Welcome to all PC Matic and Super Shield users. Someone asked me the other day, “How many viruses are running around out there?” That’s a great question. If you read all the press, there are millions and millions of viruses out there constantly trying to attack our computers and get our credit cards. I usually take all of those reports with a grain of salt, since the people making these reports want us to buy more of their security software. Then it occurred to me. We actually know the answer to this exact question based on the experience of our Super Shield installed base.
Super Shield is a very different protection than any of the other security solutions (free or not) on the market. Super Shield does two things 1) Super Shield employs a white list and blocks all things not on the white list and 2) Super Shield records everything to our servers enabling PC Pitstop to have an unprecedented view on the state of malware.
Here’s the Super Shield data for the days between June 14-20, 2012
Unique Computers 17,136
Bad | Good | Unknown | Total | |
Hits | 23,884 | 8,320,391 | 1,656 | 8,345,931 |
Percent | 0.29% | 99.69% | 0.02% | 100.00% |
Based on this data, there is only a .05% chance that a process is indeed a malware. This is not a very good measure of malware because there are a lot of legitimate processes that run literally dozens of times per day per computer. This is not necessarily good, but it is not evil either. Examples of these out of control legitimate processes are wmpnscfg.exe by Microsoft and GoogleUpdate by Google. Another way to analyse prevalence is what % of the unique files and the picture changes dramatically.
Bad | Good | Unknown | Total | |
Files | 5,644 | 170,036 | 796 | 176,476 |
Percent | 3.2% | 96.4% | .4% | 100.0% |
The chance goes up to 3.2%. This means if you are running a file on your computer that you have not seen before, then there is a 3.2% chance that it is bad. That’s a pretty high number and certainly reason for caution. Essentially, one out of thirty files downloaded from the internet are bad.
A note to all PC Matic users. If you are not using Super Shield, please use it. Super Shield blocks a lot more bad files than any other product on the market. It is included as part of PC Matic, so you might as well take advantage and the more people that use Super Shield, the more data we have to analyze the trends in PC security.
Here are the top 10 bad software in the last week. The top 10 represent well over 1/2 of all the bad software blocked in the last week.
Top 10 Malware June 14-20, 2012 | |||||
Rank | Name | Product | Author | Signed | Hits |
1 | MyWebSearch.J (v) | MindSpark Toolbar Platform SearchScope Monitor | MindsPark | signed | 4463 |
2 | F0C7.exe | Unknown | Unknown | unsigned | 1726 |
3 | 485E.exe | Unknown | Unknown | unsigned | 1350 |
4 | 8ECAA.exe | Unknown | Unknown | unsigned | 1324 |
5 | 64CB.exe | Unknown | Unknown | unsigned | 1093 |
6 | GamePlayLabs (v) | I Want This | 215 Apps | signed | 609 |
7 | 1DE1.exe | Unknown | Unknown | unsigned | 490 |
8 | I Want This.exe | I Want This | 215 Apps | signed | 383 |
9 | Trojan.Win32.Generic!BT | Unknown | Unknown | unsigned | 342 |
10 | Ocl.exe | Unknown | Sun Microsystems, Inc. | unsigned | 326 |
The Top 10 list gives us a surprisingly interesting look into the world of malware. The #1 malware for the week is made by a company called Mindspark. They write games for the internet. The problem is that they also have started making shady toolbars that surreptitiously install without much user knowledge, qute similar to the really bad stuff. This is a key point. Not all malware is the same. The really bad stuff is trying to hijack your computer, and hold it hostage until you fork over your credit card. MindSpark’s stuff is not in that category but it should be removed immediately because at the very least it is slowing down your computer and using disk space plus they are just plain slimey.
The other easily identifiable application is called I Want This written by 215 Apps. This is very reminiscent of the early days of spyware with companies such as Gator and When U (both now defunct). I Want This pops coupons and other special offers on your screen. It is kind of like if GroupOn had a spyware party. Obviously this type of software is constantly monitoring your activity and makes your computer alarmingly slow and at times unstable.
#10 on the list is written by Sun Microsystems. That’s a shock. Sun? The makers of Java? You will also notice that the application is not signed. This is a common trick by malware coders. It is actually quite simple to fake being a different author. The key point is whether it is signed or not. My buddy, Bill Pytlovany, openly speculated whether it is worth the money to digitally sign his totally legitimate application. That’s a really good question. The reason that we pay money to sign our applications is to distinguish ourselves from all the slimey applications out there. The problem, as you can see in the case of Mindspark and also 215 Apps, it is entirely possible to sign your applications and still be slimey. On top of that, lots of perfectly good applications even by companies such as Microsoft and Adobe do NOT sign their applications.
All the rest of the top 10 follow a familiar pattern. They do NOT populate the name of the product nor the author and it is not signed. Although Mindspark and 215 Apps are bad, it is safe to say that they are not nearly as malicious as the ones that leave no sign of the software’s intention.
One last blatant plug for Super Shield to PC Matic users. Perhaps the largest problem in the security industry is that the malware is morphing. We all read these astonishing reports on the number of viruses in the wild. The reason the number is escalating so quickly is because each malware morphs into another executable, to make it almost impossible to defend using the old style “black-list” methods. Super Shield is the only real time protection that uses both a white list and a black list allowing it to block morphed executables.