Slashdot Mirror
Win 7's Malware Infection Rate Climbs, XP's Falls
BogenDorpher writes "Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010, while the infection rate for Windows XP has dropped by more than 20%."
What would one expect as usage of XP decreases and Win7 increases?
TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.
A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.
In other words, software written to run on Win7 runs on Win7. If I run a malware and it infects my files, is this MS problem? And what is a malware - is Symantec Antivirus malware - it sure does slow my computer down. Did any malware infect system files without user permission - this is the question. There is no answer...
I have a HARD time believing that only 14 in 1000 windows XP machines are infected.
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
Windows 7 is now closing in on the dominant OS as XP finally tottles off to die. This is news, how?
"Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010...
In fairness it was the most secure Windows ever. It lasted longer than XP.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
One problem is that UAC is so badly implemented that people who would ordinarily have no problem with it will turn it off entirely.
Why can't I whitelist apps like Visual Studio, for instance? Why isn't there an option on the UAC alert dialog that says "Do not ask me again for this application"?
I suspect that most Microsoft devs work with UAC turned off. If the order came down from above that nobody in the company was allowed to turn off UAC, I'll bet the system would become both more usable and more secure very quickly.
Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans.
One VERY important point is that Microsoft's Malicious Software Removal Tool considers certain programs which can be used to bypass Windows Activation as "malware", which is probably skewing the results.
Seven puppies were harmed during the making of this post.
I have a HARD time believing that only 14 in 1000 windows XP machines are infected.
The reason why they came up with that number is in TFA:
"Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans."
In other words, they used their internal tool, which would certainly not catch all the bugaboos lurking in a given box.
Quo usque tandem abutere, Nimbus, patientia nostra?
have less accidents than Honda Accords, per 1000 vehicles. Hmm....
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Same clueless users.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
The article doesnt cover this, but im inclined to believe that malware authors have an easier time and higher infection rates when they target 3rd party software packages. As far as i know, the biggest thing to change from XP to Win7, from the user standpoint, is the more in your face security model. That makes the malware authors jump through extra hoops if they wanna get their code executed silently. However, attack a bug in a PDF reader or browser and things can be made to look like business as usual
The problem is the expectation that users will know when to say yes to a UAC prompt. Until users start saying cancel to UAC prompts they don't fully understand, malware will only increase.
Have you ever seen a UAC prompt you do understand?
Normally it's along the lines of 'Do you want to allow TrojanHorse.exe to: Access local disk?' What the hell is that supposed to mean? Is it trying to write to a file in its own Program Files directory, or is it trying to overwrite Windows core DLLs and install a root-kit? If I can't tell, how can Joe Sixpack?
According to the Microsoft Report this is based on a sample size of 600 million computers. That is plenty large enough for the results to be statistically significant.
It was trollish for the summary to omit that Windows 7 still has 1/5 of the infection rate of Windows XP, though.
Windows Update will still install "important" updates even if your system fails WGA. This includes the MSRT.
I have a HARD time believing that only 14 in 1000 windows XP machines are infected.
That's because you read a lot of sensationalist Slashdot headlines.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I understand that I'm being asked to trust the actions of "TrojanHorse.exe". Which is what UAC really does - tells the user that the application is about to do something that requires you trust the application. It doesn't tell you what that application is going to do, just asks "Hey, do you trust this? It's doing things which are outside the bounds of normal trust". So the question isn't "Can I understand the prompt" per se - because it's always a relatively simple question. More often it's a question of "Should I trust this program?". On the install end, most installers throw UAC, so it's not particularly helpful. But these days, most applications DON'T throw UAC during normal operation. So the utility of UAC is "Before I click yes to this, I should reevaluate that I trust this program, because it's asking for special permissions to do something".
Some programs are going to require admin access to do certain things. The programs that the average slashdot user might use are actually probably more likely to legitimately require elevation to run properly compared to the programs the average user SHOULD be using. So it's actually probably harder for us - given the prompt's lack of detail - to reevaluate that trust - but it's - generally speaking - more black and white in normal user land.
It's not perfect. UAC could give more details, and then us nerds could create websites saying "Oh, app such and such asking for x, y, but not z is probably reasonabl" and then users could check the list, and blindly follow it... but is that better for them? Another list to blindly follow?... I dunno. This is why ChromeOS and iOS and the like take off with users. Any admin type access is "omgbad". That will never be true on a system that you actually administrate.
(UAC has the benefit, btw - of not actually just being "Cancel or Allow" if the user faced with the prompt is a normal non-admin user. It requires elevation to an account with that access. So if Joe Sixpack has a son that knows computers - maybe Joe should be running as a non-admin account - but I'm not going to ask that every machine in the world has users shipped as non-admin accounts as default - because those users are also the admins of those machines, and will have the admin password anyway... so... it doesn't actually change anything in that scenario, it's just replacing "press ok" with "type Username/password and press OK" - which is frankly, the same thing.)
Let this old PC repairman enlighten you as to why those numbers as so low on XP. It is because the data is collected using the Malicious Software Removal Tool, which any repair guy that has had one of the bazillion "Razr1911 WinXP Pro Corp SP2" boxes cross their desks know that they all have Windows Updates turned off (to keep from getting WGA'd) and are infected with more viruses than a Bangkok Whore.
I'd love to see the numbers of XP infections pre WGA and after, along with how many pirate versions are out there. Because while I can understand MSFT wanting to stop piracy (but IMNSHO they royally fucked up by getting rid of the Win 7 HP $50 upgrade, as that thing turned more pirates into legit users than I'd ever seen) but anyone who has worked repair for any length of time knows there are a shitload of pirate Windows out there and nearly all have updates off.
It isn't just the "Crazy Dave's house of whitebox" BTW, it is all those that decided they didn't want to pay for an upgrade that got their "smart PC friend" who has every Razr1911 version on a spindle, and there are even plenty out there that have legit keys that aren't being used because the guy they took it to has a Razr1911 automated install and simply never bothered to change the keys, or the box had XP Home and all they had was the Razr XP Pro. Finally you have all those pre Vista Cheapo Best Buy and other retail joints that have autoupdates turned OFF for some damned reason, probably to cut down on those "OMG my PC has a yellow thing in the right corner OMG!" support calls.
In the end I can tell you I probably get 3 minimum cross my desk a week that haven't ever seen an update, and most are infected all to hell. I see so damned many PCs missing tons of updates that I keep WSUS Offline on my network fully loaded with every update for every OS from Win2K Pro to Win 7 X64, just so I don't have to waste time and bandwidth on updating all these damned machines. MSRT might give you a tiny taste of what is going on, but since WGA I'd say its data really isn't worth much.
ACs don't waste your time replying, your posts are never seen by me.
And it's not like there aren't ways around WGA too.
No malware for my IBM 5120. The old are far to wise for that malarkey!
If you turn off UAC / run as admin, and put a retard at the controls, Windows 7 will get infected by "free antivirus" software just as easily as anything else.
This is more a symptom of it being adopted by regular end users rather than bleeding edge types than any new inherent security problems discovered in 7.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Article makes it sound like Win7 is getting inundated with viruses, but when you look at the counts it paints a different story.
Windows 7: Increase of 33%
1Q2010: 3/1000
2Q2010: 4/1000 - 64 Bit: 2.5/1000
Windows XP: Decrease of 22%
1Q2010: 18/1000
2Q2010:14/1000
Basically, You're still safer using windows 7 vs other Windows versions.
Current Numbers from MS are Here. Not exactly sure how computerworld got those numbers since MS numbers are higher and lower than others but there you go.
In Soviet Russia, Trojan exploits YOU!
The truth is, as anyone who's dealt with such stuff for a living will tell you, it catches near nothing. I've had (recently, and for the last few years) machines come in with hundreds, or even thousands of infections... Win 7, Vista, XP... and on only ONE occasion (out of a few hundred machines in the last year or so), did it notice anything (and it was one infection out of about 700 on that particular machine that it noticed).
I suspect any stats generated using a highly useless tool are equally useless. While the MSRT is great for a few SPECIFIC pieces of malware, that has nothing to do with the plethora of other infections it doesn't even notice. So, again, it makes these stats very useless.
StarTrekPhase2 - The Five Year Mission Continues!
At least according to this.
as in windows dosent catch shit removel tool. so yes im on your side hear i have seen slome sad machines somehow still running full of spyware mailware etc. of course there calling me asking why there machine is a slow unstable mess. a reformat and a antivires install later they have a fast happy machine again that tends to stay that way couse many antivires also catch mailware.
wga has been cracked to the point updates work again. couse we all knoe everyone pirats windows. but i have seen legit machines simply loaded with enough garbageware it will make anyone go wtf. and i blame the venders there how many installers today of any softwhere does not whant you to install some sort of crap along with it hardly any. and all that garbage gets by the novice user.
xp still has a foothold becouse people are running older machines mutch longer then they used to. and 7 is just to heavy to run on that old hardware a mistake by microsft there. by 2014 yes alot of that older hardware will finnly be replaced.
As opposed to a Malicious Software Fashioning Tool (MSFT)? One would think that Microsoft would be more careful about acronyms.
While it IS true that WGA has been hacked, and Windows 7 BTW is easier to pirate than XP, the problem is while most pirates know how to do this the clueless users do NOT which is why the pirates simply turn off Windows Updates. I'm just now starting to see it with Windows 7, all those OEM hacks that came out with the RTM version is starting to fail left and right and people are going WTF?
But like I said killing the $50 HP upgrade was some kind of stupid, because that is what I kept seeing show up on formerly pirate boxes. Now I'm starting to see Windows 7 boxes with updates turned off because the pirates can't tell the guy that gave them $50 to put Windows 7 on "Yeah you'll have to hunt down WGA killer every couple of months BTW" so instead they just go in and kill updates.
Soon enough we'll see the Windows 7 botnets all made up of pirated machines just like I've been seeing with all the Razr1911 XP Pro boxes. BTW you know how you can spot a pirated Windows 7 at a glance? Even on the shitboxes they put Windows 7 Ultimate. I saw the same with XP Pro and Vista Ultimate, the pirates don't bother with the lower SKUs so it is ALWAYS the top one. Hell I even once had the owner of another shop ask me "Can you make our machines so they'll update to our server?" and when I asked him why he would want that he handed me a copy of "Razr1911 Vista Ultimate". And before anyone asks NO I did not call MSFT, they won't even give us any breaks at all for little shops so fuck them. I just laughed at the guy and walked away.
But MSFT is full of shit if they think they know ANYTHING about the number of pirate Windows out there, because in reality for every one that updates there are probably 1000 that don't. Hell even the junkers you find at yard sales and flea markets are all running hot Windows, it has gotten to the point that I pretty much assume its pirated unless I see the sticker. What MSFT doesn't realize is the user don't have to know shit about how to pirate, all it takes is 1, just 1, guy who "knows PCs" to spread pirated Windows copies far and wide. It ain't exactly brain surgery.
ACs don't waste your time replying, your posts are never seen by me.
Without detailed information about which antivirus/firewall/antitrojan these boxes were running (if they did) and whether UAC was disabled or not, these statistics are just a measure of the (non-) efficacy of said antivirus/firewall/antitrojan programs and not a measure of the efficacy of MSRT.
In addition, a properly firewalled PC won't let MSRT phone home. Mine attempted to do that for the first time ever yesterday (on port 443) and was promptly blocked, therefore I assume that data gathering is still going on.
Could we please have some information on what precisely is MSRT logging?
Why does /. fuck up under IE9. I want concrete standards compliance issues.
I've found that Microsoft Security Essentials has been working better than Symantec. I switched when the corporate standard (Symantec) allowed a bunch of people's machines to get infected, yet the MSFT tool caught the problem.
Win 7 infections went from 3/1000 to 4/1000, that is infected ratio went from 0.3% to 0.4% (yes, it is a 33% increase, to be precise), while XP went from 18/1000 to 14/1000, that is infected ratio went from 1.8% to 1.4%. The numbers actually mean that Microsoft is doing a good job on security, since over 1000 PC the combined metric is not an increase of 11% (as the article seems to imply) but rather we went from 2.1% infected to 1.8%, which is a nice step.
My book: Friendly F#, fun with game development and XNA; my game: Galaxy Wars by VSTeam; my gamedev language: Casanova.
Nowadays that machines come with Win7, you'll get more new-to-computers uneducated users getting infected more easily that XP long-time users.
Agreed.
Windows isn't even my primary OS (Linux is) but I do use my XP PC almost daily and I've not seen any virus or malware on it in years. I keep it updated, don't go near McAfee or Symantec bloatware (I just use Microsoft Security Centre) and only install software or games on it that I've bought legally or are freeware/OSS downloaded from the official sources. I also don't use IE or Outlook on it.
It's not rocket science, just common sense. If you install warez & key generators on Windows, then prepare to have viruses, it's that simple.
Gentoo Linux - another day, another USE flag.
I could see the drop in XP being in part to those that would regularly get their machine infested would switch to Win7 when they had to reformat their machine for the umpteenth time. These same poeple might be driving up the rates of Win7. Maybe 1 per 2000.
All cryptography is based on having a secret (like a key or password), but there are big differences between secrets and obscurity.
* An obscure system can be reverse engineered with patience, even if used correctly all the time. A secret password can not be determined with any practical amount of observation during proper use of a good cryptographic system.
* A secret password can easily be changed when compromised. It is much more difficult to change your entire OS or even encryption algorithm once it ceases to be obscure due to compatibility.
One of the fundamental principles of security is to minimize the amount of information that needs to be secret for your system to be secure. Creating a system that is secure even when it's operations are fully known furthers this goal. Relying on the fact that people don't care about the workings of your system doesn't.
In the context of this discussion, if Windows 7 is fundamentally more secure than OS X, and the popularity of OS X / iOS is increasing, then it won't be able to depend on obscurity for much longer, and making real security improvements is much harder.
Summarizing TFA ....
Windows 7 32 bit was 3 PCs per 1000, now 4 PCs per 1000.
Windows XP, was 18 PCs per 1,000, now 14 PCs per 1,000
This could easily be interpreted as the infection rates converging together as common tools are used to measure both OSs.
MSRT only "counts" that which it knows about and it only knows about that which has existed long enough and is wide-spread enough to gather the interest of its programmers. Therefore, one would completely expect it to be "better" at cleaning older things than newer things, which would cause the two numbers to converge.