Adam Shostack <[email protected]> writes: >Thank you! I hadn't seen this either, and it's exactly what I was looking >for.
One note of caution with the statistics given on that page, those figures are apparently as reported by the Malicious Software Removal Tool (MSRT) (see http://www.microsoft.com/security/portal/sir.aspx) so they'll represent the output of a basic malware removal tool (not a full-blown malware/AV scanner), and since it's only run on up-to-date Windows systems with auto-updates (and therefore security hotfixes and whatnot) actively applied (MSRT is itself supplied via auto-updates) it's likely that the real situation is a lot worse than that, i.e. a full-blown AV program might find even more malware, and any system that's regularly running the MSRT and applying security updates is going to be less malware-infested than a general random sample of systems. So while they're a (really scary, much, much worse than I thought) indicator of how bad it is, it's likely that things are even worse than that. I've written to the person who wrote the blog entry to try and get clarification on some issues raised there. (Oh, and I assume people have seen Eddy Nigg's article on how easy it is to get a certificate for a site belonging to someone else from a commercial CA, https://blog.startcom.org/?p=145, which also made Slashspot earlier today). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
