IDG News Service —
It would seem logical to think most Internet users are annoyed by software that causes pop-up advertisements to appear on their screens.
But new statistics released by Microsoft would indicate that not all users are clamoring to uninstall adware programs, even if they're flagged as somewhat suspicious by security software.
Microsoft's latest security data is particularly interesting because of the sheer number of machines that the company can electronically survey with one of its free security programs, the Malicious Software Removal Tool (MSRT).
The MSRT is a low-end security tool that removes some of the most common classes of malicious software. The MSRT, which is an optional installation, scans machines once a month, and reports its findings back to Microsoft.
The software is on an astounding number of PCs: 450 million worldwide, according to Tim Rains, group product manager for Microsoft's Trustworthy Computing Group, which handles security issues. Rains made his presentation Tuesday at the Infosec security show in London.
Microsoft released data on Tuesday collected by the MSRT from July through December of 2007. The tool detected 129.5 million pieces of "potentially unwanted software," the term for programs that may have been intentionally installed by people but have certain suspicious functions in the eyes of security professionals.
Those programs can include advertising software and other dodgy security programs that claim a computer is in poor health, among others.
But Microsoft's data has a surprise: Of 129.5 million potentially unwanted programs detected by the MSRT, only 71.7 million were removed by users.
"Our customers choose to run some of this stuff," Rains said. "Some of them get some value from it. Some of them don't realize what they are doing. Some of them do. That's why we call them potentially unwanted. Some of them are legitimate companies with legitimate products. We don't want to make any value judgements on that."
But obviously, Microsoft and other security companies do that by flagging the programs in order to alert their users. The latest statistics reveal that some of the most persistent questionable programs on the Internet from the last few years still have huge numbers of users.
"The most prevalent rogue security software detected in the second half of 2007 was Win32/Winfixer, with more than five times as many detections as any other single family [of potentially unwanted programs]," said Microsoft's latest Internet Security Threat Report, released on Tuesday.
Winfixer often ends up installed on machines by exploiting vulnerabilities in the operating system or browser. Once on the machine, it displays persistent warnings that the machine is infected, and the user can pay around US$39.95 to fix the machine. It is extremely difficult to remove from a machine once it has been installed. The people who profit from Winfixer have been hard to track down.
The MSRT found close to 3.4 million instances of Winfixer running on machines, up more than 100 percent from the first half of 2007, the last time the company published statistics.
Of the top five malicious programs detected, two were Trojan downloaders, or small programs that can download other malicious programs onto a machine, and three adware programs.
Two of those adware programs, HotBar and ZangoSearchAssistant, are produced by Zango, an adware company in Bellevue, Washington. Zango was ordered by the U.S. Federal Trade Commission in November to give up $3 million in ill-gotten gains from its adware operations, which at times used deceptive means to get people to install the software.
Microsoft said it detected 7.1 million instances of HotBar, and 4.9 million instances of the ZangoSearchAssisant.
