Countries with good national security teams (CERTs) and diligent ISPs show consistently lower rates of malware infection than those states that adopt a less paternalistic approach to security, a new analysis by Microsoft researchers has suggested.
According to statistics drawn from the company’s widely-used Malicious Software Removal Tool (MSRT), the countries which have shown notably lower infection rates of malware are Austria, Finland, Germany and Japan.
Using the yardstick of computers cleaned per mile (CCM)*, Austria recorded a normalised rate of 3.3 CCM in Q4 2010, Finland 2.3, Germany 5.3, and Japan 2.3, all significantly below the global average taken from 116 countries of 8.3. These low rates have remained consistent since the first measurements taken in 2007.
Paradoxically, one possible explanation was not the number of malware download sites hosted in each country, which in several of them was somewhat higher for some classes of malware than the levels seen in the US, a country with raised levels of infection at PC level.
Having examined the special conditions and security culture of each country, Microsoft’s conclusions are clear – lower infection rates have a lot to do with the intervention by ISPs, security bodies and admins at the earliest point problems are detected.
In all four nations, ISPs are very active in monitoring for traffic indicative of botnets and spam, contacting users they believe to be infected as soon as they notice problem traffic and if necessary disconnecting them until the issue has been addressed. National CERT bodies, meanwhile, go out of their way to support ISPs with up-to-date threat lists drawn from honeynets, darknets and automated malware analysis tools, distributing this data as a matter of course.
The contrast with laissez-faire, market-driven countries such as the US and the UK couldn’t be less flattering. In these countries, security threat data is often generated and held by private companies while security policies and response varies hugely from ISP to ISP. True to market principles, some ISPs and CERTs see intervention as being beyond their remit.
Microsoft also noticed a correlation between infection levels and piracy rates where low rates of illegal software corresponded to fewer malware detections.
According to Microsoft’s Tim Rains, these themes accord with a paper, Collective Defense: Applying Public Health Models to the Internet, published by the company in 2010, which advocated more sophisticated policies of intervention.
“Governments, the IT industry, and Internet access providers should ensure the health of consumer devices before granting them unfettered access to the Internet,” says Tim Rains in a blog on the research.
“It seems as though the consistently least infected regions in the world, which I examined in this blog series, are already doing many of the things the Collective Defense health model proposes.”
*Mile derived from ‘mille’ Latin for ‘thousand’.