Forgot your password?
typodupeerror
Microsoft Windows Stats IT News Technology

Malware Scanner Finds 5% of Windows PCs Infected 232

Posted by timothy
from the is-this-an-adequate-sample? dept.
BogenDorpher writes "According to statistics generated by Microsoft's new free malware scanning and scrubbing tool, Safety Scanner, one in every twenty Windows PCs are infected with malware. Microsoft's Safety Scanner was downloaded 420,000 times in just one week of availability and it cleaned up malware or signs of exploitation from more than 20,000 Windows PCs, according to statistics generated by Microsoft's Malware Protection Center. This resulted in an infection rate of nearly 5%." That seems an awfully low number, based on how quickly Windows machines are scanned for plunder after going online; though it's a few years old, here's a report that suggests (as of 2007, at least) a grace period of less than 10 seconds. That was just one instance, and an intentionally vulnerable machine, but have improvements in security software software, and in Windows itself, made things so much better since then?
This discussion has been archived. No new comments can be posted.

Malware Scanner Finds 5% of Windows PCs Infected

Comments Filter:
  • "as of 2007" (Score:5, Informative)

    by QuasiSteve (2042606) on Saturday May 28, 2011 @11:24PM (#36277466)

    Honestly? "as of 2007"? In computer terms, that's several lifetimes.

    Not only that, but just because the news article linked to has 2007 at the top, doesn't mean the findings were from 2007. The news article in which the author "just read an incredible scary article" links to said incredible scary article - http://news.bbc.co.uk/2/hi/programmes/click_online/4423733.stm [bbc.co.uk] - from 2005. So not only was the news article writer 2 years behind the times, you're now suggesting that we should believe that you find it incredulous that things may have improved in 6 years' time?

    In that time Windows 7 and Vista have been released - both with far better security models out of the box. Even Windows XP saw a reasonable update with SP3.

    Then again, by April 2005, SP2 was also distributed and guess what it enabled by default? Windows Firewall. The worm in the original article, Sasser, would not have gotten very far.

    Then again, Sasser would not even have been on the system if they bothered to install the update that fixed the hole that Sasser would eventually exploit.

    It's just not a very convincing example to begin with, and certainly not one you should be citing 6 years later.

  • by Anonymous Coward on Sunday May 29, 2011 @12:00AM (#36277586)

    NAT is NOT security. If you want security, the most basic setup is called a stateful firewall. You may want to read about it.

    http://en.wikipedia.org/wiki/Stateful_firewall [wikipedia.org]

    Even better, close down all services that you do not need listening. Application level firewall is another good idea.

    If your security is NAT alone, then it's a sad state of affairs. NAT masks security, nothing more..

    PS. For the all NAT-lovers, there exists an IPv6-NAT too. So saying that IPv6 == cannot have NAT is wrong. On Linux, steteful firewall is a prerequisite for NAT capability anyway.

  • by Shoten (260439) on Sunday May 29, 2011 @01:02AM (#36277810)

    One big thing has happened since 2007: Windows has started shipping with the Windows Firewall turned on by default and blocking inbound requests. Since network-spreading worms were the primary contagion factor back in 2007, this made a huge impact all by itself. Also, the growing prevalence of dynamic NAT in households (usually from the wireless routers that everyone has these days) also contributes to this.

  • by SuricouRaven (1897204) on Sunday May 29, 2011 @04:03AM (#36278266)
    It used to be true, back before everyone used a home router that acted as a firewall. I remember a couple of times years back when I installed Windows XP, connected up the cable/ADSL modem to get a service pack in, and the system was infected before the service pack had finished downloading. Back then infection was often via exploting the many explotable services windows runs, which was only possible when there was no firewall (The Windows one wasn't enabled by default back then, and in any case makes exceptions for those exploitable services!). Today, as most users have a firewall even if they don't know what one is, the main vector is the web - either malicious websites, or exploits served up as ad-banners.
  • Re:Somehow.. (Score:3, Informative)

    by SuricouRaven (1897204) on Sunday May 29, 2011 @04:09AM (#36278280)
    I'm a bit of an expert. Professional IT technician, confident in using all versions of windows, linux and OSX. I code. I've done a bit of cracking myself - nothing major, but I know how exploits work. I'm careful. I don't get dodgy executable code from disreputable sites. I've got a good firewall, a squid proxy configured with a long blacklist of ad-servers.

    I still got infected yesterday with the loathed fake-antivirus (The author is actually known, but in Ukraine). Sneaky thing managed to trick me by taking the filename SkypeUpdate.exe - so when it popped up with the permission request from windows, I just thought it was Skype running another update and clicked ok.

    Took me twenty minutes to kill the thing. Finding and deleting the executable was easy enough, but it has the niftily evil trick of making itsself the default file association for .exe files... thus making it impossible to run them. In the end I had to use a command prompt to launch firefox and notepad, find a .reg file online that would reset the associations, paste it into notepad and use that to fix the association. I'm still not sure I found all the damage.
  • by hairyfeet (841228) <bassbeast1968@@@gmail...com> on Sunday May 29, 2011 @04:44AM (#36278370) Journal

    Bingo! As someone who fixes these things every week while there are still plenty of Adobe exploits I've noticed since Win 7 came out they simply haven't been using OS exploits like they used to, now they run social engineering because it is always easier to take control if the user helps you and by appealing to their greed, desire, or fear it really ain't hard to get them to go along.

    The big attack vectors i'm seeing day after day, in no particular order, is: 1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMg you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"

    As you will notice with ALL of the above you simply don't have to bother with an exploit for ANY of those, as the user IS the exploit and is the weakest link. The last major "WTF?" that MSFT had, the "Hey lets run everybody as admin!" officially died with Vista and since 7 doesn't bug the crap out of folks with "Cancel/allow?" boxes every three seconds UAC has been left on and along with low rights mode in IE and Chromium based is doing a good job, as we saw by the numbers released the other week where there are only 4 per 1000 7 machines infected VS 14 for XP.

    But as long as you have people willing to ignore or even turn off their AV (as I had the other week with a customer and the "Iz_Not_Bug_Iz_Limewire") because a malware writer waved a cookie in front of them then frankly I don't see what else can be done besides what MSFT is already doing with the free MSRT and MSE. And as we have seen with first MacDefender and now MacGuard (which doesn't even need the password anymore) on OSX and the nasty Android trojan apps it doesn't matter whether you are on an alternative OS or not, all that matters is whether or not the bad guys want in bad enough to do the work and whether you have any users who'll run "Iz_Not_Bug_Iz" style apps. sadly I've found that WAAAY too many are more than happy to do just that.

Real Users hate Real Programmers.

Working...