Microsoft claims 1 in 14 downloads are malicious

In a very bold statement, Microsoft has claimed that 1 in 14 downloads made are somewhat malicious, and that five percent of users ignore browser warnings and proceed to download malware anyway. These facts have been highlighted in a recent report by Microsoft that states how great their SmartScreen browser defense is, which claims to have blocked 1.5 billion website-based malware installs since the release of IE8.

The SmartScreen filter, which was expanded in IE9 to warn users of potentially dangerous applications, apparently has between a 25-70% success rate at identifying 0-day malware. This filter, despite having a fairly high false-positive rate, doesn't warn users for 90% of program downloads.

These numbers, especially the 1/14 downloads and 1.5 billion blocked malware installs, seem unusually high, the latter of which indicates that 75% of all Internet users in the world have been saved from a malware install by IE8+ at least once. According to NetMarketShare, 35% of browsers in April 2011 were either IE8 or IE9, which makes the 1.5 billion blocks jump to two attempted malware installs per IE8/9 user.

Now let’s take that number even further. Microsoft claims that one in 14 downloads are malicious; this means that, as IE8/9 users download one piece of malware each per year (whether they choose to or not), those users only download 14 files per year  when you assume IE8/9 successfully blocks all attempts. This number is even less when you factor in that just 25-70% of malware IE identifies is actually malware (~7 downloads in total per year per user).

These numbers just seem too high to be correct, which could indicate upwards of 3 billion attempted malware installs per year over every browser. This means that one in two humans living on Earth, regardless of whether they actually have an internet connection or not, attempt to (unwillingly) infect their computer with one malware every year. Microsoft, something isn't quite right.

Report a problem with article
Previous Story

Microsoft to replace older Xboxes that cannot read new game format?

Next Story

Linked inbox and updated people tile shows up in WP7 press image

26 Comments

View more comments

Teebor said,
I don't believe this. More than 1 in 14 people download Microsoft products

With the keywords being: "somewhat malicious", it would be impossible to argue that you're wrong. ;-)

mikiem said,

With the keywords being: "somewhat malicious", it would be impossible to argue that you're wrong. ;-)

lol

Some people really are ignorant to on screen warnings, they just skip anything that pops up regardless of what it says. No wonder they have malware, crap toolbars, etc. on their machines.

You are one of the best defences against malware etc. Be a savvy user.

Thing is you can't skip the smartscreen scan on IE9, well it doesn't for me, which makes it annoying for false positives. It basically just deletes the file straight away and says its malicious.

SuperKid said,
Thing is you can't skip the smartscreen scan on IE9, well it doesn't for me, which makes it annoying for false positives. It basically just deletes the file straight away and says its malicious.

No, IE9 wont let you open malicious files through IE but if you open the download folder you can open file there.

SuperKid said,
Thing is you can't skip the smartscreen scan on IE9, well it doesn't for me, which makes it annoying for false positives. It basically just deletes the file straight away and says its malicious.

The problem is with developers who don't properley digitally sign software packages.

I would call any software that you download that on install attempts to install a unnecessary toolbar 'somewhat malicious', so maybe that's where this warped figure is coming from.

chadlachlanross said,
I would call any software that you download that on install attempts to install a unnecessary toolbar 'somewhat malicious', so maybe that's where this warped figure is coming from.
yeah I hate people who download crapware and during install, they just click Next when asked if they want to install toolbar.

chadlachlanross said,
I would call any software that you download that on install attempts to install a unnecessary toolbar 'somewhat malicious', so maybe that's where this warped figure is coming from.

I agree, which brings up an interesting topic: Microsoft software is "somewhat malicious" as a lot of their products now try to install the crappy and bloated "Bing Toolbar".

Obviously most of us here don't make this mistake. It'll mostly be people who find technology difficult and don't gain enough experience to have any common sense on a computer.

Meph said,
Obviously most of us here don't make this mistake. It'll mostly be people who find technology difficult and don't gain enough experience to have any common sense on a computer.

Which equates to the VAST majority of users!

how the hell do they come up with these numbers?

seriously, how?

Just a few links down on the main page with the french hack, there are random users created on torrents to pose as people, gather data, most of this ****, if everyone does it, is hard to process and interpret, the error margin (though small, say 0.001%) amounts to more or less? than tat 1 in 14, really? ludicrous

zeta_immersion said,
how the hell do they come up with these numbers?

seriously, how?


My first guess would be from log files.

DonC said,

My first guess would be from log files.

70+ services in vista/windows 7 transmit constant data to Microsoft, IE blocking sites is part of the data, as are viruses found during MRT / MSE run.....

Whether it's actually 1 out of every 14 or not, one thing is for sure: many people who have Internet connections really have no clue what they're downloading and allow almost anything. A friend of mine that worked in IT with security said that there are some people who, if they got an email message saying "The attached file is a virus - don't open it" they would still open it and get infected. At times it can be hard to comprehend the level of dumb there is out there among many computer users.

You have to understand how ignorant (and sometimes stupid) a lot of users are. The dumbest 10% are probably downloading 60% of the malware cited. These are the same people who call (and work for) Geek Squad.

A lot of people are just unaware of the threats out there. Is it because they're ignorant? I don't think so; it's because they aren't aware of the threats out there and people will scam you on the internet just as they will in the real world. A lot of my friends end up with a lot of spyware, and I always take the time to teach them how to protect themselves from future threats.

Whether people want to admit it or not, a lot of us made these same mistakes when we first got on the internet. I know I did, and I know my sister did. I had to teach her about internet security and how to prevent her from getting her computer infected from future attacks. When I first got on the internet I always ended up with a lot of spyware until I learned to ignore these security popups and to never open e-mails unless it's from someone you know and trust.

Now I frequently write articles about internet security and how to protect yourself just to share the knowledge to help teach others about how to keep themselves from becoming infected.

GollyJeeWizz said,
A lot of people are just unaware of the threats out there. Is it because they're ignorant? I don't think so; it's because they aren't aware of the threats out there and people will scam you on the internet just as they will in the real world. A lot of my friends end up with a lot of spyware, and I always take the time to teach them how to protect themselves from future threats.

Whether people want to admit it or not, a lot of us made these same mistakes when we first got on the internet. I know I did, and I know my sister did. I had to teach her about internet security and how to prevent her from getting her computer infected from future attacks. When I first got on the internet I always ended up with a lot of spyware until I learned to ignore these security popups and to never open e-mails unless it's from someone you know and trust.

Now I frequently write articles about internet security and how to protect yourself just to share the knowledge to help teach others about how to keep themselves from becoming infected.

Ignorant is an innocuous term which means one is unaware. It's not the same thing as calling someone stupid, ignoramus, or even "ignunt."


which makes the 1.5 billion blocks jump to two attempted malware installs per IE8/9 user

Wow! Who knew that using the latest IE incarnations could be so hazardous. I guess it's time to at a minimum, dump IE in favour of other browsers.

I never have any botnet/malware/virus/rootkit/keylogger problems on Ubuntu like I've seen on Windows. I'm really surprised anyone still trusts it with all their personal information.

Flawed said,

Wow! Who knew that using the latest IE incarnations could be so hazardous. I guess it's time to at a minimum, dump IE in favour of other browsers.

I never have any botnet/malware/virus/rootkit/keylogger problems on Ubuntu like I've seen on Windows. I'm really surprised anyone still trusts it with all their personal information.


Ban this troll please.

I believe those numbers as a fair average. I have a couple family members and friends that are always clicking on download links and infecting their computers enough to make this statistic true. You guys are bashing on IE's browser, which has improved dramatically but, it is one of the safest browsers and includes download security that warns you about malicious downloads and isolates them. Chrome has just come up with this feature but, it is in beta and has not been finally released yet.

The best thing that someone can do is make sure that they have the latest version of their browser(http://www.softwarecrew.com/20...ith-our-top-tips-and-tools/ ) and also make sure that they have a good AV software program installed.

Cheers

the problem is that most people who use their computer don't know how to check their files before using them.
it seems that you have have to be a computer enthusiast or expert in order to not only make your antivirus effective but to know the difference between a legit download, a fake one, and a malicious one.
I haven't had a virus in 3 years since the Virut.B and its because of that horrible experience that I'm more attentive to those things.

Commenting is disabled on this article.