Win 7's Malware Infection Rate Climbs, XP's Falls

BogenDorpher writes "Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010, while the infection rate for Windows XP has dropped by more than 20%."

And this is a surprise?

[black6host]

What would one expect as usage of XP decreases and Win7 increases?

Re:And this is a surprise?

[Khoa]

What would one expect as usage of XP decreases and Win7 increases?

The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

Re:And this is a surprise?

That's odd, I don't see it controlling for more people with a complete lack of computer skills switching operating systems.

Re:And this is a surprise?

You, good sir, do not understand how percentages work. At all. XP installed base is probably much bigger than Win7, so 20% XP may be > 30% Win7. Also, it is interesting to see this, as it gives you an estimate of how much and how fast hackers target a new OS based on installed base.

Re:And this is a surprise?

Without any evidence to back my statement up, I would make the assumption that more XP machines are in a corperate environment and more Win7 machines are in a home environment. Corperate environments are usually controlled and less likely to get malware.

Re:And this is a surprise?

You can't just add and subtract percentages unless they're percentages of the same number. I don't think the number of Windows 7 systems is equal to the number of Windows XP systems.

Re:And this is a surprise?

[John+Hasler]

The changing usage rate will also drive malware authors to concentrate on Win7.

Re:And this is a surprise?

[Dthief]

yes, but fewer are making malware for XP, because of the lower usage and move to Vista & 7 so although the numbers are normalized, the obvious trend of people focusing on the more popular versions to infect is exactly what one would expect "as usage of XP decreases and Win7 increases"

Re:And this is a surprise?

[Missing.Matter]

While the article says that the number of Win7 infections have gone up while the number of WinXP infections has gone down, the infection rate on XP is still higher at 14 per 1000 compared to 4 per 1000 in Win7.

Re:And this is a surprise?

[fuzzyfuzzyfungus]

Depends on how OS agnostic the malware is: For basic trojan/social engineering style stuff, I would tend to expect that anything designed to work with 7's somewhat tighter security structure would also work with XP. Only for things that require exploits specific to particular versions would a focus on 7 be directly protective of XP.

I suspect that the fact that 7 now means "home user" while XP is increasingly the domain of control-freak corporates has a lot to do with it.

Re:And this is a surprise?

Nor does it account for malware authors tailoring their crap for Win7/Vista instead of wasting time on XP.

FWIW, XP infections tend to be far worse than the stuff that does get on Win7 and Vista. Nasty rootkits/viruses exist for both, but XP has its system files hijacked much more frequently, it seems. Most Win7/Vista infections I come across are just fraudware. Still annoying, still not a good thing by any stretch of the imagination, but at least they are easier to clean up.

Re:And this is a surprise?

[kevinmenzel]

You're assuming that the OS is the biggest hole. It's not. The USER is. No amount of protection will stop malware instalation that the user initiates. If they want to see that video their friend posted on facebook of Osama being shot, they damn well will do whatever they need to. What's that? New video codecs are needed? OK download this, install as admin... Do you seriously think the same thing couldn't happen on Linux? Or OSX? "You must download this file and type sudo blah blah blah at the console..." So long as the user has administrator access to their machine, they are the biggest attack vector. You can solve this problem in two ways. A) Walled garden. So, for instance, iOS. Because - by design - the user isn't intended to admin their iOS device - an exploit first has to be found that specificially allows the user to admin the machine as part of an attack. These vectors exist, but there aren't as easy to exploit as if the user had the ability to admin by design. B) Eliminate all the stupid users. This is frowned upon by society. Seriously - how many people can be convinced to follow an arbitrary list of steps in order to fix a problem that is bugging them? When Apple made the top menu bar transparent in OSX, there were many pages with a list of instructions on how to adjust this - but how many people who followed those lists REALLY understood those lists? Do you think if someone had made "OSX Transparency Util" which was actually malware and included "1) Download OSX Transparency Util" and "2) Install OSX Transparentcy Util as Admin" as the first two instructions - people would stop and thing "No... no... I shouldn't do that..."? If the util actually did what was advertised - hey - bonus! And probably not difficult to code! The "People want x, so I'll promise to deliver x, and give y" is a huge problem in the Windows world. But I don't see how Microsoft - or anyone designing any OS for home use - is supposed to stop this. Users can install user-mode malware, and users with admin access - even if they aren't admins - can probably elevate their current access, if they know an admin password, to install system-level malware.

Re:And this is a surprise?

[sjames]

There are way too many confounding factors. First, the rates are based on detection by a single tool (where it is installed) without knowing the absolute numbers (rather than per 1000) it's hard to say much about the overall condition.

It could mean an absolute drop in infections, a simple shift in infections, or even that virus writers are getting better at evading the Malicious Software Removal Tool.

Re:And this is a surprise?

[cpu6502]

If this keeps-up my WinXP computer will actually be *safer* than the my recent Win7 purchase.

Of course the safest OS I own is GEOS-64. No viruses whatsoever on 8 bit machines! And the second-safest is the 64-bit AmigaOS (because very few use it). Looks like XP is headed down the path of security through obscurity.

Re:And this is a surprise?

[oakgrove]

couldn't happen on Linux? Or OSX?

Seems to me the exploit writers would have a much harder time if the market was split between a half dozen linux distros, windows, os x, android, chromeos, and the ipad. I'm doing my part.

Posted from my Xooml

Re:And this is a surprise?

[sortius_nod]

Corperate environments are usually controlled and less likely to get malware.

That's not true at all. Having worked support in various corporations I can assure you that the infection rate is still very high. I remember working for a large bank and they had conficker on 1500 servers and 20000 workstations. This is supposed to be a sterile environment as it's a bank, not so. Where you have staff who aren't exactly computer literate you will have large infection rates.

Re:And this is a surprise?

[hairyfeet]

Not to mention TFS is badly written. if you look at the actual figures Win 7 32 bit infections rose from 3 per 1000 to 4 per 1000 whereas XP went from 18 infected per 1000 to 14 per 1000 which is pretty damned good numbers for Windows 7, especially considering how many completely clueless users are picking up Windows 7 right now. So to only have an infection rate of 4 per 1000 when you have the "granny demographic" that still haven't figured out the difference between memory and HDD space? I'd say those numbers are excellent.

And if there are any MSFT devs here? Please for the love of all that is good and decent in the world don't fuck shit up for Win 8 okay? you FINALLY after all these damned years came up with a kick ass UI that lets those with years of experience work faster while still letting those like my dad that are clueless find things easily. It is intuitive, it is nice, it runs great and is stable. So look, I know you guys have a tradition of borking the OS after a good release, but just....just don't, okay?

If you want a killer feature for Win 8 old Hairyfeet will give you one, make something like Homegroup so those like my dad can simply connect their work and home PCs without knowing more than "clicky clicky" and a password/dongle combo. Just have it save an encrypted token onto any flash stick so they can bring it home and plug it in, answer a few questions, and have access to their files from work. That would be kick ass and easily worth paying to upgrade to Windows 8 WITHOUT borking everything. So please, you have a good thing here, don't fuck it up!

Re:And this is a surprise?

[drsmithy]

What would one expect as usage of XP decreases and Win7 increases?

The commonly accepted "wisdom" on Slashdot is that marketshare is irrelevant. Ergo, infection rates should not change.

Re:And this is a surprise?

That's odd, I don't see it controlling for more people with a complete lack of computer skills switching operating systems.

Is Microsoft marketing still using this script?

The day you guys come up with something apart from "Blame the operator" is the day Microsoft has a chance of making a secure OS.

Re:And this is a surprise?

[CastrTroy]

I got a feature. Multiple Desktops. Unix/Linux has had this feature for longer than I can recall. I wish Windows would support this natively. No, none of the current hacks that provide similar functionality work as well as the same features on Linux.

Re:And this is a surprise?

[Mordok-DestroyerOfWo]

A drunk driver smashing his car whether it be a Pinto (XP), a Gremlin (Vista), or a Toyota (7) is still at fault even if the basic design of the car may lead to more serious consequences. There is no service pack for sheer idiocy and short of a walled garden stupid people will always find a way to get themselves infected.

Re:And this is a surprise?

[Labcoat+Samurai]

less likely

That's not true at all. [...]the infection rate is still very high.

So... minor nitpick, but he didn't say it wasn't high, he said it wasn't *as* high. Are you saying that the infection rate is equivalent? I mean, by pure virtue of people looking at more porn on their home computers than work computers, I'd expect it to be lower, even if you don't account for security and firewalls and whatnot that are erected as IT practices.

Re:And this is a surprise?

[Luckyo]

Point is that much if not most of modern malware is done in the name of profit. As a result, the higher installed base goes, the more effort will be done to infect the machines.

In this regard, both absolute amount and amount proportional to total installed base should shift towards w7, as has happened.

Re:And this is a surprise?

[rhook]

Windows Vista/7 are already known to be much more secure than MacOS.

http://blogs.computerworld.com/15605/hacker_pwn2own_organizer_windows_7_is_safer_than_snow_leopard

http://www.pcworld.com/article/189760/hacking_impresario_windows_safer_than_mac.html

http://news.cnet.com/8301-27080_3-10444561-245.html

Re:And this is a surprise?

[CapOblivious2010]

Absolutely right - stupid people will always find a way to get themselves infected.

So, by my amazing powers of deductive reasoning, I conclude that we need to find a way to help people NOT be stupid! Now we could just tell them not to be stupid, but that's not going to help much (but apparently it makes you feel all superior, so that's a plus I guess). We could send them to class to learn all about rootkits and system files and malware and phishing and whatnot... but most people wouldn't go, and the few that did probably wouldn't remember most of it. So probably the best we can do is try to make it clear what's potentially harmful, and what's not.

Sadly, though, MS is terrible about this - there are too many easy ways to get infected ("would you like to install this codec?") and too many things that are perfectly harmless yet still pop up scary-looking warnings (ever tried opening an XML file in IE?). MS apparently thinks that if they pop up warnings everywhere, then whatever happens they can just blame the user.

...and I bet you thought you'd never agree with MS on anything!

Re:And this is a surprise?

[TheCouchPotatoFamine]

This is nonsensical. But to extend your analogy, it's as if microsoft's vehicle has no brakes. nothing to stop the user from smashing into anything after they've touched the gas. You act like it's just perfectly normal that drive-by downloads from IE aren't avoidable by a bit of proper engineering from the "car maker".

While it's possible for user to be misguided, the majority of errors come from the computer being complicit in allowing bad actions to happen merely so that a fringe of "convenience" can let users operate without having to remember their passwords, for instance.

Marketing wins over engineering, and THAT'S why you have crap OS's and apps that have exploits attached, like burrs. Walled gardens from single corporations aside, communities SHOULD run app-repositories of trusted code and that's obvious. Bad engineering, both technical and social...

Re:And this is a surprise?

The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

And what's the point? I bet Commodore 64s have a lower infection rate per thousand as well. I'm just saying this isn't a surprising outcome and I honestly don't know why anyone would expect anything different.

Re:And this is a surprise?

That the infection rates stay the same? Or are you suggesting that antivirus users don't upgrade to 7?

Re:And this is a surprise?

[golem100]

Oh Yea? Think again Buckwheat! I've got a little "zoo" of well over 20 unique Boot Sector Virii for the C=64. I have well over a a hundred virus variants for the Amiga... [then again--I was a Production Engineer at Commodore responsible for the Duplication Masters] If ever you get too smug with your Mosaic/Voyager Browser on a network segment that I control--you will see GURU Meditation so fast the the capacitors in your Monitor will POP! As for GEOS--got the source code. I'm sure there is something "interesting" that could be exploited at 2400 baud... [anybody got a simulation of Quantum Link running???] Now, VMS 3.5, there was a "virus proof" OS... No wait--3 of the 5 machines on my cluster got the Morris Worm--Sigh!

Re:And this is a surprise?

[Mordok-DestroyerOfWo]

I tend to agree with you on all of your points, I switched my parents to Ubuntu several years ago and haven't had more than two service calls since. While I'm certainly no Microsoft apologist, I do in my own cynical view hold users somewhat responsible for irresponsible behavior. To use a labored non-car metaphor, it is definitely legal to walk through downtown Detroit at midnight wearing all of your bling and bragging about how much money you have, but the rational side of you has to assume that there is going to be trouble. There is nothing inherently wrong with running XP sans service packs, IE6, and clicking "yes" on every dialog box that pops up, but you have to share some of the responsibility for your actions.

Re:And this is a surprise?

[hairyfeet]

Ya know, I've heard Linux guys blab about this one for but you know what? We Windows users DO NOT WANT and have no desire for alt tabbing all over the damned place. I mean I have to deal with users that won't open control panel because they think it is scary, can you imagine what kinds of support calls you'd be getting if shit could open on desktop 3 and they are on desktop 1?

But if you truly want that shit you CAN have it without a bunch of hacky bullshit. Hell you can even have the desktop look and act like KDE on gnome if you want. As with everything in Windows (and Apple from what I've been told) you simply have to pay a third party for that, as natively you get one way and one way only.

So here you go friend have fun, no need to thank me. The program you want is fourth from the top, they even have a 30 day free trial. light on resources, solid as a rock, but if you want the whole smash I'd go ahead and pick up the shell replacement along with the virtual desktop, as they really mesh together well and give you pretty much complete control over the UI. Personally I like the new Windows 7 UI enough it is the first time I've ever not switched out my shell, and this is someone that ran BB4Win way back in the day since I hated the Win UI. I'd say they finally nailed it so most likely they'll completely bork it up again for Windows 8, sigh. At least Win 7 is supported until 2020 so by the time Windows 9 rolls around it ought to be good again.

Re:And this is a surprise?

[CrazyDuke]

"MS apparently thinks that if they pop up warnings everywhere, then whatever happens they can just blame the user"

Hey, that's how it works in office politics. Management tells everyone to do foo, not bar. Then, actively impedes the careers of people unless they do bar, not foo, even promoting those that do it well. ...all off the official record, of course. Then when shit happens, management says, "Look; we told them not to do it, not our fault!"

"...(but apparently it makes you feel all superior, so that's a plus I guess)."

Actually, it makes me feel very, very goddamn lonely. In the jungle at night and you can hear the predators circling alone. ...nothing super about it.

But, for what it's worth, I consider ignorance to be a status (I don't know. But, I can find out!), and stupidity (I don't know, and I don't care!) to be an attitude.

Re:And this is a surprise?

[smash]

he day you guys come up with something apart from "Blame the operator" is the day Microsoft has a chance of making a secure OS.

If you're running as a non-admin with UAC and firewall on, win7 is as secure as anything else.

If you're the type of person who sees "free shit" (trojans) and runs to install them because they're free, you're going to get owned irrespective of what you run. Linux (or OS X for that matter) doesn't get this type of infection yet because it isn't targeted in this manner yet.

Re:And this is a surprise?

[Gadget_Guy]

Wouldn't 30% - 20% == 10% ?

It does not work that way. In absolute numbers the XP infection rate went down from 18 to 14 PCs per 1000, while Windows 7 went up from 3 to 4 PCs per 1000. If you say it in percentages then it seems like the infection rate went up more than it went down, but look at the actual figures and you find the reverse. This is a bit of a misleading article really, because a drop of 3 PCs per 1000 does not equal an increase of 10%.

Also, when you read the security report you see that the most commonly detected threat family was JS/Pornpop, which is the javascript trickery to get porn advertising to pop-under you other windows. Including that sort of vulnerability is a bit silly really.

Probably the most notable finding (to me at least) was this good news story about Adobe security:

The number of Adobe Acrobat and Adobe Reader exploits dropped by more than half after the first quarter and remained near this reduced level throughout the remainder of the year.

Re:And this is a surprise?

[smash]

There's no reason codecs (or ANY SOFTWARE) installed on linux or any other OS can't own the user's data or operating system either.

There are three ways people get owned: remote exploits (count the number on 7 vs linux in the past 2 years - they're not so far apart), application exploits (again, count em) and user stupidity (no solution, other than sandboxing the user to contain the damage).

Even with a sandboxed app, it still has access to all of the data you have in the sandbox. If you've downloaded and installed a "virus scanner" and enabled it to access your entire filesystem, you're fucked.

Re:And this is a surprise?

[smash]

Give them root access / log them in as root for a fair comparison to the typical windows user's setup and see how long that lasts.

Re:And this is a surprise?

[smash]

IN theory, sure.

In reality, that was a targeted attack. Most people don't get owned by targeted attacks. And due to market share, OS X is nowhere near as common a target. So even though in theory the exposure is less on Windows, it has many many more people attempting to breach it. And as such, a higher number of breaches.

Re:And this is a surprise?

[HermMunster]

Win7 was supposed to be something that had technologies at the heart of it to protect users. Serious protection. I've seen a spike in my shop of Win7 infections, especially 64bit. And, on top of that these guys have been owning the machines, literally taking over and disabling the whole puzzle in order to stay active on the computer. It's really amazing.

Win7 has been owned by these malware authors and I only expect it to get worse. Getting rid of the malware always leaves damage, such as disabled features, missing shortcuts, hidden user folders (they hide the users data so they think it's been deleted). One today in particular has all the start menu program shortcuts deleted and the user's folders hidden so they looked like they were missing. The permissions were altered to deny the owner access to their own folders (plus hidden folders like "AppData", and "Local Settings", etc). The start menu items (folders for the installed programs) were there without icons to represent what they were (just the names), and the shortcuts were deleted completely so you can't put them back.

After installing Malwarebytes and then running scans (while in safe mode) where I removed a ton of malware, after rebooting into normal mode I watched the malware remove the shortcut for Malwarebytes off the desktop and from the start menu entries.

Windows 7 is getting owned.

Re:And this is a surprise?

[HermMunster]

Only insofar as the users have agreed to report their infection to Microsoft.

And, if 4 in 1000 is the measure I have had x out of thousands in my shop of late.

Re:And this is a surprise?

[rhook]

Any time you write an exploit it is a targeted attack.

Re:And this is a surprise?

[netdigger]

dido

Re:And this is a surprise?

[mysidia]

The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

Not really. Fewer machines = malware authors are targetting the riper fruit / newest trend. Perhaps they reached saturation of XP machines infected -- the low hanging fruit gotten, but Windows 7 machines are often new systems not yet infected - ready for the taking, nowhere near malware saturation yet.

Per thousand machines is just indicative of how the attackers strategy shifts in response to widespread adoption of a new OS.

Re:And this is a surprise?

[erroneus]

The infection rate depends on targeting the gullible. I'm just going to say it directly because it's the simple truth. As more users change operating systems, the target changes to follow them.

Especially of late, malware targets the users more than it targets machines with particular OSes.

I think it is just about time that people give a rest to the "which is more secure" debate...at least not where malware is concerned. Malware doesn't need root or administrator to do damage -- it just needs to run. Personal data is available at the compromised user's access level.

Has Microsoft made it easier somehow? Yes, in some ways, but not so differently than Apple. ActiveX was a terrible mistake that seems to have been disappearing over time. Microsoft's kernels simply aren't built right to take advantage of i386 as illustrated by the device driver model. The file system and the OS isn't all that I think it should be mostly because I have seen better. But none of this is why.

I don't like Microsoft. I don't like Windows. But being religious is demonstrably an effective way to mask reality with belief.

Re:And this is a surprise?

[drsmithy]

Microsoft's kernels simply aren't built right to take advantage of i386 as illustrated by the device driver model.

Huh ?

Re:And this is a surprise?

[colinrichardday]

But perhaps part of the point is that his parents don't need root access in Ubuntu. Perhaps you should disallow root access for the average Windows user to achieve a fair comparison.

Re:And this is a surprise?

[erroneus]

Drivers running at ring-0 is not necessary. A device driver with complete access to the kernel is not necessary and frequently causes problems when they misbehave. In the early days, programmers used to bypass the BIOS by writing directly to the hardware for better performance. But by breaking the rules, they cursed the environment preventing good evolution in development. But when the i386 came into being, the promise of a good evolution was renewed. But then Microsoft went and spoiled it by making drivers run at ring-0.

Re:And this is a surprise?

[ancientt]

B) Eliminate all the stupid users. This is frowned upon by society.

Great line. I'm making that my sig.

Your sentiments are mirrored in large part by an article at codinghorror, it's a bit dated, but I keep referring back to it as I try to find ways to keep our work network safe from ourselves. The problem as simply as I can restate it is that users with the power to do what they want will also do bad things unintentionally even if they have to work at it. I wonder if there might be a third path however, besides the two you've outlined.

What if the UAC was not activated for tasks, but rather for activity along with the risk it exposes the user to. With ZoneAlarm (which I used to recommend) you get a learning phase and then an alarm for unusual network activity. The same thing could be applied to every file access and the parameters of normal interaction based on internet collected data. I imagine a whitelist sandbox OS where any application can be downloaded and installed, but the system would allow a sandboxed image of the installation and when completed, it would download information about the application, instances of immediate uninstall, instances of virus flagging and potential interactions. Something along the lines of

Snapshots currently use 3.5% of available diskspace.
You've downloaded and installed dancingbunnies.exe which has the following associated information: 85% of users who installed dancingbunnies.exe uninstalled it within 2 hours. It has been flagged by ClamAV, Symmantec and McAfee as a virus. Where dancingbunnies.exe has been installed 72% of users indicated it caused unwanted effects. dancingbunnies.exe has access to: delete any file, change the way your computer works, send email without your permission and download files that may be illegal to have on your computer. You may
[Discard these changes (63% popular)]
[Activate these changes for a limited time before being offered the option to remove them later (23% popular)]
[Activate these changes permanently (14% popular)]

Choosing to discard would remove and delete the system snapshot. Choosing to activate would result in the user running in an instance of the system which would be using a differencing snapshot image. Choosing to activate permanently would discard the differencing snapshot and make the changes permanent.

Two of the actions described are already basically available with varying methods, but I've never seen them brought together into a single system. Microsoft's virtual server seems to (I'm almost certain) do differencing snapshots as described here. Jotti uses multiple scanning tools to identify the AV systems that flag a file as a virus. The third major component, (tracking the usage, acceptance and rejection of software) would become available through the OS vendor tracking databases which mostly already exist if not in this exact form. Recognising what an application would be capable of would require a robust sandboxing system, which I realise is a challenge but don't think is insurmountable one.

Later prompts might include:

The program dancingbunnies.exe has accessed your address book and is trying to send emails on your behalf, would you like to:
[Stop this activity] Safest. (83% of users choose this action for dancingbunnies.exe)
[Remove this software but keep other changes] (9% of of users preferred this option)
[Remove this software and revert] (7% of users preferred this option)
[Allow just this once] (63% of users uninstalled dancingbunnies.exe within 2 hours after allowing this action.)
[Allow just this activity for ten minutes] (25% of users uninstalled within 2 hours of allowing this action)
Allow this activity:
[Permanently] (5% of users uninstalled dancingbunnies.exe within 72 hours of this choice)
[And all others by this program permanently] (0.3% of users uninstalled dancingbunnies.exe within 72 hours of this choice)

Ref: http://www.codinghorror.com/blog/2005/07/the-dancing-bunnies-problem.html

Re:And this is a surprise?

[SchroedingersCat]

and here you have it: VirtuaWin

Re:And this is a surprise?

[RobertM1968]

Microsoft's kernels simply aren't built right to take advantage of i386 as illustrated by the device driver model.

Huh ?

He's correct. The only "mainstream" (past/present) OS that actually utilized the CPU's protection levels to any decent extent was OS/2 - which is also why it was a bitch to run in numerous virtual machines (most notably due to poor virtual Ring 2 support). And in reality, Microsoft glomming a whole bunch of things into Ring 0 is a step backwards.

Re:And this is a surprise?

[Runaway1956]

"In the jungle at night and you can hear the predators circling alone. ..."

Ah-ha-ha! Big belly laugh. You poor sod - you don't realize that you are NOT alone. All those XP and Win7 users without a clue are your fellow tribesmen! The predator isn't circling - he's crunching the bones of your tribesmen!! And, when the food runs out, and you're the only target left, rather than the toughest target, he'll be coming after you!

That's one good reason for using Linux, I guess. All the Windows tribe will be consumed and shat out before the predator looks very hard at us in the Linux tribe!

Re:And this is a surprise?

[Runaway1956]

*sigh*

Instead of "codec" in the above post, use "singing dancing ponies". The idea is, a codec was presented to the user as a necessary component for something he wanted to see or hear. The fact is, the codec itself was malware. And, the clueless consumer agrees to installation, and clicks through all of the OS's warnings about unsafe, unsigned, unauthorized, unwarranted, unwanted, unfit bullshit.

Yes, a codec with privileges WILL own a Mac, a Linux, a BSD, a Unix, or any other box.

But, few of us grant privileges to the shitware that Windows users commonly grant Admin rights to!

Re:And this is a surprise?

[clang_jangle]

The day you guys come up with something apart from "Blame the operator" is the day Microsoft has a chance of making a secure OS.

I don't care much for Microsoft, but there is no such thing as a secure OS. Users can be secure of they know what they need to know, but no OS is "secure" in the hands of the average user. Sad but true...

Re:And this is a surprise?

Here's another killer feature:
Three more orders of magnitude decrease in viruses - automatically pwned desktops numbering in single-digits per 1000000.

(I don't count trojans as viruses, unless it's a "well you clicked on that email in outlook before realizing it was spam, and it doesn't matter that you didn't actually tell it to execute the attachment, it does it anyway" style trojan, as those stem from an explicit decision by the Outlook/Explorer developers - so my numbers will look better for MS than other counts... but it still won't be a reasonable number!)

This would almost make it comparable to Linux (we should count desktops plus Android phones to give MS some purchase in the comparison, as there has never been an automatically-spreading virus in the wild taking advantage of Linux desktop security flaws, so if we don't add the phones in there then we come out with a division-by-zero error and even a single virus infection worldwide for MS would be infinitely worse) in terms of security flaws that are exploited in the wild.

Re:And this is a surprise?

[mrbcs]

Wow. I think I'll stay with my XP boxes for a while longer... like until they don't work at all.

I'm so glad I don't do computer repairs anymore.

Re:And this is a surprise?

[rubycodez]

Windows 7 is more secure than Microsoft Xenix?

Re:And this is a surprise?

[TheLink]

Not much harder, perl malware would run on most linux distros, OS X, AIX, Solaris, *BSD. It'll even run on windows if you use pp to create an exe.

If malware users (who aren't always the writers) could get people to type in passwords decrypt encrypted zip files to install the malware (this actually happened!), they'd be able to get people to jump through hoops and run "perl Makefile.PL" to install "Antivirus 2011".

If the malware's purpose is to send spam and/or DDoS and/or copy user secrets (.ssh, client certificates, etc), there is no need for root access at all.

I HAVE written a multiplatform agent in perl. It's for legitimate and work purposes - it regularly does hardware and software scans and reports them back to HQ.

From what I see sending spam and DDoS packets with perl is far easier (done the same way on all platforms) than parsing the different hardware report formats for each OS/distro, and doing stuff like figuring out what should be "BIOS version", "system serial number", "motherboard serial number", "OS Version", for x86, OSX, AIX, Solaris. Or figuring out how to get perl https support on all linux distros (for some stupid reason linux distros don't provide it by default but OSX does). Don't need https support to DDoS/spam people...

Heck if fast internet connections become ubiquitous, then having the Windows version in a perl exe is not such a silly idea. It'll be interesting to see how the antivirus scanners cope with polymorphic perl malware - TMTOWTDI and all that. Currently a perl exe would be a bit big (3-4MB) for slower connections.

Re:And this is a surprise?

[man_of_mr_e]

You do realize that both Apple and Linux run device drivers in Ring 0 as well, right?

Re:And this is a surprise?

[oakgrove]

Reread my post.

half dozen linux distros, windows, os x, android, chromeos, and the ipad.

Half of the operating systems I mentioned will not run your perl script.

Re:And this is a surprise?

The question here is why hasn't Microsoft made their Windows XP more secure by now? WinXP has been around for quite some time now, considerably longer than Win7, so they have had plenty of time to do it. Could it be that they are not focusing on XP security partly because doing so would make people less likely to switch to Win7?

Re:And this is a surprise?

[smash]

Yes, sure. However my point is that both machines were specifically targeted (i.e., here's a mac, here's a windows box, try and own them both - at a hacking convention). In the real world, the market share of OS X is not worth bothering with, when you can get 85-90% of desktops by targeting windows. The effort expended is not worth the potential return.

Thus, although in theory, on the test bench windows is more secure - in reality, there are a lot more Windows boxes getting owned, simply because the volume of expoits out there being developed, and the prevelance of them on the internet is much greater.

Look, i'm not disagreeing with the results you presented. I'm merely suggesting that in the real world you're a lot less likely to stumble across a trojan/exploit for your OS X box, because Windows is the focus of so much more exploit development.

Ditto for those still running, say Windows 98 or OS/2. No one codes exploits for it any more because its market share is so close to zero - yet its architectures is FAR less secure than Windows XP or 7.

Re:And this is a surprise?

[smash]

I don't give 80% of my windows users admin access. I don't have a high volume of machines getting owned. Unfortunately Windows' results are skewed by the fact that it is the most common home user operating system (i.e., the non-technical end user is also the administrator, and logged in as such) by at least an order of magnitude.

Re:And this is a surprise?

[smash]

What's your point? Thats basically what i suggested. If you run as root on a linux or bsd box (not suggested, neither is running as admin on windows), you're going to eventually get tripped up. At least windows uses code signing, I'm not aware of Linux perfoming any code signing checks on binaries that an end user downloads from their web browser before enabling them to run it.

Re:And this is a surprise?

[colinrichardday]

We Windows users DO NOT WANT and have no desire for alt tabbing all over the damned place.

So who has to alt tab? I have a small display of my 12 desktops. I can see which ones are running emacs, firefox, or a terminal.

Re:And this is a surprise?

[DigiShaman]

they had conficker on 1500 servers and 20000 workstations.

This. They're fucking worthless. The entire IT staff responsible (and possibly both the CIO and CFO for not providing proper funding) for maintaining security should be FIRED as of yesterday! Look, it's real simple to keep a malware free network. I do this every day as a sysadmin and consultant. Obviously that group needed to be spoon fed. Let's start shall we?

1. Provide both education and a scheduled employee orientation on do's and don'ts of proper computing usage. Also remain on the lookout for signs of social engineering and scams attempting to get the user to install malware (fake AVs and bogus FedEx e-mails come to mind) .

2. Ensure all domain users have only local non-administrative access to the computers. If a local scanner or printer requires admin access, it's a shit product and should be returned ASAP. Do not compromise on this front.

3. Implement a firewall with built-in gateway anti-virus and content filtering. SonicWALL is a good choice, but they're other solutions available too.

4. Implement workstation and server anti-virus agents to all machines.

5. Manage and monitor workstations security updates. WSUS is great for this. If you're stuck in development that requires IE6, virtualize or re-write the application for that fucker. But above all, do **NOT** let an application hold you back from rolling out security updates. If hiring a project manager and migrating away from IE6 costs millions of dollars, so be it, to bad. Take your beatings and lick the financial wounds later. It's for their own good anyways.

And pardon the foul language, but Trump needs to walk in that bank and start yelling "YOU'RE FIRED!!!" to get the message across.

Re:And this is a surprise?

[rhook]

Security through obscurity is nothing more than an illusion.

Re:And this is a surprise?

[hairyfeet]

Man you have NO idea what the general skill level of your average home user is, do you? Dude i'm talking people that are fucking AMAZED when I use alt-tab or WinFlip, and alt tab has been there what? Ten damned years? And WinFlip for 5 now? Hell most of them still haven't figured out how in the hell to use the new taskbar in Windows 7, or how they have those jumplists, you REALLY think they are gonna understand virtual desktops? Please! I still have trouble getting some of them to understand the differences between a CPU and a GPU or between real memory and hard drive space!

Trust me Colin my man, you really should go and hang out at your local mom&pop shop for a day just to witness it for yourself and hear a few horror stories. Hell I had one gal that was mad as hell because "her new PCs screen was broke" and I get there and she is tapping away at the glass because she thought flat screens were all touch like cell phones! I swear to God man!

MSFT knows what they are doing, same as Apple. Keep it simple as hell, make it "clicky clicky" as much as humanly possible, make it so thinking is NOT required for most actions. It is the same reason why you'll never see a year of the Linux desktop, because if anything borks in Linux it is CLI city. Hell these people can't find any damned thing if it isn't on the fricking desktop, you think they are gonna be able to pick up bash commands? Virtual desktops is a niche idea, only included in Linux because of X11 working on a client/server model. As I pointed out with my link you CAN get Windows to behave that way, but to include it by default would be a nightmare and every OEM in the country would be tripping over themselves to disable it if not outright remove it. The support nightmare from hell is what that would be, trust me friend, I know of which I speak!

Re:And this is a surprise?

[Confusador]

The commonly accepted Wisdom is that marketshare is not the most important factor. So, for example, if a more secure OS became more popular than a less secure OS, it would be more targeted, but still safer than the other. Like how XP went down but is still at .18%, and 7 went up but is only at .04%, for example.

(Does anyone else feel like those numbers are ludicrously low?)

Re:And this is a surprise?

[mikael_j]

This. They're fucking worthless. The entire IT staff responsible (and possibly both the CIO and CFO for not providing proper funding) for maintaining security should be FIRED as of yesterday! Look, it's real simple to keep a malware free network.

You're assuming that the people "responsible" actually have the authority to do things right rather than being held responsible while at the same time being dismissed as "whiners" and "paranoid" when they try to deal with threats before they strike.

And yes, that's pretty damn common. IT/IS staff knows what the right thing to do is, they suggest the right thing or maybe even begin to do the right thing, manglement finds out, chews out IT/IS and everything goes back to the normal low-cost, don't-spend-money-until-it's-too-late status quo.

The reason for this? Management knows that technically they aren't responsible for anything bad that may come from this (or they're completely ignorant of the dangers but I've seen the first one a lot in larger environments), the guys who desperately want to secure the network are, even though it's management that's keeping the network insecure...

Re:And this is a surprise?

Windows 7 is getting owned.

And how would it be any different if a user runs malware on their OSX or Linux system as root?

Re:And this is a surprise?

[Runaway1956]

My point was, Windows users routinely run as Admin and grant Admin rights to anything that asks. Few Linux users run as root, and those seem to be a little more careful about the things they install and run.

"trusted source" in my distro of Linux means that the repository itself has a signed key, which I trust. With three exceptions, my machine does indeed have "signed" code. The exceptions came from sources that I've learned to trust over the years.

Random example here: https://help.ubuntu.com/community/add-apt-repository

As you can see, that particular version of Ubuntu is more than 1 1/2 years old. So - we've had "signing" for a little while now . . .

Re:And this is a surprise?

[cbhacking]

I've never used it, but DirectAccess (http://technet.microsoft.com/en-us/network/dd420463.aspx) might be vaguely what you're looking for. It looks like does some sort of behind-the-scenes VPN for you.

The catch is that it's only availabe on Enterprise SKU (and maybe Ultimate?) so not practical for most home users.

Re:And this is a surprise?

[cbhacking]

Finestra Virtual Desktops (http://vdm.codeplex.com/) is about as good as the stock virtual desktop implementation on most Linux distros that I've used, is nicely configurable, graphically attractive without being overbearing, stable, free, open source, and compatible XP (although you lose the live preview, since that needs WDM) in addition to Vista and Win7.

I have no relationship with the project aside from having used it for ~3 years. It's one of the first things I install on any computer I get at work; the productivity difference is significant.

Re:And this is a surprise?

Looks like XP is headed down the path of security through obscurity.

All Windows versions are headed down that path. Win XP is headed down the path of security through unpopularity; like Mac OS (although they are slowly getting off it) and desktop Linux.

That's not a bad thing, though. Personally, I prefer software that is popular enough to receive a high level of maintenance but is not mainstream enough to acquire the attention of loads of malware authors. Just like in nature, monocultures attract pests.

Re:And this is a surprise?

Boot Sector? On the C=64? The 64 booted from ROM, and the floppy drive was an expensive add-on (and even if you had one, the 64 still didn't boot from it). Tape required the user to "Press record and play on tape" to write anything, and cartridges were generally ROM too.

Re:And this is a surprise?

[lxs]

Why would people bring their functional uninfected PCs to your shop?

Re:And this is a surprise?

[hawkinspeter]

Linux just skips the whole binaries through the web browser thing which trains users in the worst possible behaviour for avoiding malware.

The software repositories are signed so Linux does validate that software is coming from where you think it's coming from.

Re:And this is a surprise?

[drsmithy]

He's correct. The only "mainstream" (past/present) OS that actually utilized the CPU's protection levels to any decent extent was OS/2 - which is also why it was a bitch to run in numerous virtual machines (most notably due to poor virtual Ring 2 support). And in reality, Microsoft glomming a whole bunch of things into Ring 0 is a step backwards.

Windows NT only uses two rings because that's all some of its historically support platforms had. I imagine it's something that's rather difficult to tack on later.

Re:And this is a surprise?

[drsmithy]

But then Microsoft went and spoiled it by making drivers run at ring-0.

You mean they made the same engineering decision basically every other OS vendor did ?

(Not to mention at least on of Windows NT's historically supported platforms only had two rings, which is why that's all NT uses.)

Re:And this is a surprise?

[rtb61]

When you start handing out the source code to the intelligence agencies of the world, who have been known to exploit faults and never declare them. Now add in that many of those intelligence agencies have less than scrupulous associations with outside for profit security contractors who are more than willing to kill for money, let alone indulge in global white collar crime. That obscurity is looking really, really insecure.

Re:And this is a surprise?

[Krneki]

Conflicker didn't need admin rights to propagate. In the previous case the problem is a loose firewall configuration inside the network. Not an easy task if you don't have proper professional IT.

Re:And this is a surprise?

Stop being so cheap and just buy another monitor!

Re:And this is a surprise?

[AliasMarlowe]

You are afflicted by a task of supporting morons. Your position is thus understandable; 'nuff said.

For non-morons, however, a desktop switcher is neat, and I also miss it in modern versions of Windows. Back in Windows 3.0 days, there was a BigDesk application which I used with BackMenu to make the interface a bit similar to that on X desktops. The 1991 version of those combined utilities can be downloaded as backdesk, if you've still got a windows 3.x box around...

Incidentally, for a real trip down memory lane (and assuming you have something running Windows 386, which pre-dated Windows 3.0), install Aporia on it. In 1990 you could have an interface like Windows 95 or OS/2 WPS on a 640kB machine!

Re:And this is a surprise?

[IRWolfie-]

just because they are not infected does not mean they are functional.

Re:And this is a surprise?

[somersault]

Security through obscurity is nothing more than an illusion.

I always find this funny. Passwords, PINs, encryption/decryption keys, hardware tokens etc are all just forms of security through obscurity, too.. they just are a bit more obscure than running an an obscure OS when you use combinations of them, or pick a really good random password, etc.

Re:And this is a surprise?

[somersault]

The most annoying thing for me is that the guy who tends to get owned the most is one of the Directors. Any time I've done something like have him run without admin privileges, he'll bitch at me until I give them back. It's his own fault if he ends up having his CC details stolen, etc. I suspect he already is being skimmed regularly.

Any time I mention this kind of stuff to him he just laughs at me as if it could never happen to him. He's the worst person I've ever seen for installing anything he comes across (some of it legit, sometimes it's not. "but I want to use it, because, quite frankly, I paid for it you know" FOR FUCK'S SAKE MAN >.< ), seems to have a ratio of 1 good email to 99 spam mails in his inbox, etc.. thankfully he's semi-retired now, but I still have to clean out his machine every few months.

Re:And this is a surprise?

[jedidiah]

But... but... but... they said they fixed it this time.

Re:And this is a surprise?

Didn't Microsoft tell us that Windows 7 was the most secure OS ever, or something? Given that information, I think that does change our expectations of levels of malware infection in Windows 7.

Re:And this is a surprise?

[Arkofjoy]

Funny thing is, I have been using various form of Linux for about ten years and have almost never used this feature. My son did use it regularly and now runs his mac with two screens but Not Me and I would consider myself much more tech savy then him. I can't even figure out a reason why somebody might want this feature?

Re:And this is a surprise?

[Bert64]

Which is why the average user is actually much better off inside of a walled garden...

Most car drivers never open the hood, most users of consumer electronics never open them up... You present end users with a simplified system, and leave it to qualified people to deal with anything more complicated. Computers as they are today are simply unsuitable for end users.

Re:And this is a surprise?

[Bert64]

Most remote exploits against linux target software that a workstation is unlikely to have installed, windows listens on many more services remotely by default - even on a workstation, and those services are extremely complex providing plenty of scope for more exploits to be found.

A Linux distro comes with far more software by default than windows, therefore while there is increased risk of exploits being found in the default install, the reality is that you are either not using (and should have removed) the default software, or are using it and would have manually installed an equivalent on windows anyway.

As for downloading codecs and such, Linux distros typically ship with repositories full of software, and users are encouraged to look here when they want to install something, and as such the risks of malware being installed this way are massively lower.

Re:And this is a surprise?

[Bert64]

To use a car analogy...
Just because "Car manufacturer M" supplies cars which don't have brakes by default, doesn't mean that those who drive cars made by "Car manufacturer L" should remove their brakes.

Re:And this is a surprise?

[drinkypoo]

At least windows uses code signing, I'm not aware of Linux perfoming any code signing checks on binaries that an end user downloads from their web browser before enabling them to run it.

Code signing is basically worthless for anything but validating updates. The whole point of a PC is that I can get software from arbitrary suppliers. The user is prompted before running software through their web browser either way. Packages are certainly signed. Also Linux systems don't depend on you logging in as admin and they ask for an actual password entry when it is really required. Since they fire their UAC equivalent less (well, UAC really being a Sudo equivalent given the timescale) its value is higher.

Re:And this is a surprise?

[Bert64]

The problem is that any single platform has 85-90% of market share...

Look at browser attacks for a good example...

5 years ago, IE6 had 90% marketshare, and attacks against the browser were extremely common...
Now, browser marketshare is split between several browsers, so now there are far less attacks targeting browsers and far more targeting other things such as browser plugins (flash/pdf) which are still on 90% of machines and exploitable in the same way regardless of what browser is being used.

Any software which is present on too high a percentage of machines will become a target for malware, so the solution is to ensure that the market is split between multiple different competitors.
Another useful effect of this is that you can switch quickly if your primary vendor has yet to patch a serious vulnerability which people are actively exploiting.

Re:And this is a surprise?

[Bert64]

If you're running as a non-admin with UAC and firewall on, win7 is as secure as anything else.

No, you're not...

You still have no trusted repository to install software from, and thus must run unnecessary risk when installing anything...
You are still running potentially exploitable services, and just hiding them behind the firewall - if noone needs to access them, why do they need to run at all?
You are still using an OS that determines if files can be executed based on filename, increasing the risk of accidental execution.
You still have no central mechanism to update non MS software, increasing the risk of such software being exploited.
And there are many more examples of poor security choices in windows...

Incidentally, OSX is indeed targeted by trojans... Google for "mac defender" for one such example.

Re:And this is a surprise?

[Risen888]

Give them root access / log them in as root for a fair comparison to the typical windows user's setup and see how long that lasts.

I sell Linux machines. If you buy a box from me, you have sudo. To the best of my knowledge, no customer of mine has ever been pwnt in the last five years. Fair enough for you?

Re:And this is a surprise?

[Bert64]

3, Sonicwall is not a good example... Take a read of :
http://isc.sans.edu/diary.html?storyid=5419
and several more examples can be found via google, basically sonicwall see fit to disable functionality of their products if they believe your firewall to not be correctly licensed, even when that belief is based on buggy code...
Any protection provided by a sonicwall device is liable to get disabled next time they have a license server failure, leaving your organisation open to attack. Do you really want to trust a vendor that is willing to screw you on suspicion that your license is invalid?
At the very least, if a device believes itself to be unlicensed it should just warn the users... it should never automatically open up the user to attack! that's totally irresponsible.

1/2/4 - most organisations already do this, it doesnt generally help much and these places still get owned...

2, its extremely hard to secure an active directory domain... because of how the system is designed, you typically only need a single weakness to get in.. look at how organisations like rsa or google were hacked, starting from a single unimportant workstation.
If you have lots of machines, then you probably don't have budget to ensure that every piece of software on every machine is up to date and appropriately configured, and that every user is appropriately educated and that there are no unprotected network ports etc...

5, run wsus across a few hundred workstations, ensure it believes everything is up to date...
Now, run an authenticated scan with nessus across those workstations... You will typically find that some machines are still missing updates, and that in many cases windows thinks an update has been applied but some or all of the files installed by the update are not there. If you find issues like this, you can manually compare the versions of the files on the system with the versions that should be installed by the patch (most ms knowledgebase articles list the file versions).

You make a point on moving away from IE6, but you forget the most important aspect - MAKE SURE A SITUATION LIKE THIS NEVER HAPPENS AGAIN! - and that means ensuring that any new applications you deploy are standards compliant and cross platform, so you won't find yourself tied to any insecure proprietary crap again in the future.

Re:And this is a surprise?

[Moryath]

Also remember, Microsoft isn't bothering to patch XP much any more. Nobody has to code new viruses/malware for it lately because year-old crap still works.

Re:And this is a surprise?

[Moryath]

Ah, so you're an iOS fan?

Re:And this is a surprise?

[DigiShaman]

Sounds like one guy I used to know. He insisted on having Domain Admin rights for his AD account. I informed him that I could create a separate account to be used for utilitarian reasons and that it should not be used casually. He insisted his personal AD account have these rights.

He already had local Admin access and could RDP into a Domain Controller with a secondary AD account. But no, he wanted his main AD account to have Domain Admin access just so he could run the local Administrative tools from his workstation. Never mind that I could also grant restricted AD access (reset passwords) with just his current account. He still insisted on what he wanted and proceeded to tell he how to do it, and not deviate from that path. I ended leaving the organization shortly there after.

If and when his workstation gets a virus, it could tunnel up and wipeout his AD forest. I hope to God it doesn't, but that man is dancing on razor blades.

Re:And this is a surprise?

[dave024]

Yea they should keep making Windows XP more secure. And while they are at it they should keep patching the bugs in Windows 98 and ME as well.

Re:And this is a surprise?

Yes, but I greased the sliders on your abacus when you weren't looking. Security through obscurity ain't!

Re:And this is a surprise?

[operagost]

The Morris worm didn't affect VMS.... but the WANK/OILZ the next year did. So HA!

Incidentally, 1989 was probably the last time VMS had a worm or virus.

Re:And this is a surprise?

[operagost]

No, actually they are still putting out security patches for it and will do so until 2014. Sadly, I've recently had an auditor claim that XP is unsupported as well when this information is readily available.

Re:And this is a surprise?

[marcosdumay]

When was the last time you downloaded a coded from a random site and installed it on a Linux machine?

Re:And this is a surprise?

[jejones]

Kind of funny how "Microsoft can't help it if some users are stupid" gets trotted out when malware is under discussion, but "Linux is too difficult for Joe User/my grandma" is the line when the subject is Linux on the desktop.

Re:And this is a surprise?

[caution+live+frogs]

The UI is better than it used to be but it isn't all that. I've run into problems - things like "You need an administrator password to do this" but then no prompt for password. Which is f'ing stupid, any other OS would throw up an admin prompt when admin access is required or requested. Still takes way too damn long to get network properties when it used to be one or two clicks away from the system tray. Many other strange issues - we had a machine that refused to connect to the network until it was restarted (it could see all other networked PCs in the room, but stated it had no connectivity!), when on XP plugging in the cable gave it full connection immediately.

On the plus side, I started migrating our machines to Win7 specifically because managing malware and virus infections on the XP boxes was getting out of hand. Even the guy who had the most problems with his computer is now working happily virus-free. So a win for increased security, and I'll grudgingly give them a step forward on usability but there are still a lot of aggravations. But it certainly looks transparent and shiny, so that's all good. I might even upgrade my Boot Camp partition to 7...

Re:And this is a surprise?

[colinrichardday]

Pandering to stupidity is not a solution.

Re:And this is a surprise?

[WuphonsReach]

Even with all of that, you're still going to end up with the user's profile getting infected. It won't (without a priv escalation) be able to infect the entire machine - but even up-to-date systems, with A/V, content filtering, whatever is susceptible to drive-by exploits (generally Flash / PDF / Javascript code in web pages) that the A/V software and filters don't yet know about.

So unless you're doing a whitelist of "sites you're allowed to browse" as well as whitelisting what applications are allowed to run at all on the machine as well as heavy GPO editing to lock the system down even farther... you're still going to seen infections.

Re:And this is a surprise?

[HermMunster]

I've been running my shop for over 7 years now. A primary job I do for people is to remove malware. I've seen just about everything. Windows 7 is getting owned because they are doing more damage and getting past a serious protection mechanism and making it look easy. They are owning the machine as if there's no protection at all, even with heavy duty malware protection, firewalls, etc.

It will only get worse.

Re:And this is a surprise?

[RobertM1968]

He's correct. The only "mainstream" (past/present) OS that actually utilized the CPU's protection levels to any decent extent was OS/2 - which is also why it was a bitch to run in numerous virtual machines (most notably due to poor virtual Ring 2 support). And in reality, Microsoft glomming a whole bunch of things into Ring 0 is a step backwards.

Windows NT only uses two rings because that's all some of its historically support platforms had. I imagine it's something that's rather difficult to tack on later.

Not true... OS/2 1.x didnt support them, did they? When OS/2 2.x onwards was written/rewritten by IBM for 386 and better hardware, they seem to have managed fine - nor did they just simply "tack it on".

And regardless, that does not explain Microsoft moving things into the incorrect ring(s). If they can move stuff into the wrong rings, why couldn't they move them into the correct ring(s) instead?

Re:And this is a surprise?

[hairyfeet]

When you get that "You need an administrator password to do this" and don't get the login it is usually because you are trying to go into a restricted system area and it is trying to keep you out because Windows naturally can't tell the difference between a seasoned admin and a total dumbass that will bork his system.

The way you get around that is quite easy, there are two ways to do it: One place a link to the program that is giving you that either on the desktop or start menu with "run as administrator" checked. Windows figures if you have enough knowledge to know how to do that you should be left alone. Two you can use the God Mode trick which gives you access to pretty much anything and everything from a central location and all as admin. Pretty handy if you are having to tweak a machine or do a lot of work requiring admin.

As for network properties again God Mode or shortcut, although I do agree mixing network and sharing was a dumb idea, networking should have been left a separate UI. But if you are on a laptop that moves a lot or for other reasons you need to tweak networking a lot just make the start menu shortcut it really cuts down on the clicks.

As for the network problem, have you tried tossing the network drivers on that box? I have seen network problems like that in 7 be solved by simply tossing the crappy third party driver and using the Windows built in one. I have found especially on the Realtek NICs that often only the drivers that came with the board and the Windows ones work as the updated drivers usually break more than they fix.

Finally about security I have to agree 110%. I have watched the infection rates of customers fall off the map simply by getting them onto Windows 7. With Vista they fought the OS more than they worked, but with Windows 7 they seemed to have knocked out the bugs and made it intuitive enough that even those like my dad can find new features they didn't even know existed. For me I'd say the combination of MUCH better security and increased intuitiveness is worth the little UI "nigglers" that can usually be worked around quite simply with a minimum of fuss.

Re:And this is a surprise?

[drsmithy]

Not true... OS/2 1.x didnt support them, did they? When OS/2 2.x onwards was written/rewritten by IBM for 386 and better hardware, they seem to have managed fine - nor did they just simply "tack it on".

OS/2 1.x and 2.x are completely different codebases. Windows NT and, well, Windows NT are not.

And regardless, that does not explain Microsoft moving things into the incorrect ring(s). If they can move stuff into the wrong rings, why couldn't they move them into the correct ring(s) instead?

By which you mean...?

Re:And this is a surprise?

[RobertM1968]

Not true... OS/2 1.x didnt support them, did they? When OS/2 2.x onwards was written/rewritten by IBM for 386 and better hardware, they seem to have managed fine - nor did they just simply "tack it on".

OS/2 1.x and 2.x are completely different codebases. Windows NT and, well, Windows NT are not.

Ah... I see... IBM, in little time, managed to rectify such a situation, but in nearly 2 decades, Microsoft has not?

And regardless, that does not explain Microsoft moving things into the incorrect ring(s). If they can move stuff into the wrong rings, why couldn't they move them into the correct ring(s) instead?

By which you mean...?

Moving parts of (or entire) drivers into ring 0 that don't belong there (Rings 1-2 were intended for that, as you probably already know), moving other Windows code there (c'mon, just fix the damn speed problems... don't try to make Windows faster by trying to minimize ring/mode switching - OS/2 handled CONTINUAL ring switching with far better speed than the NT line, even with the NT line minimizing such)...

Anyway... Microsoft's official statement on the reasons is:

"In order to maintain compatibility with non-Intel systems, the Windows operating systems support only two levels of privilege--Ring 0 and Ring 3"

...even though other architectures did support similar, as is evidenced by operating systems on such architectures taking advantage of such capabilities. Odd...

Re:And this is a surprise?

This is a surprise because Win7 was touted to be much more secure than XP.

Re:And this is a surprise?

[Salvo]

Multiple Desktops are handy in X-Windows, when your system is powerful enough or use use a lightweight WM.
Unfortunately, Programs need to be written to deal with Multiple Desktops too.

When Mac OS X introduced Spaces in Leopard, I thought "Cool, just like in BeOS and X-Windows before that." Unfortunately, not all programs behaved correctly with Multiple Desktops. Part of the Mac OS X HIG suggests that Alerts are Modal, not all alerts are modal; sometimes an alert would appear on one Desktop while the program locks up in another window and is inaccessible. Sometimes even Modal Alerts would appear on the Current Screen, orphaned from the original App. In these cases, Exposé, Switcher and Spaces were of no use whatsoever. You would have to kill the App. Many Full Screen Apps didn't behave well with Spaces either.
Spaces in Snow Leopard were better and most Apps were fixed to use Modal Alerts (just like in the HIG). Apple aren't advertising Spaces as part of Lion, but I have heard rumours that it will be there.

Can you imagine what Win8 UAC would be like with Multiple Desktops? UAC is bad enough when an Installer stops for no reason. Add Multiple Desktops to the mix and you will never be able to get any Administrative Tasks finished.

Re:And this is a surprise?

[Salvo]

I think user education may play a big role in reducing MalWare in your situation. The software has to make it into the system somehow, Worms and Viruses aren't as affective in Windows 6.x as in Windows 5.x. Trojans are the only way Malware can make it into the system.

The worst are the "Power Users" who disable UAC, and run everything as Administrator. "I've been using computers for 10 years" is not a good enough reason to let your users do this. Even the best of us make mistakes.

Re:And this is a surprise?

[drsmithy]

Ah... I see... IBM, in little time, managed to rectify such a situation, but in nearly 2 decades, Microsoft has not?

IBM weren't writing a portable OS.

Moving parts of (or entire) drivers into ring 0 that don't belong there (Rings 1-2 were intended for that, as you probably already know), moving other Windows code there (c'mon, just fix the damn speed problems... don't try to make Windows faster by trying to minimize ring/mode switching - OS/2 handled CONTINUAL ring switching with far better speed than the NT line, even with the NT line minimizing such)...

What "doesn't belong there" ? Every other x86 OS - including OS/2 - ran drivers in ring 0 to maintain acceptable performance levels.

...even though other architectures did support similar, as is evidenced by operating systems on such architectures taking advantage of such capabilities. Odd...

For example ?

Re:And this is a surprise?

[RobertM1968]

OS/2 runs drivers in ring 0? Weird. I always thought it was the kernel and kernel helpers it ran in ring 0 - with the drivers (EXCEPT HPFS386) run in Ring 2 or ring 3 (depending on the driver layer or driver).

Anyway, IBM also managed a kernel for entirely different architecture - namely the PPC and it's different architecture. How odd that Microsoft couldn't manage such.

Re:And this is a surprise?

[drsmithy]

OS/2 runs drivers in ring 0?

Yes

Weird. I always thought it was the kernel and kernel helpers it ran in ring 0 - with the drivers (EXCEPT HPFS386) run in Ring 2 or ring 3 (depending on the driver layer or driver).

Rings 2 and 3 are used for user mode code - privileged and unprivileged, respectively.

Anyway, IBM also managed a kernel for entirely different architecture - namely the PPC and it's different architecture. How odd that Microsoft couldn't manage such.

Windows NT is, or has been, ported to MIPS, PPC, Alpha, SPARC, PA-RISC, x86-64 and ARM.

The simple fact is that Microsoft made the same architectural choices that basically everyone else in the same position did, for the same reasons.

Yes but...

Does it run Linux?

Sensationalist article much?

[ferongr]

TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.

A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.

Re:Sensationalist article much?

It's a small percent of a HUGE number. Windows 7 has sold over 300 million copies so far. Is an increase of 300,000 infected PCs really insignificant to you?

I'd like a difference of one thousandth of the US federal budget to go to me. It's "beyond statistical significance", so no one will care, right? Hell, I'd settle for just a thousandth of Bill Gates' remaining net wealth.

Re:Sensationalist article much?

I'm not sure you understand statistics very well.

Re:Sensationalist article much?

Depends on the sample size. If the actual rate has increased by 0.1%, then yes, it's significant. If the infection rate for 10,000 computers climbed from 30 to 38, I'm not sure if the data can fairly be generalized to represent an actual change. The article mentions the numbers come from microsoft, but actual statistics are sorely lacking.

Lies, Damn Lies,etc.

Re:Sensationalist article much?

[John+Hasler]

That is not a difference of one thousandth. It is a difference of 33%.

Re:Sensationalist article much?

TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.

A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.

mod up parent

Re:Sensationalist article much?

That is not a difference of one thousandth. It is a difference of 33%.

And its a difference of INFINITE percentage compared to the first half of 2009!!!!

Freaking people and their misleading way to present data.

Re:Sensationalist article much?

Oh noes, noobs on statistics! The other Cowards brought it up, here's my take:

A difference of 1 thousandth is beyond statistical significance.

A difference of 1 thousandth is a difference of 1 thousandth. This difference may or may not be statistically significant, as significance just means that something is unlikely (which has to be specified further) to have occurred by chance.

4 PCs per 1,000, compared to 3 PCs per 1,000

But a rise from 3 to 4 is an increase of one third. The question is: is this huge increase statistically significant--or is it mere chance?

Re:Sensationalist article much?

[stms]

What boggles my mind is that Microsoft can announce "3 or 4 in 1000 computers running Windows are infected" and think anyone will believe them.

Re:Sensationalist article much?

[dhavleak]

Not sure if you're joking or serious. You know it's both right? 3 thousadths of win7 PCs used to be infected, now 4 thousdandths are infected. That's a difference of 1 thousandths, or 33%, depending on how you choose to represent it.

Lastly -- that's only for 32-bit win7. 64-bit win7 is more resiliant according to the article, but not enough data to work out exactly what that means (before and after numbers from x64 win7 not provided, relative installed base of 32 and 64 bit win7 not provided).

Re:Sensationalist article much?

[dhavleak]

I could believe them.. you think it's less than that? I know Win7 is pretty rock solid, but users will still find ways to defeat security measures, y'know..

Re:Sensationalist article much?

[Idbar]

That is actually a one thousandth difference. You're mistakenly confusing it with a 33% "increase". You may as well go ahead an say it was a whole 100% computer.

Re:Sensationalist article much?

[im_thatoneguy]

Anti-Microsoft article boggling the mind?

You must be...

Re:Sensationalist article much?

[HermMunster]

It's a 1 in 1000 increase. You are not increasing from 3 to 4, you are increasing from 3 per 1000 to 4 per 1000. But, this is only for those that report their infection. And 64bit seems to get hit harder in Win7 than 32bit contrary to what some have said in this thread.

Re:Sensationalist article much?

[EuclideanSilence]

That is not a difference of one thousandth. It is a difference of 33%.

No it is a proportion of 33% (beyond 100%). It is a difference of 1 thousandth.

Re:Sensationalist article much?

I'd think it's *at least* an order of magnitude more - to paraphrase the old adage, "if a user has to make a decision between security and dancing hampsters, dancing hampsters win every time".

Re:Sensationalist article much?

Some people thinks different: 48% (not a neutral opinion either)

From my point of view, if you have a really good av, all updates in windows and **all** the software, and you are carefull, maybe you will have only a 0,4% chance of being infected. But thats not everybody case.

Re:Sensationalist article much?

[aug24]

Difference/Increase/Decrease/Change are all the same. The point is that they can be expressed either geometrically (ratio) or arithmetically (absolute values).

Re:Sensationalist article much?

[Thugthrasher]

It's a 1 in 1000 increase. You are not increasing from 3 to 4, you are increasing from 3 per 1000 to 4 per 1000. But, this is only for those that report their infection. And 64bit seems to get hit harder in Win7 than 32bit contrary to what some have said in this thread.

It is an increase of 1/3. Yes, it is an increase of 1 in 1000 in ABSOLUTE numbers, but that matters not in regards to whether things are statistically significant. (actually, even the % increase doesn't matter all that much). And the % increase is MUCH more important than the absolute increase in most things. Look at it this way: If person A makes $500,000/year and person B makes $50,000/year and both get a $20,000/year raise, which one got the better raise? Sure, in absolute numbers they both got the same amount. But Person A (who got a 4% raise) is going to be living at roughly the same "lifestyle" as they were before, while person B (who got a 40% raise) is going to be living a MUCH better life. When you look at increases and decreases, it's the PERCENTAGE that matters, except in very specific situations.

Re:Sensationalist article much?

[JTsyo]

What's the split between 32 and 64 bit Win7? I think there would be more 64 bit.

Re:Sensationalist article much?

[HermMunster]

It is NOT a 1/3 increase. It is a 1 in 1000 increase.

RTFA

Seriously windows 7 went from 3/1000 to 4/1000 on 32bit and 64 bit is hovering around 2.5/1000 xp is something like 14/1000 down from 18/1000 i imagine because the people with those really infected computers had to go out and get new ones with windows 7.

Re:RTFA

[snowraver1]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

Re:RTFA

[Penguinisto]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

The reason why they came up with that number is in TFA:

"Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans."

In other words, they used their internal tool, which would certainly not catch all the bugaboos lurking in a given box.

Re:RTFA

In other words, they used their internal tool, which would certainly not catch all the bugaboos lurking in a given box.

And more importantly, wouldn't include unlicensed installations.

Re:RTFA

[lowlymarine]

Windows Update will still install "important" updates even if your system fails WGA. This includes the MSRT.

Re:RTFA

[MobileTatsu-NJG]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

That's because you read a lot of sensationalist Slashdot headlines.

Re:RTFA

[hairyfeet]

Let this old PC repairman enlighten you as to why those numbers as so low on XP. It is because the data is collected using the Malicious Software Removal Tool, which any repair guy that has had one of the bazillion "Razr1911 WinXP Pro Corp SP2" boxes cross their desks know that they all have Windows Updates turned off (to keep from getting WGA'd) and are infected with more viruses than a Bangkok Whore.

I'd love to see the numbers of XP infections pre WGA and after, along with how many pirate versions are out there. Because while I can understand MSFT wanting to stop piracy (but IMNSHO they royally fucked up by getting rid of the Win 7 HP $50 upgrade, as that thing turned more pirates into legit users than I'd ever seen) but anyone who has worked repair for any length of time knows there are a shitload of pirate Windows out there and nearly all have updates off.

It isn't just the "Crazy Dave's house of whitebox" BTW, it is all those that decided they didn't want to pay for an upgrade that got their "smart PC friend" who has every Razr1911 version on a spindle, and there are even plenty out there that have legit keys that aren't being used because the guy they took it to has a Razr1911 automated install and simply never bothered to change the keys, or the box had XP Home and all they had was the Razr XP Pro. Finally you have all those pre Vista Cheapo Best Buy and other retail joints that have autoupdates turned OFF for some damned reason, probably to cut down on those "OMG my PC has a yellow thing in the right corner OMG!" support calls.

In the end I can tell you I probably get 3 minimum cross my desk a week that haven't ever seen an update, and most are infected all to hell. I see so damned many PCs missing tons of updates that I keep WSUS Offline on my network fully loaded with every update for every OS from Win2K Pro to Win 7 X64, just so I don't have to waste time and bandwidth on updating all these damned machines. MSRT might give you a tiny taste of what is going on, but since WGA I'd say its data really isn't worth much.

Re:RTFA

[rhook]

And it's not like there aren't ways around WGA too.

Re:RTFA

[RobertM1968]

The truth is, as anyone who's dealt with such stuff for a living will tell you, it catches near nothing. I've had (recently, and for the last few years) machines come in with hundreds, or even thousands of infections... Win 7, Vista, XP... and on only ONE occasion (out of a few hundred machines in the last year or so), did it notice anything (and it was one infection out of about 700 on that particular machine that it noticed).

I suspect any stats generated using a highly useless tool are equally useless. While the MSRT is great for a few SPECIFIC pieces of malware, that has nothing to do with the plethora of other infections it doesn't even notice. So, again, it makes these stats very useless.

Re:RTFA

[luther349]

as in windows dosent catch shit removel tool. so yes im on your side hear i have seen slome sad machines somehow still running full of spyware mailware etc. of course there calling me asking why there machine is a slow unstable mess. a reformat and a antivires install later they have a fast happy machine again that tends to stay that way couse many antivires also catch mailware.

Re:RTFA

[luther349]

wga has been cracked to the point updates work again. couse we all knoe everyone pirats windows. but i have seen legit machines simply loaded with enough garbageware it will make anyone go wtf. and i blame the venders there how many installers today of any softwhere does not whant you to install some sort of crap along with it hardly any. and all that garbage gets by the novice user.

Re:RTFA

[colinrichardday]

As opposed to a Malicious Software Fashioning Tool (MSFT)? One would think that Microsoft would be more careful about acronyms.

Re:RTFA

[hairyfeet]

While it IS true that WGA has been hacked, and Windows 7 BTW is easier to pirate than XP, the problem is while most pirates know how to do this the clueless users do NOT which is why the pirates simply turn off Windows Updates. I'm just now starting to see it with Windows 7, all those OEM hacks that came out with the RTM version is starting to fail left and right and people are going WTF?

But like I said killing the $50 HP upgrade was some kind of stupid, because that is what I kept seeing show up on formerly pirate boxes. Now I'm starting to see Windows 7 boxes with updates turned off because the pirates can't tell the guy that gave them $50 to put Windows 7 on "Yeah you'll have to hunt down WGA killer every couple of months BTW" so instead they just go in and kill updates.

Soon enough we'll see the Windows 7 botnets all made up of pirated machines just like I've been seeing with all the Razr1911 XP Pro boxes. BTW you know how you can spot a pirated Windows 7 at a glance? Even on the shitboxes they put Windows 7 Ultimate. I saw the same with XP Pro and Vista Ultimate, the pirates don't bother with the lower SKUs so it is ALWAYS the top one. Hell I even once had the owner of another shop ask me "Can you make our machines so they'll update to our server?" and when I asked him why he would want that he handed me a copy of "Razr1911 Vista Ultimate". And before anyone asks NO I did not call MSFT, they won't even give us any breaks at all for little shops so fuck them. I just laughed at the guy and walked away.

But MSFT is full of shit if they think they know ANYTHING about the number of pirate Windows out there, because in reality for every one that updates there are probably 1000 that don't. Hell even the junkers you find at yard sales and flea markets are all running hot Windows, it has gotten to the point that I pretty much assume its pirated unless I see the sticker. What MSFT doesn't realize is the user don't have to know shit about how to pirate, all it takes is 1, just 1, guy who "knows PCs" to spread pirated Windows copies far and wide. It ain't exactly brain surgery.

Re:RTFA

[Malc]

I've found that Microsoft Security Essentials has been working better than Symantec. I switched when the corporate standard (Symantec) allowed a bunch of people's machines to get infected, yet the MSFT tool caught the problem.

Re:RTFA

[pandrijeczko]

Agreed.

Windows isn't even my primary OS (Linux is) but I do use my XP PC almost daily and I've not seen any virus or malware on it in years. I keep it updated, don't go near McAfee or Symantec bloatware (I just use Microsoft Security Centre) and only install software or games on it that I've bought legally or are freeware/OSS downloaded from the official sources. I also don't use IE or Outlook on it.

It's not rocket science, just common sense. If you install warez & key generators on Windows, then prepare to have viruses, it's that simple.

people will say OK to anything

The problem is the expectation that users will know when to say yes to a UAC prompt. Until users start saying cancel to UAC prompts they don't fully understand, malware will only increase.

If you don't know, don't pres OK.

Re:people will say OK to anything

OK.

Re:people will say OK to anything

[0123456]

The problem is the expectation that users will know when to say yes to a UAC prompt. Until users start saying cancel to UAC prompts they don't fully understand, malware will only increase.

Have you ever seen a UAC prompt you do understand?

Normally it's along the lines of 'Do you want to allow TrojanHorse.exe to: Access local disk?' What the hell is that supposed to mean? Is it trying to write to a file in its own Program Files directory, or is it trying to overwrite Windows core DLLs and install a root-kit? If I can't tell, how can Joe Sixpack?

Re:people will say OK to anything

[kevinmenzel]

I understand that I'm being asked to trust the actions of "TrojanHorse.exe". Which is what UAC really does - tells the user that the application is about to do something that requires you trust the application. It doesn't tell you what that application is going to do, just asks "Hey, do you trust this? It's doing things which are outside the bounds of normal trust". So the question isn't "Can I understand the prompt" per se - because it's always a relatively simple question. More often it's a question of "Should I trust this program?". On the install end, most installers throw UAC, so it's not particularly helpful. But these days, most applications DON'T throw UAC during normal operation. So the utility of UAC is "Before I click yes to this, I should reevaluate that I trust this program, because it's asking for special permissions to do something".

Some programs are going to require admin access to do certain things. The programs that the average slashdot user might use are actually probably more likely to legitimately require elevation to run properly compared to the programs the average user SHOULD be using. So it's actually probably harder for us - given the prompt's lack of detail - to reevaluate that trust - but it's - generally speaking - more black and white in normal user land.

It's not perfect. UAC could give more details, and then us nerds could create websites saying "Oh, app such and such asking for x, y, but not z is probably reasonabl" and then users could check the list, and blindly follow it... but is that better for them? Another list to blindly follow?... I dunno. This is why ChromeOS and iOS and the like take off with users. Any admin type access is "omgbad". That will never be true on a system that you actually administrate.

(UAC has the benefit, btw - of not actually just being "Cancel or Allow" if the user faced with the prompt is a normal non-admin user. It requires elevation to an account with that access. So if Joe Sixpack has a son that knows computers - maybe Joe should be running as a non-admin account - but I'm not going to ask that every machine in the world has users shipped as non-admin accounts as default - because those users are also the admins of those machines, and will have the admin password anyway... so... it doesn't actually change anything in that scenario, it's just replacing "press ok" with "type Username/password and press OK" - which is frankly, the same thing.)

what is malware?

[stanjo74]

In other words, software written to run on Win7 runs on Win7. If I run a malware and it infects my files, is this MS problem? And what is a malware - is Symantec Antivirus malware - it sure does slow my computer down. Did any malware infect system files without user permission - this is the question. There is no answer...

Re:what is malware?

[CannonballHead]

This. It's hard to criticize a company for users who are ignorant or stupid (the former is understandable; the latter isn't). Statistics that are generic like this COULD point to something... but they might not, too. For example, if I came up with a statistic that said that Ford cars were crashed 10% more often than Chevy cars ... well, *maybe* there's a defect in Ford cars. Or maybe more Ford drivers are insane. Who knows?

Unfortunately, we automatically go to "ah-ha, must be a defect" as a conclusion. Unless the company in question is Google. :)

Re:what is malware?

[cyber-vandal]

Norton Antivirus is a well recognised trojan offering 'to protect your machine from threats' but in reality siphoning money from your credit card once a year and bringing your machine to a standstill.

Re:what is malware?

[rhook]

That's why now days I just run this.

http://www.microsoft.com/en-us/security_essentials/default.aspx

Re:what is malware?

[RobertM1968]

That's why now days I just run this.

http://www.microsoft.com/en-us/security_essentials/default.aspx

From reading all of your posts on this topic, I swear you must work for Microsoft, or for an advertising/marketing company they pay, or for benefits given to you by them.

Of all the infected machines I see, that are running, FULLY up to date anti-malware software on FULLY up to date versions of Windows, the top two culprits for missing things are (in this order) McAfee and MSE.

Again, I am only counting machines where the software is up to date and where Windows is up to date (and verifying the malware infected the machine AFTER the anti-malware software was installed).

Re:what is malware?

[Salvo]

I am a self confessed Apple Fan and personally avoid MS, but I still recommend Microsoft Security Essentials to anyone who needs AV for their Windows Computer.

My main argument is to follow the money:
Microsoft make no money from AV; it call comes down to reputation. MalWare and Resource-intensive Security Software degrade peoples impression of Windows; Microsoft want people to use Windows. It is in Microsofts interest to eradicate MalWare.
Symantec, McAfee, Norton, etc make all their money from AV Subscriptions. The more Viruses out there, the more people will buy their product.
They also need to advertise. That is why their Software is so intrusive. If people forget they have their software installed, they aren't going to pay the protection money.

A Major side Argument is Windows Update. With Third Party Product, users need to rely on multiple different update channels. Symantec need their own updater. McAfee needs their own updater. Java needs it's own updater, Adobe Flash needs its own updater, as does Adobe Reader.
Microsoft Security Essentials uses the standard updater that comes with Windows. Every Tuesday, new Definitions are downloaded and updated without the users intervention, along with all other Microsoft Patches.

The fact that Windows needs MalWare protection is pretty pathetic. MSE brings a future without MalWare one step closer.
(The fact that Mac OS X is getting MalWare is also pretty pathetic; hopefully Apple will closes the hole quickly.)

Nothing new here.

[Xeranar]

Windows 7 is now closing in on the dominant OS as XP finally tottles off to die. This is news, how?

Re:Nothing new here.

Windows 7 is now closing in on the dominant OS as XP finally tottles off to die. This is news, how?

Whatever!

I'm going to keep my Windows machines on XP FOREVER and according to the stats, eventually the infection rate will go down to ZERO and I'll be invincible!

Aahahahahahahahahahahahahaha!

The most secure Windows ever!

[HangingChad]

"Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010...

In fairness it was the most secure Windows ever. It lasted longer than XP.

Re:The most secure Windows ever!

[dbIII]

The horrible thing about it is all the fanboys screaming about it being impregnable has led to otherwise intelligent people being convinced that it is safe enough to use without antivirus. Thus even a *nix guy like me has had to wade through malware shit and clean the Win7 boxes (that really should be reinstalled from scratch) because it consumes more time than those who only work on the MS platform have. Yes it's more secure than Win95 but it still has the a similar policy of trusting nearly everything. The security is still like Brittany Spears' underwear - if it's even there at all it is just for show. Without third party antivirus (which these people did not install because they fell for the hype) it's got nothing apart from a token effort to keep the nasties away.

Re:The most secure Windows ever!

I question your basic intelligence if you think an anti-virus is about OS security. Its not. It is to prevent a known bad piece of software from being installed.

If you use Linux all you're doing is placing that burden on someone else. (e.g. repositories) Although.. there is no evidence that all of the software being whitelisted has ever gone thorough a security review. "Ofcource, its open source, all those hundreds of millions of lines of source code must have been looked at !" LOL.. Its funny how many Linux cheerleaders like you (aka nerds + morons lacking critical thinking skills) there are that actually believe that. There aren't enough security experts in the world that could go through the entire code base of all the software in any given repository.

And then comes the quote of the week.

Yes it's more secure than Win95 but it still has the a similar policy of trusting nearly everything.

Says the person running Linux .....lol..

Like the majority of anti-ms trolls Its obvious that you have little to zero technical competence with respect to OS security, BUT it would be nice if you entertained us more in your troll comments. Please... I don't want you to stop. Just make them a bit more funny to read.

Re:The most secure Windows ever!

If you look at the numbers, you actually see it is still way more secure than XP.

XP's numbers are dropping and 7's numbers are climbing, but that's to be expected with more adoptions.

Re:The most secure Windows ever!

[dbIII]

I question your basic intelligence if you think an anti-virus is about OS security

Now that is just weird.
What part of stopping bad stuff from getting onto the computer is NOT about security?
If you had English as a second language you wouldn't pretend to be so confident about your new fake definition so what is your problem here?
Let's look at the rest of the post - all it really says is that you are angry about something and are looking for a cat to kick. I suggest you stop wasting your time pretending not to understand the English language as some sort of silly argument trick and go find something outside to be happy about instead.

Re:The most secure Windows ever!

What part of stopping bad stuff from getting onto the computer is NOT about security?

Err... the same reason that nobody thinks that the repositories are a security feature of Linux - atleast in the classical sense. Otherwise you can re-define the term it to include anything. I thought that part was obvious. Apparently I was dealing with the mind of a four year old and I had to spell everything out. Sorry about that.

But dude.. you're still not funny. cmon.. let out some funnies..

Re:The most secure Windows ever!

[dbIII]

Apart from kicking the imaginary cat you also went way off topic on a rant about linux all based on the "*nix" in my post above. You didn't know I was talking about solaris and AIX did you?
The part about pretending not to understand English just to get an insult in is not cute kid. Attempting to insult the intelligence of others while acting as if you are completely disarmed there yourself just does not work. You are obviously not that stupid so I suggest not following the tactics of those who are or you will have great difficulty when you are old enough to enter the workplace.

UAC

One problem is that UAC is so badly implemented that people who would ordinarily have no problem with it will turn it off entirely.

Why can't I whitelist apps like Visual Studio, for instance? Why isn't there an option on the UAC alert dialog that says "Do not ask me again for this application"?

I suspect that most Microsoft devs work with UAC turned off. If the order came down from above that nobody in the company was allowed to turn off UAC, I'll bet the system would become both more usable and more secure very quickly.

Re:UAC

[DJRumpy]

The problem with giving application level authorization is that a common virus always represents itself as the original program you think it is. If you allow program 'x' to bypass UAC then that becomes an immediate vector of infection.

Re:UAC

It could be that whitelisting applications is too hard to implement securely, or maybe they don't want to make it easy for applications to continue to misbehave and require UAC prompts.

Re:UAC

[cyber-vandal]

Not letting you easily run Explorer.exe as admin is more stupid. I know it can be done but it's a pain and should instead just ask for credentials if you want to write to a directory that the standard account doesn't have permissions on.

Re:UAC

[DarkOx]

No it might miss the security/usability trade off mark for but its actually not that badly implemented. Take Visual Studio and try to write a program that can circumvent UAC. Really try it, you will FAIL. It was specifically engineered to be difficult for malware that is not already running highly privileged to disable, or to "click yes" on the users behalf. Its very effective at that. What you want is for them to open up a whole bunch of new surface area to attack which would lessen the value of UAC as a security measure. If you want to run and interactive session as a privileged user and still be secure I don't care what OS you are using UAC is going be the price tag.

Sudo for instance is not nearly as strong as UAC in many regards, especially if you have the timeout configured. Its also not nearly so hostile an environment as the windows eco system tends to be.

Re:UAC

[techno-vampire]

Sudo for instance is not nearly as strong as UAC in many regards, especially if you have the timeout configured.

Which is why I don't use it on my Fedora box. I've given out accounts on my home box to a few friends, so they can do network trouble-shooting (pings and traceroutes) over a different ISP and/or backbone segment. None of them have the root password. When I need to do something that requires escalated privileges, I use su for multiple commands or su -c for a single command. The only reason I'd ever use sudo if I had the root password is if I were working someplace that made that company policy. (Yes, I've heard of places like that.) At home, it's my box, my rules and my rules include "no using sudo."

Re:UAC

[istartedi]

virus always represents itself as the original program you think it is

Then don't authorize the application. Authorize a secure hash of the application's executable, which is computed when it's loaded into memory. It shouldn't add that much time to application startup on modern hardware.

Re:UAC

[ben.craig]

For the Visual Studio example, most users won't need to escalate. The two things I can think of off the top of my head that would require escalation from Visual Studio are profiling and attaching to a process from another user (including the "real" admin). Compiling / linking doesn't require an escalation, and debugging an application that you launched doesn't require an escalation.

And as I understand it the Microsoft devs go one step above UAC. They usually run as a limited user, so that you can't just click the "ok" button, you have to type in the admin password to escalate.

Re:UAC

[dhavleak]

AFAIK, in Win7 UAC uses both whitelists, and blacklists, and is also configurable in terms of what it will prompt you for (haven't looked up level of granularity.. couldn't really be bothered)..

Why on gods green earth do you run Visual Studio elevated? IIRC there was a bug that requried that some time ago, but has been fixed since a very very long time.

Re:UAC

[Man+On+Pink+Corner]

I'm a little unclear on how authorizing on a per-application basis, using a hashed ID as the other user mentioned above, would open up a significant attack surface. I agree that UAC works, and that it isn't easily circumvented... but still, I should have the ability to disable it on a per-application basis, and optionally for any processes spawned by that application.

Obviously that''s an insecure practice on my part and should be done only with care, but turning UAC off entirely really does expose a huge attack surface, and that's what I'm doing now, along with a few million other Windows users who might or might not understand the implications of what they're doing.

Re:UAC

[chuckugly]

Still wouldn't help much if, as is often the case, the malicious code is injected and executed AFTER load time, during operation. It's a tough problem to solve unfortunately.

Re:UAC

[im_thatoneguy]

That works great until a virus spoofs whatever system UAC would use to check the identify of the exe.

Re:UAC

So you're saying it would be a good idea to hash the executable and every single dynamic library the process may load at any time in the future? ie: every single library that the escalated process has read access to. That'll go down well. Look ma! It only took 6 hours to start my app! I only had to hash every file on my hard drive to do it!

Re:UAC

sudo is complex, and complex systems have more chance of bugs, but assuming no relevant bugs being exploited, sudo's not in any way "worse", it's "different". Default config of sudo on e.g. Ubuntu is hilariously bad, no argument, but you can set it as restrictively as su, or even completely stop it from running arbitrary commands.

You're seeing it as an alternative to su, whereas it's meant primarily as an alternative to random suid binaries with (optional) su capabilities rolled in. There are very good uses for it where one must do something requiring escalated privileges routinely enough that typing root password is more hassle than adding a sudoers entry, but it's not worth coding a dedicated app and setting it suid. Classic examples might include disk access to external drives, network configuration, and the like. (Of course, most of these now have decent end-user applications (complete with dropping suid privileges early) to make them easy, but if you're doing something special they don't handle, or just hanging by inertia onto a pile of old scripts to connect your home, work, and Bt-PAN networks...)

Re:UAC

(Shrug) Fine, then don't hash, just go by the .exe's pathname. If the user disables UAC on a given executable, they're saying that they're willing to take responsibility for whatever obscure attacks might have been carried out against that executable.

Re:UAC

[techno-vampire]

If I need to run more than one command as root, I just use su or, if I need all of root's environment, su -. Of course, it helps that I'd ran Linux as a secondary OS for about eight years, and I've been running it as my primary OS ever since Fedora 9 came out, and I've learned how to be very careful as root. As an example, I never delete anything as root until after I've used ls with the same argument to see exactly what I'm going to delete and I've kept the default root alias for rm: rm -i. This gives me a second safety net because I have to confirm each and every file deleted.

As far as "seeing it as an alternative to su," it's not that I see it that way, it's that most people use it that way and personally, I see no reason for using it that way.

Re:UAC

[Malc]

Visual Studio 2005 and above is fine without admin privs. I do this everyday. There are some issues, such as developing COM objects and registering them the first time, but it is mostly ok as a regular user. VS2010 and almost aware of its limitations. VS2003 is another issue, but it's really broken on Win7 x64 and requires a bunch of compatibility features to be enabled to avoid weird build errors around bizarrely the PDB files.

Re:UAC

[Malc]

Don't child processes inherit elevated privs?

I run my domain account as a normal user. Any admin escalations end up being run as my local admin account (username + password required to escalate, rather than just clicked yes on the UAC prompt). All child processes then run as this local user, although I've never checked if they're lacking full admin rights.

Re:UAC

WHAT? Just make it a requirement that, for trusted code to be modified requires (you guessed it) TRUST. It's not like an unprivileged user can just poke around in kernel memory. The same thing is done per user... consider UAC granting access an escalation that prevents this kind of hooey.

Re:UAC

[badran]

Then UAC will not help, even if it is prompted at every start.

Re:UAC

[chuckugly]

Sure it can; UAC should prompt if your (freshly compromised) flash plugin tries to make a change to your system, say drop files in the System32 or change registry settings behind your back. Maybe it's something you asked for and expect, maybe it's malicious and you should know about it.

Except

[Dunbal]

Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans.

One VERY important point is that Microsoft's Malicious Software Removal Tool considers certain programs which can be used to bypass Windows Activation as "malware", which is probably skewing the results.

Re:Except

[Brian+Recchia]

Almost everybody who pirates Windows 7 does so using Windows Loader which, once they started encrypting it, has never been targeted by MSRT.

Re:Except

Is there any antivirus program left that doesn't consider keygens, cracks and packers as malware? Serious question.

Re:Except

[Dunbal]

Which would explain why the rate is so low, lol...

Re:Except

[TheThiefMaster]

Have you disassembled that keygen/crack to see if it is safe? Convincing someone to run an arbitrary executable file that may or may not do what it claims is exactly the goal of malware authors, after all.

In other news, Model-T fords

[unassimilatible]

have less accidents than Honda Accords, per 1000 vehicles. Hmm....

Re:In other news, Model-T fords

[rhook]

If you read the article you will see the XP has 14 infections per 1000 machines while Windows 7 only has 4 infections per 1000 machines.

Re:In other news, Model-T fords

According to who? "Microsoft data"? Multiply that by 100 and add 30. In fact, for Win XP a more sensible measure would be "# of infections per machine".

New OS

[hduff]

Same clueless users.

So newer is NOT better?

[metalmaster]

The article doesnt cover this, but im inclined to believe that malware authors have an easier time and higher infection rates when they target 3rd party software packages. As far as i know, the biggest thing to change from XP to Win7, from the user standpoint, is the more in your face security model. That makes the malware authors jump through extra hoops if they wanna get their code executed silently. However, attack a bug in a PDF reader or browser and things can be made to look like business as usual

Re:So newer is NOT better?

[sabt-pestnu]

Humans are always going to be the weak link. Cause too many alerts, get the operator to shut that alert mechanism down, and hey, presto!

UAC window, anyone?

Re:So newer is NOT better?

[metalmaster]

That was sort of addressed in transition from Vista to 7. Vista would throw up a UAC prompt if you looked at your monitor the wrong way. Windows 7 only does so when you sneeze

Re:So newer is NOT better?

[Bengie]

It only alerts when something is trying to change system settings. It's not MS's fault it pops up so much, it's all the fail software that want admin privs.

Effectively, any software that prompts UAC would not run correctly without admin. Just goes to show how much software would break from faulty designs.

Re:So newer is NOT better?

along that line of thinking one would think that windows 3 would be be the least malware infected operating system.

.

Re:So newer is NOT better?

Not really, since these programs don't run in elevated mode - so, by attacking them, you can't really compromise entire system.

Re:So newer is NOT better?

They even made a note of in the data that a large percent of infections are caused by Java related MalWare.

Re:So newer is NOT better?

[Salvo]

The problem with UAC is that it is s pervasive in Third Party Software. Insert a USB Thumb Drive? UAC Alert. Run a Third-Party Software Update? UAC Alert. Delete a File? UAC Alert. Edit HOSTS using Notepad.exe as Administrator? UAC Alert. Install MalWare that will render you computer unusable and obfusticate your data until you enter a CC? UAC Alert.

Users get conditioned to just Click Though UAC Alerts. Mac OS X and Linux only require Admin/Root access to do things users shouldn't be doing. Windows requires UAC confirmation for the most mundane day-to-day tasks.

Huge sample size

[pavon]

According to the Microsoft Report this is based on a sample size of 600 million computers. That is plenty large enough for the results to be statistically significant.

It was trollish for the summary to omit that Windows 7 still has 1/5 of the infection rate of Windows XP, though.

Re:Huge sample size

this is based on a sample size of 600 million computers. That is plenty large enough for the results to be statistically significant.

This. It's not like they only tested 1000 computers, which would make the results totally meaningless.

I'm a bit curious though if the infection ratio is based on age of the OS. Do infections increase as malware authors gain more experience with a particular OS and as the OS developer loses interest in favour of its successor? What was the infection ratio of XP at the same point in its life-cycle? What will the Win7 ratio be 5-10 years down the road?

Windows XP still dominates the market; not 7

If you look at 2011 market share numbers MS Windows XP is still dominating the market. It probably will be until we get closer to 2014 when Microsoft discontinues support.

Re:Windows XP still dominates the market; not 7

[luther349]

xp still has a foothold becouse people are running older machines mutch longer then they used to. and 7 is just to heavy to run on that old hardware a mistake by microsft there. by 2014 yes alot of that older hardware will finnly be replaced.

No malware for...

[sauge]

No malware for my IBM 5120. The old are far to wise for that malarkey!

Re:No malware for...

[SeaFox]

The old are far to wise for that malarkey!

But not wise enough to use the proper form of "too" I notice.

and....

[smash]

... even with those figures, i'm still repairing a lot more Windows XP machines.

If you turn off UAC / run as admin, and put a retard at the controls, Windows 7 will get infected by "free antivirus" software just as easily as anything else.

This is more a symptom of it being adopted by regular end users rather than bleeding edge types than any new inherent security problems discovered in 7.

Re:and....

[luther349]

man the free av torjen installer oldest scam in the book. i run adblock and flashblock on firefox and i havent seen one of those in a very long time. i sware people who do those scams need to be shot in the street. if you whant a free av ask a frend so he can point you to the avast or avg site and not some dammed random flash ad thats probly a vires.

Re:and....

[Salvo]

Even "Bleeding Edge Types" are prone to MalWare.
While we won't fall for WinTech Phone Scams and "Windows Inspection Utility" and "MAC Defender" Trojans, we still perform high-risk activities like disabling UAC or logging in as root.
Sometimes we find UAC and sudo annoying, but they are there for a reason. They should never be disabled, unless you have the time and inclination to Restore from Backup.
Anonymous got into HBGary using the oldest tricks in the book. Just because we make the rules doesn't give us the right to ignore the rules.

Unsurprising

People get viruses on their XP machines and then dump them for Win7 machines, which then get viruses on them; all the tech-savvy people (who get less viruses) have already upgraded, so the percentage goes up.
Those staying on XP are mostly businesses; they have more robust security and restrict users (i.e. employees) in a manner that limits infections.
So it's just a matter of technically-impaired users migrating platforms. No surprise.

TL:DR FUD

[Deathlizard]

Article makes it sound like Win7 is getting inundated with viruses, but when you look at the counts it paints a different story.

Windows 7: Increase of 33%
1Q2010: 3/1000
2Q2010: 4/1000 - 64 Bit: 2.5/1000

Windows XP: Decrease of 22%
1Q2010: 18/1000
2Q2010:14/1000

Basically, You're still safer using windows 7 vs other Windows versions.

Current Numbers from MS are Here. Not exactly sure how computerworld got those numbers since MS numbers are higher and lower than others but there you go.

Stats from MSRT

which excludes all those machines out there that has been set not to update....

Troll

Surely, the statistic should be 100% of computers running *any* version of windows are infected...

Sorry, couldn't help it.

XP is getting better.

[mevets]

At least according to this.

RETARDED ARTICLE

In other news....MAC OSX has zero viruses to date and zero malware......Oh and slashdot is going down hill....crappy quotes, stupid sayings, and now you're erasing posts? Guess ill have to find a new website to laugh at as this one is sucking more than usual lately.....seems you had some good moderators before but the new ones are just retarded. And ive read most of these articles at LEAST 4 days ago....losers.

It's the other way around

[UBfusion]

Without detailed information about which antivirus/firewall/antitrojan these boxes were running (if they did) and whether UAC was disabled or not, these statistics are just a measure of the (non-) efficacy of said antivirus/firewall/antitrojan programs and not a measure of the efficacy of MSRT.

In addition, a properly firewalled PC won't let MSRT phone home. Mine attempted to do that for the first time ever yesterday (on port 443) and was promptly blocked, therefore I assume that data gathering is still going on.

Could we please have some information on what precisely is MSRT logging?

Slashdot fail with IE9

[cooldev]

Why does /. fuck up under IE9. I want concrete standards compliance issues.

Re:Slashdot fail with IE9

It fucks up under firefox 4, too; slashcode was probably outsourced to a stoned ape colony in Madagascar.

Re:Slashdot fail with IE9

[dargaud]

Since today all the abbreviated comments have their lower half blanked out. I'm on FF4 on Ubuntu, and that's certainly original....

Re:Slashdot fail with IE9

[Neil+Boekend]

Fucks up under Chrome 11.0.696.65 as well. It doesn't matter much whether I turn scrips on or off, neither works as it should.

Re:Slashdot fail with IE9

[owlman17]

Thought I was the only one. Chrome 11.0.696.65 and FF3.6 under Ubuntu 10.04.

Re:Slashdot fail with IE9

[Salvo]

It fucks up under most modern Browsers. It's finicky under Safari on both Mac and Windows, as well as Chrome and FF4 too. It is completely unusable on Mobile Safari.

The artile is misleading

[giuseppemag]

Win 7 infections went from 3/1000 to 4/1000, that is infected ratio went from 0.3% to 0.4% (yes, it is a 33% increase, to be precise), while XP went from 18/1000 to 14/1000, that is infected ratio went from 1.8% to 1.4%. The numbers actually mean that Microsoft is doing a good job on security, since over 1000 PC the combined metric is not an increase of 11% (as the article seems to imply) but rather we went from 2.1% infected to 1.8%, which is a nice step.

New, uneducated users a cause

[fleeped]

Nowadays that machines come with Win7, you'll get more new-to-computers uneducated users getting infected more easily that XP long-time users.

So all that work was worthless

You know, the work of making Win7 much more secure and learning from XP and Vista.

You know, the work you paid for.

Today: XP = corporate machines in a domain

Many of those still using XP are in a corporate network using GPO and non-admin / non-power-user accounts to lock down the machine as m,uch as possible - in such a network, if it's well-run, XP should be mostly safe - we haven't had an infection for years.

Windows 7 IS safer for naive users, but only if they don't switch off UAC altogether or click the GO-AWAY button (a.k.a. "OK") without thinking.

BTW: in Win7, changing your network settings is still not covered by UAC using default settings, so they can still set your NIC to a rogue DNS, if you don't up UAC settings all the way up.

Windows XP users too poor to be malware victims?

Most criminal malware authors (professional virus writers) are after money nowadays, nothing but monetizable things. People and firms who are still running Windows XP are quite likely to have low bracket fiscals, while people and firms already on Windows 7 are likely to be better-off.

(I mean they can afford big enough hardware to run Windows 7 comfortably or at least as well as their previous Windows XP experience was. This probably means 2-3x more hardware performance.)

Frankly, what can you steal from a current-day Windows XP user? The hat he holds upside-down to collect penny donations at the corner, maybe. I mean about 50% of all Windows XP outside North America is alleged to be pirated, so those running them probably don't buy anything beyond food, basic wardrobe and minimal hardware. Users of Windows7 are more promising victims from the e-crime monetary aspect (e.g. ID theft or ransomware).

On the other hand, military and espionage viruses, as opposed to organised e-crime malware, are still targeting Windows XP diligently, as the case of Stuxnetan has shown. BTW, all those iranian Windows XP boxes hit are pirated, due to the trade emberago.

Wonder how many XP machines are reformated

[JTsyo]

I could see the drop in XP being in part to those that would regularly get their machine infested would switch to Win7 when they had to reformat their machine for the umpteenth time. These same poeple might be driving up the rates of Win7. Maybe 1 per 2000.

There is a different between secret and obscure

[pavon]

All cryptography is based on having a secret (like a key or password), but there are big differences between secrets and obscurity.
* An obscure system can be reverse engineered with patience, even if used correctly all the time. A secret password can not be determined with any practical amount of observation during proper use of a good cryptographic system.
* A secret password can easily be changed when compromised. It is much more difficult to change your entire OS or even encryption algorithm once it ceases to be obscure due to compatibility.

One of the fundamental principles of security is to minimize the amount of information that needs to be secret for your system to be secure. Creating a system that is secure even when it's operations are fully known furthers this goal. Relying on the fact that people don't care about the workings of your system doesn't.

In the context of this discussion, if Windows 7 is fundamentally more secure than OS X, and the popularity of OS X / iOS is increasing, then it won't be able to depend on obscurity for much longer, and making real security improvements is much harder.

convergence ?

[denbesten]

Summarizing TFA ....

Windows 7 32 bit was 3 PCs per 1000, now 4 PCs per 1000.
Windows XP, was 18 PCs per 1,000, now 14 PCs per 1,000

This could easily be interpreted as the infection rates converging together as common tools are used to measure both OSs.

MSRT only "counts" that which it knows about and it only knows about that which has existed long enough and is wide-spread enough to gather the interest of its programmers. Therefore, one would completely expect it to be "better" at cleaning older things than newer things, which would cause the two numbers to converge.

Numeric im-precision.

Seems to me like there is a problem with false precision (see: http://en.wikipedia.org/wiki/False_precision/ ). Compuworld reports 4 in 1000 vs 3 in 1000. Without knowing the next digit, the difference could be as low as 3.5 vs 3.4 (approx 3% increase) or as high as 4.4 vs 2.5 (approx 75% increase).

Had they said 3.0% vs 4.0%, the story would have been completely different.