Chapter 7: Vista Client Protection


Windows Vista is designed to prevent the local execution of malicious mobile code. Chapter 7 discusses Microsoft's newest initiatives against malware programs, including the Malicious Software Removal Tool, Security Center, Windows Defender, Windows Live OneCare, and Microsoft Fore-front Client Security.

Popularity of Client-Side Attacks

Client-side exploits are always a popular type of malicious attack. However, the present focus on using them for profit is unprecedented. The Microsoft Antimalware Team revealed the following statistics in a free white paper (http://www.microsoft.com/downloads/details.aspx?FamilyId=&displaylang=en) based upon the results from Windows Malicious Software Removal Tool (MSRT), which ran over 2.7 billion times on over 270 million unique computers. Some of the findings are as follows:

  • High-risk malware is found on 1 in 311 computers (i.e., 5.7 million computers)

  • 3.5 million computers had a backdoor Trojan (or 62 percent of infected computers)

  • 9 percent of infected computers had a malicious rootkit

  • Bots (Rbot, Sdbot, and Gaobot) compromise three of the top five popular malicious removals

The detection rate of malicious software (1 in 311 computers) is drastically lower than the overall malware prevalence rate because MSRT does not check for spyware, adware, phishing e-mails, malicious links, and any malware not present in memory (for example, script worms). In light of these findings, it's likely that nearly 100 percent of computers should be considered exposed to malware. However, much of that malware does not remain resident on the computer. For instance, phishing e-mails generally do not infect the computer but prey instead on the user using the computer. The MSRT looks only for the most popular and critical technical threats. Therefore, it greatly underestimates the prevalence of attacks as a whole. When the single category of spyware is added in, for instance, some vendors report that over 80 percent of all consumer PCs are infected (for example, http://www.webroot.com/company/pressroom/pr/state-ofspyware-Q206.html?WRSID=298b2c998c8805c226e2036d13c1d090).

Note 

We would caution you to take any number or statistic from an anti-malware vendor with a grain of salt, however. Anti-malware companies may not see the whole universe of computers, and in any case, they have a vested interest in the numbers appearing as bad as possible. They will sell few copies of their software if the numbers look nice and rosy. Also, Microsoft may be considered as having a vested interest in making the numbers look better than they should, as a bleak picture threatens their eco-system. Therefore, the truth may lay somewhere in between what Microsoft says and what the anti-malware vendors say. The actual number is probably irrelevant, however, and is fluctuating all the time regardless. Notwithstanding any concerns about the specific statistics, it is clear that malware infections are at epidemic proportions.

Over half of all e-mail is spam and 1 in 200 contains malware (http://www.messagelabs.com/publishedcontent/publish/threat_watch_dotcom_en/intelligence_reports/august_2006/DA_173428.html).

Microsoft recommends all personal computer users run antivirus software, anti-spam, anti-spyware, and other software defense tools.



Windows Vista Security. Securing Vista Against Malicious Attacks
Windows Vista Security. Securing Vista Against Malicious Attacks
ISBN: 470101555
EAN: N/A
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net