Scott Wu Microsoft
download slides (PDF)
While our main point-in-time removal tool has grown its base to over 500 million machines with many millions of malware removed monthly, its database of signatures is limited to only the most widespread of malware. And now, as its counterpart real-time protection solution approaches its one-year anniversary in September 2010, we have an opportunity to compare the effect on the ecosystem between these two different utilities. This paper offers a deep dive into these rich data sets.
The paper divides the threat events into several areas using the two approaches as a case study. Out of the prevalent threats covered by the in-time cleaning aspect, different threats and threat categories resulted in a variety of detection stories by the real-time solution in terms of total detection volume, trending, reinfection rate, etc. The full package of technologies offered by a complete AV solution shows clear protection advantages versus a monthly one-time on-demand cleaning tool. Observations are made on the discrepancy of these detections.
This study will include the following threat types:
The study will also provide any other interesting effects caused by overlaying the monthly schedule of the removal tool over a constant updating stream and anything else that the data will divulge as we investigate further.
