Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Scanner Finds 5% of Windows PCs Infected

Posted by timothy on from the is-this-an-adequate-sample? dept.

BogenDorpher writes "According to statistics generated by Microsoft's new free malware scanning and scrubbing tool, Safety Scanner, one in every twenty Windows PCs are infected with malware. Microsoft's Safety Scanner was downloaded 420,000 times in just one week of availability and it cleaned up malware or signs of exploitation from more than 20,000 Windows PCs, according to statistics generated by Microsoft's Malware Protection Center. This resulted in an infection rate of nearly 5%." That seems an awfully low number, based on how quickly Windows machines are scanned for plunder after going online; though it's a few years old, here's a report that suggests (as of 2007, at least) a grace period of less than 10 seconds. That was just one instance, and an intentionally vulnerable machine, but have improvements in security software software, and in Windows itself, made things so much better since then?

14 of 232 comments (clear)

  1. Of those who actually asked for help by betterunixthanunix · · Score: 4, Insightful

    So a significant number of computers that downloaded the malware removal tool had malware on them. How is that surprising? Unless the installation of this tool is uniformly distributed amongst Windows users, which TFA is not entirely clear on...

    --
    Palm trees and 8
    1. Re:Of those who actually asked for help by kvvbassboy · · Score: 4, Insightful

      What? I would say that it's the other way around. I would guess that the actual infection rates are higher. I bet that many of the people who didn't download this tool are probably the same people who are running an expired version of McAfee on their Windows XP without any Service Packs applied.

      Just recently, my parents were complaining about how their computer was behaving very slow and strangely. The number of malware, crapware and toolbars I had to uninstall via remote desktop using Teamspeak (we live on different continents) was enormous. Lol!

  2. The end of the article notes... by Sir_Sri · · Score: 4, Insightful

    "Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft's free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises."

    considering that by now everyone should run SOME anti virus, of which MSE is a legally free option, and that something which uses MSE's signature database finds 5% of machines have been compromised I don't think says much about computer security as a whole. Obviously there are a lot of users who *still* don't have anti virus software, which isn't really news. But MS can't exactly go including free anti virus in their OS without screams of anti trust.

  3. Yes. by artor3 · · Score: 4, Insightful

    That was just one instance, and an intentionally vulnerable machine [four years ago], but have improvements in security software software, and in Windows itself, made things so much better since then?

    Yes.

    Is it really surprising that computers with service packs, hot fixes, virus scanners, and firewalls are significantly more secure than those without?

    Of course, it's also worth noting that the real infection rate is probably at least a little bit higher. The people who don't download this particular scanner are the same ones who wouldn't download the aforementioned service packets, hot fixes, virus scanners, and firewalls. The unanswered, and perhaps unanswerable, question is how many such people are out there.

    1. Re:Yes. by Penguinoflight · · Score: 4, Insightful

      Don't forget about those who have viruses but the malware removal tool was unable to either detect or remove them. If you can't churn out a virus that can beat the standard set by microsoft you're in the wrong business.

      --
      "And we have seen and do testify that the Father sent the Son to be the Savior of the World"
      1 John 4:14
    2. Re:Yes. by Anonymous Coward · · Score: 2, Insightful

      Exactly, it wasn't AV that killed worms, it was the NAT routers which became standard PC equipment for non-techies between ~2002-2004.

      On the LAN side Windows can still be pwned as easily as before, you basically have instant shell access to any networked Windows machines.

  4. information is insufficient by belmolis · · Score: 4, Insightful

    We don't have enough information to estimate the infection rate. For one thing, we don't know how good the scanner is. If it misses a lot malware, the infection rate may be much higher. We also don't know what kind of sample the downloads comprise. If only people who think they have an infection are downloading it, then the sample is biased high and the real infection rate may be much lower. Since it only detected infections in 5% of cases, either the scanner is very bad or people are downloading it as a precaution, not once they think they have an infection. If they're downloading it as a precaution, that probably means they are particularly security conscious, in which case the sample is probably biased toward a low infection rate. Overall, it looks like without more information the percentage of machines found to be infected by this scanner tells us very little.

  5. NAT to the rescue! by ka9dgx · · Score: 4, Insightful

    The IP6 folks hate NAT, but it's the only thing that's saving personal computing at the moment. Because random inbound connections don't has through NAT devices, any home PC behind one is MUCH safer than one directly on the internet. It sucks in terms of the end to end utility of the internet, but it's the tradeoff most users are willing to make for reasonable safety.

  6. Malware? Scareware? by sillivalley · · Score: 3, Insightful

    Ran this thing on a server that lives in the closet. It complained that my custom hosts file was very suspicious. It also didn't like the VNC client.

    So this machine was infested with malware? I don't think so!

    Yet another scareware scanner!

    1. Re:Malware? Scareware? by Blakey+Rat · · Score: 3, Insightful

      VNC can legitimately be used as spyware in the classic sense. When someone remotely logs in, the local computer shows no indication that activity is being observed by someone else. (Contrast with Microsoft's Remote Desktop, where logging in remotely kicks the local user off and locks their screen.)

      It's exactly the kind of thing this tool is supposed to be scanning for. What makes you think it's a false report? The scanner has no way of knowing whether you installed it, or someone else did behind your back.

      --
      Comment of the year
  7. Re:Exactly by Anonymous Coward · · Score: 2, Insightful

    You can't draw that conclusion, either. You say that the people who download virus scanners are the smart ones who take precautions. That makes sense. But another big group that downloads virus scanners is the people who have reason to believe they have a virus. For all we know, 5% could be artificially LARGE because of that.

    We just can't draw these sorts of conclusions from this study.

  8. 10 seconds - a load of horse manure! by Retron · · Score: 2, Insightful

    Those "Windows machines get attacked in 10 seconds" type things are utter rubbish. It was quoted at a recent security conference I went to and I interrupted the speaker about it as it's a blatantly false claim.

    I have an unpatched Windows 2000 machine behind a cheap Netgear router. It's never once been attacked and it sits on the Internet 24/7 sending weather data to an FTP site. It doesn't get used for anything else and it's been up for four years now. The hard drive is too small to install the service packs (the machine is a P133 from 1996).

    Furthermore, I don't know what ISP these people are using but I get a couple of port scans a day (at most) coming into my router. I'm on a static IP too.

    It's my opinion that the 10-second claim (or 4 minutes, as in the one I heard at that security conference) was made up by a security vendor in order to hawk their products. The claim has then been spread over the years, Chinese Whispers style, until it's accepted as a truth.

  9. Ignoring 3rd party crapware by Khyber · · Score: 4, Insightful

    These are likely not so bad without exposure to Adobe and Java.

    Let us be honest for once.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  10. Re:Security has improved by Opportunist · · Score: 1, Insightful

    Windows is as secure as any system out there. There is exactly only one reason left why Windows is still the most attacked system out there: Market share. Simple as that.

    Malware is a business. It's not the pimple faced geeks of the 80s who want to stroke their e-peen and gain nerdpoints with their peers. It's business. And businesses develop software for the biggest market, it's as simple as that. Wait for MacOS to gain share and watch the malware come.

    Because it does not matter anymore how secure a system is, the main attack vector is the user. And if your user is disabling any and all security a system might offer for the promise of lolcats, a crack or porn while at the same time he doesn't get suspicious why those lolcats or porn needs system level privileges, you, as the maker of the system, cannot keep him from getting infected, unless you take away his ability to install what he deems correct. Which in turn opens another attack vector: "Install this to open your system and make it do what you want (noooo, this ain't a trojan...)".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.