Microsoft has a paper up on their website now which describes some of the data they have from their “Malicious Software Removal Tool” or MSRT. The paper is titled MSRT - Progress Made Lessons Learned
If you are a technology professional who makes ANY recommendation about computers to friends, family, coworkers, clients, or decisions for yourself, you should read this.
After you read it, it should be inexcusable to recommend MS Windows in any setting
period.
I know it sounds drastic, but it’s the simple truth. Here are some of the numbers. remember that these numbers are from Microsoft talking about their own software
The MSRT has removed at least one backdoor Trojan from approximately 3.5 million unique computers. Thus, of the 5.7 million unique computers from which the tool has removed malware, a backdoor Trojan was present in 62% of computers.
62% let that number sink in
And thats just the Trojan category. It doesn’t include computers which had only “malware” or a rootkit like the one that floated around on Sony CD’s.
In the March 2006 version of the MSRT, the tool removed malware from approximately 150 thousand computers (20% of all computers cleaned) from which some malware had previously been removed by the tool in an earlier release.
This isn’t very clear, but what they are saying is that in March 2006, when the tool was re-run on machines, 20% had been RE-INFECTED
so much for fixing things.
oh yeah it’s just a bandaid
Worms that spread through email, peer-to-peer networks, and instant messaging clients account for 35% of the computers cleaned by the tool.
And those are the ones you thought you could protect against. (or atleast avoid) but that still leaves 65% of them unacounted for.
Further on in the PDF you find out that Win32/Rbot
was removed 4,431,422 times. But the kicker is that it was only removed from 1,914,046 different computers. Thats 2.3 times PER COMPUTER. talk about a re-infection rate.
But it gets worse, you have to realize that Win32/Rbot
is a virus which was first discovered in August 03. That was over 3 years ago. But beyond that those number of removals are from AFTER August 05. Thats two years after the virus was first discovered.
Now remember those computers cleaned after August 05, were re-infected another 1.3 times. Yup it’s still going on 3 years later.
Makes you wonder what viruses from today we will still be dealing with 2 and 3 and 4 and 5 years from now.
Thats why you should realize that when you recommend windows, you are recommending that people get something which will be infected 62% of the time. And which will be re-infected more often than you’d like.
Sometimes a virus or trojan or rootkit doesn’t do much to harm a computer
but it could, and sometimes it does, and thats not a risk worth taking.
oh, and those numbers are only through March 06. You don’t really think it’s gotten better since then do you?
NOTE: Of the possible windows flavors Windows XP SP2 has the lowest normalized infection rate; and among the locals english also has the lowest normalized infection rate; but those still don’t touch OSX with a 10 foot pole, so my point still stands.
via SANS