The latest semi-annual Security Information Report (SIR) from Microsoft has been released, and its 232 pages carry reminders of some important facts about personal computer security.
10 - Infections happen
According to the report, of all the computers that visited the Microsoft Malicious Software Removal Tool (MSRT) in the first half of 2009, 8.7 out of 1,000 (that is, not quite one percent) had some kind of malware infection identifiable by the tool.
The hot spots were Serbia and Montenegro, where the rate was 97.2 per thousand, Turkey with 32.3, Brazil with 25.4, Spain with 21.6, South Korea with 21.3, Saudi Arabia with 20.8, and Taiwan with 20.4.
The cleanest were computers in Finland with a rate of 1.9. The U.S. rate of 8.6 was nearly the same as the global average. (Other sources--typically malware protection vendors who see no reason to be coy--quote much higher infection rates.) Not mentioned by the Microsoft report is that Apple Macintosh infections remain rare.
9 - Malware amounts to an ecosystem
There's viruses that replicate themselves and spread to other computers, sometimes just for its own sake.
They're called worms if they do it through e-mail or instant messaging. Trojans follow the metaphor of Homer's Trojan Horse, whose occupants emerged in the night to open the Troy's gates to a devastating attack. Spyware watches your actions for marketing purposes. Adware produces annoying popup ads. Malware, incidentally, is any software you didn't ask for, especially software that has malicious intent. A bug, meanwhile, is any software that doesn't work right--and may be preferable to malware.
8 - Malware has many sources
You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.
7 - Malware can bite
Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.
6 - Trojans rule (in the U.S.)
If you're going to get an infection, at least in the U.S. it's likely to be some kind of Trojan. According to the SIR, 42 percent of the infections that the MSRT discovered were Trojans. Adware was also big at 16.3 percent. Nasty password stealers amounted to 4.1 percent. Elsewhere, infections are a toss-up. In Brazil, for instance, password stealers aimed at on-line banking predominate. Spain and South Korea have little in common, but both are afflicted by worms that target on-line gamers.
5 - Vulnerabilities vary
Not all operating systems are equally vulnerable. Microsoft's figures show that unpatched Windows XP has an infection rate of about 32.5 per thousand--about four times the global average. The rate falls to a sub-average 8 for thousand for Windows XP with Service Pack 3 (i.e., fully updated.) The rate for updated Vista machines was 3.1 per thousand for the 32-bit version, and 2 per thousand for the 64-bit version.
4 - Patching works
Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the bad guys get the upper hand, it may not be for long. Microsoft likes to use the example of the "Reno" Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000--in three days. Within a month it was off the chart.
3 - Updating works
The rate of infection of 64-bit versions of software was usually a third lower than the rate of infection of the 32-bit version.
2 - Malware is not the only danger
The big news is the rise in phishing--e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.
1 - The upshot: update your gray matter
Software can't protect you against the phishing plague--only common sense can do that. If some random e-mail asks for your personal information because somehow otherwise your bank account, or our game subscription, or your corporate computer privileges will be suspended, delete it.
No comments:
Post a Comment