Re: Mystisicm or real statistics?

["Richard M. Smith" <rms () computerbytesman com>]

Hi Larry,

Very interesting.

I wonder if the Security Intelligence Report also tries to measure malware
infection rates based on the default Web browser that people are using. If
not, why not?

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Larry Seltzer
Sent: Monday, May 12, 2008 4:22 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Mystisicm or real statistics?

Here's the Windows Vista Security blog on the matter. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

Feed: Windows Vista Security
Posted on: Friday, May 09, 2008 4:41 PM
Author: windowsvistasecurity
Subject: Windows Vista and Malware

Hi, Austin Wilson here.   Recently there have been some questions raised
about the susceptibility of Windows Vista to malware - specifically,
that it's more susceptible to malware than Windows 2000.  I'd like to
show why we reject that claim.   We study the malware space very
carefully and publish our results twice a year in the Security
Intelligence Report.  This report is compiled from statistics on malware
infections based on over 450 million executions of the Malicious
Software Removal Tool (MSRT) every month.  Microsoft is a member of
AMTSO (Anti Malware Testing Standards Organization) and its charter
includes defining test methodology so that there is a minimum quality
bar to all testing of this type.   

Our results published in the April 2008 version of the Security
Intelligence Report show that Windows Vista is significantly less
susceptible to malware than older operating systems.  In fact, from June
- December 2007, using proportionate numbers, the MSRT found and cleaned
malware from 60.5% fewer Windows Vista-based computers than from
computers running Windows XP with Service Pack 2 installed.  How about
Windows 2000?  Using proportionate numbers, MSRT found and cleaned
malware from 44% fewer Windows Vista-based computers than Windows 2000
SP4 computers and 77% fewer than from computers running Windows 2000
SP3.  Note that the Windows 2000 numbers include both Windows 2000
client AND server versions, while the Windows XP numbers of course are
only clients. Servers tend to be less likely to get infected with
malware as many of them are in data centers and aren't used for general
web surfing or other day to day tasks. 

Does this mean that anti-malware software isn't necessary?  Absolutely
not.  No software is perfect.  While we have many defense-in-depth
improvements in Windows Vista, it's critical for consumers to follow the
Protect Your PC guidance of keeping the firewall turned on, keeping the
operating system up to date, and having up to date anti-virus and
anti-spyware software.  
It's worth mentioning just a few of the defense-in-depth improvements
and features that are in Windows Vista that aren't included in Windows
2000:  DEP, ASLR, firewall on by default, Windows Defender, IE
hardening, User Account Control, Windows Security Center, parental
controls etc...

We're always looking for ways to improve our studies, so please feel
free to make suggestions on what you'd like to see.  For feedback on the
Security Intelligence Report, send email to sirfb () microsoft com.
Likewise, we welcome and encourage feedback from the community to make
our products better, so comment on this blog entry if you have
suggestions.
 
- Austin
 



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.