Tuesday, June 13, 2006

surprised by malicious software removal tool statistics

if you follow such things, i'm sure you've seen quite a few posts about microsoft's new malicious software removal tool study...

of course some folks can't manage to properly interpret the stats in it, prompting microsoft to issue a clarification (they did not find bots on ~60% of all computers scanned, only on ~60% of computers they cleaned), but i can sort of see where those people are coming from... we've sort of become accustomed to the idea that malware really is that prevalent - that's certainly the message the media has been pushing for a long time... microsoft's study is saying something very different, however:
As of the writing of this report, Microsoft has shipped 15 additional enhanced versions of the tool and continues to ship a new version on the second Tuesday of each month, each adding new prevalent malware to detect and remove. Since the initial release of the MSRT, the tool has been executed approximately 2.7 billion times by at least 270 million unique computers.
...

The MSRT has removed 16 million instances of malicious software from 5.7 million unique Windows-based computers over the past 15 months. On average, the tool removes at least one instance of malware from every 311 computers it runs on.
in 15 months of operation they've scanned ~270 million unique computers and removed malware from only 5.7 million?... that's just 2.1%... that seems surprisingly low to me...

now, i imagine if microsoft agreed to add detection/removal for their own spyware the percentage would be much higher so there might arguably be an issue of malware prevalence being under reported in order to allow practices that would result in most other supposed security vendors being labelled rogue...

another reason to suspect under reporting is that microsoft is complaining about the difficulty of dealing with tens of thousands of peices of malware when the anti-virus industry has been dealing with hundreds of thousands of peices of malware for some time now:
A significant challenge we have today is the large number of active malware samples, totaling in the order of tens of thousands, and increasing rapidly.


i don't know, maybe microsoft's numbers are right... there's not a lot to compare them to - i haven't really seen similar types of metrics coming out of other vendors for the most part (probably because most vendors' products don't report their results back to their creator(s) ... and why does microsoft's do that again?)...

if the numbers are right, it certain adds a new perspective on things... but as with all statistics it needs to be taken with a grain of salt...

0 comments: