Microsoft Research Shows Malware Infections Mostly 'Your Fault'

User vigilance is key to securing data, digital identities

Dark Reading Staff, Dark Reading

October 27, 2011

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Microsoft’s latest Security Intelligence Report (PDF) was released recently, and it showed a surprising finding: Nearly 45 percent of all malware infections cleaned up by its Malicious Software Removal Tool required a human to make a bad decision.

Am I surprised? Not exactly ... There has been a major shift toward social engineering in the past 24 months for cybercriminals. As we all do a better job of securing and updating our computers, the lowest-hanging fruit becomes ourselves.

In its 168-page report, the software giant describes phishing schemes, spam e-mail, assorted malware, and threats associated with social engineering as “entry mechanisms” for malware and a hacker having complete control of an infected computer.

While most of our Windows pain in recent years has resulted from poor security design and practices in the early days, Microsoft has taken security must more seriously in recent times. When all is said and done, it’s humans who respond to spam e-mail and announcements of free gift cards on Facebook.

Most of us aren’t great at reading a digital face over the Internet to determine whether we are being scammed: We have a lot to learn to be as good at it as we are in the real world.

Microsoft also provided evidence that despite all of the widespread, often corrosive media coverage about it, only about 0.1 percent of successful attacks resulted from so-called “zero-day” exploits -- which, theoretically, Microsoft can’t do much about because patches for them haven’t yet been developed. In its report, Microsoft found that those fears are mostly misplaced, arguing that the vast majority of zero-day vulnerabilities are immediately patched once discovered and are not commonly exploited.

This isn’t to say that Microsoft is innocent on all counts. We all have a role to play in protecting our digital identities, and with more than 80 percent market share, Microsoft needs to continue to proactively find its own flaws and make it even easier for the public to make the right decisions. With great power comes great responsibility.

Chester Wisniewski is a senior security adviser at Sophos Canada

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events