This is something that came up on this thread in the IT forum : http://www.mma.tv/tuf/index.cfm?ac=ListMessages&PID=1&TID=520206&FID=48&p=23

by the way there's about 20 megs of pictures of ass on the 2nd page of that thread.

Anyways. What do you think about this assertion that I made? I have the nagging feeling I made a mistake somewhere.

Let's say that when a Windows computer boots up, there is a 10 second period where it is vulnerable to attack.

Let's say that the arrival rate of attacks on a given Windows computer is exponentially distributed with mean time = 20 minutes = 1200 seconds.

so lambda = 1/1200. Let's say you reboot once per day and each time you're vulnerable for 10 seconds. The cumulative distribution function for exponential distribution is 1-e^(lambda * t)

So for one reboot, the probability of being hit during that 10 second window is

1-exp(-(1/1200) * 10.) = 0.0082.

Over 90 days, the probability rises to

1-exp(-(1/1200) * 900.) = 0.5276334473

I'm not so sure that you can say that surviving 10 seconds 90 times, is the same as surviving 900 seconds 1 time, but that exponential distribution has some wacky properties. What say you?