Microsoft Security guys have fun at Mac loyalist’s expense

It is quite possible here that we are looking at the statistics Microsoft released from the Malicious Software Removal Tool in 2006, where they announced that 60% of computers contained a trojan. But thats 2006. I couldn't find the 1% statistic. The circular graphs http://download.microsoft.com/download/f/f/d/ffd1f8b8-afcc-4ed1-a635-2ca... do show about 7.2% of Windows XP computers require cleaning (but the lower number of Vista users is shown. This quite possibly is due to the fact that there are more XP users than Vista ones sadly). That article does mention a 40% of XP users being cleaned from a certain virus which is another possibility of the source for this statistic. At the end of the day though I think that viruses will be moving towards rootkits which means that these statistics may become irrelevant soon. But regardless, its good to see a decline in the amount of infections. On the note of the actions of the mac user in that text, I think it was quite stupid not to be able to source it, and I am a Mac user for the record.

We have a group of 27 docs and 9 have already admitted to having a virus, worm, trojan or malware and the poll is not over. Small group but statistically valid. Out IT guy states that he has considerably more than a 1%, which he believes is a lie. He does state, and I have a similar experience, that infections seem to be decreasing with public awareness for the need of anti-virus and malware tools. Hopefully Vista's improved security will also help, but the quoted guy is in wonderland, or the quoted company polled Fort Knox's mortuary. So this is as far from the truth is anything can be. Sorry.

The guys in the Army Coffee shop (and I work with the Techs remember). They broadly fit into 2 groups. Those on the Mac and Linux side who live a fairly carefree existence malware wise and those on the Windows side who seemed plagued by them. Admittedly there are about twice as many Windows users but there seems to be a lot of bad stuff going around and it seems to be getting worse. The latest news does not bode well for Vista. http://www.scmagazineus.com/BLACK-HAT-Vista-ineffective-against-browser-...

"We have a group of 27 docs and 9 have already admitted to having a virus, worm, trojan or malware and the poll is not over. " At that moment or at some point in time? "The latest news does not bode well for Vista." It actually sounds better than it was made out to be. The answer to this might be a "no", but I wonder if UAC is effective in preventing this or if this requires user intervention.

Shark, over the past year, but they all have XP, not Vista. Yes it's not MS fault, IMO, but 1% is pure baloney. That's what I would call an MS lie, giving us customers a false sense of security. The Virtumonde trojan that I had last month was all my fault, but I downloaded a free utilityto try to revive my 3 dead drives. I DL'ed on a MMac, just in case it was malware, then put it on a flash drive, connected to my PC [XP] and scanned it. Since there was nothing detected, I loaded/installed it and got something like 32 variants of the Virtumonde virus/trojan. Of course, my friends with teenagers that will DL anything, especially pirated music, just get malware frequently. Kids will play, and good luck stopping them. Each time that I need to reinstall XP for them, I try to show them how to do it so that they can just do it themselves. A backup copy may not work for them as they will most likely backup the virus before scanning for it, but reinstallation is not always needed of course. After an update two weeks ago, my AV found another variant still left over I suppose as I rarely use the PC and have not installed anything but the AV app since.

drylight, 1% of the Windows installed base is a pretty small number. Figure (back of the hand) at about 10M machines or a little less than 1/3rd of all the Macs or about the same as all the Linux desktops.

Does Paul write for Windows IT Pro? http://windowsitpro.com/article/articleid/99802/increased-spread-of-malw...

"Nothing shuts down these clowns bal faster than the truth." Has "iCabal" been replaced with "clowns bal"? ;-)

bettieblu FYI: Zero day attacks are why modern anti-virus systems have dynamic update schedules and heuristics analysis rather than just relying on signatures.

DRWAM You should also be aware that this isn't the days of attacks coming from some kid in his parents' basement. This is now a BIG part of organized crime activity and lately the province of national intelligence agencies. So, yeah, doing security for a living is hard. (I did it for a year and while it was fun, the stress is there, too) As for the Mac staying immune, with successful attacks against Windows machines dropping fast (the report showed HUGE drops with XP SP2 and HUGE drops from that with Vista) the attacks are moving toward phishing and server based vulnerabilities and those don't care what platform you're on. In fact, the hubris of Mac users makes them more likely to fall for these attacks. Add in Apple corporate arroagance with things like Safari being the only browser that doesn't even bother with an anti-phishing filter and you have a real time bomb in the Mac community.

Avro Just again doing back of the napkin... Apple sold roughly 10M Macs this year That was a higher share than in the past The overall market was higher than in the past Therefore 10M per year is way above the historical average. Figure, then that 100M would be the total production of Macs for, what, let's say about 15 years. Are you saying that every Mac made since 1993 is still in use? That would be every Intel Mac, every PowerPC based Mac and thousands of Motorola 680x0 Macs. Do you really think there are still thousands of Motorola 680x0 Macs running? If we assume that some were retired or died (and I don't think even you are saying that isn't the case) then you're saying, what? That most Macs built since they were introduced in 1984 are still running? Seriously, there's no way a 100M figure passes even the slightest attempt at scrutiny. Why did you suggest it?

Mike, I agree. Attacks may be up, but successful attackes is a factual number that should be posted. It just may be very difficult, if not impossible to tally. The 1% could be an infection at any1 second in time, but computers are in use a lot longer. Annual numbers would be more appropriate. Then, separating XP from Vista would be a great idea. Can you imagine a campaign/ad showing that buying Vista decreases your chances of malware substantially? Or Vista plus OneCare? I think that was the intent of HP's Smartsoft ad, which sounds more like FUD to me. I haven't heard it lately but it gives you the idea if you don't but the product, your Windows based office will be instantly and ubiquitously infected. If I were Ballmer, I would give HP a very strong personal phone call.

DRWAM I haven't seen the HP ad but I'm pretty sure that if Ballmer were to give HP a sufficiently strong personal phone call he'd be in front of the DOJ for attempting to restrict a customer in violation of the antitrust rules. As for the 1% number, remember that a lot of Windows machines are behind corporate firewalls and behind corporate AV systems. Add to that the prevalence of XPSP2 and Vista. Add to that the common use of Antivirus and Antimalware software. Add to that the Windows machines in offices that don't allow access outside the firewall for their office workers' computers. Add to that the Windows machines that are used for dedicated purposes (cash registers, ATMs, process control computers, etc) that are never connected to the Internet. The 1% figure doesn't seem unreasonable once all the rest is considered especially since this isn't "ever infected" but seems to be "infected at any given time"

Shark Excellent article by Ed Bott. This is a must read for anybody who saw the hysterical posts about this spammed onto every thread here over the last couple of days and thought there was anything to them.

From the Ars article: >>Stories suggesting that Vista's security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.<< Thats a relief. Here's an interesting note in the discussion thread for that article (from the author of that article): >>I also understand both what MS was attempting to achieve with ASLR (etc.)--raise the bar to make it harder to convert buffer overflows into arbitrary code execution--and what the paper means. The paper lowers the bar to around the same level as other OSes; the other protections in Vista mean that the bar is still higher than those other OSes.<<

And, for the last hour+ h8ers:

Troll. >>h8ers: .<<

DRWAM I'd say it's at least as disingenuous for people to extrapolate from personal experience to the entire installed base which does include huge numbers of computers that are protected. Is it safe to run a Windows Vista computer connected with an always on connection to the Internet with no Antivirus? Probably not. But. Considering the default is a non-Administrator account with a two-way firewall, anti-malware (Defender) and anti-phishing in the system along with all the other protections, it's not that risky. Think about it. An Antivirus program (at least the one I use) will let you know if it detects something. If you've been running and never had an alert from your Antivirus that it found something, you wouldn't have been infected without it. Personally, I think that's a foolish risk. But, it isn't as though the average user's computer is under a constant barrage of attacks that will leave their system a quivering mass of molten silicon in minutes otherwise. And I've seen that presented as the reality often enough to think that fearmongers own the zeitgeist. As some (purely anecdotal) data. Based on my Antivirus' monthly report... My A/V scanned roughly 1.5M files on my system and found 0 that needed cleaning. It also has found 0 suspicious files since I've had it installed. It updated 323 definitions it its signature files this month. So, had I not had it installed, I'd still have had no successful attacks against my system. Would I take that chance? No way. Would my computer be a molten heap of silicon if I had? No. As for McAfee, I won't comment. I was a Program Manager on a team that developed one of their competitors and I don't think it's right for me to comment. .

As long as I'm doing computer security book recommendations, I can't leave out Joel McNamara's Secrets of Computer Espionage: Tactics and Countermeasures This looks at security from the espionage and information security point of view. It's a fascinating read and, for the most part, is still current despite it being about four years old now. (Required disclaimer: I worked with Joel for a few years)

DRWAM Which is why I called out that it was only anecdotal info. My point is that you often hear that "If you put a Windows computer on the Internet without an antivirus it'll be pwned by multiple nefarious types and turned into a zombie within x minutes without even logging on." and such. Obviously, that's not the case but these urban legends take hold faster than reality. As I said, I'd never recommend anybody run without a decent security suite (Firewall/AntiMalware/AntiVirus) no matter what the platform. I'm just pointing out that while the Internet's not that safe an neighborhood to walk around, it's not exactly a free-fire zone, either.

Also, the more important statistic would be the incidence of infection in any reasonably protected computer with internet access. I would bet that the number is very, very low if you don't have teenagers.

"Wasn't there a big Mac virus in the 80's or early 90's, sometime when the market share was bigger?" The only one I ever had problems with was the WDEF virus back in the system 6/7 days; it was easily disabled by rebuilding the desktop file (something that was SOP back then anyway). After we got it once from a service bureau, we ran the free "Disinfectant" A/V software, and it always caught it. It would pop up again periodically, usually in floppies that came in from various printers. The only other stuff that every came across were Word Macro viruses, which didn't affect the Mac at all, but could be passed along to PC users if we didn't get rid of them (which we always did). I run A/V software now on the Mac, but it's never found a thing. "My point is that you often hear that "If you put a Windows computer on the Internet without an antivirus it'll be pwned by multiple nefarious types and turned into a zombie within x minutes without even logging on." and such. Obviously, that's not the case but these urban legends take hold faster than reality." Well if you're not being so overly dramatic: http://blogs.chron.com/techblog/archives/2008/07/average_time_to_infecti...

@"lotsamystuff" - I am not trying to pick a Mac vs Windows fight...but what AV software do you run on your Mac(s) and why? Also, do you agree or disagree with the line of thought that says that the black hats do not find it profitable to delve into the malware coding on the Mac because the ROI would be so small? Don't you think that if so inclined that a person could code malware to target unpatched Macs that are not behind a correctly configured firewall? I certainly think that it could be done, and probably would be done if the ROI was there. --tayme

Wae, thank god you posted. I was afraid to admit that I am only running Windows Defender in Vista Ultimate because I only go to a few trusted sites, such as work, Comcast, Winsupersite, and Macsurfer sometimes. So the only program that I installed was Office 2007. I have no personal data or even any email client setup. I just use it for work but occasionally browse the above sites when I'm waiting for cloud connection. Still can't get my VPN working again after SP1, but that's why I pay IT. But the poor guys are kinda stressed with all the network upgrades and changes, which causes several problems daily.

@Doc: By "trusted", I mean basically hardware vendor sites, and Microsoft. (Sorry, Paul) Blog sites, and sites with advertising of any kind can be considered "untrustworthy", since even the page author has no control over the ads.