For every 300 PCs, 1 houses malware

Microsoft Corp. is set to release research on Monday showing, among other things, that its security tools find malicious software on about 1 in every 311 times it scans a PC.

The research is part of a major report on security trends that Microsoft plans to release Monday at its TechEd user conference in Boston.

Microsoft's data is remarkable because it comes from such a large sample group, the more than 270 million users of the Windows Malicious Software Removal Tool, which ships with Windows.

Between January 2005 and March 2006, this tool was used to remove 16 million pieces of malware from 5.7 million computers. The software has been used to scan systems 2.7 billion times during this period, and on average, it finds something malicious about 0.32 percent of the time, or in one out of every 311 scans, according to Microsoft.

Microsoft couldn't say what percentage of PCs have been infected by malicious software. Although 5.7 million out of 270 million PCs would translate to about 1 in 47 machines, the total number of computers scanned was far greater than 270 million, so the actual rate of infection is much lower, according to Microsoft.

There has been no widespread virus outbreak for several years now, but users are increasingly concerned about targeted attacks, identity theft and dangerous rootkit software, which covers its own tracks on the computer. So does Microsoft think things are getting better or worse?

"That's a difficult question to answer," said Matthew Braverman, a program manager with Microsoft's antimalware team. He noted that it's impossible to get a complete picture of everything that the bad guys are doing, but said that he does think things are improving.

The amount of malware in circulation has dropped for 41 of the 53 families of worms, rootkits and viruses that Microsoft tracked over the past 15 months. And the occurrence of 21 of these variants has dropped by a lot -- more than 71 percent, according to Braverman. "I think that shows that the malware problem is getting better," he said.

Not all of the malware that Braverman's team tracked came from hackers, however.

Sony BMG Music Entertainment's notorious rootkit software was found more than 420,000 times, and was installed on more than 250,000 machines, meaning that some users re-installed the rootkit after having it removed, he said.

That number is in line with predictions made last November by security expert Dan Kaminsky. "I'm actually glad that it wasn't larger than that." Braverman said. "That's still a significant amount of computers"

Sony was forced to recall millions of CDs after a Windows expert discovered that copy control software included in some of Sony's titles used controversial "rootkit" cloaking techniques to hide itself on the computer. Sony issued the recall after hackers began distributing malicious software that exploited Sony's cloaking mechanism.

Microsoft said it had removed that hacker-produced malicious software a total of 10,000 times.

The combination of rootkits and other types of malicious software is one trend on the rise. Rootkits were found on 14 percent of infected computers, and when rootkits were discovered, they were combined with "backdoor Trojan" software 20 percent of the time. These programs are used by hackers to remotely control infected computers.

Microsoft's research can be found here.