EUIST

In the past we have pointed you in the direction of good reasearch, such as:

research that matters – identity theft

We have also pointed out why some findings can be misconstrued or not tell us the whole story in other places, such as work conduced by PWC here:

3 ENISA – PWC awareness raising study – better prevention thanks to data crunching

Today we came accross a headline that might have been written by Santa Claus.

Apparently, Apple is becoming an increasingly tempting target for malicious computer hackers, according to a new report —- guess who? Wrong not Microsoft, you have to more guesses ….

Security researchers (of the firm you should know about) claim that since they detected the first piece of malicioujs code or malware specifically designed to target Apple users last year, things have become worse over the past few months. More and more malicious programs have been found.

The above comment made in the Financial Times appears utterly harsh. However, it seems to apply at least to some degree to John Kay’s colleague Kevin Allison who wrote a story entitled Macs attacked published in today’s FT.Maybe following John Kay’s philosophy, the journalist might have been well served by taking the time to read the published report carefully, BEFORE interviewing the F-Secure representative. The report reveals such information as:

At the start of 2007 — our number of malware detections equaled a quarter-million. At the end of 2007, the estimates are to be equal to half-a-million…..Apple’s Safari browser for Windows likely contributed to this development. Released in mid-June, researchers seized upon the Safari for Windows Beta and many security flaws were discovered. Many of those flaws were mirrored in the Mac version of Safari.

Get the F-Secure’s 2nd halft 2007 report 2007-12-03

Important is that we are talking about a half-a-million malware pieces floating around as an estimate not a fact. Unfortunately, the report itself does not enlighten us about F-Secure having found 100-150 variants of malware targeting Apple since October.

Maybe just a juicy tidbit dropped by F-Secure’s Patrik Runald to entice the journalist to write the story. And even then, 150 malware variants seems a bit small in comparison to the 500,000 strings F-Secure claims of having come across during 2007 alone (see above as mentioned in report).

Just as a reminder, when looking at malware data being published by a vendor, it is worth scratching the surface and addressing some of the concerns raised in the table below.

Some METHODOLIGICAL BASICS TO CONSIDER

But even if we do use some of the controls outlined above, we might still not know if things have gotten worse than they were in the past. Just having a greater number of malware being detected is not in itself a confirmation that things have gotten worse.Naturally, it makes a great headline to talk about that the increase. Especially, since the latter is nearly 100% for MAC specific malware alone, getting the variants up to 150 for the last Quarter.

Nevertheless, we have to put this number in perspective compared to the 500,000 strings F-Secure says it found. Most of these were designed by the criminals to cause damage to those machines using a Microsoft operating system including Windows XP and Windows Vista.

Hence, Mac users are still better off than Microsoft one’s, when looking at the ever faster mutating malware threats coming their way.

Research is supposed to increase our understanding about the issues at hand. In many cases statistics released about viruses are a collection of data obtained by the vendor. Unfortunately, these data can neither be replicated by anybody else except for the vendor releasing the statistics, nor can one generalize from the findings – they are not a representative sample of the universe unless we know the assumptions made and limitations that apply to the vendor’s sample – which we do not in this case. Nonetheless, having a corporate press release with a headline such as:

F-Secure Reports Amount of Malware Grew by 100% during 2007
As much malware produced in 2007 as in the previous 20 years altogether

does get the journalist’s attention every single time Good work F-Secure!
CONCLUSION

The difference between silly statistics and research is that the latter has the objective of yielding new insights and understanding into the problem. Hence, it is not just adding numbers. Statistical analysis – if carried out well – is the most rigorous and objective way to assess how well evidence fits theory.

This study is neither based on theory nor does it follow statistics 101 to arrive at its conclusion. But the journalist propably did not know any better and due to the festive season thought it was Santa Claus’ gift to him — getting a great headline ….

SUBSCRIPTION

To stay informed about new trends and threats, why not personalize your subscription to some of our news via e-mail, daily alert, newsletter and/or RSS feed our services that can make a real difference in your work:

- advisory, zero-day exploits and intell

Stay better protected.

OOPS – GET THE NEWS

If you want to read the FT article that illustrates the reporter’s agenda, gives F-Secure great publicity but fails to provide the reader with great insights, check this out:

Apple’s popularity attracts hackers – Kevin Allison – 2007-12-06

Oh dear and then Kevin Allison manages to outdo himself again using the same F-Secure report but this time writing for the FT Techblog – with a title like:

The rise of the professional cyber-criminal – Kevin Allison – 2007-12-06 – FT Techblog

ADDENDUM

Journalists might benefit from attending research methodology 101 that teaches us

a) read a report carefully

b) check-up on the methodology (i.e. look for methodological limitations or outright errors that could bias results)

c) write your article

d) check before you put it in print – do a) and b) again ===> final check

Schokoladen Test – Methoden mit Fragezeichen – Kassensturz und Ktipp

Häagen Dazs or Magnum ice cream – methodology, artefacts and bias