Windows XP PCs Breed Rootkit Infections

CWmike writes "Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said. Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs. While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines. Avast attributed the infection disparity between XP and Windows 7 to a pair of factors: The widespread use of pirated copies of the former and the latter's better security. Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits."

water still wet

[smash]

Is this really a surprise?

Re:water still wet

[Lennie]

I've actually seem stories with other numbers as well, where most of the new malware for windows is coming out for Windows 7; Windows XP already has enough malware and people don't seem to be writing any new ones. The old ones already work fine I guess.

Re:water still wet

[hairyfeet]

The difference is if UAC is active and you are using a Chromium based or IE so that you have low rights mode (WTF Firefox? it has been FOUR YEARS already, get on the ball!) it is actually pretty damned hard to infect Windows 7 without getting the user actively involved. Of course getting the average user to help you install malware is trivially easy, even after all these years of MSFT trying to warn people not just to run any old thing they find on the net. But as someone who fixes machines 6 days a week I can tell you that the infection rate once I got most of my customers to switch to 7 went waaaay down. And Windows 7 doesn't really take much more than XP I have several family members on late model P4s with 1Gb of RAM that Win 7 is running just fine on. They don't have Aero but who cares.

But I have to agree about TFA and pirated Windows. Ballmer, in yet another proof of his incompetence killed the $50 Windows 7 HP upgrade which frankly was the best weapon against piracy I'd ever seen. Guys that had been running pirated Windows for years went legit thanks to that affordable upgrade path. But now that it is gone I'm seeing "Xp Pro Corp SP3 Razr1911 Edition" machines again alongside the pirated Windows 7 machines on Craigslist. you can always spot the pirated versions BTW, as they ALWAYS use the most expensive SKU. When you have a PC that isn't worth $120 running a $200+ copy of Windows Ultimate? yeah its pirated.

The thing is while the pirates know about Autopatcher and WSUS Offline the folks they are selling these machines to don't and since they won't pass WGA (the Windows 7 hack lasted for awhile but I'm now seeing folks that bought PCs with Win 7 off of CL coming in with WGA warnings) most are simply disabling Windows Updates. Folks don't know nor realize it is off and just think their PC is slowing down because "it is getting older" instead of the truth, it is has more viruses than a Bangkok Whore.

people need to upgrade

so rootkit authors can focus on Windows 7

pirates can get security updates

[lseltzer]

Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates. And honestly, SP3 is over 3 years old. It's hard to hold Microsoft or even Windows XP accountable for users refusing to upgrade.

Re:pirates can get security updates

[CastrTroy]

Well to be fair, if you install windows XP from a recovery image or from an original CD you have from the original version, your computer could probably be pwned before you even have the time to download the service packs.

Auto-update failure keeps people at SP2

[osu-neko]

I was running SP2 until a couple months ago because Windows Update failed to update me to SP3. It turns out that if you had upgraded Internet Explorer to some version under SP2 (IE8?), it would not upgrade to SP3 because doing so would break the downgrade process (you could upgrade to SP3 flawlessly, but if you tried to downgrade back to SP2 it would break) unless you first downgraded IE before upgrading to SP3. Therefore, SP3 would not be listed in Windows Update, and it would not tell you that it was hiding the upgrade, or why. Utterly idiotic. I assume a lot of people are still running SP2 not because their using an unlicensed version, but precisely because, like me, they have a legit installation, but just don't know SP3 was out and being hidden from them, with Windows Update cheerfully telling them every week that their system is perfectly up to date.

Re:really?

[Hylandr]

I wasn't sure if this should be modded flamebait, since there doesn't seem to be an 'astroturf' rating. *Any* version of windows should not be on the internet without a separate firewall solution deployed. Period.

This just feels too much like a marketing FUD to make people buy more Microsft licenses.

- Dan.