Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows XP PCs Breed Rootkit Infections

Posted by samzenpus on from the update-please dept.

CWmike writes "Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said. Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs. While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines. Avast attributed the infection disparity between XP and Windows 7 to a pair of factors: The widespread use of pirated copies of the former and the latter's better security. Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits."

12 of 245 comments (clear)

  1. water still wet by smash · · Score: 5, Insightful

    Is this really a surprise?

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    1. Re:water still wet by Lennie · · Score: 5, Interesting

      I've actually seem stories with other numbers as well, where most of the new malware for windows is coming out for Windows 7; Windows XP already has enough malware and people don't seem to be writing any new ones. The old ones already work fine I guess.

      --
      New things are always on the horizon
    2. Re:water still wet by hairyfeet · · Score: 5, Informative

      The difference is if UAC is active and you are using a Chromium based or IE so that you have low rights mode (WTF Firefox? it has been FOUR YEARS already, get on the ball!) it is actually pretty damned hard to infect Windows 7 without getting the user actively involved. Of course getting the average user to help you install malware is trivially easy, even after all these years of MSFT trying to warn people not just to run any old thing they find on the net. But as someone who fixes machines 6 days a week I can tell you that the infection rate once I got most of my customers to switch to 7 went waaaay down. And Windows 7 doesn't really take much more than XP I have several family members on late model P4s with 1Gb of RAM that Win 7 is running just fine on. They don't have Aero but who cares.

      But I have to agree about TFA and pirated Windows. Ballmer, in yet another proof of his incompetence killed the $50 Windows 7 HP upgrade which frankly was the best weapon against piracy I'd ever seen. Guys that had been running pirated Windows for years went legit thanks to that affordable upgrade path. But now that it is gone I'm seeing "Xp Pro Corp SP3 Razr1911 Edition" machines again alongside the pirated Windows 7 machines on Craigslist. you can always spot the pirated versions BTW, as they ALWAYS use the most expensive SKU. When you have a PC that isn't worth $120 running a $200+ copy of Windows Ultimate? yeah its pirated.

      The thing is while the pirates know about Autopatcher and WSUS Offline the folks they are selling these machines to don't and since they won't pass WGA (the Windows 7 hack lasted for awhile but I'm now seeing folks that bought PCs with Win 7 off of CL coming in with WGA warnings) most are simply disabling Windows Updates. Folks don't know nor realize it is off and just think their PC is slowing down because "it is getting older" instead of the truth, it is has more viruses than a Bangkok Whore.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    3. Re:water still wet by LordLimecat · · Score: 3, Informative

      The difference is if UAC is active and you are using a Chromium based or IE so that you have low rights mode (WTF Firefox? it has been FOUR YEARS already, get on the ball!) it is actually pretty damned hard to infect Windows 7 without getting the user actively involved.

      Thats not entirely accurate. UAC is generally avoided by detecting whether the user has admin rights, and if so, rooting the machine; if not, installing a virus that launches on user login, stored to %appdata%. This can perform the role of "User-mode rootkit" (if you dont believe such a thing exists, google "n00bkit"), effectively locking down such things as task manager, registry editor, etc, at least for the current user (I dont believe UAC is tripped when writing to HKCU registry hive)-- and on MOST home machines, there is only one user, and users are not aware of how to remove such infections in such a scenario.

      As for Chrome and IE, IE has some protection from its sandbox mode, but you still have to deal with the fact that MOST infections seem to stem from out of date plugins-- Java, Quicktime, Reader, Flash-- which effectively load external DLLs outside of the controls and protections of the browser. If you have a Java vulnerability which allows arbitrary code and privelege escalation, it matters not whether you use IE or Chrome or XP or seven (except insofar as ASLR, DEP, etc mitigate the flaw).

      Chrome DOES have the benefit that it automatically updates its PDF and SWF plugins, which mitigates that attack vector by quite a bit; but a 0-day flash exploit will infect you just as easily regardless of browser.

      UAC DOES, of course, make it about a zillion times easier to remove the virus, as a non-escalated virus install cannot infect the MBR, patch the kernel or system drivers, etc, and is easily removed by launching a startup editor with elevated permissions.

  2. Re:good by Anonymous Coward · · Score: 3, Insightful

    Unfortunately the effect is that it impacts others, these are the machines which get used as zombies for spamming, ddos attacks etc.

  3. people need to upgrade by Anonymous Coward · · Score: 5, Funny

    so rootkit authors can focus on Windows 7

  4. pirates can get security updates by lseltzer · · Score: 4, Insightful

    Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates. And honestly, SP3 is over 3 years old. It's hard to hold Microsoft or even Windows XP accountable for users refusing to upgrade.

    1. Re:pirates can get security updates by CastrTroy · · Score: 5, Insightful

      Well to be fair, if you install windows XP from a recovery image or from an original CD you have from the original version, your computer could probably be pwned before you even have the time to download the service packs.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  5. Pirates don't want memory-upgrades then by Vincent77 · · Score: 3, Informative

    The memory-demands for SP3 have increased a lot - Where SP2 runs well with 512MB, you need at least 800MB for SP3 to run basic software like IE and Office smoothly. Though this is not official, I have seen too many cases with unresponsive PCs after the upgrade. A good reason to revert back to SP2 if people don't know how or dare to upgrade hardware nor want to spend another €300,- to €500,- on a new computer.

  6. Auto-update failure keeps people at SP2 by osu-neko · · Score: 5, Informative

    I was running SP2 until a couple months ago because Windows Update failed to update me to SP3. It turns out that if you had upgraded Internet Explorer to some version under SP2 (IE8?), it would not upgrade to SP3 because doing so would break the downgrade process (you could upgrade to SP3 flawlessly, but if you tried to downgrade back to SP2 it would break) unless you first downgraded IE before upgrading to SP3. Therefore, SP3 would not be listed in Windows Update, and it would not tell you that it was hiding the upgrade, or why. Utterly idiotic. I assume a lot of people are still running SP2 not because their using an unlicensed version, but precisely because, like me, they have a legit installation, but just don't know SP3 was out and being hidden from them, with Windows Update cheerfully telling them every week that their system is perfectly up to date.

    --
    "Convictions are more dangerous enemies of truth than lies."
  7. Re:really? by Hylandr · · Score: 4, Insightful

    I wasn't sure if this should be modded flamebait, since there doesn't seem to be an 'astroturf' rating. *Any* version of windows should not be on the internet without a separate firewall solution deployed. Period.

    This just feels too much like a marketing FUD to make people buy more Microsft licenses.

    - Dan.

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  8. reasons to stay with SP2 over SP3 by societyofrobots · · Score: 3, Interesting

    "Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits."
    I, and many others I know in a forum I frequent, won't upgrade to SP3 as it breaks USB. It's a known bug (for many years) that USB becomes significantly slower in SP3 (it's not known what hardware configurations can avoid the bug). This causes problems with data transfer speeds.