Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Microsoft: Our protection metrics – October results

27 Nov 2013   #1
Microsoft MVP

64-bit Windows 10 Pro
Microsoft: Our protection metrics – October results

​ ​Last month we introduced our monthly protection metrics and talked about our September results. Today, we’d like to talk about our results from October. If you want a refresh on the definition of the metrics we use in our monthly results, see our prior post: Our protection metrics – September results.

During October 2013, while our rate of incorrect detections remained low, and our performance metrics stayed fairly consistent, the infection rate of 0.18 percent was higher in comparison to the average daily infection rate of 0.1 percent in the first half of the year.

In September, we talked about a family called Win32/Sefnit that was the driver behind the increase in our infection rate. We mentioned that the distributors of Sefnit are using some sneaky techniques to infect computers. This includes programs that install legitimate software, and occasionally install legitimate software with bonus material (Sefnit). Many of these installer programs were previously determined to be clean. However, with this change in behavior (installing the Sefnit malware), they now meet our detection criteria.

Sefnit is a bot that can take instructions from remote servers to do practically anything. We’ve observed it using infected computers for click fraud, which makes money by pretending to be a person clicking on ads from your computer or by redirecting your search results. It may also abuse your computer’s resources through Bitcoin mining.

The two installer families related to Sefnit that were behind the high active infection rate in October are Win32/Rotbrow and Win32/Brantall. Rotbrow is a program that claims to protect you from browser addons. Brantall pretends to be an installer for other, legitimate programs. Brantall might install those legitimate programs as well as malware. These previously legitimate software programs were prevalent in comparison to most malware families, and so most of our detections in October were on active infections.

The Malicious Software Removal Tool, which scans 600-700 million computers each month, has found and removed more than two million Sefnit infections on computers protected by current, real-time antimalware during the past two months. Until our antimalware partners target not only Sefnit, but also the Sefnit installers, people may struggle with reinfections.

Like us, many antimalware vendors have previously classified these programs as clean or potentially unwanted rather than high or severe malware. We’ve even had a tester ask us recently if our detection for one of these programs was an incorrect detection. Based on the installation of Sefnit, these programs absolutely meet our detection criteria, even if they had previously developed a reputation as a clean program.

We’ve identified related samples for our antimalware partners so that they can protect their customers against these threats if they have not already.

If you want to check your computer for Rotbrow or Brantall, you can install Microsoft Security Essentials, enable Windows Defender (on Windows 8), or use the Microsoft Safety Scanner if you already have current antimalware installed. They’re all provided to you for free to make good on our pledge to help keep you all safe. You can read more about our security software on the Microsoft Malware Protection Center website.

Our goal is to provide great antimalware solutions for our consumer and business customers. I hope this blog demonstrates how committed we are in raising the bar for ourselves and others in the industry for doing so. We're monitoring our results, performance, and progress closely, prioritizing for real threats that might affect our customers and applying lessons learned to make our products even better. Plus, we support our antimalware partners in order to build a strong ecosystem to fight malware – the true adversary. More next month!

Holly Stewart

Source: Our protection metrics ? October results - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec

27 Nov 2013   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick

Thanks Brink...

The Microsoft Safety Scanner is an interesting tool, that by no means is small at 90 MBs. It detected that I've modified my hosts file and reset the content to default, since I've let the change take place:

# AutoGenerated by Microsoft (R) Malware Protection Engine.
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# # source server
# # x client host localhost
::1 localhost
It's the first scanner that actually detected this change....
My System SpecsSystem Spec
01 Dec 2013   #3
Layback Bear

Windows 7 Pro. 64/SP-1

I use Microsoft's Security Scanner and I don't know why one wouldn't use it.
I believe that Microsoft know it's operating system better than anyone.
Therefor checks things that other program might not.
It never finds anything and I'm thinking because of the other security methods I use. It never hurts to check security with more than one program and or method.
I do wonder if Microsoft Security Essential does the same scan that Microsoft Security Scanner does.
Because I don't know I use both along with other security programs.
My System SpecsSystem Spec


 Microsoft: Our protection metrics – October results

Thread Tools

Similar help and support threads
Thread Forum
No, Microsoft isn't killing Windows 7 on October 31st 2014
Malware Protection metrics – November results
Source: Protection metrics ? November results - Microsoft Malware Protection Center - Site Home - TechNet Blogs
Security News
Microsoft malware protection metrics - September results
Source: Our protection metrics - September results - Microsoft Malware Protection Center - Site Home - TechNet Blogs
Security News
Microsoft security bulletin for October 8 2013
Microsoft security bulletin for October 8 2013 Note: There may be latency issues due to replication, if the page does not display keep refreshing Today Microsoft released the following Security Bulletin(s). Microsoft Security Bulletin Summary for October 2013 Note: Security for IT Pros and...
Windows Updates & Activation
Microsoft confirms October 25 launch for Windows 8
Read More
Microsoft Giving Away Free Windows 7 On October 16, 2010
Microsoft Giving Away Free Windows 7 On October 16, 2010 It seems that Microsoft and Facebook integration goes much deeper than Bing search engine. Following their one day special "I'm a PC", where the company offered 50% off list price on all computers if you purchased Windows 7 Family Pack -...

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 23:25.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App