By Ron Grattopp….Some of you may be old enough to remember an old TV show called “Get Smart” where the principal character was a somewhat bumbling secret agent named Maxwell Smart who used his famous byline “Would you believe… in situations where his initial response to a query was going to be less than factual. Of course, my description doesn’t do the line justice, it was a lot funnier to hear him deliver it and then launch into an implausible explanation or answer. But if you’ve followed my blog for a while you know I take issue with many articles and blogs that get thrown out for consumption with less than adequate factual bases or arguments. I think many articles/posts today should start out with Maxwell’s famous phrase. Which brings me to this post, which is around a great article published by Ed Bott, one of my favorite bloggers, no, not just because he focuses on Microsoft software, but more because he tends to be more objective than most, and more importantly, usually backs up his posts with real, factual information. Well this one caught my attention because, at first blush, the title seemed to be one of those that was going to head in a negative direction, BUT early on it took a tack that was not only interesting but that also turned into a great expose (IMHO) on the lack of real journalistic professionalism in most current blogs (which you hopefully know is a pet peeve of mine and a real danger to less well-informed or less discerning readers) as well as the fact that it also turned out to give you some good facts and thoughts, toward the end, around the threat level of malware on PCs. So, for both of those reasons, I give this a “Must Read” rating, here’s the link to Ed’s article: How prevalent is malware on Windows PCs?
The basis of his post is that there had been a statement going around what he characterized as the “mainstream press” that seemed to flatly state that “Nearly half of the personal computers in the U.S. are compromised by malware.” Early on Ed blasts the fact that info like this even gets published, he states: “And yet that alarming and bogus 50% number was stated as if it were a fact in a feature story last week at CNNMoney.com. That story has so far been recommended by 371 people on Facebook. The same “fact” was repeated in a variety of other online sources, including thestreet.com, CNBC.com, businessweek.com, businessinsider.com, and boston.com, to name just a few.” He goes on to state: [this] is just the latest example of a depressing truism: If you give the mainstream press a computer story, you can usually count on them to get it wrong. If you give them a sexy press release with a provocative number, you can cinch the deal.” You go, Ed. I see this all the time as I read Microsoft related stories on various blogs, I wish I had time to do the expose on them that Ed did so well for this one.
I’m going to encourage you to read Ed’s article, where he dives into the backstory behind the statement. (which, in case you don’t read his post, has to do with a lack of due diligence on the CNN writer’s part by passing along a statement that was made about only computers that had been scanned by a free malware program as if it applied to all computers in the U.S.) And, of course, the take-away for you is that this statement, because of it’s distribution by mainstream press, was likely believed by the vast majority of those who read it even though it was completely bogus. So remember, reader beware…
But really my purpose here was only partly about that aspect of his post, the other thing that prompted me to do this post was that he does throw out some good facts and thoughts about the state of malware on PCs toward the end, it’s not a long article, so I hope you read it all the way through. As above, I will highlight a couple of things, just in case you don’t have the time or inclination to read it. For starters he highlights Microsoft’s Annual Security Intelligence Report, which is THE thing to read if you really want some insight into the state of malware on Windows PCs. He states: “The best numbers I’ve seen from an independent source (i.e., one that isn’t trying to sell a security product) are in Microsoft’s annual Security Intelligence Report. The Malware Trends section of the most recent report contains telemetry data drawn from more than 600 million Windows computers worldwide by a number of different Microsoft security tools and services...” He goes on to point out that: “According to the most recent data, covering a one-year period that ended in mid-2010…the number is roughly 10 infections cleaned per 1000 PCs. That’s about 1% on average, and about 6% in the worst cases.”. And, finally, he points out: “If you use Windows and you have automatic updates turned on, you’re in that sample. If you’re even moderately cautious about how you use the Internet, your risk of infection is probably well below the midpoint of that sample.”
So, Would you believe that almost half of the PCs in the US are infected with malware? Well, if you did, hopefully you’re aware of a more realistic number now. The real issue is that, for a business, even that 1-6% rate can have a devastating effect on your infrastructure and business, so that’s why you, my partner, have to do your due diligence in making the customer business aware of the need, and real-world threat, and then providing the services to insure they are updated and firewalled and scanned and otherwise protected against that threat.