Network News

X My Profile
View More Activity

Microsoft Releases Windows Malware Stats

Microsoft today gave the world a rare -- albeit conservative -- glimpse of its view on just how bad the virus and bot problem has gotten for Windows users worldwide. The data comes from 15 months' worth of experience scanning computers with its "malicious-software removal tool," a free component that Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when they download security updates from Microsoft.

The tool has been run approximately 2.7 billion times by at least 270 million unique computers, leading to the removal of 16 million instances of malicious software from 5.7 million unique Windows-based computers over the past 15 months, Microsoft said. Sixty-two percent of those computers had Trojan horse programs on them.

Microsoft found that most of those Trojan programs took the form of bot software, which allows attackers to remotely control the infected machines for use in all sorts of online criminal activities, from knocking Web sites offline to spreading viruses, spam, adware and spyware. Bots in the Rbot, Sdbot, and Gaobot families made up three of the top five slots in terms of number of removals. (There are hundreds of variants of each of those bot programs, and usually several new ones surface each week.)

Microsoft also acknowledged an increasing prevalence of "rootkits," software that hackers and viruses can use to hide their presence once they have broken into a computer system. The company found rootkits in 780,000 machines, or 14 percent of those it treated. Microsoft noted that this figure drops to 9 percent (530,000 PCs) if you don't count the rootkit distributed via some Sony music CDs. In 20 percent of the cases when a rootkit was found on a computer, at least one backdoor Trojan was found as well, Microsoft said.

The statistics also show how computer worms never really go away. For example, the "Blaster worm," which first surfaced in August 2003, is still the 10th-most-removed piece of malware, according to Microsoft. Indeed, Redmond found that in about 20 percent of cases where it removed malware in March 2006, the intruder was something the removal tool had previously nixed. The continued high rate of Blaster infections no doubt is due in large part to the number of people who re-install Windows for whatever reason and do not immediately apply security updates or take other precautions necessary for surfing the Internet with a Windows machine, such as using firewall and anti-virus software.

Microsoft chose an interesting time and manner in which to issue these numbers. The company said it was releasing the data to coincide with its TechEd 2006 conference, but the figures can only help Microsoft sell more subscriptions to its new OneCare Live anti-virus and computer security suite.

By Brian Krebs  |  June 12, 2006; 2:01 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Security Fix Pop Quiz
Next: Yahoo Webmail Worm on the Loose

Comments

This tool reports scan results back to the mothership in Redmond? I wonder if this monitoring feature was announced in the terms and conditions.

On one hand, it's a nice F.Y.I. research tool. It also is a great way to locate people who might be "in need" of a sales call from a OneCare Live rep.

Posted by: Ken L | June 12, 2006 4:09 PM | Report abuse

"The data comes from 15 months' worth of experience scanning computers with its 'malicious-software removal tool,' a free component that Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when they download security updates from Microsoft."

So users who are aware of the problem and go through the trouble of downloading security updates have 16 million instances of malicious software installed.

Since these users either actively seek out security updates or have configured Windows to do it for them, it's probably safe to assume that these users are aware of the problem and may take additional steps to protect themselves, such as using third-party firewall, anti-virus, and anti-spyware programs, and surfing cautiously.

It would be interesting to know the infection rate on computers belonging to users who don't understand or care about security.

Posted by: Marley | June 12, 2006 4:13 PM | Report abuse

Hi Brian,
interesting article. I wonder though if the percentage of rootkit finds were low due to the very nature of rootkits...they hide themselves. It is true to say that many are distinguishable via signatures but there are many that use new techniques and methods that can subvert scanners.

Maybe Microsoft should ask each person whose PC was scanned a question like Have you noticed any further malware activity, popups, increased network activity, etc.. on your PC since a scan was run?

Rootkits are too obvious a tool for malware authors to ignore. I dont think they are and the rootkits are doing their jobs.

Posted by: antirootkit.com | June 12, 2006 6:49 PM | Report abuse

Am I the only one that feels OneCare is the biggest rip-off ever by Microsoft. They want us to buy their Windows OS and then Buy something else that will keep it secure.
The nerve of them!

Posted by: Rafi | June 12, 2006 7:34 PM | Report abuse

"This tool reports scan results back to the mothership in Redmond? I wonder if this monitoring feature was announced in the terms and conditions."

Ken instead of firing off a snotty comment...why not read and check it out....When you check the agreement to become a part of the community to help fight spyware you agree to this. Darn Microsoft they are SO horrible to try and fix an issue. It just shows how much you are like the uneducated masses that would rather act pissed off at the world rather then trying to even remotely understand the complex issues that are facing the computer industry right now.

"Am I the only one that feels OneCare is the biggest rip-off ever by Microsoft. They want us to buy their Windows OS and then Buy something else that will keep it secure.
The nerve of them!"

Hey Rafi....When you buy a house do you expect the builder to protect you from acts of god, robbers who break in, and people who vandalize, or yourself when you drive your car through your garage because you are too busy idolizing yourself in the rear view mirror? No you buy INSURANCE! That's what antivirus and antispam programs, and a little common sense....which most people seem to lack. Don't expect the company that made your operating system to do everything for you. IT people shouldn't work for peanuts just so you can play cards and chat with your buddies.

Wake up people your computer is YOUR responsibility. They aren't perfect either...and oh god yes they do break. You paid hundreds for them? Gee then learn something about them, act responsible with what you do, otherwise you will continue to spend tons of money to get them fixed.

PS I'm Mac and Linux owner in addition to a Windows owner. Each has their good points and bad......And with the growing popularity of both OS they will soon need to worry about viruses and spyware just like the Windows users do now. Quit picking on Microsoft just because they are the big guys. Microsoft doesn't cause the majority of the problems out there it's the bad guys who write the stuff and the stupid people who fall for it and don't guard against it, and it's the responsible ones of us who have to put up with all of you.

Posted by: Computra | June 12, 2006 8:13 PM | Report abuse

I wholeheartedly agree with Rafi that MS One Care is a rip off (what do your expect?) and that Windows or Privy Doors or whatever should come with preventive functions of all known malware, etc. included, and these should be part of regular updates.

Posted by: Richard | June 12, 2006 8:27 PM | Report abuse

Microsoft has too many programs calling home. I was aware that the malware removal tool gave a snapshot of what it found but this article indicates that it also keeps a history by machine. What other information does it report. With the recent information about the Windows Genuine Advantage reports I feel that Microsoft is gathering too much information about MY machines. Each program that contacts Redmond, or anyother software provider, should notify me that it is about to transmit, give me the option to see ALL the information it is going to report, and also gove me the opportunity to say "No." There could also be an option not to to show the warning again for those that do not care what information the venfors collect.

Posted by: Jon | June 12, 2006 9:33 PM | Report abuse

It is an interesting idea that those who are specifically excluded from knowing how an item really works are expected to know how to maintain it.

Given that the OS is the tiny God of the machine, deciding what processes run and which don't is the responsibility of the maker of the tiny God.

Do understand that it is impossible to verify that a machine cannot be hijacked - such verification is in the Turing termination problem class.

However, building the OS with many openings to hijacking, poor programming (buffer over-runs, #1) and encouraging poor user habits in the form of directly executing programs from e-mail attachments are all features Microsoft has done to ease the burden on the malware writers.

Now for analogy analysis portion of the program - If a builder made a house with secret exterior doors with no locks, would insurance cover that? If the builder included spy cameras, would insurance stop that? If the doors advertised as solid wood were made of balsa, would insurance cover that?

It is also doubtful that a company that enjoys a profit margin in the 40-60% range has poor little IT guys who are working for peanuts.

Posted by: Smarter_than_computra | June 12, 2006 9:44 PM | Report abuse

It is sad to think that Microsoft has developed a subscription based piece of software just so that their OS is protected. Should that not be included from the beginning?

With Mac OS X (I know you don't even have to worry), Apple is on top of every little security exploit, before anyone has ever even noticed it. However, with Windows, the problems are only fixed after thoudsands of people have their computers destroyed, and their files corrupted. What if I have valuable information? What if I need my homework? I can't be reformatting my PC every month just to make sure it doesn't have one or many of 100,000 viruses.

Someday, perhaps even with the coming of Vista, Microsoft will partually redeem itself.

I feel only sorrow for the incompetent developers at Microsoft, from the lack of Windows fixes, to the makeshift solution to every XBox 360 unit overheating.

Posted by: Gus | June 12, 2006 11:34 PM | Report abuse

2 Rafi & Richard:
I am willing to bet that if MS included the antiviral software for free, it would have been immediately slapped with antitrust suit.
Reality check: they just got antitrust suit filed against them by Adobe specifically for including a *free* capability to save MS Office files into pdf (which Adobe grants a free license to anyone else) and MS *own* portable format. Adobe demands that this capability be separated and cost users who want to use it extra $$.

Posted by: CheeseshireCat | June 13, 2006 2:20 AM | Report abuse

Lots of invective, but 1) M$ has gotten a lot better, and 2) One Care is an expense, just like the subscription to Internet Security would be an expense. It will be up to the market to determine if the expense is worth the service. The information reported to Redmond is in a form that will not allow Redmond to identify the computer or user, only track anonymously. Windows is built on the flawed premise of default permit/execute as admin, but that will change with Vista we're told. @ Gus- Macs have limited user priveledge, but aren't immune, and this column has reported sometimes shockingly long response times to threats. EVERYTHING can be vulnerable, even Yahoo Mail! @Smarter - We don't know how cars work, some of us, but we endure scheduled maintenance and recalls without too much vituperation, and we buy insurance. A properly maintained PC can be malware free for long periods, if used judisciously, but by less knowledgeable users someone has to watch out for them, hence one care. There is no reason why Norton, et. al. can't offer a similar service...

@Cat-adobe offers the reading function for free, not the writing function.

Posted by: Reality | June 13, 2006 8:11 AM | Report abuse

The whole Microsoft operating system is a ripoff.
You could compare windows with a cheese.
The only problem is if windows would be a cheese the mouse wouldn't find it because it has too many holes.
I would advice to use a third party firewall, Virus and spy-ware scanner.
Use a Stand alone browser. Don't use IE.
Always Update windows Manually.
And always review what the updates are about.
Best is to update windows over FireFox.
This way you can switch off windows update and also disable activex and scripting host.
I do this on all my customers PCs and from 100 computer only 2 - 3% get infected and that mostly because they download things from Morpheus.

Posted by: Khalid | June 13, 2006 8:30 AM | Report abuse

It's interesting to note that Norton and other security products have been protecting Windows machines for well over a decade already. M$ is just trying to take a piece of that pie. While they may get their slice, who would put give your hard earned $$$ to protect your assets? A company who is just getting in the game or one who has decades of experience in security? Yes M$ has vast resources, but a giant is still slower than the smaller guys.

The virus/worm problem has been solved already. But hey, they're Microsoft. They just copy someone elses technology and "add it to Windows". One good thing that's come of all this is end user education - raising awareness for internet security.

Posted by: Mike | June 13, 2006 11:14 AM | Report abuse

So Microsoft shoudl include - for free - software that competes with any number of other vendors? Isn't that the practice that MS detractors have used to levy anti-trust suits against them?

I also hate to tell you that Mac and Unix are just as susceptible to attacks as Windows is. But it isn't worth most mal-ware writers time to target 10% of the comptuters when you can get 90% in one fell swoop.

Posted by: Chris | June 13, 2006 3:44 PM | Report abuse

If malware was found on 5 million out of 270 million computers, doesn't that indicate an infection rate of less than 2%? My reaction is that spyware seems to be a far less widespread problem than conventional wisdom has generally suggested.

Posted by: Jay | June 13, 2006 4:24 PM | Report abuse

Although this is a problem needs to be addressed in the mainstream product, there are effective ways for companies to ensure more resistance and avoid loss of productivity.

Win4Lin Virtual Desktop Server loads each session from the administrator-defined original copy of Windows each time, and then layers on an individual users "Docs and Settings". This approach effectively invokes a clean copy of Windows every time it is booted.

For large organizations, this is the way of the future - a Linux-based Virtual Desktop Server serving Windows desktop sessions.

Posted by: Jim | June 13, 2006 4:29 PM | Report abuse

Why do people even use windows? seriously? Especially on home machines where you have the choice. It really isn't good for anything. Get a mac, or want a free OS that is solid, easy to use, and has awesome free support? Check out Ubuntu linux. No need for ad scanners, virus scanners, etc etc etc. Use your clock cycles for important stuff.

Posted by: bestOfAll | June 13, 2006 4:46 PM | Report abuse

IMHO, the whole problem exists because M$ has sold the public that Windows is an operating system. It is not. It is an application with an enbedded OS. The kernel of an OS should never be atlerable by just any code, let alone some downloaded ActiveX control or javascript. A true OS should not be so easy to corrupt.

Posted by: John | June 13, 2006 5:02 PM | Report abuse

It's the idiots that can't figure out what to do with their computers and make them secure that makes me the big bucks!
And I fully agree with Computra - You don't expect the builder of the house to keep it in repair, you buy insurance against disaster, a la anti-virus and anti-spyware.
There are vulnerabilities in every operating system, but the most widely-used is going to be the most widely-exploited.
The solution? Figure out what you're doing or unplug the blasted box.

Posted by: Ganesha | June 13, 2006 7:14 PM | Report abuse

I really am surprised by the lack of thought that people give to this whole issue. I see a lot of complaints about security flaws and whether an antivirus/firewall should be included with the Windows OS.
The fact of the matter is, if you don't want other people to have access to your files, then don't network it with everyone else in the world. Everytime you hook up to the internet, you are effectively becoming part of a large computer network with people who you don't know and you would be insanely stupid to trust.
If you want the benefits that this network can offer, then you need to be prepared before you enter it. And that is always YOUR responsibility. Just as if you were living in a high crime area. Your security is your responsibility.

Posted by: Mal | June 13, 2006 8:59 PM | Report abuse

So many analogies..

If you drive a car on the highway, you are expected to buy new tires once gravel, asphalt, rock, and concrete have worn out your old ones. Most regular folk tend to do this every couple years.

This is expedited when you get a flat due to a nail or glass. Most folks know how to avoid these things, however inevitable.

We get flats from curbing the sidewall, even though the softest, thinnest part of the tire is the sidewall.

Some good correlations:
- people are used to maintenance
- people self-inflict damage
- even tires encounter malware (geneally not with ill intent)
- tires wear out over time
- construction sites have lots of nails
- even mechanics get flats

Some bad ones:
- tires are simple to replace
- the dumbest can change a tire themselves
- there aren't nails on ever road
- nails don't generally effect whole countries

Posted by: notverywitty | June 13, 2006 10:45 PM | Report abuse

Microsoft has done the public a disservice: it has convinced the public that third-rate software is state of the art, that deeply flawed security is the fault of the user.

Yes, there are steps that a knowledgable user can take to minimize the probability that their system will be corrupted.

That's not the point.

The point is that the system is so poorly designed in the first place, and that they want to charge us for the fixes to that poor design.

My computer's uptime can be measured in months of 24/7 operation. I've never had a virus, or a trojan, or a worm.

I'm not using a Microsoft operating system.

These two facts are not merely coincidentally related.

I also don't have to waste time explaining away why my OS is full of security holes, or why it's actually a good thing that someone is trying to charge me money to plug those holes.

Here endeth the lesson.

Posted by: Mike A. | June 13, 2006 11:44 PM | Report abuse

I had a Windows computer 1994 - 2005.
Viruses attacked my computer, even though I was always up to date with my critical updates and anti-virus definitions.
I had to reformat and restore my harddrive about 2 times a year, costing me days of downtime and money.

In 2005 someone gave me an old Mac. It runs beautifully, I haven't lost any data, no viruses have touched me, and the experience has been overwhelmingly positive. Beyond the security issues, the interface is very simple and direct, the graphics are terrific, and the software on it works perfectly. All these years, I've been missing out. There is some truth to the benefits of having a Mac, I've found out.

While some people say Mac fans are religious cult-followers, I'd say I've seen the opposite. Some people are so dogmatic about Microsoft Windows, but being away from Windows for 2 years now, I can't see why. At least with a Mac, the proof is in the pudding. It really works, and it makes using a computer a pleasure rather than a struggle.


Posted by: Jeff | June 14, 2006 12:18 PM | Report abuse

Windows users:

Now that Apple has given us the ability to run XP at native (yes, native) speeds on Intel Macs I would strongly recommend that your next computer be a Mac.

I would also suggest that you who are currently sneering at this idea consider this:

I personally have run my business using no Micros**t product of any kind for the last 5 years.

In that time I have not spent one single minute cleaning viruses from any of my computers and my tech support team consists of two people; myself and whoever is at the Genius Bar at my local Apple store (thankfully, I've needed their help only once).

In the face of Micros**t's inability to secure its own OS it just makes common sense to at least look into the alternatives.

I did and the time, effort and expense I've saved is incalculable.

Posted by: Neil | June 14, 2006 1:58 PM | Report abuse

If I buy a house from a builder, I expect that house to have two main doors, and maybe a basement door, and I expect all those doors to come with locks that I will be given the ONLY keys to.

If I was later to find that the house came with a hundred secret doors that I was never told about, and that none of those doors have locks, and that the location of those doors has spread to every thief on the planet, then you can be damn sure I would be taking every legal action possible against that builder.

This is exactly what Microshaft has inflicted on its users. Are users told that just watching a windows format video can cause your system to be infected, because MS built into it a way for advertisers to hit you with ads? No. MS has built in hundreds of such secret doors, just so they and "their partners" can hit you with ads. Then they complain about hackers and others using those same secret doors to sneak stuff in to attack a user's system. And if you complain to them about it, they just say the doors are there so "qualified technicians" can gain entry to your system if they ever need to. A hundred different ways to get in that are kept secret from the user, but not from advertisers, just so a qualified person can get in if they ever need to? BULL!! They could easily eliminate 90% of the malware problems just by closing all those secret doors, or by at least informing the user that they are there so the user can take actions to close off access to those doors. But they won't do that, because MS wants to keep getting all that money from advertisers.

The end result being that they continue to leave all those secret doors in place, so they continue getting money from the advertisers, and so advertisers can continue to hit users with ads, which also allows hackers to use those same doors to attack the user's system.

Sure, other OSes are vulnerable to attack too. But the other systems don't deliberately leave open doors into the system for anyone and everyone to just come in thru. Same as with a regular house without secret doors is vulnerable to attack. Sure, someone could come along and break in the front door. But in the scheme of things, people who want in your house tend to look for homes where they DON'T need to break down the front door! And anyone that wants extra security can always buy a stronger door. But you arent going to install a stronger door if you don't even know the door is there, the way they have all the hidden doors in MS Windows.

The one thing I give MS fair credit for, is that they make their system very easy for anyone to install and use. It may be garbage, but it is garbage that is very easy for anyone to install and use. I have heard how "bulletproof" Linux is. That may be true. But in spite of many flavors of linux claiming to be easy to install and use, I have yet to find one that truely is easy to install and use, the way MS Windows is. I would switch in a heartbeat if I could find one. But I am a user, not a computer or software engineer, so I am still waiting for a true friendly linux to come along.

Macs I have no real experience with, so I can't comment on those systems.

Posted by: Rick | July 2, 2006 1:47 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company