer term, the 'average' situation should be reflected in control coverage levels, not control strategy blocking effect. This will be covered in a separate issue.