Christoph Schneegans
2013-05-10 15:12:17 UTC
Hallo allerseits!
Microsoft hat unter
<http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_English.pdf>
den Security Intelligence Report 14 veröffentlicht. Ein Kapitel heißt
"Running unprotected: Measuring the benefits of real-time security
software". Die Autoren haben Telemetrie-Daten des Malicious Software
Removal Tools ausgewertet und festgestellt, daß Windows-Systeme mit
einer "up-to-date real-time antimalware protection" von einem
"reputable vendor" viel seltener von Schadsoftware befallen werden als
solche ohne:
"New data analyzed by Microsoft reveals the magnitude of the
additional risk that such computers and their users face: in the
second half of 2012, computers that did not have real-time
antimalware protection were more than 5 times as likely to be
infected with malware and potentially unwanted software as computers
that did have protection."
Möglicherweise erlauben die Telemetrie-Daten keine Aufschlüsselung,
jedenfalls scheren die Autoren alle Systeme, auf denen kein aktuelles
Antivirenprogramm läuft, über einen Kamm:
"Unfortunately, many computers are not protected by real-time
antimalware software, either because no such software has been
installed, because it has expired, or because it has been disabled
intentionally by the user or secretly by malware. (...) A number of
prevalent malware and potentially unwanted software families are
capable of disabling some security products, potentially without the
user even knowing. Other users may disable or uninstall security
software intentionally because of perceived performance issues, a
belief that protection is not necessary, or a desire to run programs
that would be quarantined or removed by security software. In other
cases, users lose up-to-date real-time protection when they don't
renew paid subscriptions for their antimalware software, which may
come pre-installed with their computers as limited-time trial
software."
Daß ein System, auf dem Schadsoftware das Antivirenprogramm lahmgelegt
hat, häufig von ebendieser Schadsoftware befallen ist, ist ja nun
keine Überraschung.
Die Autoren äußern sich auch zu "expert users", die glauben, sie
bräuchten kein Antivirenprogramm:
"With attackers becoming ever more proficient at exploiting software
vulnerabilities and trusted relationships to spread malware in
unexpected ways, it is dangerous for even expert users to assume
that they will be able to detect threats on their own without the
help of real-time protection before being affected by them."
Ich halte mich ja für einen "expert user", aber ich habe bislang nicht
gewußt, daß ich ständig irgendwelche "threats" im Auge haben muß.
Tatsächlich weiß ich nicht, was die überhaupt meinen.
Am Ende klingt es dann wieder sehr nach Gebetsmühle:
"Simply installing and using real-time antimalware software can help
individuals and organizations reduce malware infection by more than
80 percent."
Also alles ganz einfach! Die Autoren verwechseln hier außerdem
Kausalität und Korrelation.
(Bitte Followup-To-Header beachten.)
Microsoft hat unter
<http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_English.pdf>
den Security Intelligence Report 14 veröffentlicht. Ein Kapitel heißt
"Running unprotected: Measuring the benefits of real-time security
software". Die Autoren haben Telemetrie-Daten des Malicious Software
Removal Tools ausgewertet und festgestellt, daß Windows-Systeme mit
einer "up-to-date real-time antimalware protection" von einem
"reputable vendor" viel seltener von Schadsoftware befallen werden als
solche ohne:
"New data analyzed by Microsoft reveals the magnitude of the
additional risk that such computers and their users face: in the
second half of 2012, computers that did not have real-time
antimalware protection were more than 5 times as likely to be
infected with malware and potentially unwanted software as computers
that did have protection."
Möglicherweise erlauben die Telemetrie-Daten keine Aufschlüsselung,
jedenfalls scheren die Autoren alle Systeme, auf denen kein aktuelles
Antivirenprogramm läuft, über einen Kamm:
"Unfortunately, many computers are not protected by real-time
antimalware software, either because no such software has been
installed, because it has expired, or because it has been disabled
intentionally by the user or secretly by malware. (...) A number of
prevalent malware and potentially unwanted software families are
capable of disabling some security products, potentially without the
user even knowing. Other users may disable or uninstall security
software intentionally because of perceived performance issues, a
belief that protection is not necessary, or a desire to run programs
that would be quarantined or removed by security software. In other
cases, users lose up-to-date real-time protection when they don't
renew paid subscriptions for their antimalware software, which may
come pre-installed with their computers as limited-time trial
software."
Daß ein System, auf dem Schadsoftware das Antivirenprogramm lahmgelegt
hat, häufig von ebendieser Schadsoftware befallen ist, ist ja nun
keine Überraschung.
Die Autoren äußern sich auch zu "expert users", die glauben, sie
bräuchten kein Antivirenprogramm:
"With attackers becoming ever more proficient at exploiting software
vulnerabilities and trusted relationships to spread malware in
unexpected ways, it is dangerous for even expert users to assume
that they will be able to detect threats on their own without the
help of real-time protection before being affected by them."
Ich halte mich ja für einen "expert user", aber ich habe bislang nicht
gewußt, daß ich ständig irgendwelche "threats" im Auge haben muß.
Tatsächlich weiß ich nicht, was die überhaupt meinen.
Am Ende klingt es dann wieder sehr nach Gebetsmühle:
"Simply installing and using real-time antimalware software can help
individuals and organizations reduce malware infection by more than
80 percent."
Also alles ganz einfach! Die Autoren verwechseln hier außerdem
Kausalität und Korrelation.
(Bitte Followup-To-Header beachten.)
--
<http://schneegans.de/computer/safer/> · SAFER mit Windows
<http://schneegans.de/computer/safer/> · SAFER mit Windows