It’s pretty obvious that people often behave differently at home and at work. Microsoft has found that malware and potentially unwanted software are encountered differently and act differently in the two environments.

The following graph shows the difference between the categories of threats encountered by Windows Live OneCare users, which is for home use, and Forefront Client Security, which is designed to be managed at work.  At work, computers are more likely to encounter self-replicating threats like worms that can capitalize on the highly interconnected computers. At home, threats are more likely to use social engineering and Trojan horse trickery or browser-based exploits.

Cool SIR graph of OC vs. FCS categories

The top 10 reported threat families reported by Windows Live OneCare in the last six months of 2008 is dominated by Trojan threats.  Among these are two rogue threats (FakeXPA and Antivirus2008), and the Renos family that may deliver these rogues.  We use our home computers for more web browsing and entertainment than at work, and threats affecting home machines often employ tricky techniques called “social engineering” to infect machines.

Fascinating SIR graph of OC top 10 families

At work, self-replicating worms dominate the list.  Most computers at work are connected to a network with lots of other computers, and this trusted network gives a worm that infects a single machine has a chance to spread all over the network.  Perhaps most interesting on this list is the Taterf and Frethog families – these steal gaming passwords, which they probably aren’t finding too much at work.  However, because of the way they spread, they’re more successful in moving around enterprises than home machines

[Riveting SIR graph of FCS top 10 families]

The notorious Conficker worm is similarly very dangerous at work, while being far more rare on home computers.

Luckily, the some of the same protection steps work both at home and at work: Update all your software to the latest, most secure versions, and run an up to date antivirus solution – threats love exploiting vulnerabilities to take over computers that have no antivirus and aren’t up-to-date on their patches.

Please read the latest Microsoft Security Intelligence Report at for more details on the difference between home and work threats. 

--Joe Faulhaber