Security

Microsoft Security Birthday Party

Leave a comment

Congratulations to Microsoft. They just announced their one-year birthday for security.

Yes, you read that right. One year of security.

I will try to refrain from any snarky commentary and just join in the celebration. Ok, just one nit: Windows was released in 1985, twenty-five years ago. That sounds like 24 years without security. Even if you go with a “modern” history of Windows you have to start with 95, which was released in…oh, I forget. Must have been around 1996. Seriously, though, I am reminded of a meeting I had with Microsoft around 2004 where the security team said they considered themselves only three years old with less than a dozen staff. That would put them in the XP release generation. They were not essential, however, and that brings me back to the party today.

Happy one-year!

Microsoft Security Essentials Celebrates First Birthday with 30 Million Customers!

According to the Microsoft Malware Protection Center (MMPC), in addition to providing a no-cost security solution to tens of millions of customers that may not have been actively protected before, Microsoft Security Essentials detected nearly 400 million threats over the past year, with customers choosing to remove more than 366 million of those threats. For more information about the specific threat breakdown, please visit the MMPC Blog.

Whoa, 34 million threats sounds like a lot. That’s almost a 10% failure rate, or 10 threats not removed per customer. Why were they not removed?

Sorry, this is a time to celebrate, not worry…but I still wonder so I went to the MMPC Blog for more information, as suggested.

No detail on the failures is provided. Instead I found data that shows Russia and China have far fewer copies of Security Essentials installed than the other “non-US countries” (that’s an official Microsoft designation, I didn’t make it up).

Quick birthday quiz: how many “non-US countries” are there in the world? 195 – 1 (US country) = 194.

With fewer copies installed the MMPC Blog says China and Russia have many more machines attacked than other “non-US countries”.

Security Essentials is installed all over, but the threats it’s protecting PCs against are far from globally uniform. For example, if you compare the graph of installations above to the chart of machines where Security Essentials detected exploit attacks below, you can see that while China is relatively low on the install base list and Russia came in at number 10 by install base, users are relatively more likely to be attacked via exploits.

Interesting point, except for the fact that I see another possible outcome.

Brazil has the highest level of Security Essentials installed (nearly a million more than the next highest) and yet is only slightly behind China in machines attacked. Same for the United Kingdom.

So if you add Brazil and the UK together you get about the same number of machines attacked (799,763) as China and Russia (841,159) despite having many more systems running Security Essentials. Which tells us what exactly? Will the percentage of attacks go down if more systems have Security Essentials? And back to my original point, why aren’t some infections removed; what does “machine attacked” really mean?

The MMPC blog says attacks are different by region, which could be a big clue.

The Autorun threat family has pulled away from Conficker in Brazil, and the widespread Bancos threat, which is unique to Brazil, entered the top 5. In China, exploit families like ShellCode and CVE-2010-0806 continue to dominate. In the United States, Renos has taken over the top spot from Wimad, the new top rogue threat is FakeSpyPro, and the Java runtime exploits of CVE-2008-5353 are a major problem.

I also wonder if the high rate of deployment in Brazil reflects the giant new Microsoft data-center, or are they talking only about end-user systems.

Happy Birthday!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.