Antimalware Team Releases MSRT White Paper

re: Antimalware Team Releases MSRT White Paper

Toby Ovod-Everett — Thu, 22 Jun 2006 23:32:13 GMT

There's a minor statistical error on page 10 of the whitepaper. "Using the data in Figure 4, we can determine that the average number of unique malware variants removed per computer is 1.59. In other words, the tool is slightly more likely to remove more than one malware variant per computer than just one variant." The first does not imply the second. In fact, in 67.3% of cases where malware was removed, only one variant was removed. In this situation, you have a heavily weighted distribution, and thus the average and the median do not coincide.

All in all, though, it is a well written paper.

--Toby Ovod-Everett

Feedback on "Progress Made, Trends Observed"

Jan Eriksson — Wed, 21 Jun 2006 08:44:22 GMT

It was a really interesting report showing boot facts and tips.

In the report You mention the wise to run the computer as an ordinary user instead of an administrator. Would it not be possible to until next report have figures backing up this. With Your knowledge about all removed malware I guess You are able to judge witch of them have the possibility to be installed by an ordinary user and witch need an administrator. If the computer is hit by a "Exploit Worm" (I guess it always run as system), a "Rootkit" and a "Email Worm" it will not be possible to be sure I guess. I think You would not be able to give an exact answer but I am sure You would be able give us a very clear indication.

I guess it is the same about a proper configured firewall.

In how many case would the computer not been hit if the security updates released one month or longer time ago have been installed?

We have made the effort to make our 10 000 + users run as ordinary users, our XP SP2 firewall is proper configured and we spend time to get all relevant security updates installed after testing them. All this takes time and have to be motivated to our management. We are lucky having a management understanding this but it would be even better if we was able to show them how important it is. It would be even more important to all of them not given the resources to handle those security questions properly.

I think all of this would be possible to create with your knowledge and with Your information. I hope I will be able to attend to ITforum in Europe and I hope someone of You will be there and give us solid figures about this.

Regards

Janne

re: Antimalware Team Releases MSRT White Paper

TechNet Archive — Wed, 21 Jun 2006 03:19:18 GMT

Raw statistics naturally exist but, due to the magnitude and complexity of the data, it is not practical to make them available broadly verbatim. If you have specific questions / goals in what you're trying do understand, please send me a mail at mattbrav@microsoft.com.

With respect to the "Computers" note, there is no discrepancy. The 5.7 million figure is the number of unique computers across all families. As there will be computers infected with more than one family, it makes sense that the sum of the statistics in Figure 5 is greater than 5.7 million.

re: Antimalware Team Releases MSRT White Paper

Russ Cooper — Tue, 20 Jun 2006 21:14:00 GMT

Are raw statistics available? E.g. Monthly stats for all families?

The total in column “Computers” in Figure 5 on page 9 is 6,800,957, yet earlier you state the number of infected computers is 5.7 million between 6/05 and 3/06. Can you explain this discrepancy?

Is it possible to get numbers for that same figure where Removals and Computers reflect the same period, say 6/05 through 3/06? I would like to look at the number of “repeat offenders” who are re-infecting themselves with the same family. I’m interested in examining those families with higher re-infection rates to assess the techniques which are achieving greater re-infection rates.

Atak appears to be the only malware dropped prior to 3/06. Do you have numbers for Atak over the period?

Are no stats kept based on how the Backdoor Trojans are believed to be installed?

Cheers,
Russ

re: Antimalware Team Releases MSRT White Paper

Dann — Thu, 15 Jun 2006 23:26:55 GMT

When is the next beta of Window Defender coming out for Window XP. Is it before or after they release Window Vista RC1.

re: Antimalware Team Releases MSRT White Paper

Louis — Thu, 15 Jun 2006 03:17:58 GMT

Pic is great, looks like a " we shop at (insert clothing shop name here)". Are you singelhandedly "supporting" Vista. By the way, are the malware stats based on a calc of downloads x threats detected, or information sent back via anon prog feedback. Malicious tool should provide feedback to the user,reassuring them that something has been done, e.g. fireman says that the fire is out, that sort of thing, an extra line or two of code would do it, not that big a burden, but puts the user at ease.

Louis

re: Antimalware Team Releases MSRT White Paper

Dann — Thu, 15 Jun 2006 01:24:33 GMT

So What's up with Window Defender Xp version i really like this software are there any good news for beta 2 user?

re: Antimalware Team Releases MSRT White Paper

Nicholas — Wed, 14 Jun 2006 05:03:30 GMT

Keep up the great work!