Microsoft: 1 out of every 14 downloaded programs is malware

http://www.techspot.com/news/43858-microsoft-1-out-of-every-14-downloaded-programs-is-malware.html

 

WoW That's a heck of a lot more than i would have expected.

 

And that's why screening downloads the way that Chrome and IE9 do is so important.

 

I find that number very hard to believe. I wouldn't even try to guess how many hundreds of files and apps I've downloaded over the last few years. None of them were malware. It does make me wonder just what their reputation based "detection" would say about a lot of them, but I'm definitely not going to install Internet Explorer and download them all again just to find out. I'd bet a good percentage of that "malware" is legitimate apps that they and their associates don't approve of.

 

There's a difference between identified malware and programs without reputation. This is identified malware blocks from what I can see.

 

The internet is a dangerous place, as everyone here knows.

 

Well, I've been using the internet for many (I forget how many) years, and I've always thought that the internet is as safe or dangerous as the user makes it.

I also find that number hard to believe. Without a breakdown as to "socially engineered" malware sites vs
"legitimate" (so-called) that statistic has no meaningful value for the reader.


-rich

 

The internet isn't as safe as the average user thinks and it's not as dangerous as the average wilderssecurity user thinks =p

 

total ~ Snipped as per TOS ~ scare mongering

 

Agreed.

+1.

 

I wonder if such "studies" will generate false confidence in a subset of users.

 

I guess there will always be skeptics, even when the facts are presented, "malware attacks". This is identified malware that is on SmartScreen's list, unless you're trying to suggest IE8 also has file reputation.

This is results taken from IE8 and IE9 which covers quite a broad spectrum of internet users, so it is believable.

Last I checked the definition of malware attack, it didn't equal "downloads without reputation". Also note "since the release of IE8", when reputation didn't exist.

 

Most definitely.

 

Interesting article to say the least.

 

"Security researcher slams Microsoft over IE9 malware blocking stats" :

https://www.computerworld.com/s/art...over_IE9_malware_blocking_stats?taxonomyId=17

 

@ Dermot7

Thanks for posting

 

I'd be curious to see just what files it flags. Bet it would include P2P apps, unofficial upgrades, and other tools they don't approve of. I don't have IE9 and am not getting it, but it wouldn't take much to find out. If someone who has it would download, WinPcap, NMAP, KernelEX, and a few similar but legitimate tools, it would answer this.

I'd also question what they call a "malware attack". Reminds me of the old versions of NIS that alerted the user to every lousy port scan, telling them it blocked an attack. If I remember right, it called them WinCrash back then.

Making decisions based on reputation might be OK for those users who don't know one app from another and have no clue on how to tell a good app from a bad one. For any knowledgeable user who knows how to monitor an install, reputation is of no value.

 

Has it taken into account the users of systems that they pull the results from?

Meaning, if they were to monitor my files, they would likely see very few malware samples, lets pretend and say 1 in 100. If they monitored my father-in-law, they might see the 1 in 14, or maybe even 1 in 5

I have no doubt there are many malicous files out there today, but I have serious doubts that those type of numbers apply to any but the most basic of users - those who tend to click on the "You've Won!" prompts

Sul.

 

That's right, no way in the world can those type of stats be determined from users who exercise common sense in their download habits.

 

Elapsed will hunt me down for this but we are talking of users of Internet Explorer

 

It looks more like an ad for IE9.

 

LOL! good point

 

Hmmm...

 

If you have to "exercise common sense" than your security setup has failed.

 

If that number is correct then there must be people out there downloading nothing but malware as I rarely see any. Does this number account for false positives? I have seen more of those than actual malware.