[Dshield] [giac-alumni] 2/3 rds of PC's Compromised???

John B. Holmblad jholmblad at aol.com
Mon Apr 7 01:19:39 GMT 2008


Keith,

thanks for sharing the link to that report. It has come a long way since 
the one I looked at a while back for the year earlier period. The 
detailed report has some excellent visuals to summarize the data.

Although Microsoft Windows Vista seems to be taking a lot of reputation 
"hits" in the market for performance related issues, the commentary on 
p46 of the full report suggests that the security improvements in Vista 
ARE working:

>     The MSRT has proportionally cleaned malware from 60 percent less
>     Windows
>     Vista-based computers compared to computers running Windows XP
>     SP2. Similarly,
>     the MSRT has proportionally cleaned malware from 91.5 percent less
>     Windows Vistabased
>     computers than from computers running Windows XP without any service
>     pack installed. Users who employ User Account Control (UAC) on
>     Windows Vista
>     will fare even better given that UAC provides an additional layer
>     of protection against
>     socially engineered malware delivery methods that rely on
>     administrative privileges
>     for installation.

Best Regards,

 

John Holmblad

 

Televerage International

GSEC Gold,   GCWN Gold,   GAWN,  GGSC-0100,   NSA-IAM,  NSA-IEM

Information security, telecommunications, and information technology 
consulting

 

(M) 703 407 2278

(F)  703 620 5388

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 



Keith Seymour wrote:
> John,
>
> This is something that I can verify, I would not be surprised in the
> least that these numbers are accurate. I did considerable research
> last year into Spyware and Adware (later classed as Spadware by a
> coworker) for work. MS uses the results of the Malicious Software
> Removal Tool (MSRT) to trend the amount of malicious software in the
> general public. I would have to say that the sample is somewhat skewed
> since these are people downloading a standalone tool to remove
> Malware. Specifically the 2006 results indicate "of the 5.7 million
> unique computers from which the tool has removed Malware, a back door
> Trojan was present in 62% of computers.".
>
> The sample for this group isn't professionally managed machines that
> you would see in a SANS sample or machines managed by young people but
> machines that are run by the average family. The parents don't have
> the savvy to manage the  machine and the younger users are talented
> enough to browse and install software but not experienced enough to
> realize the risks. In other words the people whose machines we clean
> up annually at family gatherings. Add to that mix software like the
> Sony DRM RootKit and you easily have the numbers of remote control
> instances cited.
>
> Latest findings:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4EDE2572-1D39-46EA-94C6-4851750A2CB0&displaylang=en#filelist
>
> Even in managed environments with updated AV and Anti-Spyware products
> you can still expect to find 2-5-10% infection rate. This is what
> makes me interested in the CDC's method for determining when alerting
> is appropriate based on changes in the normal infection rate.
>
> Keith
>
> On Fri, Apr 4, 2008 at 9:30 AM, John B. Holmblad <jholmblad at aol.com> wrote:
>   
>>  All,
>>
>>  while reading the article at the www page whose url is
>>
>>
>> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1308055,00.html?track=sy160&asrc=RSS_RSS-10_160
>>
>>
>>       concerning Microsoft's joining the board of the consortium that guides
>> the evolution of the Kerberos authentication protocol, my attention was
>> drawn to the comment quoted below
>>
>>
>> A year ago Geer wrote a paper suggesting that 15% to 30% of all desktops had
>> some degree of remote control not intended by the user. Since then, he
>> noted, Microsoft Security Solutions Group program manager Mike Danseglio has
>> estimated that two thirds of all PCs are compromised.
>>  Even  as a member of a hard boiled group like this, that is used to hearing
>> bad news of this sort, I find this number (2/3) to be quite high, although I
>> don't have any data myself to refute this number.
>>
>>  Given that the source is Microsoft I could surmise that the "sample" from
>> which this ballpark statistic is "thrown out" (I couldn't resist that one)
>> is global and not limited to the U.S. I could also surmise that the rate of
>> compromise is higher outside of the U.S, that in the U.S. but here again,
>> that is only a guess as I can't back that up with data either.
>>
>>
>>  Thoughts anyone?
>>
>>
>>  --
>>
>>
>>
>> Best Regards,
>>
>>
>>
>> John Holmblad
>>
>>
>>
>> Televerage International
>>
>> GSEC Gold,   GCWN Gold,   GAWN,  GGSC-0100,   NSA-IAM,  NSA-IEM
>>
>> Information security, telecommunications, and information technology
>> consulting
>>
>>
>>
>> (M) 703 407 2278
>>
>> (F)  703 620 5388
>>
>> primary email address:  jholmblad at aol.com
>>
>> backup email address:  jholmblad at verizon.net
>>
>>
>> _______________________________________________
>>  giac-alumni mailing list
>>  giac-alumni at lists.sans.org
>>  https://lists.sans.org/mailman/listinfo/giac-alumni
>>
>>
>>     
>
>   


More information about the list mailing list