|27 Nov 2013||#1|
| || |
Microsoft: Our protection metrics – October results
Last month we introduced our monthly protection metrics and talked about our September results. Today, we’d like to talk about our results from October. If you want a refresh on the definition of the metrics we use in our monthly results, see our prior post: Our protection metrics – September results.
During October 2013, while our rate of incorrect detections remained low, and our performance metrics stayed fairly consistent, the infection rate of 0.18 percent was higher in comparison to the average daily infection rate of 0.1 percent in the first half of the year.
In September, we talked about a family called Win32/Sefnit that was the driver behind the increase in our infection rate. We mentioned that the distributors of Sefnit are using some sneaky techniques to infect computers. This includes programs that install legitimate software, and occasionally install legitimate software with bonus material (Sefnit). Many of these installer programs were previously determined to be clean. However, with this change in behavior (installing the Sefnit malware), they now meet our detection criteria.
Sefnit is a bot that can take instructions from remote servers to do practically anything. We’ve observed it using infected computers for click fraud, which makes money by pretending to be a person clicking on ads from your computer or by redirecting your search results. It may also abuse your computer’s resources through Bitcoin mining.
The two installer families related to Sefnit that were behind the high active infection rate in October are Win32/Rotbrow and Win32/Brantall. Rotbrow is a program that claims to protect you from browser addons. Brantall pretends to be an installer for other, legitimate programs. Brantall might install those legitimate programs as well as malware. These previously legitimate software programs were prevalent in comparison to most malware families, and so most of our detections in October were on active infections.
The Malicious Software Removal Tool, which scans 600-700 million computers each month, has found and removed more than two million Sefnit infections on computers protected by current, real-time antimalware during the past two months. Until our antimalware partners target not only Sefnit, but also the Sefnit installers, people may struggle with reinfections.
Like us, many antimalware vendors have previously classified these programs as clean or potentially unwanted rather than high or severe malware. We’ve even had a tester ask us recently if our detection for one of these programs was an incorrect detection. Based on the installation of Sefnit, these programs absolutely meet our detection criteria, even if they had previously developed a reputation as a clean program.
We’ve identified related samples for our antimalware partners so that they can protect their customers against these threats if they have not already.
If you want to check your computer for Rotbrow or Brantall, you can install Microsoft Security Essentials, enable Windows Defender (on Windows 8), or use the Microsoft Safety Scanner if you already have current antimalware installed. They’re all provided to you for free to make good on our pledge to help keep you all safe. You can read more about our security software on the Microsoft Malware Protection Center website.
Our goal is to provide great antimalware solutions for our consumer and business customers. I hope this blog demonstrates how committed we are in raising the bar for ourselves and others in the industry for doing so. We're monitoring our results, performance, and progress closely, prioritizing for real threats that might affect our customers and applying lessons learned to make our products even better. Plus, we support our antimalware partners in order to build a strong ecosystem to fight malware – the true adversary. More next month!
|My System Specs|
|27 Nov 2013||#2|
| || |
The Microsoft Safety Scanner is an interesting tool, that by no means is small at 90 MBs. It detected that I've modified my hosts file and reset the content to default, since I've let the change take place:
# AutoGenerated by Microsoft (R) Malware Protection Engine.
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 188.8.131.52 rhino.acme.com # source server
# 184.108.40.206 x.acme.com # x client host
|My System Specs|
|01 Dec 2013||#3|
| || |
I use Microsoft's Security Scanner and I don't know why one wouldn't use it.
I believe that Microsoft know it's operating system better than anyone.
Therefor checks things that other program might not.
It never finds anything and I'm thinking because of the other security methods I use. It never hurts to check security with more than one program and or method.
I do wonder if Microsoft Security Essential does the same scan that Microsoft Security Scanner does.
Because I don't know I use both along with other security programs.
|My System Specs|
|Similar help and support threads for2: Microsoft: Our protection metrics – October results|
|Microsoft malware protection metrics - September results||Security News|
|Microsoft security bulletin for October 8 2013||Windows Updates & Activation|
|Microsoft confirms October 25 launch for Windows 8||News|
|Microsoft Giving Away Free Windows 7 On October 16, 2010||News|
|Microsoft Bluetooth Mobile Keyboard6000 set for October||Hardware & Devices|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 01:40 AM.