IT Forum: Threat Research and Response

Vinny Guloto, General Manager for the Malware Protection Centre, presented today on the work that the centre is putting into the world of threat research, and both reactive and proactive response.

One of the interesting slides that Vinny used was about the history of development of industry standards in anti-virus development, and how the anti-virus marketplace has grown. It was broken down into:

  • 1986 - 1990
    Very few viruses existed, and researchers in virus protection worked alone within their individual companies.
  • 1990-1995
    Anti-virus organisations started to share information, and formed groups to build a common language, and started effective sharing across the industry. The AVPD created the "wildlist" and "wildcore" - starting to share standard signatures across the 20,000 viruses that were loose around the world at that time. This was pretty important to everybody - if you don't have all the viruses available, how can you develop detection and defence against it? (And, you don't want your AV software to rely on you being infected before they can work out how to prevent it!)
  • 1995-2005
    All certified Anti-Virus software has to be able to detect all wildcore samples - a list which is expanding by 20-30 categories every month.
    By this time, the virus distributions (ie the virus signatures shared between anti-virus companies) exceeds the gigabyte mark for the first time.
  • 2005-2007
    The Anti-Virus Coalition was formed. One of the shifts much more visible now, is that developing countries tend to be harder-hit by viruses as they come online. In India, China etc, the level of infections tend to be higher, because they are going through the learning experience we all went through before (When did you realise that you couldn't run a machine without virus protection?).
    Today there are 225,000 - 300,000 viruses in circulation.

More than 3,400 new software vulnerabilities were reported in the first 6 months of this year (please note, this isn't 3,400 vulnerabilities in MS software, but across the whole software marketplace that could threaten your PC or data). Seemed like a lot to me, until Vinny explained this is actually a decrease in a six month period for the first time since 2000.

Windows Defender is a piece of free software from MS which looks for things like adware and spyware, rather than specifically "malicious" software - it isn't anti-virus software. Using Windows Defender as an example, he shared some statistics:

  • In the first six months of 2007, it detected 50 million pieces of potentially unwanted software
    • 16 million items of Adware
    • 7 million items of "potentially unwanted software"
    • 6.5 million Trojans
    • 3 millions items of "remote control" software

After the presentation, it is often the Q&A which contains a startling revelation. And this session was no different. Following a question about how things are changing, he threw in a statistic that was almost a throwaway - that the Malware Protection Centre have found that with Defender, Windows Vista machines have 3 times less "potentially unwanted" software than other Windows machines. Which provides a real life example of the way that the security built into Windows Vista is delivering (silently!) benefits to both the end user and the IT team running their networks.

To read more about the work that Vinny's team do, check out their Microsoft Malware Protection Center Portal

Comments (0)

Skip to main content