Malware Deniers

Ed Bott has been around a while. He did some useful work tracking down a report that 50% of PCs in the world were infected with malware but then attempted to debunk it with an equally biased report, M$’s analysis of infections on its PCs covered by MSRT etc. MSRT doesn’t even scan for the vast majority of malware so it of course comes to a far too-small number around 1%.

According to Wikipedia MSRT is “an on-demand anti-virus tool that scans the computer for specific widespread malware and eliminates the infection”. So many people suspecting their machines were infected will invoke it, just as at Pandalabs, but because MSRT doesn’t even try to scan for the majority of malware but only the current tsunami of trojans, viruses, worms and spyware, it is aiming low.

Another source of information are the tests of effectiveness of malware scanners. The best seem to get 95%+ of the most prevalent few thousand malwares, but there are millions of malwares out there, so 5% is likely the lowest plausible number for share of infected machines. In my own work about half of the XP machines I have scanned show something, usually some trojan that is not active because nothing else appears. Still those PCs are infected and if the trojan becomes active bad things will happen. I believe the 50% number is a lot closer to the truth than 1%. How many people have had to have that other OS re-installed because of malware? That is a very high percentage.

Other reports show a low percentage of PCs are kept updated (illegal copies will have autoupdate off, something like 10% of PCs) and so are very prone to infections. 1% is hilarious. 48% is realistic.

UPDATE Another article appeared supporting Ed Bott: NetworkWorld

I wrote this comment there:
Scanners cannot catch 100% of malware. The best are near 100% on the few thousand most prevalent malwares. There are millions of malwares in the wild. That M$’s Security Essentials finds malware on 5% of PCs is not better information than Panda Labs finding malware on 50% of PCs scanned.

A recent test of M$ Security Essentials found only 50% of 0-day malware at AV-test.org

see AV-test.org

My conclusion is that infection rates are far above 5% and are closer to 50% than 5%. I think it is reasonable to assume that a PC running that other OS would be certain to install malware without a scanner and a scanner that allows 50% of malware would allow 50% of PCs to be infected, so 50% is about right.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in Uncategorized. Bookmark the permalink.

9 Responses to Malware Deniers

  1. Yes. 90+% of users of PCs are not geeks and do not know about firewalls and the difference between a link, an application and a file. They will click on anything with little thought. The few that get a clue then become afraid to click on anything. Either way systems are paralyzed sooner or later or work against the user and his organization. Sticking with installations from a FLOSS repository screened by responsible package maintainers independent of the creators of the software (skeptical/not blind) and using an OS designed to be a true multi-tasking/multi-user OS is a huge step forward in security. After I installed GNU/Linux, I had a few users ask me to install their favourite malware but I showed them usable alternatives and they were good to go. Many “firewalls” these days are much more than networking. They have whitelists of applications. When we ran XP, WMP and IE were on the blacklist. Even then performance deteriorated over time. With GNU/Linux all of the problems were gone. For now GNU/Linux is a big step forward. Will it be enough forever? I doubt it but it is a solid platform on which to build.

  2. Android, Java, and a bunch of other technological layers on top of the operating system need to be strengthened, not doubt. That is not an operating system issue but an application issue. The Linux environment underneath Android is as tough as ever and superior to that other OS. That other OS needs all kinds of effort just to be near par with GNU/Linux in security. You can run a Linux system without firewall and scanner and survive even today. Not so with that other OS.

    If you install a malicious app on Android it will not be able to take over your OS but it will be able to use the resources or spy on you. Google could tighten up on the app store to deal with that. I expect they will. M$ does not even have an app store for that other OS and millions of malwares are easily installed without much intent by the user.

  3. bilbophile says:

    “its GUARANTEED to be better, even after it is adopted by the same people who can’t or won’t keep their existing systems security up to date”

    I am afraid this is an impossible requirement. Nobody expects a car to be secure or even in working order without frequent checks by the driver and periodic inspections by a competent mechanic. Actually, in many places cars are not even allowed on public roads without the latter.

    Computers are not single-purpose tools working in isolation to be maintenance-free like for instance a washing machine. Because of the countless ways in which they can be used it virtually impossible to automatically identify all the buggy or malicious operations on a computer. E.g. proper firewall configuration will always require knowledge of which software is legitimate and of the legitimate requests for each application. It’s even harder to automatically tell apart a clever hacker’s activity from a legitimate user’s/client’s interaction with a server.

    I think the only way to avoid malicious or buggy use of computers and Internet is to make system administration (including basic network administration) a mandatory part the of school curricula. an internet licence would be escessive, while the current state of affairs is “unacceptable”, as all the previous posters agreed.

  4. Ivan says:

    What about the number of Android phones infected? I like how you neglect those. http://www.msnbc.msn.com/id/41867328/ns/technology_and_science-security/

  5. oldman says:

    trying again.

    that is GUARANTEED to be more secure that what exists, because if you are going to cause this much dislocation by insisting the systems running earlier versions of operating systems that are no out of support or which are run unpatched be removed from service or replaced forcibly,you had better have a solution that its GUARANTEED to be better, even after it is adopted by the same people who can’t or won’t keep their existing systems security up to date.

  6. oldman says:

    “48% is realistic.”

    48% is fantasy, Pog. But it is probably as good as any guess.

    “I would say the percentage is irrelevant. The number of Microsoft computers infected with malware is unacceptable.”

    I would actually agree with this, However gentlemen I think that you should get off the dime and propose a solution…

    that is GUARANTEED to be more secure that what exists, because if you are going to cause this much dislocation by insisting the systems running earlier versions of operating systems that are no out of support or which are run unpatched, you had better have a solution that its GUARANTEED to be better, even after it is adopted by the same people who can’t or won’t keep their existing systems security up to date.

  7. I agree.

    Other evidence that 1% is too low… One botnet, Mariposa, included 13 million unique IP addresses and so was close to 1% all by itself. see http://news.techworld.com/security/3214049/spanish-police-shut-down-worlds-largest-botnet/

  8. Richard Chapman says:

    I would say the percentage is irrelevant. The number of Microsoft computers infected with malware is unacceptable.

  9. Ray says:

    I’d still say 5-10% of computers are infected, it’s still hard to get real statistics. 🙁

Leave a Reply