Antimalware Team Releases MSRT White Paper

Hello there. I'm writing to you from the Microsoft TechEd conference in Boston. This event attracts over 10,000 attendees interested in learning about current and future Microsoft products. It's also a great place for getting feedback from our customers and we'll share some of that feedback next week.

Yesterday, the Microsoft Antimalware team released a new white paper entitled "Windows Malicious Software Removal Tool: Progress Made, Trends Observed". The paper highlights Microsoft's uniquely broad understanding of the malware landscape, illustrating how the tool has removed 16 million pieces of malicious software from 5.7 million unique computers from January 2005 to March 2006. On average, the tool has removed at least one instance of malicious software from every 311 computers it has run on. A core objective of Microsoft's release of the tool is reducing the impact of malicious software on Windows customers and the report describes how removals of 41 of the 61 malware families have decreased with 21 of those families exhibiting a decrease by more than 75%.

The report goes onto highlight several trends related to malicious software categories, such as backdoor Trojans (including bots) and rootkits. For example, of the 5.7 million unique computers from which the tool has removed malware, a backdoor Trojan was present in 62% of the cases. We have noticed that there has been some confusion over this statistic so, to be clear, keep in mind that this percentage is of the population of infected computers. In other words, when the tool does find an instance of malware per every 311 computers, there is a 62% chance it will be a backdoor Trojan. This statistic does not mean that the tool has removed a backdoor Trojan from 62% of the computers the tool has run on.

What does this mean for our customers?  Our goal is to provide our customers and partners with an accurate understanding of the types of threats that exist so they can take appropriate action to ensure that they are protected.  It also means that we’re able to use this data, and data gathered from other resources, to continually evolve our understanding of the malware environment and to continually improving the way we respond to customers when faced with malicious threats.  

We hope that you find the data and guidance provided by the paper interesting and actionable. Any feedback is welcome and will be taken into consideration for future threat reports produced by the Microsoft Antimalware team.  

-Matt

PS Below find a picture of some of the antimalware team at TechEd. From left to right: Adam Overton (Group Program Manager), Mike Chan (Senior Product Manager), Matt Braverman (Program Manager), Jason Joyce (Program Manager), and Sterling Reasor (Program Manager).