It's bait and switch time in Redmond. Microsoft wants us to know that there are some 2.2 million PCs in the the US taken over by botnets. Brazil is next, at 550,000. South Korea has the highest density, at 14.6 out of every 1000 machines enslaved in botnets.
These factoids are from volume 9 of the Microsoft Security Intelligence Report (SIR), covering the first half of 2010. It is based on data returned to Microsoft from various Microsoft anti-malware tools, such as their Malicious Software Removal Tool (MSRT).
At the same time, Microsoft released its largest security update in a long time, with some 49 patches. One is aimed at a vulnerability the Stuxnet virus exploits.
One side effect of using data from Microsoft anti-malware tools is that, by definition, non-Microsoft products are excluded from the universe of discourse. Non-Microsoft operating systems can be vulnerable to email and web site attacks.
The bait and switch is, as readers of this blog have no doubt already deduced, that alternatives to Microsoft programs are left entirely out of the discussion. The words "Firefox" and "Linux" are completely absent from the report. Whether this is deliberate policy, incompetence, or simply inadvertent error is irrelevant: Microsoft does not serve its customers well if it only discusses or recommends Microsoft products.
A corollary is that an administrator who relies entirely on Microsoft for security information is not serving the best interest of her organization.