Windows Malware: Alive and Well

Those of us who work in some way with computer systems tend to spend a fair amount of time talking, writing, and worrying (not necessarily in that order) about security.  I sometimes wonder how effective all of that is.  If a recent article at the Computer World site is to be believed, the answer is “not nearly as effective as we’d like.”   The article reports on some data gleaned from a new security tool released by Microsoft, the Safety Scanner, which checks a Windows PC for malware, using an extensive data base compiled by Microsoft, and attempts to remove any infestations it finds.  At least in the early days following the tool’s release, the results are not altogether encouraging.

The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft’s Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8%.

That is, almost one PC in twenty exhibited either an active malware exploit, or characteristic traces of a previous successful exploit.  Considering the number of Windows PCs in the world, if ~5% are compromised, that translates to an awful lot of potential mischief-making.   Since it is at least plausible that the early adopters of a tool like this one tend to be the more sophisticated users, that percentage might be an under-estimate.  The compromised machines had an average of 3.5 exploits (either current or past) each.

Of the ten most common exploits found by Safety Scanner, seven were directed at Java vulnerabilities.  That attacks against Java should predominate is not really surprising; as I’ve noted before, Java is an attractive target for the Bad Guys, since it is available in all major browsers across Windows, Mac, and Linux platforms.  (I posted a note last fall discussing whether keeping Java on your machine was worth the risk.)   Also, there is good evidence that the frequency of attacks against Java has increased significantly in the last year or so; as the Computer World article noted, in relation to the preponderance of Java exploits in the top ten:

That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.

A more than tenfold increase in the course of one year is certainly worthy of notice.

The Microsoft Malware Protection Center team has a blog post that gives some more detailed information on the results.  The Safety Scanner tool itself can be downloaded from the Microsoft site.


Comments are closed.

%d bloggers like this: