dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1590
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

MS Security Intel Report - 24% PCs Unprotected

Latest Security Intelligence Report Shows 24 Percent of PCs are Unprotected
by Tim Rains, Director of Trustworthy Computing at Microsoft
quote:
Today, Microsoft released new research as part of its Security Intelligence Report, volume 14, which takes a close look at the importance of running up-to-date antivirus software on your computer. The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.

Antivirus software from Microsoft, McAfee, Symantec and others helps to guard against viruses, remove infections and protect your privacy. It can help protect your computer from malware trying to steal your credit card information, e-mail address book or even the files you’ve saved to your computer. It is one of the most crucial defenses computer users have to help protect against cybercriminals....continue reading.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

said by chachazz:

The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.

I just love statements like that with no context.

I haven't been infected by malware in 20 years. Then again I don't click on every link I see, visit sites often infected with malware, or install stuff from dubious sources. Plus I practice safe hex.

As we've said here 1,000,000 times before user behavior is much more important than an A/V program.

Of course if you're an A/V vendor trying to sell your wares then YMMV.

Then there's the flip side of people that expect an A/V to save them from all malware. The irony is that sometimes it's the A/V that takes you out.

»Malwarebytes has gone INSANE!!
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

I just love statements like that with no context.

^^


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

3 edits

2 recommendations

Not sure if you're agreeing or disagreeing.

Either way what is the context? Are we talking home PC users? Organizations? A mix? What other security measures are in place besides A/V use? Are firewalls in use?

The point is that throwing out statistics is meaningless without knowing what they apply to.

PS: Yes I have the PDF of the report.

PPS: From the report.

quote:
The Microsoft Security Intelligence Report measures computer infection rates with a metric called computers cleaned per mille (CCM), which indicates the number of computers cleaned by the Microsoft Malicious Software Removal Tool (MSRT) for every 1,000 computers scanned by the tool. (See page v for more information about the CCM metric.)

Most computers that run the MSRT obtain each monthly release of the tool automatically through a Microsoft update service such as Windows Update. It executes in the background and automatically removes selected prevalent malware families from the computer. Recent releases of the MSRT collect and report details about the state of real-time antimalware software on the computer, if the computer’s administrator has chosen to opt in to provide data to Microsoft. This telemetry makes it possible to analyze security software usage patterns around the world and correlate them with infection rates.

On average, about 24 percent of computers scanned by the MSRT each month in 2H12 were not running real-time antimalware software or were running out-of-date antimalware software at the time they were scanned (referred to as “unprotected computers” in this section).

That's where the 24% figure came from. You decide if that figure means anything or not.

Disabling MSRT reporting

quote:
Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft?

A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.
Subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
 
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1
 

http://support.microsoft.com/kb/891716

Other registry settings that seem to be related

SubmitSpynetReportResult
SubmitSpynetReport
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
said by StuartMW:

Not sure if you're agreeing or disagreeing.

Disagreeing as it is a little ambiguous.

However: »blogs.technet.com/b/mmpc/archive···are.aspx
»twitter.com/msftmmpc/status/3245···33920257


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
What I didn't know, until reading the report, was that (see above quotes) Microsoft uses MSRT as a data collection tool. The data in their report comes from it's "phoning home" each month.

It's a neat trick to offer, automatically, MRT each patch Tues and then collect data from it's use.

Now that's probably the best way to get real data (MS claims, in the report, that 600 million users run MRT every month) but IMO it still neglects many other relevant factors. The assumption is that use of an A/V product prevents malware infection. Of course it can but so do other mechanisms (firewalls, behavior etc).

I therefore find the "24%" and "5.5" figures indicators at best.
--
Don't feed trolls--it only makes them grow!


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
I feel that A/V has its place, but not as the be-all, end-all solution.

In its defense, there have been many legitimate sites hacked with malware exploits, and client and server application vulnerabilities are a popular attack vector.

Very often, these vulnerabilities remain unpatched even after exploits have been in the wild for some time. In these cases as well as with systems with careless or nontechnical users and systems with high value data, anti-malware applications provide a useful layer of security.

In the end, though, I feel Bruce Schneier said it best;

"Security is a process, not a product"
--
Buckle Up. It makes it harder for the aliens to suck you out of your car.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
I agree that AV has it's place, and it certainly is not one and only product if one is really choosing to do anything. An AV is like underwear, but you wouldn't wear just your undies. Yes, indeed. It's that layering that can make the difference.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to EGeezer
said by EGeezer:

I feel that A/V has its place, but not as the be-all, end-all solution.

Exactly.

The MS report is pretty good as far as it goes. On the other hand (and see the report) they're in the business of selling anti-malware solutions. That's not to say that their report is biased but their statistics must be taken in that context.

Also, as I've already said, they're basing the figures on incomplete data. They cannot measure other factors.

As you said an A/V is just another layer.
--
Don't feed trolls--it only makes them grow!


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to jaykaykay
said by jaykaykay:

...you wouldn't wear just your undies.

Yes well that too is contextual. There are places where only undies are worn
--
Don't feed trolls--it only makes them grow!


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless

1 recommendation

reply to StuartMW
said by StuartMW:

That's where the 24% figure came from. You decide if that figure means anything or not.

That 100% of the infected machines were running MSRT.

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel

1 edit
reply to chachazz
The 24% figure is not really all that surprising.

I see it again and again, people purchase a new PC which comes with a trial anti-virus subscription, and after the subscription expires they just ignore it and continue to use the outdated anti-virus. I've even seen home computers with A/V software that hasn't been updated in over 5 years!!!

A lot of computer users have absolutely no idea of the importance of keeping A/V software and other applications up-to-date. They think the outdated software gives them sufficient ("good enough") protection.

Again, it all comes down to end-user education.

To say the least, I'm really disappointed that schools, to this day, still do not teach about the various aspects of cyber security. They insist on wasting time teaching how to use office applications, something which most students already know and have figured out easily enough.

Also, what can be done to educate adults on the subject?


Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest
said by TheMG:

Also, what can be done to educate adults on the subject?

Computers are hardly new-fangled thingamabobs and you would think that basic security practices, such as restraining your clicking finger, not opening that email attachment in hopes of seeing some celeb's boobies, and such would be common knowledge. Those are simple common sense measures that don't require extensive computer literacy and anyone should be able to grasp that in itself would prevent a good deal of security related problems.

But as we know, that isn't always the case.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
reply to StuartMW
Does anyone know where this phones home through? Is it through mrt.exe or another process?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
MRT.exe is a stand alone process (check Task Manager to see) so I assume it does the phoning-home. No idea what URL and port(s) it uses.
--
Don't feed trolls--it only makes them grow!


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

Re: MRT's phoning home from where?

said by StuartMW:

MRT.exe is a stand alone process (check Task Manager to see) so I assume it does the phoning-home. No idea what URL and port(s) it uses.

See, that's weird. I have never seen and currently do not see mrt.exe wanting network access in my Windows' firewalls (64-bit W7s' N360 and XP Pro. SP3's Outpost Firewall 2009). It must be phoning home from another process else. Hmm!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

Here's some URL's found using the Sysinternals Strings utility on the May 2013 version of MRT.exe

https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx

http://Microsoft.com/AntiMalwareServices/SpynetReportSrvc

FYI I think MRT.exe only reports if something is detected.
--
Don't feed trolls--it only makes them grow!


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
said by StuartMW:

Here's some URL's found using the Sysinternals Strings utility on the May 2013 version of MRT.exe

»spynet2.microsoft.com/AntiMalwar···rvc.asmx

»Microsoft.com/AntiMalwareService···portSrvc

FYI MRT.exe only reports if something is detected.

Both links failed:
»spynet2.microsoft.com/AntiMalwar···rvc.asmx link didn't work (blank web page with nothing in its source code).
»www.microsoft.com/AntiMalwareSer···portSrvc showed me "We are sorry, the page you requested cannot be found..."

Ah, it only phones home when it finds something? OK. I have not seen one before so far...
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to jaykaykay

Re: MS Security Intel Report - 24% PCs Unprotected

said by jaykaykay:

An AV is like underwear, but you wouldn't wear just your undies. Yes, indeed. It's that layering that can make the difference.

I guess going commando is risky? ...


intok

join:2012-03-15
reply to chachazz
And 100% of Windows computers have an NSA backdoor.


intok

join:2012-03-15
reply to Dustyn
said by Dustyn:

said by jaykaykay:

An AV is like underwear, but you wouldn't wear just your undies. Yes, indeed. It's that layering that can make the difference.

I guess going commando is risky? ...

Total freeballin'?

»www.youtube.com/watch?v=469KLGY6WCQ

--
You think theres no games for Linux? »desura.com »gameolith.com »humblebundle.com »playdeb.net »ubuntuvibes.com

Check out »youtube.com/user/TheBigPictureRT/videos »freespeech.org and »democracynow.org

zod5000

join:2003-10-21
Victoria, BC
Reviews:
·Shaw
reply to StuartMW
I've always gambled and not run active A/V. I have my PC setup to run two scans per week. (Weds & Sun) in the middle of the night.

If you testing my PC it would look there was no active A/V, but I do have regularly schedule passive A/V. It's a holdover from when PC's were slower, and active scanning would slow things down.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
reply to StuartMW
said by StuartMW:

I just love statements like that with no context.

There is context: these are population-based measurements and are useful for big-picture understanding, not assessing individual risk.

And user behavior continues to be very important, but even I have given up on the "I am really careful" mentality and run antivirus on my desktop. There are too many trusted sites that get infected with whatever, so it's no longer just the usual sheep-porn places that get you into trouble.

Steve
--
Stephen J. Friedl | Unix Wizard | Security Consultant | KA8CMY | Orange County, California USA | my web site