A major report on security trends released by Microsoft at Tech Ed conference in Boston is remarkable because it comes from such a large sample group: the more than 270 million users of the Windows Malicious Software Removal Tool, which ships with Windows.
Between January 2005 and March 2006, this tool was used to remove 16 million pieces of malware from 5.7 million computers. The software has been used to scan systems 2.7 billion times during this period, and on average, it finds something malicious about 0.32% of the time, or in one out of every 311 scans, according to Microsoft.
Microsoft couldn’t say what percentage of PCs have been infected by malicious software. Although 5.7 million out of 270 million PCs would translate to about 1 in 47 machines, the total number of computers scanned was far greater than 270 million, so the actual rate of infection is much lower, according to Microsoft.
There has been no widespread virus outbreak for several years now, but users are increasingly concerned about targeted attacks, identity theft and dangerous rootkit software, which covers its own tracks on the computer. So does Microsoft think things are getting better or worse?
“That’s a difficult question to answer,” says Matthew Braverman, a programme manager with Microsoft’s Anti-Malware team. He notes that it’s impossible to get a complete picture of everything that the bad guys are doing, but says that he does think things are improving.
The amount of malware in circulation has dropped for 41 of the 53 families of worms, rootkits and viruses that Microsoft tracked over the past 15 months. And the occurrence of 21 of these variants has dropped by a lot — more than 71%, according to Braverman. “I think that shows that the malware problem is getting better,” he says.
Not all of the malware that Braverman’s team tracked came from hackers, however.
Sony BMG’s notorious rootkit software was found more than 420,000 times, and was installed on more than 250,000 machines, meaning that some users reinstalled the rootkit after having it removed, he says.
That number is in line with predictions made last November by security expert Dan Kaminsky. “I’m actually glad that it wasn’t larger than that,” Braverman says. “That’s still a significant amount of computers.”
Sony was forced to recall millions of CDs after a Windows expert discovered that copy control software included in some of Sony’s titles used controversial rootkit cloaking techniques to hide itself on the computer. Sony issued the recall after hackers began distributing malicious software that exploited Sony’s cloaking mechanism.
Microsoft says it had removed that hacker-produced malicious software 10,000 times.
The combination of rootkits and other types of malicious software is one trend on the rise.
Rootkits were found on 14% of infected computers, and when rootkits were discovered, they were combined with “backdoor Trojan” software 20% of the time.
These programs are used by hackers to remotely control infected computers.