Webroot has lately been producing a series of quarterly statistics on infection rates for four types of badness:
- Adware
- Trojan horses—botnet software falls into this category
- System monitors—includes key loggers
- Tracking cookies
Now, one could certainly raise objections about selection bias. But the data is still pretty interesting nonetheless.
The latest figures show that trojan horses and system monitors (combined) were found on 7% of corporate PCs in Q2 2005. In Q4 2004 and Q1 2005, in which they break out trojans separately, the percentages are the same (7%). Webroot does not break out how many PCs were scanned during the reporting period, although in the first two quarters it totaled about 35,000 systems. Cumulative is 60,000, thus the latest period is 25,000 scans. Median number of machines scanned per corporation is eight, which suggests their “enterprise” business—isn’t.
Consumer figures are scarier, as you might imagine. For Q2 2005:
- 6% of consumer PCs had system monitors on them
- 16% had trojans on them (in Q1 2005 it was 19%; Q4 2004 15%; Q3 2004 11%; Q2 2004 13%; Q1 2004 15%) Sample base was > 1M scanned PCs in Q2 2005.
As for cookies and adware: 60–70% of companies and consumers had some of each.
Thus, if you believe Webroot, about 15% of consumer PCs and 7% of corporate PCs were probably 0wned when they did their scans. Putting it another way, consumers are twice as likely to be 0wned as corporations.
Given their average sample size for enterprises, however, I would suspect that the largest companies (who can afford HIPS products, and anti-spyware rollouts etc) are under-represented—were they present in the data in larger numbers, that would skew the numbers downward more.