funsec mailing list archives
Re: Mystisicm or real statistics?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 12 May 2008 16:41:55 -0500
Hi Larry, Very interesting. I wonder if the Security Intelligence Report also tries to measure malware infection rates based on the default Web browser that people are using. If not, why not? Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Monday, May 12, 2008 4:22 PM To: funsec () linuxbox org Subject: Re: [funsec] Mystisicm or real statistics? Here's the Windows Vista Security blog on the matter. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com Feed: Windows Vista Security Posted on: Friday, May 09, 2008 4:41 PM Author: windowsvistasecurity Subject: Windows Vista and Malware Hi, Austin Wilson here. Recently there have been some questions raised about the susceptibility of Windows Vista to malware - specifically, that it's more susceptible to malware than Windows 2000. I'd like to show why we reject that claim. We study the malware space very carefully and publish our results twice a year in the Security Intelligence Report. This report is compiled from statistics on malware infections based on over 450 million executions of the Malicious Software Removal Tool (MSRT) every month. Microsoft is a member of AMTSO (Anti Malware Testing Standards Organization) and its charter includes defining test methodology so that there is a minimum quality bar to all testing of this type. Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems. In fact, from June - December 2007, using proportionate numbers, the MSRT found and cleaned malware from 60.5% fewer Windows Vista-based computers than from computers running Windows XP with Service Pack 2 installed. How about Windows 2000? Using proportionate numbers, MSRT found and cleaned malware from 44% fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77% fewer than from computers running Windows 2000 SP3. Note that the Windows 2000 numbers include both Windows 2000 client AND server versions, while the Windows XP numbers of course are only clients. Servers tend to be less likely to get infected with malware as many of them are in data centers and aren't used for general web surfing or other day to day tasks. Does this mean that anti-malware software isn't necessary? Absolutely not. No software is perfect. While we have many defense-in-depth improvements in Windows Vista, it's critical for consumers to follow the Protect Your PC guidance of keeping the firewall turned on, keeping the operating system up to date, and having up to date anti-virus and anti-spyware software. It's worth mentioning just a few of the defense-in-depth improvements and features that are in Windows Vista that aren't included in Windows 2000: DEP, ASLR, firewall on by default, Windows Defender, IE hardening, User Account Control, Windows Security Center, parental controls etc... We're always looking for ways to improve our studies, so please feel free to make suggestions on what you'd like to see. For feedback on the Security Intelligence Report, send email to sirfb () microsoft com. Likewise, we welcome and encourage feedback from the community to make our products better, so comment on this blog entry if you have suggestions. - Austin _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Mystisicm or real statistics?, (continued)
- Re: Mystisicm or real statistics? John LaCour (May 09)
- Re: Mystisicm or real statistics? Drsolly (May 10)
- Re: Mystisicm or real statistics? Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 09)
- Re: Mystisicm or real statistics? Alex Eckelberry (May 09)
- Re: Mystisicm or real statistics? Larry Seltzer (May 09)
- Re: Mystisicm or real statistics? Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 09)
- Re: Mystisicm or real statistics? Alex Eckelberry (May 09)
- Re: Mystisicm or real statistics? Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 10)
- Re: Mystisicm or real statistics? Christopher (May 13)
- Re: Mystisicm or real statistics? Alex Eckelberry (May 09)
- Re: Mystisicm or real statistics? John LaCour (May 09)
- Re: Mystisicm or real statistics? Richard M. Smith (May 12)
- Re: Mystisicm or real statistics? Larry Seltzer (May 12)