Windows 7 - New malware scanner finds 5% of Windows PCs infected

New malware scanner finds 5% of Windows PCs infected

Java exploits remain biggest threat to PCs, says Microsoft

By Gregg Keizer
May 27, 2011 11:58 AM ET

Computerworld - One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said this week.

Microsoft cited that statistic and others from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12.
The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft's Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8%.

On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.

Of the top 10 threats found by Safety Scanner, seven were Java exploits, said Scott Wu and Joe Faulhaber of the MMPC, in a blog post. Wu is a program manager with the MMPC, while Faulhaber is a software engineer.

That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.

Microsoft blamed exploits of just two vulnerabilities in Oracle's Java for generating 85% of all Java attacks in the second half of 2010. Not surprising, those same two vulnerabilities ranked No. 1 and No. 6 in the Safety Scanner top 10.

Interesting but a rather large file.....65+/- mb

Microsoft Safety Scanner is NOT an anti-virus program and therefore does not replace a proper real time anti-virus client such as Microsoft Security Essentials. What it is though, is a tool that you can use to remove viruses on computers that don't have anti-virus software or where the regular anti-virus software was disabled by the virus (it does happen, which is why anti-virus software is only a second defence and not an excuse for bad security practice). So quite commonly the virus you get infected with will render your computer useless and will block the use of most tools that it believes you could use to remove it (Task Manager, Command Prompt, Internet Explorer etc) and the only way to gain some type of control of the computer is to reboot it into Safe Mode which will cripple the virus in some ways (because Safe Mode only loads the bare essentials that Windows needs to run and the files the virus needs to run aren't these). The problem with Safe Mode is, you can't really install or uninstall much software, because the services needed to do this (most notably the Windows Installer service) aren't enabled.

Therefore you need something that is designed to be installed in Safe Mode (such as Malwarebytes) or something that is a packaged file that can be run without installation. You also need something that isn't dependant on connecting to the internet to check for the latest virus definitions, because that isn't always an option because firstly the internet doesn't always work in Safe Mode, but also because the virus may have damaged files needed to get on the internet. Microsoft Safety Scanner meets both of these requirements.