On Sat, 12 Jan 2008, Peter Gutmann wrote:
(Alternatively, "because they can". They're not paying for the overhead, it doesn't really make much sense not to encrypt everything).
I don't agree -- they *are* paying for the overhead. Not in dollars, but in CPU cycles (and a minor programming overhead.) If you increase the performance degradation on the hosts in the botnet, you're going to lose some of those hosts due to the owners cleaning up the system so that they can use it -- botnets survive because they steal CPU and bandwidth that is "acceptable" to the users, or unnoticed by them. Adding in additional computational overhead to the operation of the botnet diminishes its overall capacity, either in the number of nodes, or in the amount of work you can steal from the nodes without losing hosts, or both. Your "DRM" answer, and coderman's comments, seem to be more on the mark. --Len.