Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Over the past several years I have had the opportunity to talk to customers and governments all over the world about the threat landscape and the data we publish in the Microsoft Security Intelligence Report (SIR). During these conversations regional malware infection rates always garner a lot of discussion. One of the most interesting questions I’m increasingly asked is what factors contribute to the differences in regional malware infection rates? Or what do regions with low malware infection rates do differently than regions with high malware infection rates? Our Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance released today provides a new body of research that speaks to these questions.
This study was conducted by Trustworthy Computing’s Global Security Strategy and Diplomacy team and examines the relationships that a number of different socio-economic factors have with regional malware infection rates across 105 countries. The study started with a list of 80 factors that was trimmed down to the 34 factors that had a potential correlation with malware infection rates or computers cleaned per mille (CCM). These factors include such indicators as GDP per capita, broadband penetration, use of mobile devices, Facebook usage, and thirty others. To provide you with an example, Figure 2 illustrates some of the factors examined in the United States.
Figure 1: some of the socio-economic factors examined in the new study, with values for the United States from the second quarter of 2011
Some key findings from this Special Edition SIR:
More background information:Understanding how we measure regional malware infection rates is an important piece to this puzzle. Using the raw number of systems reporting malware infections in each location around the world isn’t very useful in this context because this data is biased by differences in populations, sizes of personal computer install bases, the number of systems using Windows Update and Microsoft Update services, etc. The Microsoft Malware Protection Center normalizes regional malware infection rate data so we can more accurately compare the infection rates of countries/regions on an apples to apples basis. We call this normalized measure computers cleaned per mille (CCM). The CCM tells us how many computers are infected with malware for every 1,000 computers that are scanned by the Microsoft Malicious Software Removal Tool (MSRT). The MSRT runs on more than 600 million systems around the world each month. From this “big data”, we use the CCM for each location to build a worldwide malware infection rate “heat map” as seen in Figure 2.
Figure 2: Infection rates by country/region in the fourth quarter of 2011 (4Q11), by CCM
While interesting and informative, comparing CCMs of different locations doesn’t tell us what factors contribute to the differences in regional malware infection rates. I have tried to at least partially answer this question in a series of articles we published called Lessons from Some of the Least Malware Infected Countries in the World. Additionally, I compared and contrasted a location with a consistently low malware infection rate with a location that consistently has one of the highest infection rates in the world, in this article: The Threat Landscape in Asia & Oceania – Part 2: Korea and Japan.
Although I think these articles provide valuable insights, I concluded that there isn’t a simple answer or a small number of factors, such as language or culture, that help explain the differences we see in regional malware infection rates. The number of factors that could be contributing to a location’s malware infection rate is likely much larger, and those factors could include a myriad of socio-economic issues.
As I previously mentioned, the study started with a list of 80 socio-economic factors that was trimmed down to the 34 factors that had a potential correlation with malware infection rates. In order to get the latest values for 80 socio-economic factors, many of which are only updated annually or less frequently, the report uses data from 2011 including malware infection rate data from the Microsoft Security Intelligence Report volumes 11 and 12.
There are many other key insights included in the new report. For the many people around the world that have asked me about this topic, this new study gives us a few more pieces of the puzzle by providing more insights into the socio-economic factors and public policies contributing to differences in regional malware infection rates. We hope that this data is valuable to policymakers and IT professionals alike as they examine malware trends in their own regions and plan accordingly.
You can download this new report here: Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance
Tim Rains Director Trustworthy Computing