US Reigns As Most Bot-Infected Country

Trailrunner7 writes "The US has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by Microsoft. The quarterly report on malicious software and Internet attacks shows that while some of the major botnets have been curtailed in recent months, the networks of infected PCs still represent a huge threat."

Microsoft Did the Report?

[DarkKnightRadick]

I'm sure they failed to mention the OS with which most infected computers are running. :p

Re:Microsoft Did the Report?

[DarkKnightRadick]

I take that back. Not only do they report which OS, but claim their count by how many computers their malicious software tool has cleaned. lol

Re:Microsoft Did the Report?

[shadowbearer]

  Which is only a small fraction of the real infections out there. I've cleaned thousands of infected computers since MS introduced that tool, and I've yet to see one which the tool dealt with adequately.

  (Don't bother to say "Yeah, but if it dealt with it, you wouldn't see the computer!" If they really believed that tool was effective, then Microsoft wouldn't include the warning "you don't appear to have an antivirus solution installed" in their security center warning, now, would they?)

SB

Re:Microsoft Did the Report?

Antivirus typically contains active monitoring preventing further infection of a flagged virus. MRT is no substitute for that. Probably it's not even a substitute for passive-scanning AV either, or it would take hours to run. I think it's more intended as an emergency tool to clean up widespread overnight threats, like Blaster, or for dangerous infections like keyloggers.

Re:Microsoft Did the Report?

[DarkKnightRadick]

No kidding. And every last one of them, I'd imagine, is running some form of Windows. It's actually quite scary. The fact that MS can spin this good for themselves and people buy it? Even scarier.

Re:Microsoft Did the Report?

[shadowbearer]

  I think it's more intended as an emergency tool to clean up widespread overnight threats, like Blaster, or for dangerous infections like keyloggers.

  Come on, now. Microsoft surely has the resources to write the best antivirus/anti-rootkit/anti-malware solutions for their own code.

  At the very least they could work with the community to close the holes they already have, and to develop better solutions to detection and mitigation.

  They rarely do (I know some will say that they do. If so, then why are there so many free and much more effective antivirus solutions offered by third parties? Why are there so many free and effective rootkit removal tools available - that actually WORK? I could go on and on... )

  The Emperor has no clothes.

SB

Re:Microsoft Did the Report?

[BrokenHalo]

Which is only a small fraction of the real infections out there.

Indeed. But what the submission doesn't mention is that while the US may indeed have four times the number of bots of its nearest "rival", it also very likely has four times as many computers in total. In other words, a fairly pointless non-statistic.

Re:Microsoft Did the Report?

I don't know what you're getting at. It sounds like you haven't heard of Defender or MSE, the latter of which is the best Windows AV solution currently available. Before that it was NOD32. MSE isn't best because Microsoft is great or anything, but because the AV industry is terrible at writing software, and because, as you pointed out, Microsoft is in the best position to develop an anti-virus product for Windows due to their close knowledge.

Re:Microsoft Did the Report?

[shadowbearer]

but because the AV industry is terrible at writing software,

  Oh, an astroturfer. What fun ;=)

  The solutions I use are what have proven to me to work in the field.

  Neither Defender nor the Microsoft Security Essentials do. I go with what works; what fixes the problems for my customers. That is how I make a living. My customers don't care to pay high dollars for to fix their problems; they aren't "business" accounts.

  Microsoft is in the best position to develop an anti-virus product for Windows due to their close knowledge.

  Jeez, I think I said that. Then perhaps they should fix their own operating system; or, at the least, provide solutions for customers who buy their operating system to do so, at no charge - they sold a product, then support it.

  Since they have not, it has fallen on third party vendors and outside technicians to do it for them.

  My sincere apologies if I refuse to bleed for them.

SB

Re:Microsoft Did the Report?

[shadowbearer]

  All statistics are pointless; because the numbers depend on who compiles them. Which is a small part of what I was trying to point out. ;-)

SB

Re:Microsoft Did the Report?

[shadowbearer]

...and many more computers running Microsoft products, as well.

  I'll probably catch hell for this here, but here's an example of programming stupidity that has irked me for a while, and I ran into when I tried to "friend" you (so that I'd see your posts, the whole reason for the "friend" modifier in the first place):

  You have over 200 friends and foes at the moment.

  Oh noes!!!!!!!!!!!

  I know it's an arbitrary number... but I haven't been able to friend/foe anyone for about five years now, because of that arbitrary limit.

  Note to Jamie: This is ridiculous. I know it's just a basic database limit, is there some reason you guys haven't upped this yet?

SB

Re:Microsoft Did the Report?

[CrossChris]

Come on, now. Microsoft surely has the resources to write the best antivirus/anti-rootkit/anti-malware solutions for their own code.

Nope. MS don't even understand the internals of their own NT kernel. There is no hope whatsoever of MS making "their" code secure - it just can't be done. Their only hope is to ditch all their products and start again - probably with a BSD or Linux core - and forget compatibility with their existing codebase.

Game over, Microsoft.

Re:Microsoft Did the Report?

Oh, an astroturfer. What fun ;=)

Yeah. Whatever. You can search for previous AV topics on /. and find a 90% consenting opinion that MSE is better than anything else. That is, if they don't go with nothing, because they're all basically crap.

I already said that NOD32 was nearly as good as MSE, and there are one or two others that compare relatively well (depending on your definition of relative).

Neither Defender nor the Microsoft Security Essentials do. I go with what works; what fixes the problems for my customers. That is how I make a living. My customers don't care to pay high dollars for to fix their problems; they aren't "business" accounts.

Well gee, since you provided such an exhaustive analysis of MSE in comparison to the other AVs, I'm finding it hard to respond.

Jeez, I think I said that.

I think you need to look at what I wrote again, because I clearly said that it was you who wrote it.

Then perhaps they should fix their own operating system.

Anti-virus products exist even on locked-down, virtualized devices like Android phones. It can't be "fixed." Many more holes and flaws can be quashed, but anti-virus will always remain while the user has control of the operating system.

or, at the least, provide solutions for customers who buy their operating system to do so, at no charge - they sold a product, then support it.

I'm getting the feeling that you haven't even tested MSE, because it IS free.

Re:Microsoft Did the Report?

[shadowbearer]

  Then don't post AC.

SB

Re:Microsoft Did the Report?

[Eskarel]

MSE is free, available on every OS back to XP and as from my personal experience and research actually works. They're certainly far better than any other free AV solution available and I've seen it pick up stuff which broke Norton, all without requiring an extra core just to run your AV program.

Not sure what the heck you mean about business accounts or high dollars since the app is free.

Re:Microsoft Did the Report?

[shadowbearer]

  I strongly disagree with you about it being better than external AV solutions; I haven't seen that it can fix much at all. I see numerous computers with it installed that are just plain hosed.

  As to the latter I am referring to the high cost of Microsoft tech support for the average home user. Last I checked it was 2 free incidents then $35 PER INCIDENT.

SB

Re:Microsoft Did the Report?

[Eskarel]

What does how much it costs to call Microsoft have to do with their AV? I also never said it was perfect, it won't stop an idiot who runs stuff they shouldn't, but all the other free options are worse, the pay ones are no better, and it doesn't kill your CPU running it.

You don't have to be some sort of elite product to be the best AV solution, you just need to find problems some of the time and use less resources than the malware.

Re:Microsoft Did the Report?

[mcgrew]

Subscribers get 400, which I found out a while ago when I tried to friend three people who friended me and couldn't friend them and mentioned it in my journal. One of them bought me a subscription! So now I have almost 300 friends, the same number of fans, no foes and almost 30 people who freak out when they see one of my posts.

If you have a lot of foes, make the least bad ones neutral to free up space for friending.

Re:Microsoft Did the Report?

[BrokenHalo]

If you have a lot of foes, make the least bad ones neutral to free up space for friending.

If you have any foes at all, maybe you should get out more. Over the last decade or so, I've come across posters with whom I disagree completely enough to nudge me to rank them as a foe, only to find a few months later that they are talking complete sense on another topic.

There's no reason why this forum has to be adversarial, and it would probably be better without this friend/foe claptrap.

Re:Microsoft Did the Report?

[mcgrew]

I agree about the foes (I have none), but friending someone does have advantages, such as being notified when someone with interesting journals posts a new one. I friend fans out of simple courtesy.

At one time I figured that the few foeing me were probably trolls, until I looked up a few of them and found that they were all good, contributing members. It's a mystery to me except one guy; there was a subthread where I mentioned that I stayed away from married woman but considered any unmarried woman fair game. A (I thought) pleasant conversation ensued, and he foed me the next day.

ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

Eat that China. You suck!

We're Number 1!!!

[Eightbitgnosis]

USA! USA! USA!

Re:We're Number 1!!!

[hairyfeet]

You know, you trolls are starting to piss me off. You know here in the USA we got TONS of other races yet all you say is "nigger nigger nigger" and "spic spic spic" and that is....well it just ain't fair! I mean sure, you throw in the occasional Jew, but what about us Micks? I haven't heard a decent Irish insult in ages! And where is the Italian and Native American jokes? This used to be a site with top notch trolls, trolls that really went that extra mile. THREE PAGE ass rape trolls written in the style of a Harlequin romance, or HUGE vulgar ASCII layouts that took real artistic ability. Now you just say "nigger" and think you have written a quality troll, it is just sad I tell ya. I'm sure the great trolls are hanging their heads under their bridges in shame.

As for TFA, before we get all those lame "ban windblowz LOL!" lame bits, as a PC repair guy that actually has to deal with these on a day to day basis? The OS is fine, has been since XP Sp2 as a matter of fact, it is the dumb as shit users that ruin everything! I don't know how many times I tell them "don't just download and run random shit from the Internet" or "Don't go opening email attachments or clicking links sent to you by people you don't even know" but do they listen? hell no! At least with Vista and 7 the new security features help somewhat to protect the OS from the PEBKAC, but I can tell you the two biggest sources of infection are 1.-people purposely installing malware because it came with some "free app" they wanted or a web page said "ZOMG! you got teh Viruzz" even though they have a working AV (which I swear I have seen them turn off because some app they are trying to install told them to) and 2.- Adobe Reader bullshit.

Linux or any other FLOSS would NOT magically fix that kind of stupid my friends, Lord I wish it would but it simply won't. These same folks if you stuck them on Linux would happily pass their root password to any and every app without a second thought, they simply don't give ANY thought at all. You'd think I'd be happy about this, but it makes me feel like the cave painter in "History of the World: Part 1" who has his masterpiece pissed on. I get enough work from referrals I'm actually very happy when someone follow basic best practices and doesn't need to bring me their machine all the time. But as TFA shows, for every 1 of those there are 10,000 that would give you their password for a cookie. it is just fricking sad man, just fricking sad.

Re:We're Number 1!!!

I haven't heard a decent Irish insult in ages!.

I'll speak more slowly then.

Re:We're Number 1!!!

[mcgrew]

what about us Micks? I haven't heard a decent Irish insult in ages!

Ok, here you go...

How many Irishmen does it take to screw in a lightbulb? Three. One to hold the bulb and two to drink until the room spins.

What's a seven course meal for an Irishman? A six pack and a potato.

If you go into a bar and hear a British accent, how do you tell if he's English, Scotch, or Irish? You wait until a fly lands in his beer. An Englishman will make a face and politely order another beer. A Scotsman will make a face, pull the fly out and keep drinking. An Irishman will pull the fly out and scream "SPIT IT OUT YOU LITTLE BASTARD!!!!"

BTW, one of my anscestors was born in Blarney Castle. I wonder if the troll you responded to was black, or Hispanic?

I read the TFA

[OzPeter]

But after a short glance I still couldn't see if this is a "per computer" basis for the country or simply a "total pwned" basis.

Re:I read the TFA

[Unoriginal+Nick]

The US is most in absolute numbers. In rate per 1000, Turkey has the highest rate.

Re:I read the TFA

[T+Murphy]

The actual Microsoft report has a map that is far more informative than the article itself. As expected, Brazil has a higher infection rate than the US, with the US only leading by gross number of infections. Of course, this data is just number of infections detected and cleaned- it isn't necessarily a complete survey. From the site where the map is given:

Figure 15 [the map] shows the infection rates in locations around the world using a metric called computers cleaned per thousand, or CCM, which represents the number of reported computers cleaned for every 1,000 executions of the MSRT.

The actual site is here if you want to get straight to the information (link is also given in the article).

Re:I read the TFA

[Jaime2]

Yep, "total infections" is as poor a number as "most stolen car". Sure, a Honda Civic is the most stolen car, but that's because it is the most popular car and does nothing to describe either the effectiveness of the loss-prevention the habits of Honda Civic drivers or how likely your Honda Civic is to be stolen. It doesn't even help you choose a new car, it's likely that the most theft-proof car is somewhere in the middle of the list because it is a high value target (otherwise why would the manufacturer invest so much in anti-theft technology) but theives tend to shy away from it (except the more sophisticated ones). BTW, the Cadillac Escalade is the "most likely to be stolen" car, and it isn't in the top ten most stolen cars. "Most stolen car" is probably most highly correlated to "most likely car to be owned by someone living in a high-crime neighborhood". "total infections" is probably highly correlated to "most hours spent on-line".

Re:I read the TFA

[hipwah]

They gave a child crayons to colour in this map. I don't believe it, I imagine they are seeking support for world domination, oh wait...

Re:I read the TFA

[orient]

The map is missing a continent! (Antarctica)

Re:I read the TFA

[war4peace]

You know what's insightful on that map? You see white spots. And then map those over real countries. Bang! There's North Korea, the most internet-free, Microsoft-free, infection-free country in the world! Also Sudan and Iran. Interesting...

Re:I read the TFA

[John+Hasler]

Seems more likely that those places are simply free of licensed copies of Microsoft Windows.

Re:I read the TFA

White just means "Insufficient data" - Green would be "no infection".

Re:I read the TFA

[Will.Woodhull]

It needs to be noted that Brazil has a much higher rate of use of Linux than the USA. It is certainly high enough to skew these statistics and might be high enough that, if it were taken into account, would cause Brazil to fall out of worst place.

Of course there is the notoriously difficult problem of assessing how many persons are using Linux, so there is probably no way to estimate the penetration of malware in all computers in use.

Re:I read the TFA

[socsoc]

Obviously the machines there must use OS X or nix.

Re:I read the TFA

[socsoc]

You had a good point and then went way off on a tangent.

Re:I read the TFA

Without Windows PCs, how would they get the data?

Re:I read the TFA

[hedwards]

Numbers that haven't been normalized are terribly uninformative. I'm sure that per 1000 isn't the best way of doing it, however it's a lot more useful than going with the gross number. Especially since the US is the 3rd largest nation by population behind India and China with Indonesia right behind us.

It would be almost impossible for us to ever be behind a nation like Switzerland which is substantially smaller than us, regardless of policies in place. Given that we've probably got more computers infected than they have computers period.

Re:I read the TFA

[c0lo]

From the point of view of a site under DDoS originated from a botnet, I don't think the "relative percentage of zombies to the total number of computers in a certain country" matters too much - a pwned computer is a pwned computer no matter if it is "one in two" or "one in 1000".

Re:I read the TFA

[Jaime2]

But how much juice does this topic really have? If somebody doesn't get us off on an interesting tangent, this thread will become nothing but a series of "Windoze" and tounge-in-cheek "Go USA" jokes.

Re:I read the TFA

Well, there are a lot of penguins in Antarctica.

Re:I read the TFA

[ralphdaugherty]

      There's the point about licensed copies of Windows involved made elsewhere in the thread, but besides the absolute count vs. rate point, the impression given is that a large number of bot activity emanate from US computers compared to other countries.

      There is other bot activity such as generating email or probing networks to infect other computers that I don't see, but I can tell you it isn't forum board spamming coming in large numbers from US computers. It comes from former USSR, China, and Brazil in quite predominant numbers.

      But then again, we're back to the legal/illegal copies of Windows and what appears to be Microsoft counting large numbers of legal copies of Windows in the US compared to other countries.

      I've seen this reported about relatively large numbers of US bots repeatedly and I just don't see that in my web logs over last eight years. Actually the honey pot IP address collectors would be much more accurate sources of this data in my opinion. This particular source and method from Microsoft is, in the words of several posters here, next to worthless.

      If the honey pot collectors are also saying that relatively large numbers of bot type activity is coming from US IP addresses compared to other countries such as former USSR and China, then I would have a hard time understanding it. I would have to look at the data, because I haven't seen that in my experience.

  rd

Re:I read the TFA

[lxs]

Yeah but bonus points for using a car analogy.

Re:I read the TFA

[ginbot462]

I notice viruses don't cross over into Canada. The border guard is doing a great job not allowing export of a military grade infections. That, or the mounties and socialized medicine are doing great jobs at protecting computers.

And that is amazing since MS is so prevalent in Canada.

http://www.cbc.ca/health/story/2008/09/18/f-multiple-sclerosis.html

I Blame WindowBUYTIXNOW4SALE

[WillAffleckUW]

I blame Window#BUY TIX NOW 4 SALE only $19,99 in America dollar! Extra fine speci4l sauce extra.

You give gold, please.

Re:I Blame WindowBUYTIXNOW4SALE

[aliddell]

Mods: Read this.

Scraping the bottom here

[oldhack]

At least throw in some off-the-wall super-twisted headline. How's a post like this supposed to generate views and comments other than tired old rants like this?

Quick Question

[Monkeedude1212]

How many computers total are in the US compared to other countries of the world?

Simple counts don't cut it in the real world of statistics.

I bet 100% of Canadian computers could be infected and we still might not beat out the US. Considering the Population of California alone is greater than our national population (or at least it was last time I checked).

Re:Quick Question

[tacarat]

Real statistics don't cut it in the world of headlines.

Re:Quick Question

I agree that a more interesting figure is per-capita infection.

And you could refine it just a little more and get per-installation infection rate. The US is a wealthy and populous country, so its pretty natural that there would be a lot of computer users here.

And then probably there are more Windows users here due to the wealth thing again. (More viruses on Windows.) I don't think its so much because Windows is costlier (it can be pirated), than that the US had a large number of Windows users in the 90s, compared to say... India, a country just getting serious about computing. So Windows became entrenched before a lot of other viable O/S options became available.

Re:Quick Question

I bet 100% of Canadian computers could be infected and we still might not beat out the US

Why didn't that sentence confuse you?

Re:Quick Question

[aliddell]

You might want to reread OP and think about what you just said. There might be some very basic between-the-lines, but I bet a good solid second glance would clear it all up for you.

Re:Quick Question

[martin-boundary]

Simple counts don't cut it in the real world of statistics.

Huh? It entirely depends on what the statistics are being used for. Simple counts are useful when the amount of activity is proportional to the population size.

For example, with a botnet, it's the absolute number of bots that matters, because the bots in a botnet are interchangeable (it doesn't matter where they're located, or what processor they're running, etc).

So if you're going to propose botnet solutions on a per country basis, then you want to know which country has the greatest number of active bots, not the country which has the greatest percentage of infectected computers.

Re:Quick Question

Having a problem with complex thoughts expressed in two sentences, are we?

Re:Quick Question

[c6gunner]

So if you're going to propose botnet solutions on a per country basis, then you want to know which country has the greatest number of active bots, not the country which has the greatest percentage of infectected computers.

Um, no. That only works if your "solution" is to sever the affected country from access to the internet. Otherwise you still care more about percentages, because as the percentage level decreases your efforts to combat the problem quickly run afoul of the diminishing returns.

Re:Quick Question

[SkeeZerD]

Isn't Canada just another state? I thought canadians were just americans trapped under the maple leaf.

Re:Quick Question

[hedwards]

I'm not sure that's true. In China they don't pay for licensed copies of Windows. It's been so bad that MS has had to introduce a cut cost version for the Chinese market. Makes me wonder why on Earth we have to pay the full cost when other nations get the same product for basically nothing.

For years before he stopped being CEO, Bill Gates was obsessed with getting the Chinese to pay for Windows.

Re:Quick Question

[c0lo]

How many computers total are in the US compared to other countries of the world?

If your site is under attack from a botnet, do you care much if a zombie is Canadian or in US?

Re:Quick Question

[cbiltcliffe]

How many computers total are in the US compared to other countries of the world?

If your site is under attack from a botnet, do you care much if a zombie is Canadian or in US?

Well, I much prefer the overly polite Canadian zombies, myself....

Re:Quick Question

How many computers total are in the US compared to other countries of the world?

I don't know how accurate this is, but it is claimed to be based on numbers collected by the world bank, if so it should be a reliant source.

I'm kind of suspicious about the numbers from Scandinavia though. In my experience most homes in these countries have at least one personal computer (more than one if old ABC, Commodores, Ataris and other computers from the 80s count) and almost all workplaces have more then one PC per employee (even in the lunchroom of the garbage collectors), there are also lots of public computers in public libraries, senior clubs, youth clubs et.c.. So I would have guessed there where a lot more then one PC per capita. Perhaps they mean PCs that is switched on per capita ;-)

Cyber Defense

Our Federal Department of Cyber Defense is as effective as tepid jello against spammers and spambots.

Re:Cyber Defense

[ThePawArmy]

Hmmm tepid jello....

Re:Cyber Defense

Now *there's* a fetish!

Re:Cyber Defense

[couchslug]

"Now *there's* a fetish!"

And he's not alone...

Re:Cyber Defense

[hedwards]

Well, at least he's not fucking the pie. We can easily get more Jello, but god damn it, that pie was for dessert.

Re:Cyber Defense

[LordAzuzu]

Jerking, already? ;)

True measure

[__aagmrb7289]

This report is not a good measure of anything. It only counts botnets cleaned by Microsoft's program, and it doesn't talk about infections per capita. It measures nothing, and is pretty close to useless. Yay. Okay, that's not totally fair - there is useful information in it. But the article has very little of that information, and the summary has none of it. Now, yay.

Re:True measure

[Arrogant-Bastard]

Absolutely true -- any estimate of total botnet populations that isn't in excess of 100 million can safely be disregarded as the product of either (a) poor methodology or (b) creative public relations.

Moreover, since these statistics are allegedly based on the number supposedly cleaned up, they've severely biased toward "systems which happen to have the appropriate cleanup tool installed AND which happen to have malware that the cleanup tool knows about". Given that the bad guys have copies of the cleanup tool as well, it's certain that they've undertaken significant engineering effort to craft their malware to avoid it.

The only things we really know about bots at this point are (a) they're already epidemic (b) there are more every day (c) no effective countermeasure exists (d) botnet disruption does not remediate bots (e) botnet C&C mechanisms are improving continuously and (f) we are approaching the point in time where any Windows system, chosen randomly, will have a 50-50 chance of being a bot.

Re:True measure

[doesnothingwell]

...the article has very little of that information, and the summary has none of it.

The first rule of Slashdot.

Re:True measure

[__aagmrb7289]

Hear hear! Well said sir!

this

[buddyglass]

Exactly. Here are Microsoft's statistics after computer prevalence is taken into account. Quote from that page:

Among locations with more than 200,000 executions of the MSRT in 2Q10, Turkey had the highest infection rate, with 36.6 computers cleaned for every 1,000 MSRT executions (CCM 36.6). Following Turkey were Spain (35.7), Korea (34.4), Taiwan (33.5), and Brazil (25.8). All have been among the locations with the highest infection rates for several periods.

Locations with the lowest infection rates include Belarus (1.3), Bangladesh (1.5), Sri Lanka (1.8), Tunisia (1.8), and Morocco (1.9).

Given the very low infection rate of most of Africa, though, something tells me Microsoft's "CCM" metric may not perfectly reflect real infection rates.

Re:this

1) The highest country had only a 3.66% detected infection rate. I think this really shows how ineffective the malware removal tool is. Judging by the non IT run computers that I come in contact with, approximately 100% are filled to the brim with toolbars, random processes, and odd start up programs. 2) Africa's number is only so low because you can't cure AIDS.

Re:this

Given the very low infection rate of most of Africa, though, something tells me Microsoft's "CCM" metric may not perfectly reflect real infection rates.

That's because Africa is famous for Ubuntu.

Re:this

[tlhIngan]

The highest country had only a 3.66% detected infection rate. I think this really shows how ineffective the malware removal tool is. Judging by the non IT run computers that I come in contact with, approximately 100% are filled to the brim with toolbars, random processes, and odd start up programs.

Except, it isn't.

MSRT (Malicious Software Removal Tool) is NOT an antimalware/antispyware/antivirus solution (Microsoft's version of that is called Microsoft Security Essentials). MSRT is a small tool run once every Patch Tuesday to remove what Microsoft deems extremely bad.

It does not remove anything else other than the few bad things it's looking for - you can compare antivirus scanners and the like against how many they catch (10s of thousands), and MSRT really targets under 100 or so per month - the ones that seem to cause the most crashes and the like that come in via the crash reporter. It's a very targeted antimalware tool, and has been credited with crippling botnets in the past when come Patch Tuesday, vast swaths of computers suddenly have the botnet removed quite ungracefully.

MSRT predates MSE (and OneCare) and was used as a way to get rid of particular pieces of malware for a few years now. It's limited because it's free and comes automatically (if you have updates enabled), so Microsoft has been very careful with MSRT to not trample on anti-virus sellers by not making it run all the time (it runs at most once a month) and not having a comprehensive antivirus database (it only targets the few Microsoft deem worthy). It's also why you have to install MSE yourself - it will never be bundled with Windows (anti-trust).

Numbers...

[citoxE]

The reason more Americans are infected is because of the sheer amount of computers we have. As others have noted, it's really the percentage per 1000 that are infected that really count. I would bet that most people nowadays have more than one PC in their home, so the statistics are skewed if no one is playing by the same rules.

Re:Numbers...

[Tanktalus]

How about those of us running multiple VM's on a single box? I'm sure that skew is being ignored, too :-P

Re:Numbers...

percentage per 1000

Idiot

Re:Numbers...

Yes, also helps that Americans are becoming more retarded day after day so they will even pay to hit the monkey and buy a suscription to Antivirus 2010 or buy v1agr4 or send money to a nigerian prince.

news spin 101: "zomfgbbq we have more computors so we got moar virii lolololololo oh look a Cialix email!"

FAILmericans make malware industry profitable. News at 11

IT staff

[NetNed]

Could it be from the down playing of hiring a proper IT staff that actually knows what they are doing, or paying a professional that knows how to properly remove and repair things? Sure most reading this know to run scans of up to date tools to remove infections on PC's, but in my experience most put up with it till performance is to the point of crippling the PC or network. Then a outside IT is called in and sometimes is treated like they are somehow to blame for the issues they are experiencing and try and use that as an excuse for not hiring a real IT person that actually knows what security is about. Of course this is for smaller sized business, but I have seen things as stupid as this in larger sized companies that think they are really saving something by having a secretary or high school kid run their network.

Re:IT staff

[david.emery]

It's clear from my experience that you need a competent IT staff to run a network of Microsoft machines.

It's also clear from my experience that a reasonably intelligent group of Mac users do NOT need the same level of help. That's not to say they never need "professional experience," rather to point out that a single trained Mac IT support person takes care of a LOT more installations than a trained Windows IT support person. In the company I used to work for, I think that number was about 25-1; there were 2 Mac people supporting an installed Mac user base of several hundred in a department of, I don't know, 25-50 maybe for a Windows installed base of several thousand. Now some of those people did servers, routers, etc, and not just desktops.

Running a server, whether Windows, Mac OS X Server or Linux, requires a deeper level of training, experience and time investment.

Re:IT staff

rather to point out that a single trained Mac IT support person takes care of a LOT more installations than a trained Windows IT support team.

FTFY

Re:IT staff

[sirsnork]

So, let me get the striaght...

It takes 2 people to take care of about 200 Macs, and ~30-35 people to take care of 2000 Windows machines, of which some are servers, and you admit some of those take care or network/firewall/routers etc. To me that looks like your desktop support people are almost exactly equally distributed between Mac and Windows, about 1/100 with the rest of the Windows guys running the servers and the network.

Honestly I'd say those numbers are pretty good overall from a machine per tech point of view.

I deal with both Windows and Mac's and unless you have insane automation and reporting (which is pretty much impossible in a mixed environment) thats about the numbers you have to run. Mac's are no easier to manage in large numbers than Windows machines. both give you tools to manage them and both can be screwed up just as easily by the user. The only real problem with Windows boxes is when apps that aren't written well require an admin account to run

Looks like a job for batman

[hipwah]

nah-nah-nah-nah-na bot-net...

US Reigns As Most Bot-Infected Country on Web

[BudAaron]

So can someone explain why this is news? Sounds more like it reflects the number of computers in the country!

Re:US Reigns As Most Bot-Infected Country on Web

[ColdWetDog]

So can someone explain why this is news? Sounds more like it reflects the number of computers in the country!

Look, as an American, it feels good to be the bestest at something for a change. We're desperate, we'll take anything.

Threat? What threat?

"...PCs still represent a huge threat." Yeah, that some threat. How long have networks across the world been "vulnerable"? Well, since PC's with their swiss-cheese OS's have been on the internet, right? And yet, apparently no crooks, terrorists, evil government intelligence agencies, or even basement-dwelling script kiddies have launched the big OMGITSBOTNETARMAGEDDON attack that will fell governments, destroy the global economy, etc., etc... My question is, what are the evil-doers waiting for? Let's get this "cyber-war" going already. That is, unless this "threat" is just so much fear-mongering in order to justify more billion dollar government contracts going to the military-industrial-surveillance complex.

What Do You Expect?

[sexconker]

We (and by "we" I mean "they") elected CampaignBot 5000 as our president. Of course they're going to take over.

Not surprising

PCs were sold as appliances, at an affordable price point, in a country possessing enough disposable income, to a population that (for the most part) gave up on the concept of personal responsibility twenty years ago and now they're being used as tools by criminals from poorer countries. /yawn

Re:ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

YEAHH FAILmerica is teh ROCKXORKZ!!!

In other news

[MintOreo]

China gave birth to 4 times as many babies as the US in 2010, so obviously they just love making tons of babies over there.

Why can't we fix this?

[Pathway]

Forgive my ignorance on the subject matter, but why can't we fix this?

Is it because the infected machines have no anti-virus or anti-malware? Would a free AV program installed on the maxhine fix the problem on an individual machine?

Is it because it is too hard for most AV programs to detect a Bot?

Is it because there are too many older computers that don't have a supported AV solution?

Could a free AV check on the most popular homepages (google.com, yahoo.com, live.com, etc) inform users that they are potentially compromised? This would only check to see if an up to date AV program was installed, not a full AV check...

Is it something else all together? Do we even know?

Thanks for helping me understand the problem.

--Pathway

Re:Why can't we fix this?

[hedwards]

The main reason is that we just have more boxes than any other country. But beyond that it's primarily and issue of ignorance in the people using the machines. Our users aren't the worst in that respect, but they could use a lot more education. I've personally not ever had any trouble, but then again, I run anti-malware protection and a sandbox and I'm mindful of where I go play.

Re:Why can't we fix this?

[shutdown+-p+now]

The problem isn't cleaning up the malware, the problem is preventing it from getting back there shortly afterwards. No anti-malware tool will help if the OS permits applications to run outside the sandbox - even if it asks for user permission to do so, casual users will happily click on "yes" the requisite amount of times to see the promised boobs (or whatever). The only true fix is iOS-style walled garden where the OS does not let the user make security decisions at all (and hence make mistakes about them), so be careful what you're asking for.

National Reformat Day

[The+Living+Fractal]

Seriously, this should be a holiday or something... when everyone reformats and goes back to a clean install. Good bye botnets, at least for quite a while...Too bad, as a species, we don't seem capable of this kind of synchronization.

Re:National Reformat Day

[Merls+the+Sneaky]

Too bad, as a species, we don't seem capable of this kind of synchronization.

Actually as a species we are quite capable of synchronisation, the problem is people only synchronise of trivial bullshit EG: sporting events.

Re:National Reformat Day

[hedwards]

Humans are predominantly a herd animal. Most people want to do whatever other people are doing and it's really scary once you start to notice it. One of my friends used to volunteer for campaigns and one thing she'd be responsible for at times was starting the applause. Which meant being doing the first three or four claps that started everybody else clapping.

I wasn't there, but I have observed the phenomenon myself and I don't think that there's any way of looking at it which isn't terrifying.

Re:National Reformat Day

[southpolesammy]

All work and no play makes Jack a dull boy....

Seriously /.'ers, there are people out there that don't consider computer maintenance as a fun thing to do. I know, it's blasphemy, but variety is the spice of life.

Re:National Reformat Day

[The+Living+Fractal]

Yes, did my statement "this kind" not attempt to say that?

Any figures on Mac or Linux botnets?

[jbeach]

Not flamebaiting, just actively curious.

Wrong headline, wrong RTFA

Sorry to disappoint the USA #1 fans, but it should have read: The U.S. has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by Microsoft, until Microsoft's malicious software removal tool cleaned up said computers so those stats are no longer valid.

At the risk of sounding like an asshole...

if they're counting by the number of executions of the clean-up program, couldn't the numbers reflect greater awareness of infection (more paranoia) for Americans?

Re:At the risk of sounding like an asshole...

[aiht]

No, because they're actually counting number of infections cleaned.
They also give it as a percentage of the number of executions, but that would go down if a country had more executions of the tool.
Also, the tool runs itself once a month. Is there any way to run it manually?

Re:ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

[clarkkent09]

Not so fast. Looks like the main sources of data are MS security tools like Windows Defender, MSRT, Microsoft Security Essentials etc which are available only if you have a licenced copy of Windows. As far as I know there is no such thing as a legal copy of Windows in China.

F*cking Bots, How Do They Work?

[hoggoth]

I am so sick of my mother's computer getting owned. Lay off the warez and porn sites ma.

What the hell can I do so she'll stop calling me for tech support when her computer starts acting like Robin Williams on crack every other week?

Re:F*cking Bots, How Do They Work?

[cbiltcliffe]

What the hell can I do so she'll stop calling me for tech support when her computer starts acting like Robin Williams on crack every other week?

Next time you show up to fix it, act like Robin Williams on crack.

Re:F*cking Bots, How Do They Work?

[s_p_oneil]

Here are a few options:

1) Don't give her an admin account. If she's using XP or higher, give her a "guest" account. She won't be able to install anything, but that's a good thing the next time she clicks on a trojan or visits a web site that tries to silently install something. She'll still get viruses, but if they can't break out of her user folder, they can be cleaned off by simply logging on as the administrator and renaming her user folder (so you can move her documents and favorites to the new user folder after it's created). This won't stop every virus, but it has worked perfectly so far with my wife's PC. I even gave her the admin password so she can install things when she needs to, but she doesn't know how to actually log in as the admin.

2) Windows Home Server. If you have the extra machine and disk space, it can back up your entire hard drive and track changes daily. If you get a virus, you can roll the entire system back to any previous date. I have a co-worker who set this up at home and for some of his relatives, and he swears by it.

wth /. wth.

[The+Hatchet]

COMMON GUYS! This is a website that is *supposed* to consist primarily of intelligent people and nobody asked the important question, or pointed out the moronic flaw!

Of course the US will have the highest absolute number of infected computers, we have the highest number of computers period! This is only relevant if we have the highest PERCENTAGE of infected computers. if 10% of our computers are infected and 100% of canada's computers are infected, we still probably have a lot more infected computers than canada, despite better upkeep.

That being said, I don't doubt that we also have the highest percentage of infected computers, I am just flabbergasted something so incredibly stupid and meaningless would be posted to slashdot when any moron that passed middle school math class should know why this article is totally meaningless, but simply by switching from descriptions in absolute terms to description in percent infected terms, the article would all of a sudden actually show that americans suck with computers or are targeted more frequently. Right now all it is saying is that we have more infected computers than anybody else. Well that's fine and dandy, I suppose you are going to tell me that China has more cases of the flu than the US does too? I mean, sure they have several times more people than us, so even if they had double the flu cases they would still be healthier per capita than us. You just need to say they have twice as many flu cases per population than the US, and it suddenly becomes a glaring scar on their image instead of a meaningless rant about irrelevant bullshit.

And really, i am always the guy attacking people who inject excess sense into a conversation gone terribly astray, but this doesn't even have a baseline of sense to which an excess can be added.

Also, most of the posts are just pointless nerd culture which speaks nothing of intelligence simply that you watched star trek instead of football. Really the both of you are the same unless you can say something important and they can't. And when you lose the ability to say something important, like a per capita comparison of issues between cultures instead of ranting about how your country has more penises just because it has a higher number of total men, then you are no longer any more intelligent than even the dumbest jock. What is nerd culture worth if you are not being nerdy but totally retarded, ranting about pointless bullshit like how hot your quarterback/sci-fi character is?

Re:ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

Wrong. All the tools are available for a copy of windows that passes the "genuine advantage" check, which practically all available pirated versions do.
This is due to the grub-based loader which boots a vista/win7 box while emulating certain OEM code values in the bios, making the OS indistinguishable from a legit OEM copy.

Makes sense

[Rysc]

There are a lot of privately owned Windows boxes in the USA that have fast internet connections and excessive amounts of CPU and RAM. This combination is surely juicier than the kind of specs and connections and (importantly) volume you can get in most other places. I would be shocked if first-world countries with large tech sectors were not the biggest source of compromised computers.

Re:ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

[DarkXale]

Unless you apply the wrong update.

Be thankful: They keep YOU working...

"as a PC repair guy that actually has to deal with these on a day to day basis? The OS is fine, has been since XP Sp2 as a matter of fact, it is the dumb as shit users that ruin everything!" - by hairyfeet (841228) on Wednesday October 13, @07:50PM (#33889034)

See subject-line above, first. Secondly, if they were NOT around, you'd probably have to do some other type of work, because of a LACK OF WORK. I know myself, first hand, because I started out in this field professionally in 1993 as a PC Repair Tech, & the volume of work was not NEARLY what it is now, and why? VIRUS/WORM/TROJAN/SPYWARE (malware in general) "infections/infestations". I did a year++ or so of this type of work again in 2005-2007 because of outsourcing/offshoring (programmer/analyst profesionally since 1995 in fact up to 2005 when things started "drying up" programming jobs opportunities-wise around here really badly, worse than during the "dot-com" bubble burst circa 2000-2002)... what was a good 90% of my day?

Removing malware infestations.

Hell, even before I took the job, I was at a PC Repair shop around my home picking up a spare case to mount a mobo into to put up a 2nd system here, and I saw the owner doing malware removals & I asked him a question:

"How much of your day does this type of work in malware removals take?"

He told me "It's a GOOD 90% of my daily business in fact, I love it, because it keeps me PAID!"

There are times in fact, that I strongly suspect that those creating these malwares &/or even botnets are in fact, COMPUTER TECHS/PROGRAMMERS/NETWORK ADMINS themselves (look at the complexity of some of them internally, and it only bears it out that many are no longer just "script kiddies", but real hard-core pros in the fields of the computer sciences).

Funniest part of that last thing I said is this - it's just like the "war on drugs": Sure, there is law enforcement to try to "stop it" but, do they REALLY want it stopped? Hey - you stop drugs, you stop THEIR JOB TOO! Wouldn't make sense to "kill drugs 110%" because there goes your law enforcement job "raison d'etre"... lol, then also? You had the CIA themselves get caught importing cocaine into the USA not too many years back also, merely reinforcing my points here via analogy!

Re:Be thankful: They keep YOU working...

[hairyfeet]

Actually I try my damnedest to make sure they WON'T come back. Why would I do that and cost myself business? Simple. I've found that by making the machine as "idiot proof" as possible my business more than quadruples thanks to referrals. people just love to help their friends and family, and when you make their PC a joy to use they are quick to interject when they hear someone having a PC problem "oh you should just take it where I took mine! It runs great now and is hassle free!" I used to have long arguments with my former boss over this, who was of the "busted boxes bring more business" mindset, and where is he now? He retired and his shop closed down.

So there are those of us who are quite happy to see a person only once, because we know we'll be working on their (insert sis, cousin, brother, uncle)'s machine soon enough. Through the right combo of free programs I've managed to cut down the infections among my customers by a good 70-80%, and I try to have as much of the PC maintenance process automated as I possibly can. Defrag, registry and shortcut cleaning, Windows updates, etc. Sadly I haven't found a tool to automate the third party programs yet, the closest I've found is FileHippo Update Checker, but that requires manual download and install after it scans. But by automating the process as much as possible (as I tell my customers "I do the hard stuff so you never have to") I make their PCs as close as I possibly can a "flip the switch and go" appliance, and they are happy to send their family and friends to me as a result. It also builds quite the customer loyalty, and with 2 other shops in town I still had a pile of new machines to work on when I came back from vacation because many wouldn't allow anyone else to touch their PC.

And as for repair guys writing the bugs? Not happening unless there are a LOT of pissed of repair guys in Eastern Europe, because watching the boards and looking at traffic on infected machine that is where ultimately many of the bots are being controlled. No most of the bots are being used to push fake penis pills, not push towards getting the PC fixed. If it was repair guy they wouldn't try to make the infections so hard to detect, as that makes it less likely they'll take it in to get fixed. A scary scenario was described to me by a friend in the state crime lab last time I was in the capital a few months back and we had lunch though. He said more CP scumbags are starting to learn bots so they can hide and sell their CP scum without having it on their personal machines. He predicted in a couple of years that many of their traces of CP will end up coming back to some grandma's PC that got infected with a backdoor and a couple of hidden CP folders encrypted on the drive. Nasty huh? I'm just glad the worst I've ever seen on a client's machine was one girl who I swear had dildos big enough she should have had a gun rack for the things LOL!

I think you misunderstood my point, but...

"Actually I try my damnedest to make sure they WON'T come back." - by hairyfeet (841228) on Thursday October 14, @12:54PM (#33896504)

Agreed, 110%, and... well, you SHOULD, as it is "the right thing to do" and quality work... Fact is, I've even had a FORMER employer of mine even give me shit over doing that level of work for customers!

Especially on educating users or turning folks onto freewares to do the work themselves even (rather than selling them on a commercial ware that doesn't really do any better of a job than a freeware would & sometimes, worse (e.g. -> Combinations of ComboFix, SpyBot 'S&D', and AVG (or other freebie antivirus))

OR

Even when I show folks how to use a HOSTS file to make it impossible (or rather, FAR LESS POSSIBLE) for them to hit known bad sites or servers that serve up such bogus machinations as malwares... I am a HUGE believe in "layered security" is why...

---

"Why would I do that and cost myself business? Simple. I've found that by making the machine as "idiot proof" as possible my business more than quadruples thanks to referrals. people just love to help their friends and family, and when you make their PC a joy to use they are quick to interject when they hear someone having a PC problem "oh you should just take it where I took mine! It runs great now and is hassle free!"" - by hairyfeet (841228) on Thursday October 14, @12:54PM (#33896504)

I agree completely... some of them? You NEVER see again, as they listened & learned by what you tell them!

However, as I am sure you know? Well, there's always "the old faithfuls" I was speaking of that keep you working man (me too) - they'll "f-it-up again", sooner or later, somehow... & thank goodness for them!

Even if you try to "educate" them vs. say, for example, scripting & HTML emails... they like the "pretty pictures though" lol, man... what can you do? You can't force a person to NOT waste his monies after all! He wants to come back for something an "ounce of prevention" would have cured? He or she is FREE to do so... I make monies from it!

---

"I used to have long arguments with my former boss over this, who was of the "busted boxes bring more business" mindset, and where is he now? He retired and his shop closed down." - by hairyfeet (841228) on Thursday October 14, @12:54PM (#33896504)

Oh, same here with a guy name David Milman: He gave me shit and said "You're doing TOO MUCH for them" even though I had the highest "kill ratio" vs. malware in that shop for a year... and I never missed, ever, on removing malwares of ANY kind!

(How? Well, because when you come right down to it, even with "unknown malware"?? There's always process explorer, recovery console, or even a Linux distro to help you burn them out, OR worst case, backup their data & reinstall etc. - you know the drill here I am sure, & I covered that in a security guide I wrote years ago (url is in here in this reply somewhere in fact)).

---

"So there are those of us who are quite happy to see a person only once, because we know we'll be working on their (insert sis, cousin, brother, uncle)'s machine soon enough." - by hairyfeet (841228) on Thursday October 14, @12:54PM (#33896504)

I think you misunderstood me, especially the more I read this: I meant do AS GOOD A JOB AS POSSIBLE, even go "above & beyond" & try to EDUCATE the user vs. what they're into that's causing their hassles with malwares... but, my point? Well, sooner or later, they many times DO mess it up, again (and again, lol, etc.).

---

"Through the right combo of free programs I've managed to cut down the infections among my customers by a good 70-80%, and I try to have as much of the PC maintenance process automated as I possibly can." - by hairyfeet (841228) on Thursday October 14, @12:54PM (#33896504)

Re:I think you misunderstood my point, but...

[hairyfeet]

Hi! I just read your article, good read and follows many of the best practices I try to drum home to customers. As for CP? It is child pornography. I am friends with a buddy that runs a task force at the state crime lab. He keeps trying to recruit me because I'm good at rooting out data....but HELL NO! There ain't enough brain bleach in the world to get that crap out of your head! Like I told him "there is no way in hell I could sit calmly in that box while staring at the scum who I know for a fact was messing with his kid because I saw the pictures". No way. But he says they are already beginning to see when they trace down a source of CP instead of the source or a lead to it some poor Joe that got infected by a bug and now has a backdoor CP server running on his box via bot. Nasty.

And sure, I'd believe some playing with them for fun, just to see how they work. For years I ran a honeypot just to see what nasties the old thing would pick up and to learn which tools did the best on cleaning it. I just meant that other than a few that are assholes (which there is ALWAYS at least one asshole in ANY job, ever notice?) that most guys are honest Joes. The PHBs on the other hand can be real jerks. The "more infections is good" attitude is seen too much at places like Worst Buy, which when I worked a shop near a Worst Buy we spent half our time cleaning up their messes. NO patches, autoupdates turned OFF, just real shitty work. Now they charge for applying iPhone updates and for "optimization" which is just removing the crapware with a script! Nice guys that bunch.

As for doing it right? I'm an old southerner and was raised to take pride in my work and to do an honest day's work for an honest day's pay. I'm never gonna make the money a worst buy does but then again I'm not trying to push granny into a quad core either. I'd rather sleep well and know my machines will be purring like a kitten than be a douche. You're right that some customers never learn. I got a good example "Mr Brown" who is a hell of a nice guy, but know just enough to be dangerous. I'm sure you've met the type. He'll be bringing his PC over tomorrow because he decided to "clean the programs and registry for a speed boost" and borked the sound. Sigh, and of course Mr. Brown didn't bother making a restore point beforehand. But on the flip side I met a sweet gal online when I helped her through getting her pictures back after a nasty bug. We have been together for nearly 2 years now and we switch off spending weekends at each others places. This weekend she is taking time off to spend the whole week. So being a nice guy DOES pay off now and then ;-)

And I agree on the tools, including LiveCDs and Process Explorer, although I personally prefer Comodo over AVG as it uses less resources. Another good one if you can find a download on the net is "the computer repair toolkit V2" which a bunch of FOSSies had a fit because they were actually sharing FOSS tools instead of forcing them to go to a dozen different websites (WTF?) but it is easy to update it to the latest and is a hell of a tool to have. Just drop it on a $5 4Gb flash stick and you have the tools to fix most of the major "uh ohs" like TCP/IP stack problems as well as the usual bug removal. Has all the tools for checking networks as well as being easy to add your own stuff to. Give it a try as it is a great Swiss Army Knife to carry around on your keychain. I also use Spywarebalster to automate updating the HOSTS file, as I've found that is easier to teach folks than how to manually update HOSTS or go get a new one when new nasties come out. Like I said the only bitch is I can't find a way to automate third party programs. I've found Ninite works great on initial installs, but you really have to do updates yourself. Maybe after Xmas I'll buy a subscription to Ninite and see about setting up a local server using a Ninite front end where I can just point the customers towards it and use Task Scheduler to check every week

Re:ALL RIGHT !! USA NUMBER 1 USA! USA! USA! USA!

[sharkbiter]

slmgr -rearm

keep using Windows...

[perles]

This is the best Microsoft achievement. Keep running Windows ...