Slashdot Mirror

← Back to Stories (view on slashdot.org)

Win 7's Malware Infection Rate Climbs, XP's Falls

Posted by timothy on from the balance-in-the-monoverse dept.

BogenDorpher writes "Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010, while the infection rate for Windows XP has dropped by more than 20%."

20 of 250 comments (clear)

  1. And this is a surprise? by black6host · · Score: 3, Insightful

    What would one expect as usage of XP decreases and Win7 increases?

    1. Re:And this is a surprise? by Khoa · · Score: 5, Insightful

      What would one expect as usage of XP decreases and Win7 increases?

      The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

    2. Re:And this is a surprise? by John+Hasler · · Score: 3, Insightful

      The changing usage rate will also drive malware authors to concentrate on Win7.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    3. Re:And this is a surprise? by Missing.Matter · · Score: 5, Informative

      While the article says that the number of Win7 infections have gone up while the number of WinXP infections has gone down, the infection rate on XP is still higher at 14 per 1000 compared to 4 per 1000 in Win7.

    4. Re:And this is a surprise? by sortius_nod · · Score: 3, Interesting

      Corperate environments are usually controlled and less likely to get malware.

      That's not true at all. Having worked support in various corporations I can assure you that the infection rate is still very high. I remember working for a large bank and they had conficker on 1500 servers and 20000 workstations. This is supposed to be a sterile environment as it's a bank, not so. Where you have staff who aren't exactly computer literate you will have large infection rates.

    5. Re:And this is a surprise? by rhook · · Score: 3, Informative

      Windows Vista/7 are already known to be much more secure than MacOS.

      http://blogs.computerworld.com/15605/hacker_pwn2own_organizer_windows_7_is_safer_than_snow_leopard

      http://www.pcworld.com/article/189760/hacking_impresario_windows_safer_than_mac.html

      http://news.cnet.com/8301-27080_3-10444561-245.html

    6. Re:And this is a surprise? by TheCouchPotatoFamine · · Score: 3, Insightful

      This is nonsensical. But to extend your analogy, it's as if microsoft's vehicle has no brakes. nothing to stop the user from smashing into anything after they've touched the gas. You act like it's just perfectly normal that drive-by downloads from IE aren't avoidable by a bit of proper engineering from the "car maker".

      While it's possible for user to be misguided, the majority of errors come from the computer being complicit in allowing bad actions to happen merely so that a fringe of "convenience" can let users operate without having to remember their passwords, for instance.

      Marketing wins over engineering, and THAT'S why you have crap OS's and apps that have exploits attached, like burrs. Walled gardens from single corporations aside, communities SHOULD run app-repositories of trusted code and that's obvious. Bad engineering, both technical and social...

      --
      CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
    7. Re:And this is a surprise? by smash · · Score: 3, Insightful
      There's no reason codecs (or ANY SOFTWARE) installed on linux or any other OS can't own the user's data or operating system either.

      There are three ways people get owned: remote exploits (count the number on 7 vs linux in the past 2 years - they're not so far apart), application exploits (again, count em) and user stupidity (no solution, other than sandboxing the user to contain the damage).

      Even with a sandboxed app, it still has access to all of the data you have in the sandbox. If you've downloaded and installed a "virus scanner" and enabled it to access your entire filesystem, you're fucked.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    8. Re:And this is a surprise? by smash · · Score: 3, Insightful
      Yes, sure. However my point is that both machines were specifically targeted (i.e., here's a mac, here's a windows box, try and own them both - at a hacking convention). In the real world, the market share of OS X is not worth bothering with, when you can get 85-90% of desktops by targeting windows. The effort expended is not worth the potential return.

      Thus, although in theory, on the test bench windows is more secure - in reality, there are a lot more Windows boxes getting owned, simply because the volume of expoits out there being developed, and the prevelance of them on the internet is much greater.

      Look, i'm not disagreeing with the results you presented. I'm merely suggesting that in the real world you're a lot less likely to stumble across a trojan/exploit for your OS X box, because Windows is the focus of so much more exploit development.

      Ditto for those still running, say Windows 98 or OS/2. No one codes exploits for it any more because its market share is so close to zero - yet its architectures is FAR less secure than Windows XP or 7.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    9. Re:And this is a surprise? by somersault · · Score: 5, Insightful

      Security through obscurity is nothing more than an illusion.

      I always find this funny. Passwords, PINs, encryption/decryption keys, hardware tokens etc are all just forms of security through obscurity, too.. they just are a bit more obscure than running an an obscure OS when you use combinations of them, or pick a really good random password, etc.

      --
      which is totally what she said
  2. Sensationalist article much? by ferongr · · Score: 4, Insightful

    TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.

    A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.

    1. Re:Sensationalist article much? by John+Hasler · · Score: 3, Informative

      That is not a difference of one thousandth. It is a difference of 33%.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:RTFA by snowraver1 · · Score: 3, Insightful

    I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  4. Except by Dunbal · · Score: 5, Interesting

    Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans.

    One VERY important point is that Microsoft's Malicious Software Removal Tool considers certain programs which can be used to bypass Windows Activation as "malware", which is probably skewing the results.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Except by Brian+Recchia · · Score: 3, Informative

      Almost everybody who pirates Windows 7 does so using Windows Loader which, once they started encrypting it, has never been targeted by MSRT.

  5. Re:RTFA by Penguinisto · · Score: 4, Informative

    I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

    The reason why they came up with that number is in TFA:

    "Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans."

    In other words, they used their internal tool, which would certainly not catch all the bugaboos lurking in a given box.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  6. Re:what is malware? by cyber-vandal · · Score: 4, Funny

    Norton Antivirus is a well recognised trojan offering 'to protect your machine from threats' but in reality siphoning money from your credit card once a year and bringing your machine to a standstill.

  7. So newer is NOT better? by metalmaster · · Score: 4, Insightful

    The article doesnt cover this, but im inclined to believe that malware authors have an easier time and higher infection rates when they target 3rd party software packages. As far as i know, the biggest thing to change from XP to Win7, from the user standpoint, is the more in your face security model. That makes the malware authors jump through extra hoops if they wanna get their code executed silently. However, attack a bug in a PDF reader or browser and things can be made to look like business as usual

  8. Re:UAC by Man+On+Pink+Corner · · Score: 3, Informative

    I'm a little unclear on how authorizing on a per-application basis, using a hashed ID as the other user mentioned above, would open up a significant attack surface. I agree that UAC works, and that it isn't easily circumvented... but still, I should have the ability to disable it on a per-application basis, and optionally for any processes spawned by that application.

    Obviously that''s an insecure practice on my part and should be done only with care, but turning UAC off entirely really does expose a huge attack surface, and that's what I'm doing now, along with a few million other Windows users who might or might not understand the implications of what they're doing.

  9. Re:RTFA by hairyfeet · · Score: 5, Interesting

    Let this old PC repairman enlighten you as to why those numbers as so low on XP. It is because the data is collected using the Malicious Software Removal Tool, which any repair guy that has had one of the bazillion "Razr1911 WinXP Pro Corp SP2" boxes cross their desks know that they all have Windows Updates turned off (to keep from getting WGA'd) and are infected with more viruses than a Bangkok Whore.

    I'd love to see the numbers of XP infections pre WGA and after, along with how many pirate versions are out there. Because while I can understand MSFT wanting to stop piracy (but IMNSHO they royally fucked up by getting rid of the Win 7 HP $50 upgrade, as that thing turned more pirates into legit users than I'd ever seen) but anyone who has worked repair for any length of time knows there are a shitload of pirate Windows out there and nearly all have updates off.

    It isn't just the "Crazy Dave's house of whitebox" BTW, it is all those that decided they didn't want to pay for an upgrade that got their "smart PC friend" who has every Razr1911 version on a spindle, and there are even plenty out there that have legit keys that aren't being used because the guy they took it to has a Razr1911 automated install and simply never bothered to change the keys, or the box had XP Home and all they had was the Razr XP Pro. Finally you have all those pre Vista Cheapo Best Buy and other retail joints that have autoupdates turned OFF for some damned reason, probably to cut down on those "OMG my PC has a yellow thing in the right corner OMG!" support calls.

    In the end I can tell you I probably get 3 minimum cross my desk a week that haven't ever seen an update, and most are infected all to hell. I see so damned many PCs missing tons of updates that I keep WSUS Offline on my network fully loaded with every update for every OS from Win2K Pro to Win 7 X64, just so I don't have to waste time and bandwidth on updating all these damned machines. MSRT might give you a tiny taste of what is going on, but since WGA I'd say its data really isn't worth much.

    --
    ACs don't waste your time replying, your posts are never seen by me.