Tunnel Vision
My uncle had this uncanny ability to swoop down and pluck a four-leaf clover without ever missing a step. This wasn't an occasional occurance; it happened pretty much every time we took a walk together when I was a child. I asked him once how he was so easily able to see the four-leaf clovers when most of us could only readily see the three-leaf variety. His reply, "What you see in your mind is what you will see in reality". He had 'programmed' himself to only see four-leaf clovers, so he simply never noticed the threes.
The same can be said of security vendors. They only see what their respective technologies have been programmed to see and thus that is what they report on. It's always good to remember this point when evaluating the information outflow, particularly in critical matters such as security.
I was reminded of this important lesson again this week after reading a news report asserting that "Zlob is among the most common type of Trojan downloaded onto Windows machines." The assertion was based on data collected by Microsoft's Malicious Software Removal Tool (MSRT). But the MSRT is only programmed to see 111 (as of today's date) malware families. Yet the number of active malware families in 2006 was 2,232 according to GData. And that number has likely surged significantly in the two years since. In April 2008, F-Secure reported they were logging 25,000 new malware samples per day. It seems rather obvious that if the number of individual malware has increased so dramatically, so have the number of active families. In any event, even at the 2006 figure, the 111 represents only 5% of total active families.
In other words, Zlob is not "among the most common type of Trojan downloaded onto Windows machines". Instead, Zlob is among the most common malware detected by the MSRT, which currently detects only about 5% of active malware families.
This is not just a case of reporting what is seen, it’s a deliberate & ongoing mindset that we will be sold some “spin” rather than provide us with info properly evauated to be worthy of our attention & thus of use in building our understanding.
It is tragic that MS continues to “lead” in such duplicity.
Pretty much the same as we have come to expect from the public pronouncements of our politicians.
You’d think that Microsoft selects the most prevalent families for inclusion into MSRT.
Perhaps another “spin” is that 5% of malware families are responsible for a majority of malicious installations.
Anyone have stats on which families are most prevalent?
If MSRT is reporting back a set number of malware to target, how does new malware get added to MSRT detection?
Biased, and skewed conjecture.
PN, Speaking of bias, it’s probably best to remember IP addresses get logged. Also good to remember to use the same consistent email alias if trying to spoof something.
I’ll stand by my comments which, as you know, are accurate.