As per the latest report published by Microsoft, based on feedback from the Malicious Software Removal Tool (MSRT). The MSRT is usually executed as part of Windows Update and currently has a user base of 500+ million computers worldwide running Windows.

The UAE were one of the countries included in the report.

However, the number of computers infected with malware in the UAE is lower than the worldwide average with only 5.8 infected computers for every 1000 computers in the country.

According to the analysis, the UAE is ‘dominated’ by malware, which accounts for 82.6% of all threats detected on infected computers. The most common category of malware in the country was found to be worms (23%) which have the ability to spread via mapped drives with missing or weak passwords or by using USB flash drives.

I am excited to write about the latest anti-spam comparative test results from VirusBulletin. Forefront Protection for Exchange emerged as the winner in the May 2010 test results, with an extremely high spam catch (SC) rate and a very low false positive (FP) rate.

SC rate: 99.93%

SC rate (VB corpus): 97.35%

SC rate (image spam): 99.77%

SC rate (large spam): 99.90%

FP rate: 0.23%

FP rate (VB corpus): 0.79%

Final score: 99.25

[SC=Spam Catch rate; FP=False Positive rate]

Quote from the report:

Microsoft’s Forefront Protection 2010 for Exchange Server was the clear winner of the last test, achieving the highest final score by some distance. The final scores of the various products were closer this month, but with the second highest spam catch rate and just a handful of false positives,Forefront was yet again the product with the highest final score and adds another VBSpam award to its collection.

McAfee released an antivirus update yesterday that crippled Windows XP computers worldwide. The DAT 5958 update affects only computers running Windows XP Service Pack 3.

Here’s how the SANS Internet Storm Center describes the mess-up:

McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.

The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus.

This is ridiculous if you ask me. The svchost.exe is a crucial Windows binary and just about everyone knows about it. Funny it should identify svchost.exe as a virus! I’ve been told this is the third mess-up from McAfee in a period of 4 years.

If you’re a McAfee customer, I have two recommendations for you:

1. Do not install the DAT 5958 update – block it. Wait for instructions from McAfee.

2. Consider implementing a state-of-the-art antivirus solution, that is more reliable and fares better in the comparative reports.

Microsoft Forefront Client Security is Microsoft’s cutting-edge client security solution which fared well in the VirusBulletin reports and many other studies. For more information, read my earlier post on “Forefront vs. the Competition”.

In this post, I am sharing the current position of Forefront Client Security (Forefront Endpoint Protection) and Forefront Protection for Exchange in the market, in comparison to similar solutions from other competitors.

1. Forefront Client Security:

We have very high comparative ratings from VirusBulletin – which does independent testing of antivirus solutions.

Below: Average result of multiple tests between August 2009 to February 2010.

How to interpret this chart: Higher reactive AND proactive detection is good. MS Forefront Client Security/Endpoint Protection is place HIGHER than Symantec and McAfee, among other competitors. Trend Micro does not seem to be included in the latest study, but it failed 3 previous tests and didn’t make it in the chart.

[Source: virusbtn.com]

2. Forefront Protection for Exchange Server

VirusBulletin, which conducts independent benchmarking of antivirus & antispam products has rated Microsoft Forefront Protection for Exchange highly.  MS Forefront for Exchange won the VBspam award consistently. For more information register at virusbtn.com and view the reports.

How to interpret the chart: HIGH SPAM CATCH rate (SC) and LOW FALSE POSITIVE (FP) rate is good.

The latest March 2010 report (below) shows the MS forefront has the HIGHEST SPAM CATCH RATE (SC), while at the same time maintaining relatively LOWER FALSE POSITIVE (FP) compared Symantec, McAfee, McAfee and other popular anti spam solutions.

[Source: virusbtn.com]

It is worth noting that what goes into Forefront Protection for SharePoint and Forefront Protection for OCS is the same set of antivirus engines that goes into Forefront Protection for Exchange.

Microsoft Forefront Threat Management Gateway has been released to market on November 16, 2009 after completing three beta releases and receiving extensive customer feedback.

You can download the trial version of Threat Management Gateway here.

From the Forefront TMG team’s blog:

“Forefront TMG is a Secure Web Gateway (SWG) that improves security enforcement by integrating multiple detection technologies such as URL filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage solution. We have seen a lot of interest in the features that comprise this solution, so here is some information on what they do and how:

• URL Filtering: URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or nonproductive materials, based on URL categories. TMG features over 80 URL categories including security-oriented categories, productivity-oriented and liability-oriented categories. Forefront TMG uses Microsoft Reputation Services (MRS), a cloud-based categorization system hosted in Microsoft data center. To ensure the best bandwidth utilization and low latency, Forefront TMG has implemented a local URL cache. There is a lot more on URL Filtering available in an earlier URL Filtering post (on the TMG blog).
• Anti Malware: Stopping malware on the edge significantly decreases the possibility that a virus will hit a computer with anti-virus signatures that are not up-to-date or a test computer without an anti-virus to protect it. TMG has integrated the Microsoft Anti Malware engine to provide world class scanning and blocking capability on the edge.
• Network Inspection System (NIS): NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities, to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities, researched and developed by the Microsoft Malware Protection Center – NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution. NIS closes the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours.
• In addition, HTTPS scanning has been introduced to enable inspection of encrypted sessions, eased the deployment and management with a set of easy to use wizards and significantly improved logging and reporting to provide full visibility into how your organization is accessing the web and whether it’s compliant with your organization’s policy.
• VPN, Firewall, Email Protection and Infrastructure.
  Significant investments have been made to ensure that we keep delivering top notch VPN and Firewall functionality. We made quality improvements in Web Caching and made sure it works well with the new Windows 7 BranchCache feature. We have added several new features, among them: Email Protection, ISP redundancy, NAP integration with VPN role, SSTP, VoIP traversal (SIP support), Enhanced NAT, SQL logging and Updated TMG Client (previously known as the Firewall Client). In addition TMG was built as a native 64bit product that supports Windows Server 2008 R2, and Windows Server 2008 SP2, allowing better scalability and increased reliability.”

[Source: Virus Bulletin - virusbtn.com]

Forefront is in pretty good shape here, especially when you compare it with McAfee, Symantec and the likes. Forefront also did well on the VB100 list, meaning it was able to detect 100% of the WildList malware samples without any false positives.