Summary: Microsoft finds almost 8,000,000 bits of malware in just 535,752 machines; Vista and Vista 7 left vulnerable due to "slip-up"

LAST year we remarked on the fact that almost half of all Windows machines are essentially zombies PCs. It is reassuring when even Microsoft discloses figures which it believes to be good news (to its product distribution and detection rate) whilst at the same time are a shot in the foot. It's almost self explanatory:

One week of MSE: 1.5 million downloads, 4 million detections

Microsoft Security Essentials data for the first week has been released, and the numbers tell quite a story.

[...]

Microsoft says that in the first week, MSE made almost four million detections on 535,752 distinct machines; the company attributes the fact that the malware is eight times more than the number of computers since machines can be infected with multiple threats.

Is this something which Microsoft wishes to impress with and take pride in? While seemingly proving the effectiveness of some software, it is only demonstrating the sheer weakness of Windows. Additionally, a better measure would be how many (unknown) pieces of malware are not being detected?

In IDG we also find the following new report: [hat tip: Tony Manco]

Programmer slip-up produces critical bug, Microsoft admits

Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.

The flaw, one of 34 patched Tuesday in a massive security update, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.

We wrote about this flaw in [1, 2]. It helps to have more eyeballs on the code in order to prevent such a "slip-up" that already affects Vista 7. The boxed product is hijackable 'out of the box' and it's not even on the shelves yet. ⬆