Jason Garms
软件架构师及产品经理，反恶意软件产品组，微软公司
Architect and Group Product Manager, Anti-Malware Product Team, Microsoft

正确认识当前盛行的恶意软件
An accurate understanding of on-going malware prevalence

“这是历史上最大的病毒爆发”。有多少次您听到了这样的声称? 这些数据的依据是什么？它们是如何被分析从而得出这些惊人的结论的？当媒体的喧嚣暂告段落并转移到本周的下一个热点话题时，这是否意味着威胁已经远离而去了呢？难道仅仅是客户由于这种夸大的“本周恶意软件”的宣传被留在了黑暗当中吗？

"This is the largest virus outbreak in history". How many times have your heard this claim? What are these statistics based on, and how are they normalized to come up with these superlative claims? Are apples really being compared to apples? When the press has had its fill of the sound bites and moved on to the next hot issue of the week, does that really mean that the threat has gone away? Are customers the ones that are being left in the dark due to this new "malware of the week" hype?

一个明显的例子是Blaster。它已不再是主流话题，然而全球仍然有数百万的机器被它感染。即时消息蠕虫与大众邮件蠕虫又是何种情形呢？事实数据与惊人的言论相吻合吗？僵尸网络，这个多少年来全球性的主要祸端，为何刚开始引起关注？Rootkits是引起所有愤怒的根源，但是什么Rootkits是最流行的呢？你也许对发现结果会感到惊讶。

One clear example was Blaster. It fell out of mainstream discussion with millions of machines still infected world-wide. How about instant messaging worms and mass mailing worms? Does the data match the hype? And why is it possible that bots, which have been a major world-wide scourge for a couple of years, are only beginning to get real attention? Rootkits are all the rage, but what rootkits are really the most prevalent? You might be surprised at the results.

观察网络通信模式可能是发现全球性问题的一个有用的指示器，但是通常不能准确地描述受感染机器的实际数目。此场演讲将会对微软收集的有关数十亿恶意软件 扫描的数据进行深入地分析， 展现出真正的、活跃的、有关何种恶意软件在感染用户的机器的数据。它将讨论浮现出的威胁如Rootkits与僵尸网络，并与不同种类的更经典的恶意软件做对比分析。如果您对2005年最流行的恶意软件感兴趣的话，您会想出席这场演讲。

Watching network traffic patterns can be a useful indicator for global problems, but is often not an accurate depiction of actual number of machines infected. This presentation will dive deeply into data gathered by Microsoft representing billions of malware scans during 2005, plotting real, active prevalence statistics of what malware is actually infecting users' machines. It will discuss prevalence of emergent threats such as rootkits and bots in the context of comparison with different types of more classic malware. If you're interested in what the most prevalent malware in 2005 is, you'll want to see this presentation.

Jason在微软是负责反病毒、反间谍软件与其他反恶意软件技术的软件架构师及产品经理。他的职责包括制定微软在这些领域的战略以及设计技术帮助保护客户。在担当这个职位之前，他是微软安全业务与技术部门的软件架构师，负责制订微软在安全领域的战略，尤其是新兴技术领域。在微软工作的9年多的时间里， 他为微软公司的许多安全项目做出了贡献，包括创立微软的安全响应中心以及推动在安全工程方面努力的“保障Windows安全项目”。

Jason is the Architect and Group PM for antivirus, anti-spyware and other anti-malware technologies at Microsoft. In this role in the Anti-Malware Technology Team, he is responsible for Microsoft's strategy in this space, as well as the design of technology to help protect customers. Prior to this role, Jason was an architect for the Security Business and Technology Unit at Microsoft, where he helped to chart Microsoft's strategy in the security space, especially in emerging technology areas. In his 9-plus years at Microsoft, he has contributed to many other important security initiatives at the company, including the creation of the Microsoft Security Response Center, as well as the Secure Windows Initiative, which drives the security engineering efforts at the company.