Linked by David Adams on Thu 30th Sep 2010 20:38 UTC, submitted by fran
Bugs & Viruses "To mark the first anniversary of Microsoft Security Essentials, the company has released some sobering statistics it has gathered during the past year via the free anti-malware software. According to Microsoft, Security Essentials has been installed on 31 million computers worldwide. Out of that group, 27 million users reported malware infections during the year."
Thread beginning with comment 443328
To read all comments associated with this story, please click here.
MSE is a decent effort, but the task is huge
by lemur2 on Thu 30th Sep 2010 23:35 UTC
lemur2
Member since:
2007-02-17

Whenever someone asks me to fix their Windows machine, and they insist they want a Windows machine and not just a computer to surf the web, I generally install MSE. Most machines can run it without grinding to a complete halt. MSE seems to be a fairly reasonable effort insofar as it goes, there is nothing to complain about it really in comparison with any other security program. I actually use it and recommend it above other options now.

However, I wonder how long this can continue. As I understand it, anti-malware software scans a machine for malware that has already infected the machine, and it tries to remove that malware ... it is more of an attempt to diagnose and cure rather than prevent. Now as I understand it, there is normally an initial scan, an "on-demand" scan and a background scan process going on. This means that when first installed the entire disk is scanned against every virus signature, and then each program is re-scanned whenever it is loaded, and there is also a process that continuously but slowly re-checks the entire disk in the background.

This is not good news for Windows PCs. Every time I install or repair a Windows PC, even though the machines themselves are getting faster I notice their performance is dropping. Windows machines take ages to boot, ages to update, ages to install new software, and there is backgrond disk activity and net activity going on all the time.

I think I know why:
http://www.jonboy60.com/2010/09/26/99-4-percent-of-malware-is-aimed...
http://www.theregister.co.uk/2010/09/13/malware_threat_lanscape/

Apparently there are going to be about two million new pieces of malware for Windows just this year alone. Two million. The rate of new malware has apparently doubled since last year. Doesn't this mean that in order to keep up to date, two million new virus definitions have to be added to anti-malware databases for just this year alone? Doesn't every program installed on the disk have to be re-scanned by the background process against these two million new definitions? Aren't there now an additional two million new patterns to be searched on every on-demand program load?

Oh my. No wonder even new Windows machines are staggering to achieve even modest performance.

Seriously, isn't it time people started to call this for what it is? This is surely a losing battle if ever there was one.

Four million new malware pieces next year?

Edited 2010-09-30 23:36 UTC

Reply Score: 3

darknexus Member since:
2008-07-15

Certainly it's a losing battle. Windows is embattled right now due to it being the dominant player. If *NIX were to rise to the top someday, I guarantee you that the battle would be just as nasty. These people go after Windows not because it's inherently less secure (although the defaults are) but because that's where they'll hit the most number of users. Most malware these days isn't even a traditional worm or trojan, but a social engineering effort. Here, click this link in this fake greeting card email... woops, your system is infected but if you give us your credit card number we can remove it, etc. Whichever dominant platform will always have to be fighting a battle against these malware writers, and it will be a losing battle regardless of platform. The only way we'll win the battle regardless is for people to get a little common sense and not click links in emails they don't recognize or run files they didn't download, but common sense seems to be on the decline.

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

Not only is most malware installed voluntarily but there is still a huge problem with people having older versions of XP installed with updates off.

It's an easy numbers game for criminals to play, they don't even have to go poking around for holes.

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

Certainly it's a losing battle. Windows is embattled right now due to it being the dominant player. If *NIX were to rise to the top someday, I guarantee you that the battle would be just as nasty. These people go after Windows not because it's inherently less secure (although the defaults are) but because that's where they'll hit the most number of users. Most malware these days isn't even a traditional worm or trojan, but a social engineering effort. Here, click this link in this fake greeting card email... woops, your system is infected but if you give us your credit card number we can remove it, etc. Whichever dominant platform will always have to be fighting a battle against these malware writers, and it will be a losing battle regardless of platform. The only way we'll win the battle regardless is for people to get a little common sense and not click links in emails they don't recognize or run files they didn't download, but common sense seems to be on the decline.


This argument is often put forward, but it ignores a "paradigm shift" that could be possible.

Malware can only exist if it can be hidden. It must be possible to distribute and install software such that the functions the software contains are knowable only to the author. In this way a malevolent author can embed functions which suit his or her nefarious purpose, but which are decidedly not in the interests of the owner of the target machine.

So what is required is a "paradigm shift" towards a situation where only software that can be vetted by anyone and everyone who owns a machine can be installed on a given machine. It doesn't require everyone to actually vet software, it requires only a small percenatge of people to actually vet software. What needs to be assured is that there are people who did not write the software, who can and have vetted the software, and who use it themselves.

If everyone is able to tie down their machines so that ONLY software which is openly vetted as described above can be installed, then malware can't exist on such machines. This won't entirely eliminate malware, as any system can have holes and leaks, but it would reduce the scope of the problem from literally millions down to perhaps tens of pieces of malware that have to be explicitly secured against.

"Here, click this link in this fake greeting card email... woops, your system is infected but if you give us your credit card number we can remove it, etc." ... becomes instead ... "Here, click this link in this fake greeting card email... System warning: attempt to install unsigned software has been prevented."

Windows is a million miles away from such an arrangement. Other systems are much closer to being able to ensure this.

If I may be a little cheeky:
http://www.freesoftwaremagazine.com/files/www.freesoftwaremagazine....

Edited 2010-10-01 02:02 UTC

Reply Parent Score: 3