Rich Countries Suffer Less Malware, Says Microsoft Study

chicksdaddy writes "To paraphrase a quote attributed to F. Scott Fitzgerald: 'Rich countries aren't like everyone else. They have less malware.' That's the conclusion of a special Security Intelligence Report from Microsoft, anyway. The special supplement, released on Wednesday, investigated the links between rates of computer infections and a range of national characteristics including the relative wealth of a nation, observance of the rule of law and the rate of software piracy. The conclusion: cyber security (by Microsoft's definition: low rates of malware infection) correlated positively with many characteristics of wealthy nations – high Gross Income Per Capita, higher broadband penetration and investment in R&D and high rates of literacy. It correlated negatively with characteristics common in poorer nations – like demographic instability, political instability and lower levels of education.'"

You don't say?

[Maximalist]

Better literacy leads to a better ability to spot the poorly written bogus come-ons that get you infected when you click on them? I just can't believe it.

Re:You don't say?

[TWX]

Better literacy leads to a better ability to spot the poorly written bogus come-ons that get you infected when you click on them? I just can't believe it.

Not from what I've seen...

Having a techie friend call to fix it when it's broke is what gets most people out of the jam.

Though with my friends, I charge $60/hr to friends to fix their computers on the side. As a consequence I do maybe two side jobs a year. I don't want to do side work, and when they know that it'll cost probably $120 to get their $500 computer fixed, they do tend to be at least a little more careful.

Re:You don't say?

[jellomizer]

That may be part of the issue.
However there is the other issue of being able to afford a better infrastructure.
Even a basic Home network in America has the following.
A broadband modem That connects to a Router for their Wireless, This router does basic hardware firewall and acts like a switch between mutable PC's, and even old Wireless systems offer modest encryption. Just by being able to Drop a hundred bucks in equipment we have basic safety. If you are in poor country and don't have a few hundred bucks to spend, you will get second/third hand possibly hacked or hopelessly out dated hardware which doesn't have nearly the same protection level.
Your computer will probably be using a Pirated version of Windows which you dare not to update, and volnerable system is in essence hooked up to an unfiltered internet. Allowing for the spyware to get in your system without having to click on that link.

Re:You don't say?

Better literacy leads to a better ability to spot the poorly written bogus come-ons that get you infected when you click on them? I just can't believe it.

Not from what I've seen... Having a techie friend call to fix it when it's broke is what gets most people out of the jam. Though with my friends, I charge $60/hr to friends to fix their computers on the side. As a consequence I do maybe two side jobs a year. I don't want to do side work, and when they know that it'll cost probably $120 to get their $500 computer fixed, they do tend to be at least a little more careful.

Amen brotha.

No one expects a mechanic to fix your engine for free. No one expects a lawyer to draw up a contract for you for free. No one expects a doctor to fix a broken leg for free.

For some reason people think that the guy who spent hundreds of hours of his time mastering this skillset should fix their computers for free. They often act hurt and offended when you decline! I don't understand why people think the principles applying to all those other skillsets magically don't apply to this one. But they can get the fuck over themselves and their sense of entitlement, if you ask me.

If someone wants to help you out of the kindness of their heart, they'll offer to do so. You won't have to create drama to manipulate them into doing it. Maybe you'll approach them with an offer to compensate them in some way (doesn't have to be money - a good meal or some beer will work too, lots of times!) and they'll decide to do it free as a favor, but that's their decision. This culture of entitlement where you think someone owes you something, who clearly doesn't, well getting rid of that is just about the best thing a society can do.

Re:You don't say?

[antdude]

What about family members?

Re:You don't say?

I wouldn't expect my brother to charge me $60 per hour to fix a fucking computer either.

There's a difference between acting as free labor and acting as an entitled asshole. People will literally work 3 hours free of charge to help you move houses, but they get pissy if you expect the same in return for computer work.

In a professional capacity, I can easily charge twice what he charges and still get business, doesn't mean I will charge above $20/hr to friends.

Re:You don't say?

[Erikderzweite]

Mine have been forcefully switched to Linux. Much easier to support since I've set up ssh reverse tunnel with port forwarding for vnc. So if a PC is online, I can fix it. If not -- there's a custom LiveCD which does the same trick with reverse ssh.

Oh, and no problems with malware whatsoever.

Re:You don't say?

[emho24]

I wouldn't expect my brother to charge me $60 per hour to fix a fucking computer either.

Maybe not for the first few times, but after a while it just gets freaking old. That's when an hourly rate starts to sound appealing to me. Even family members need to learn and stop making the same stupid mistakes over and over.

Re:You don't say?

A few years ago I set up my parents with Ubuntu LTS, since they wanted something that worked and I didn't want to update it every 6 months. Everything was working fine, until my sister's dickhead boyfriend "upgraded" it to the latest version and messed everything up. From then on, when my parents had trouble I referred them back to dickhead boyfriend, since he evidently volunteered to maintain their OS from then on. Once it involved responsibility he wouldn't do shit, and I wasn't inclined to clean up his mess, so my parents blamed linux and bought a mac.

The moral of the story: don't give your parents the root password, even if you think they should be able to install programs on their own computer. They'll just tell the password to someone who feels like a hacker for one afternoon, but doesn't actually want to accept the responsibility of maintaining something. It's like giving car keys to a teenager, he crashes it, and they blame the car for not being crashproof.

Re:You don't say?

No.

But it tends to a better understanding of english language and a higher probability to buy original software, and there you have it.

Re:You don't say?

[Mister+Whirly]

"Ok Grandma so you can't look at a picture. Here is what you need to do - drop to a command line and start your ssh server. Check to make sure that the port is forwarded so I can connect on my end with VNC. Ok that all set up? Great now I can start to help you."

An operating system is not a panacea. What I have done with my family, instead of ramming something down their throat that is likely above their abilities, is to teach them good basic security practices, and that bad things can happen if you are not careful no matter what software/OS you are using. I taught them to be security minded instead of giving them the illusion nothing bad could ever possibly happen because I am using {Product X}. Guess who gets a lot less calls now? And how are you going to make them use Linux on their iPads, or do you also get to dictate which technology products anyone in your family can buy as well as dictate which software they can run?

Re:You don't say?

[steveg]

My sister has an icon on her desktop that says "Connect to Steve at home" and one that says "Connect to Steve at work." She calls me up, I set up the VNC client in listen mode, and she clicks the icon.

I then have access to her machine. All the command line stuff is done in a script attached to that icon. She doesn't have to deal with it. It's not that hard.

Re:You don't say?

[Mister+Whirly]

So what happens if the icon isn't there? What happens if the program that is supposed to run when she clicks the icon is broken?

Now read the rest of my post. Forcing someone to use {Product X} isn't the answer to security.

Re:You don't say?

[Mister+Whirly]

And when she buys an iPad, how are you going to duplicate that setup?

Re:You don't say?

[steveg]

Maybe. Maybe not. But it is certainly the answer to support. I can support this. When she was using Windows, her "local" support was Best Buy, and they charged her a ton of money without solving the problems. I'm not local (she's 1100 miles away), and my ability to help over the phone was limited, especially since the last version of Windows I used with any regularity was NT4.

If she gets an iPad, she's on her own. I have no expertise with that.

What if the program isn't there or is broken? What if my niece spills a drink on the computer? What if the roof blows off the next time there's a good Chinook blowing through and the computer blows out to Kansas?

You can't protect against everything. We'd deal with that if we have to, but so far none of those things have happened, and I'm not holding my breath about any of them.

Since I switched her over (about three years ago) she had *one* instance where she clicked on somthing and disabled most of her browser controls. That's as close to "broken" as her computer has experienced. All other calls have been on the order of "How do I do this?" or "I bought a new printer," and have easily been solved. The number of calls has dropped dramatically.

And that tells me that perhaps security has been addressed as well, because the security issues she used to have simply haven't come up. Would giving her better training in how to handle herself on the Net be a Good Thing? Sure. But I have 1 week a year there, and perhaps an hour or two of that is spent on computer issues. That's not likely to change.

Re:You don't say?

[osragati]

http://www.cloud65.com/ just as Keith responded I am blown away that a mother able to make $6857 in 1 month on the computer. did you look at this website

Re:You don't say?

[UltraZelda64]

+5, Beyond Insightful! Well said AC. I never have mod points when I need them.

I've personally given up on helping people with their computers for the most part, because in the end they usually seem to be ungrateful assholes who just want to get out of paying some "real" computer repair shop $70 just to fucking look at the damn thing, and who knows what else on tap of that! A shop in a nearby city I noticed advertises that it will remove viruses (that's it!) for a whopping $90. I'm done being walked all over; I rarely offer any kind of help whatsoever. Where I used to explain exactly what the problem and when asked "Do you know how to fix that?" I would respond with "Yes" and happily help them out, now I'm more reluctant to tell them the details and even more reluctant to actually help them out.

Even people who do pay typically pay with a twenty dollar bill, maybe two if I'm lucky, so it's just not worth it. They usually *have* the money, but they want to be cheapskates. They can just go take their machine to the local repair shop and get fucked over--better them than me for a change. Or else, do what they typically claim they're going to do whenever anything happens: waste even more money on a brand new computer to "fix" the problem. But, oh, then they'll want me to tag along for the ride because they otherwise won't know what to get and will be lost.

Re:You don't say?

[UltraZelda64]

Exactly. After years of dealing with the same old shit from almost everyone you know, it really does start to get old. It starts to feel as if everyone just uses you as a cushion to catch them when they fall, and never make any attempt to learn a damn thing about what they're doing that they shouldn't be doing themselves to prevent it from happening in the future...

Very few people actually listen and try to understand what I have to say. Those that do and actually follow my suggestions, I rarely ever hear from again when it comes to computer-related problems, unless it is a hardware-related problem. Why? Because they were willing to actually use a few brain cells and actually change their behavior while using their computer, so the most common problems are in effect nearly eliminated.

I've done so many things that I wouldn't exactly call "simple" or "quick" procedures over the years to fix some serious problems on other people's computers, it's not even funny. I'm lucky if I see $40 for it, let alone $20. Things that aren't as braindead-easy as the usual, "Help! I deleted the Recycle Bin! Can you bring it back?!" They would be paying more than twice what I would ask if they went into a computer repair shop, and then in some cases probably have to pay extra on top of that for other crap.

Re:You don't say?

[causality]

And when she buys an iPad, how are you going to duplicate that setup?

Is it really so hard for you to accept that this family found a solution that works for them?

I mean, if he claimed that everyone on the planet should use Linux or else they're less than human, then I could understand your incessent urge to find some flaw or disaster-waiting-to-happen in "steveg's" setup. But he made no such claim (nor did he claim that Linux is completely invulnerable to security issues). He merely described what worked for his family.

What part of that bothers you?

phishing would screw up their "security" metric...

[mattr]

tl;dr but malware level can only be one metric and is an incomplete definition of security.
You would expect to find people suffering damaging attacks to their livelihood and important data to be found at a computer with high "security".
But I bet suffering spam and phishing target rich people which should screw up their metric.
That, and dividing the world into territories when it should probably be divided into something else like government, military, private computers, mobile, multinationals, kids, etc.

Multiple factors

Using older software (older versions of windows that is) and not having access to a "computer guy" in your family, combined with not being able to just "buy a new computer because the old one is broken" or even using official support would lead to simply not being able to deal with malware.

Windows XP

[TheRealMindChild]

People tend to pirate Windows XP because it is much easier than Windows Vista/7/8 and they probably are running DELL P4 machines thrown to the curb by reasonable people

Re:Windows XP

[hedwards]

I'm not so sure about that. It's not exactly hard to get a pirate copy of Windows 7 in China. Not sure about Vista or 8 though, but I'd be surprised if they were at all hard to get.

But what are they selling

That may well be but why is it that EVERY piece of spam I receive is advertising an american product from an american company and EVERY piece of malware I see in my daily job is either ultimately traced to some american kid or a russian punk?

I haven't seen nigeria spam in years.

Backpackers would know this

[CRCulver]

Computers at internet cafes in third-world countries look as scary and diseased as truck stop hookers. One imagines that whoever set up the computers way back when might have been tech savvy, but the owner paid him for his one-time services, then for the next 5-10 years kept the machines running with no updates or virus scans. The staff hired to work there are just babysitting the machines to make sure no one steals them; they have no greater knowledge of how to fix a problem than restarting the computer.

I use these establishments only to plug my notebook into a ethernet jack, but a non-insignificant amount of times, to ask to use your own computer instead of their infectious, malware-ridden machines evokes suspicion that are you are some kind of hacker terrorist and they want you to leave.

Re:Backpackers would know this

The third-world internet cafes have improved recently. Most of the cafes I go to locally reload a clean Windows install whenever they reboot. Problem solved ... unless the "clean install" is somehow infected, of course.

Re:Backpackers would know this

[CRCulver]

Yes, I've seen that in a few places. Luckily, 3G data is getting cheap enough that travellers don't have to always use internet cafes anymore. When I was in Tajikistan, for example, I just got a local SIM card, put 5 or 10 euro on it, and then tethered my mobile phone to my notebook. It worked for about a week of usage before needing a credit top-up.

Re:Backpackers would know this

[Ukab+the+Great]

I use these establishments only to plug my notebook into a ethernet jack, but a non-insignificant amount of times, to ask to use your own computer instead of their infectious, malware-ridden machines evokes suspicion that are you are some kind of hacker terrorist and they want you to leave.

Extending and embracing your analogy, it's like bringing your own hooker to a truckstop and they want you to leave because they think you're a pimp.

Re:Backpackers would know this

[TimothyDavis]

Extending and embracing your analogy, it's like bringing your own hooker to a truckstop and they want you to leave because they think you're a pimp.

I don't think GP would appreciate you calling his metaphorical wife/girlfriend a hooker.

Re:Backpackers would know this

[robbo]

Bring your own notebook doesn't protect you from pharming and other MITM attacks.

Re:Backpackers would know this

[swillden]

Bring your own notebook doesn't protect you from pharming and other MITM attacks.

It does if you only use SSL-enabled web sites.

For gmail users, I believe Chrome (and ChromeOS) now come configured by default to check not just the certificate chain, but even to know which specific certificate to expect. So a compromised CA plus compromised DNS just results in a denial of service. You can also manually check the certificates for other sites you go to (get their fingerprints and write them down when you're at a trustworthy connection).

Re:Backpackers would know this

[Hatta]

That's what SSH tunneling is for. Just connect to Wifi, set up an SSH tunnel, and forward all traffic through it. It's just like browsing at home.

Re:Backpackers would know this

It does require some software, but one can run an Internet cafe with some hope of keeping machines clean:

1: DeepFreeze. It isn't perfect, but it does a good job at malware protection, especially if the user that is in primary use is a non-admin (which is another layer of contexts malicious software has to gain access to before being able to attack the rollback driver.)

2: Locking down machines. Set the BIOS to only allow them to boot from the HDD, lock the cases, and stick a camera or two in the area to catch the people who might be trying to jimmy open cases. There are anti-theft cages that one can have fabbed to put machines in as well.

3: If running W7 or so, consider BitLocker + TPM. This is useful, less for the encryption, but to detect tampering, especially paired up with DeepFreeze.

4: Ad blocking software paired up with click to play (either natively as in Chrome, or an add-on like in Firefox) goes a lot further in keeping machines clean than any antivirus.

Re:Backpackers would know this

Firefox has Certificate Patrol. Helped me catch multiple MITM at cafes.

Re:Backpackers would know this

[swillden]

Firefox has Certificate Patrol. Helped me catch multiple MITM at cafes.

Excellent. I didn't mean to imply that only Chrome does such things. I would hope that all browsers do.

Rich Countries

I didn't RTFA. Which countries are the rich ones, and which ones are the poor ones?

Also, once we get the rich and poor sorted out, can we then ask another, valid question? Which of these countries is producing the most software/hardware?

just my .02

*hand on their head* - *pat* *pat*

Now that's a mighty find report.

Care to compare that rate VS Open Source ?

Because my memory says Microsoft cuts off machines that are pirated so if you are unwilling to spend a month of ones cashflow for software just so you can get patches OR one can choose to eat, pay rent or property taxes, or electricity.

This problem lies at the foot of Microsoft and their usary. Unless they can show that it doesn't by comparing Open Source boxes based on things like FreeBSD or any of the various GNU/Linux forkes suffer the same problem, the only logical choice is this report is a failed astroturffing attempt to blame others VS Microsoft policies.

Re:*hand on their head* - *pat* *pat*

[phantomfive]

They addressed piracy briefly in the report, but they seemed confused by it:

"the average piracy rate of countries in the low-CCM cluster was drastically lower than the other clusters. The implications of this observation are complex. Countries that do a better job managing cybersecurity may also do a better job mitigating piracy, or countries with higher piracy rates may have a more difficult time containing malware and other cyber threats."

The purpose of the paper is to influence specific policy decisions, so apparently they can't see the obvious conclusion, that pirated software often comes with malware.

Can Microsoft detect malware?

[QuietLagoon]

But how can anything that Microsoft says about malware be trusted when Microsoft's own Security Essentials software has problems detecting malware?

Re:Can Microsoft detect malware?

Probably because one has nothing to do with the other. Oh, sorry, were you just trying to start another "Let's trash Microsoft" thread?

Re:Can Microsoft detect malware?

[marcello_dl]

> But how can anything that Microsoft says about malware be trusted when Microsoft's own windows OS can be classified as spyware/rootkit approved by clicking through a multipage EULA?

FTFY

Re:Can Microsoft detect malware?

What a fucking faggoty loser comment you just made. Please remove yourself from life.

Poverty produces piracy, that brings malware.

[Ateocinico]

In poor countries the salaries are so low that people can not afford all the software they want. When you make 6000 US$ a year and only one of the application you need costs 2000 US$ , you resort to piracy. There are many cracked applications available in the WEB and most of them insert backdoor traps, trojans and worms.

Anti-virus software not updated

[mmsimanga]

The reason is because anti-virus software on these computers is not updated. Reasons for not updating primarily revolve around how expensive it is to connect to the Internet. I don't live in my home country, Zimbabwe. When I did visit the one time I installed Ubuntu on the home PC because half the time the PC was unusable thanks to malware. I blogged about it here http://www.mahalasoft.co.za/blog/ubuntu-linux-experiment . The next time I visited, Windows XP had be reinstalled on the machine because that is what most of the "technies" knew back home, yes the PC was unusable again.

Re:Anti-virus software not updated

I had a private conversation with the local techie guy here a few weeks ago. (Baja California, Mexico)
He explained (or tried to) that Microsoft and Apple are so great, but finally confessed that he can not make any money helping people convert to one of the user friendly Linux flavors... there is no constant stream of work helping them fix their infested machines.
He secretly uses Linux on his personal machines.

Re:Anti-virus software not updated

[qwe4rty]

How is this modded insightful?

If it's too expensive for them to connect to the internet to update their anti-virus, it's too expensive for them to connect to the internet and contract malware. That's where the majority of it is coming from. I don't doubt expense might be part of the reason (running unlicensed/unpatched windows machines or trying to find free software that comes riddled with spyware) but I don't see the connection you are making being the primary reason...

Re:Anti-virus software not updated

[mmsimanga]

In most cases the malware is transported to the unconnected PC via a USB stick that was used at an Internet cafe.

Since when did slashdot become the onion?

[Nocturnal+Deviant]

Rich countries have better education, news at 10.

Re:Since when did slashdot become the onion?

Its less of an education problem and more of a money problem. Piracy is much higher in poor countries because software is way too expensive. Piracy cuts off users from security patches and exposes them to more viruses. Computers are also expensive. Old computers that would have been discarded in rich countries are used for much longer in poor countries making them very vulnerable to unpatched security holes. Fewer people can afford personal computers so fewer people are computer literate.

Re:Since when did slashdot become the onion?

[Nocturnal+Deviant]

Look at the elderly. People who simply did not learn about them are worse with them. I personally pirate quite a bit due to moral dislikes about certain companies decisions(however any game/application i find good/useful I WILL and DO buy. I also Refuse to pirate indie software/games.)

It is far more an educational issue than a money issue, although I won't completely discard money as an issue, It is far more education.

As IT I have removed so many random obvious malware(does bonzibuddy ring a eye twitching bell?), from people who just arent computer literate, not that they cant afford them, they just never cared to learn.

Re:Since when did slashdot become the onion?

[steveg]

Um. Pirate because of moral dislikes about cerain companies? That doesn't raise your eybrows?

Isn't that kind of like "fucking for viginity?"

If you actually had moral qualms about certain companies, you wouldn't be supporting them (yes, that's what I said--ever hear of network effects?) by spreading their product around.

I have moral qualms about quite a few companies, possibly the same ones you do. I don't use their products.

Re:Since when did slashdot become the onion?

[capt_mulch]

Not just a piracy problem - even when offered open source software people in developing countries will go for pirated software because it is 'worth something' - if the software is free (as in you don't have to pay a license for it) then there must be something wrong with it. They would much rather use free stolen software than free free software. Also, due to lower connectivity rates, memory sticks get passed around (music, movies) - I'm not sure about now, but a few years ago here in the Solomon Islands I used to get 100% success rate on finding malware on memory sticks I tested. Another factor is the cost of bandwidth - Solomon Islands, 7 cents US per megabyte is costly for most locals, so memory stick malware passing is still rife.

Re:Since when did slashdot become the onion?

[Nocturnal+Deviant]

Not using something when it is useful becomes a general waste of your time to find an alternative that does exactly what the original did(and in most cases less well.) Not paying for said product does not support said company, but also does not waste time.

Also "fucking for virginity" If you have ever fucked a virgin, I am sure you can concur with me that you aren't missing anything. In general that analogy itself makes utterly no sense in this specific incident.

Re:Since when did slashdot become the onion?

[steveg]

Sure it does. It's part of an old sixties saying: "Fighting for peace is like fucking for viginity."

Pirating as a moral stance is similarly inconsistent.

One of Microsoft's biggest assets is that people pirate their stuff. They'd rather you buy it, but if you're not going to buy it they'd rather you pirate *theirs* than use someone else's.

Re:Since when did slashdot become the onion?

[Nocturnal+Deviant]

I was more talking about Activision and EA in terms of companies I hate, microsoft is a given...this is slashdot though. You use a Unix variant at least as a hobby on slashdot if not as your main OS.

My interest is more in pirating music from the MPAA/RIAA I may not listen to a Lot of the crap they put out, however I have personally mailed artists money after pirating their music, they can take the 13$ from me, thats fine. I just have no interest in a middleman getting it.

America is so screwed

[phrackthat]

correlated positively with many characteristics of wealthy nations – . . . higher broadband penetration

Re:America is so screwed

"and negatively with .. poorer educaiton"

They can afford

[ruir]

More Macs? LOL

Re:They can afford

[Mojo66]

+1 because the math is easy: 99.9% of all Malware lives on Windows, hence more Macs means less Malware.

Re:They can afford

Nobody uses Linux or Macs on desktops by comparison to Windows's why. Case in point/E.G.: Android proves it since it's #1 on smartphones in terms of usage & thus also #1 in malware in that arena, proving my point, which = That what gets used most on any given computing platform will be most infested/most attacked by malware-in-general, every time.

No shit says Sherlock study.

[rtobyr]

It's in the title.

Republican solution is..

[HerculesMO]

To make sure you're rich.

Re:Republican solution is..

[Ungrounded+Lightning]

Among the actual conservatives, it's to try to help you GET rich.

Of course the Neocons are just in it for the loot.

Has more to do with personal property too

It's more likely if you're in a better off country, you're using your own computer. Therefore it's in your own self interest to keep malware off of it. Just like people are more likely to take care of anything else they own.

Besides, who really gives a shit about what happens to a library or netcafe computer? (Provided you know enough not to do your banking or anything of that sort on them.) Eventually when it comes to the lowest common denominator in a public resource and lack of software maintenance, the tragedy of the commons cesspool is likely the expected result.

Rich countries need working computers

[TheHonch]

Most people here in Sweden depends on the internet to do stuff like paying bills, communicate with government agencies, school and what not. Virus infested PCs are often useless for that.

Countries are rich for a reason

Countries didn't become rich by accident.

It's a combination of several things, starting with higher IQs and then including things like rule of law, hygiene, political stability and emphasis on learning.

In any part of the world, and in every ethnic group, you will find that some countries have broken away from the others and have generally higher intelligence, thus put a priority on things like stability, rule of law, infrastructure, etc.

It's not an accident they're richer.

In life, all things come down to the choices we make and the abilities we have. It's not arbitrary, no matter how much ./ peanut gallery would like to think it so.

Re:phishing would screw up their "security" metric

[mpeskett]

That, and dividing the world into territories when it should probably be divided into something else like government, military, private computers, mobile, multinationals, kids, etc.

I'm intrigued, how exactly does one go about dividing the world into mobile?

ERm

[jaseuk]

When the dodgy $1 Windows+Office disk comes complete with Malware this is really no surprise. I'm sure the $1 Norton disk also comes with free anti-virus+rootkit.

Jason.

many reasons

[dmpot]

There are many reasons why malware is so rampant in poor countries.

1. If majority of population cannot afford buying software legally, even those who can afford do not buy it, because they see no reason to pay relatively huge money for something that almost everyone gets for free. Piracy creates increases the risk not only because some pirated software may include malware, but automatic update is often disabled to prevent the pirated version being detected by the vendor.

2. Old computers often mean that they cannot run new software, which means a lot of software in use is no longer supported by the vendor, and there is no security updates for it (even if it was bought legally).

3. Sharing a PC among many people is very common. This dramatically increases a chance of some virus being introduced, because it feels like no one responsible. If something bad happened, anyone can claim it is someone else's fault. Thus anyone feels free to do whatever damn thing comes to his or her mind.

4. There is no police to fight cyber crime, so cyber criminals can do whatever they want with virtual immunity. In fact, common attitude is to blame victims (they should not have installed some pirated software, they should not have visited such sites, etc).

5. Most people do not use their computer to store or transmit any private sensible information (such as credit card numbers), so as long as malware does not interfere with their work, they are reluctant to take any action to remove it. Usually they do not have any antivirus software except perhaps a demo, which can only scan but does not remove malware. So they have to pay some money a local "guru" to clean up their computer, but only to find the computer infected again in less than a week later (probably, due to some unpatched software, infected an USB stick, or some other reason).

6. Very low computer literacy means that people have less understanding about how computers work and how to use them safely. So they may download and install programs that make some completely unrealistic promises (such as making your computer or Internet connection twice faster). In general, they have no clue about the source from which they download software.

windows malware, that is

[rm0659]

the linux malware numbers are probably minimal

Re:windows malware, that is

Nobody uses Linux on desktop's why. Look @ Android to prove it since it's #1 on smartphones in terms of usage and thus also #1 in malware in that arena, proving my point: Which is what gets used most on any given computing platform will be most infested and most attacked by malware-in-general.

Re:windows malware, that is

Except the malware for Android aren't binaries running as OS processes but java apps running in a virtual machine. They do bad things, but it's like you 1) install them yourself and 2) generally easy to disable if you have some control over the phone.

419 explained

[jbmartin6]

This explains why they are always trying to move money out of these countries, the banks are riddled with malware over there.

F. Scott Fitzgerald

The "paraphrase" in the summary is so loose, I'm not sure it qualifies. What Fitzgerald actually wrote was

Let me tell you about the very rich. They are different from you and me.

This comes from the third paragraph of the short story "The Rich Boy", which you can read online here:
The Rich Boy.

actually.

[fazey]

Actually, its more likely that health of your computer is a luxury. When you are worrying about the health of your kids, who cares about the health of the computer. Its all about priorities here. It has nothing to do with "observance of the law". ffs...

Are they for real?

[whitroth]

Look at the spam and malware on your system (if any of the latter). Then do a whois on the IP that the spam and phishing comes from, the original received that has a real IP or domain name. Where do they want your money to *go*?

            mark "Nevada? Utah? California? Pennsylvania?"

Really?

[poofmeisterp]

Wow, Microsoft. Really?

So you're saying that we can solve all of our problems with malware by simply.... becoming richer?

We never thought about that. Thanks for informing us! We'll get right on that immediately!

/snark

Rich countries also get more cancer.

[rs79]

Cancer rates by country (Age-Standardised Rate per 100,000)

Highest
1 Denmark 326.1
2 Ireland 317.0
3 Australia 314.1
4 New Zealand 309.2
5 Belgium 306.8
6 France (metropolitan) 300.4
7 United States of America 300.2
8 Norway 299.1
9 Canada 296.6
10 Czech Republic 295.0
11 Israel 288.3
12 The Netherlands 286.8

Lowest
50 South African Republic 202.0
49 Albania 202.8
48 Montenegro 204.3
47 Romania 205.1
46 Argentina 206.2
45 Armenia 207.5
44 Barbados 207.9
43 Malta 211.4
42 Belarus 213.1
41 New Caledonia 218.5
40 Serbia 218.9

(yes, this is totally unrelated, and off topic; ceded.)

Herd Immunity

[nastyphil]

I have worked in ICT ops & triage in the richest countries and the poorest. Without doubt the higher malware rate is a function of a lower standard of systems configuration and maintenance. It has nothing to do with the capital cost of the systems and everything to do with the availibility / cost of skilled administration. This scarcity means that functionally, the herd immunity threshold for malware in the localised information ecology is rarely crossed. As in epidemiology generally, different localised conditions favour different transmission profiles. So for example in less developed locations USB memory sticks are the most common infection vector, as telecoms are less accessible. The prevalance viruses and malware in LDCs is akin to the global Windows server ecology in the late 1990s, or home PCs of the late 1980s. In these two historical examples different vectors flourished as a function of the immaturity of configurations and configurers with respect to the threat.

Bandwidth, wealth, and malware updates.

[Ungrounded+Lightning]

IMHO, much of the correlation with broadband and wealth may have to do with the security model of Microsoft: A multi-billion dollar industry building add-on malware protection that works largely by comparing incoming traffic to an ever-growing list of malware "signatures".

To use one of these protection-and-cleanup services you need to do two things:
  - Pay a fee periodically. (The poor need not apply.)
  - Download an ENORMOUS table of new signatures from time to time. (Those without broadband need not apply.)

At a site with "slow DSL" I have a laptop with a windows install that I use when I must use certain windows tools. I recently left it off for about two months before I needed it again. Just downloading the new signatures, at about a half megabyte per second, took several hours. Adding in software updates meant it was a couple days before it was ready to go again.

The machine would have been totally unusable if only dialup were available, unless I only loaded updates rarely or selectively and disabled (or never installed) the anti-malware product. That would mean a user would have to take his chances with malware and depend on the malware people to keep themselves in business by not totally trashing the victims' machines.

Or loading a Linux (or other open-source Unix-family) distribution. B-)

I wonder what the numbers would be like if only the FOSS users' machines were examined?

Not so groundbreaking

Pretty sure all that manages to say is that it costs money to maintain security.

They Replace Their Infected PCs More Often

Leave it Microsoft to miss the obvious.

EU crisis

[manu0601]

Now we can test that model for prediction. EU brain dead leaders decided to cure the public debt crisis by austerity (instead of printing the money that is too expensive to borrow, raising taxes for the wealthier, or whatever alternative you prefer). This is killing the whole continent economy, drowning entire countries into poverty. Will we see a malware surge in Greece, Portugal, Spain?