Canada scored much better than the rest of the world in a Microsoft survey that tracked the average number of Windows-based PCs containing dangerous malware.
The company on Tuesday released the results of its global Security Intelligence report, which observes data gathered over the past several years but which focuses specifically on the second half of 2007. Microsoft prepares its report by gleaning customer use of its Malicious Software Removal Tool (MSRT). This marks the first time since it began publishing the report three years ago that Microsoft has broken out Canadian-specific data.
Although 450 million unique computers each month were using MSRT to get rid of malware globally last year, or one in every 23 computers, the same was true for only one in every 310 computers in Canada. “It was one of the lowest in the world,” said Bruce Cowper, security lead for Mississauga, Ont.-based Microsoft Canada Co. “Globally, we’ve seen a decline in the second half by about 15 per cent in terms of vulnerabilities, but a big shift in terms of where those vulnerabilities have been impacting people’s lives. We’re seeing more critical vulnerabilities, but the requirement for exploiting those has become a lot more complex.”
Trojan Downloaders topped the list of malicious software in Canada at close to 41 per cent, followed by Trojans, exploits, backdoor malware and worms. In terms of top unwanted software in Canada, adware ranked first at 53 per cent, and the Zlob Trojan Downloader jousted with Hotbar for the biggest threat.
“We’re seeing these things making their way through things like Web sites rather than viruses getting transferred by e-mail,” Cowper said. “Hotbar in itself has increased in terms of what we’re seeing on Canadian computers by 645 per cent in the second half of last year.”
Because a lot of malware is being transported via the Web, Cowper said good IT security comes down to how organizations filter the types of information or sites that people access.
“The general awareness needs to be around these pieces of malicious software coming through things like third-party applications or e-mail, where you’ve got phishing e-mails or junk e-mails that people are opening up. Filtering e-mail becomes very important,” he said, adding that, “Companies need to look at how they protect users against accidentally clicking on a button, because with high infection rates of specific pieces (of malware) like Hotbar, they become the targets. That’s the low-hanging fruit in terms of software restriction.”
While Microsoft is hoping IT managers will pay close attention to the statistics in its report, an Australian company called PC Tools recently questioned the idea of threat lists used by many security companies to warn of current malware attacks.
The problem, according to the Australian company, is that the lists — which are now regularly issued by almost every security software company – measure volumes rather than the underlying danger of a particular type of malware.
PC Tools, itself an anti-malware vendor in the same space, dismisses them as being “of no practical use for the security industry or consumers,” and, not surprisingly, advocates its own ThreatExpert analysis system that cross-references volume with other factors such as the design complexity of a threat, its innovation, and its payload.
Examples of threats that regularly turn up on some lists but which pose relatively little danger include the four year-old Netsky, and the packer NSAnti, which itself is merely a means of hiding malware, and shouldn’t even appear on such lists at all, the company said.
“Threat analysis is highly complex. There was a time when volume alone was an acceptable indicator of the level of threat. But the threat landscape has changed significantly and there are a number of additional parameters, besides volume, which are equally, if not more important in identifying and classifying top threats,” said PC Tools CEO, Simon Clausen.
-With files from IDG News Service