How Windows Gets Infected With Malware

← Back to Stories (view on slashdot.org)

How Windows Gets Infected With Malware

Posted by timothy on Wednesday October 5, 2011 @03:04AM from the sure-c'mon-in dept.

Orome1 writes "Since Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits, CSIS has actively collected real time data from them for a period of three months. The purpose of their study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk. They monitored more than 50 different exploit kits on 44 unique servers / IP addresses. The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates."

9 of 373 comments (clear)

Min score:

Reason:

Sort:

70% on fully updated installs. by 140Mandak262Jamuna · 2011-10-05 03:07 · Score: 5, Interesting

Salient point is that, fully updated and patched installs let 70% of the infections through.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:70% on fully updated installs. by Dunbal · 2011-10-05 03:28 · Score: 5, Insightful
  
  Stupid users eh? Explain the following: Yesterday I visited the top site google provided for a search I did. I was not searching for anything particularly exotic or deviant, certainly not pornographic or illegal. Immediately on visiting the site with my Windows 7 machine, Microsoft Security Essentials pops up to alert me of a "severe" threat (Trojan:JS/BlacoleRef.A) it had located in my browser cache (Firefox 7.01). I did what the security program said, and it says the threat was removed. I have no idea if it was removed or not, my only choice with such an obfuscated, complicated OS is to assume that the tools I am given are not lying to me and are doing the job that they are.
  However should I be infected in the above scenario, how exactly does this make me a "stupid user"? I've had a PC since the late 1970's. I can code in ASM, Cobol, Fortran, Basic, C, C++. I like to think I know how computers work. I don't click "Yes" to everything, and I don't run programs from dubious sources anywhere other than a virtual machine. Should I be going through my registry and boot files daily to not be a "stupid user"? Isn't that what an OS is supposed to do for me - take care of the basic functions of my machine while I run the programs I need? Are you just going to troll me by saying "use linux instead you noob"?
  
  --
  Seven puppies were harmed during the making of this post.
2. Re:70% on fully updated installs. by Anonymous Coward · 2011-10-05 03:30 · Score: 5, Insightful
  
  You say:
  
  Salient point is that, fully updated and patched installs let 70% of the infections through.
  TFA says:
  
  The conclusion of this study is that as much as 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages.
3. Re:70% on fully updated installs. by houstonbofh · 2011-10-05 03:44 · Score: 4, Interesting
  
  I also think Linux is bad for the average user, because while it is more secure than Windows by default, if you muck with it you can cause vastly more damage to the system if you are in the "just enough knowledge to be dangerous" camp. Ubuntu goes a long way towards this, but it needs an even friendlier interface (IMHO) for system setup and config. We won't get that till an OEM adopts it seriously for end user platforms.
  I have set up a laptop for 2 different client's wives with Ubuntu. Both were non-computer experts, and kept getting every infection known to man. After setting them up (Over 2 years ago) I never say those laptops again. I still see the clients, but they say the laptops are running perfect. Lost a lot of business there, and from happy clients. :) Ooops...
4. Re:70% on fully updated installs. by ThePilgrim · 2011-10-05 04:43 · Score: 4, Insightful
  
  Except having it set up is how most people receive windows
  
  --
  Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
How Window Gets... hu wha? by sgt+scrub · 2011-10-05 03:08 · Score: 4, Insightful

A window can get infected? Lies I tell you!

--
Having to work for a living is the root of all evil.
Re:Welll by QuantumRiff · 2011-10-05 03:11 · Score: 4, Insightful

I can't tell you how much I wish Windows Update would update other applications.. I guess I've turned into a crusty, bearded old Linux geek.. but one command to update everything kind of spoils you. (and being able to install and uninstall more than one application at a time is nice too).

--

What are we going to do tonight Brain?
Re:Welll by houstonbofh · 2011-10-05 03:23 · Score: 5, Insightful

Plug-in repositories are one thing I WISH windows would steal from Linux!
Re:Welll by bill_mcgonigle · 2011-10-05 03:45 · Score: 4, Funny

I think that's in Windows 8 and they're calling it an 'App Store'.
No word yet on how many reboots it'll take to install an app.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)