One in fourteen Internet downloads is Windows malware

One in fourteen Internet downloads is Windows malware

Summary: Microsoft admits that one in fourteen downloads are Windows malware. And you thought the Mac having malware trouble was news!

SHARE:

Yes. It's true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use, "1 out of every 14 programs downloaded is later confirmed as malware."

If I may quote from Matthew 7:5, the King James Bible, "First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother's eye."

Window PCs has far, far more malware trouble than Macs, and I can't resist mentioning that after in twenty-years of Linux, we've not seen a real-world example of Linux malware--not counting the Android malware mess. Ironically, these latest appalling Windows malware numbers are shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.

While it's true that SmartScreen in IE9 is doing excellent work in protecting Windows users form Internet-borne malware, it leads to other questions. The biggest, to my mind, is that, since Microsoft proudly boasts that IE9's new "Application Reputation will prevent more than 20 Million additional infections per month (on top of existing SmartScreen URL reputation blocks)," why doesn't Microsoft offer IE9 to its XP users?

I mean Microsoft just said that there's an incredible amount of Windows malware out there on the Internet. Seriously Microsoft, instead of spending money of ads trying to con... convince people to shell out hard earned cash for new Windows PCs, why not port IE9 to XP. According to the April 2011 average of the various sites that measures client operating systems on the Web, Windows XP has 39.11% of the market while Windows 7 only has 28.5%. Would it really be that much trouble-any trouble?--to deliver better Internet security to the majority of your customers?

In the meantime, no matter what operating system you run, and yes that includes Macs and Linux, you need to take anti-virus software and malicious Web sites seriously. Android users, for example, can't get 99.9999% of the malware out there, but their Google application sessions can still be spied on and if you're not securing your network sessions, it doesn't matter what you're running, your Web sessions can still be hi-jacked with Firesheep.

Sure, Windows, with or without IE9 has more security problems than all the other operating systems rolled together, but today network insecurity is everyone's problem.

Related Stories:

An AppleCare support rep talks: Mac malware is "getting worse"

What a Mac malware attack looks like

Android has a gaping network security hole

AT&T readies security service to counter the mobile virus threat

Topics: Browser, Malware, Microsoft, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

194 comments
Log in or register to join the discussion
  • Message has been deleted.

    Dietrich T. Schmitz, ~-~ Your Linux Advocate
    • RE: One in fourteen Internet downloads is Windows malware

      @Steven J. Vaughan-Nichols

      Hey i-Naive, get a new profile pic - you look like Steven Hawkings.

      The fact of the matter is if you run windows vista/7/2008/2008R2 patched, preferably IE9 or Chrome 12, and with a firewall in front of you (actually a simple NAT device) you will have 0, that's ZERO problems, (unless you go and download and install a piece of malware, which any OS has that problem).
      You will also benefit from the largest software and hardware support system world! No need to run a slow VM (or dual boot) with Windows on your Cr Apple.

      Additionally, if people would start setting up their users to run as standard users and not administrators, that would certainly help if they did click and run the malware.
      mikroland
      • RE: One in fourteen Internet downloads is Windows malware

        @mikroland Really? That's funny. I keep my Windows 7 patched FREQUENTLY, and have a firewall, and installed Windows Defender and update and run it daily.... and yet I get Malware without "going out and installing it".
        dennis@...
      • RE: One in fourteen Internet downloads is Windows malware

        @mikroland I'm running Ubuntu, Win 7, Vista and XP across 3 laptops and 4 servers (currently) and have had some 20-odd computers under my direct control over the past 20yrs and I only remember getting malware on any of my computers twice: once from a bad game download back in the late 90's and once on an XP system infected by another system on the same local network.

        I'm fairly happy to suggest that user activity (porn, piracy and plebeian-ism) has a MUCH bigger impact on your system security than which OS you're running.
        blakjak.au
      • RE: One in fourteen Internet downloads is Windows malware

        @mikroland ... Not bad, but ... "you will have 0, that's ZERO problems," is totally silly and untrue. There is no such thing as "never" or "0" problems!
        tom@...
      • Well, sounds good, but Stuxnet is considered the worst malware ever created

        @mikroland ... And it only attacks Windows with 4 Zero-day exploits (which is a record). Ref page 16.

        http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
        Joe.Smetona
      • RE: One in fourteen Internet downloads is Windows malware

        @mikroland

        "Additionally, if people would start setting up their users to run as standard users and not administrators"

        That's Microsoft's design failure, they should be users who occasionally need elevated privileges.

        Excuse me while I just log in as root !
        Alan Smithie
      • RE: One in fourteen Internet downloads is Windows malware

        @mikroland

        His name is Stephen Hawking, not Steven Hawkings.
        thebeans
      • Stuxnet ... so what

        @Joe.Smetona

        Stuxnet may be the worst malware ever created, but thats only because it can affect mechanical devices used in uranium enrichment plants and nuclear reactors. Its actual effect on the average user is so close to nothing it can effectively be ignored.

        Stuxnets was aimed at air-gapped security systems (no exterior network connection) by being transported via USB stick. The biggest security exploit it used were not the 0-day exploits but the hard-coded back door into the Seimens operating systems.

        Maybe windows security could be better but Stuxnet would of been completely innefective if Seimens used effecctive security measures.
        simlawstu
      • Reply to simlawstu.

        No, it's the worst because it's not believed an individual or group has the ability to do it. They believe a Government is behind it and it is the most sophisticated and complicated malware ever created. The machinery involved could have been making Taskycakes or Krispy Kreme donuts, it would not matter.<br><br>No Windows, no attack, it exits. It's the first malware to use 4 Zero-day exploits at one time. A record. Tell me, what makes Windows so special here? Like Sony, RSA, Lush Cosmetics, UK, it's Windows as the root cause.<br><br>Seimens is fine, Windows was the problem. You are so wrong on so many levels. Accusing Siemens is like trying to justify installing AV on a programmable thermostat, microwave or a front loading Maytag washer.<br><br>SCADA or PLC controllers are "suppposed" to be in a protected environment. They are typically on racks and have fold out tables where operators place notebooks and connect to the system. Their mistake was just using Windows.<br><br>The following is from the "W32.Stuxnet Dossie" (70 page .pdf analysis of Stuxnet, 4th revision, 2/2011) which is available at:<br><br><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow"><a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf" target="_blank" rel="nofollow">http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf</a></a></a></a></a></a></a></a><br><br><i><font color=navy>"Installation<br>Export 15 is the first export called when the .dll file is loaded for the first time. It is responsible for checking that the threat is running on a compatible version of Windows, checking whether the computer is already infected or not, elevating the privilege of the current process to system, checking what antivirus products are installed, and what the best process to inject into is. It then injects the .dll file into the chosen process using a unique injection technique described in the Injection Technique section and calls export 16<br><br>The first task in export 15 is to check if the configuration data is up-to-date. The configuration data can be stored in two locations. Stuxnet checks which is most up-to-date and proceeds with that configuration data. Next, Stuxnet determines if it is running on a 64-bit machine or not; if the machine is 64-bit the threat exits. <b><font color=brown>At this point it also checks to see what operating system it is running on. Stuxnet will only run on the following operating systems:<br> Win2K<br> WinXP<br> Windows 2003<br> Vista<br> Windows Server 2008<br> Windows 7<br> Windows Server 2008 R2<br>If it is not running on one of these operating systems it will exit.</b><br>Next, Stuxnet checks if it has Administrator rights on the computer. Stuxnet wants to run with the highest privilege possible so that it will have permission to take whatever actions it likes on the computer. <b>If it does not have Administrator rights, it will execute one of the two zero-day escalation of privilege attacks described below.</font></b><br>Figure 10 - Control flow for export 15W32.Stuxnet Dossier<br>Page 17<br>Security Response<br>If the process already has the rights it requires it proceeds to prepare to call export 16 in the main .dll file. It calls export 16 by using the injection techniques described in the Injection Technique section.<br><b>When the process does not have Adminstrator rights on the system it will try to attain these privileges by using one of two zero-day escalation of privilege attacks. <b>The attack vector used is based on the operating system of the compromised computer</b>. If the operating system is Windows Vista, Windows 7, or Windows Server 2008 R2 the currently undisclosed Task Scheduler Escalation of Privilege vulnerability is exploited. If the operating system is Windows..."</b> </i></font>
        Joe.Smetona
  • Yes, there are a lot of reasons why ChromeOS just might take off for the

    masses in corporations, and a lot of consumers that want computers that just work.

    Windows has WAY too man attack vectors for the enterprise and government.
    DonnieBoy
    • RE: One in fourteen Internet downloads is Windows malware

      @DonnieBoy

      There's certainly no arguing with your point. An "OS" with no features and supporting no applications should be somewhat safer than Windows, especially when factoring in that without a network connection, it has absolutely no functionality whatsoever.
      1DaveN
      • RE: One in fourteen Internet downloads is Windows malware

        @DaveN_MVP Chrome Brick? But how will it phone home to the Google Mothership?
        dazzlingd
      • RE: One in fourteen Internet downloads is Windows malware

        @DaveN_MVP
        DonnieBoy thinks computers should be only for surfing web other than that there is no use, thats why he preaches about ChromeOS always.
        Ram U
      • RE: One in fourteen Internet downloads is Windows malware

        @DaveN_MVP LOL -
        ItsTheBottomLine
      • Well, in case you missed it, enterprise applications are moving to web

        applications. But, you also missed that Google is offering native client for C/C++ applications. It has a special code verifier and sandbox. The applications run in a tab.
        DonnieBoy
      • Rama.NET: You never heard of off-line web applications? You never heard of

        native client? Where have you been?
        DonnieBoy
      • RE: One in fourteen Internet downloads is Windows malware

        @ DonnieBoy
        I developed few of them, so I know there are offline web apps with native clients. This is available even before Google started offering. The issue here, it has been tried by Oracle and the then Sun Micro and it is the same. I hate say that they sucked a lot in performance wise. This is always true for online applications also. Nope, Web applications will never kill Native Apps, unless HTML also gives the same richness in the User experience that native apps provide, whether it is Windows, Cocoa (both iOS, and MacOSX) or X-Windows and its derivatives on Unix Clones, otherwise you would not see so many apps and stores to host them on these mobile platforms. Not everything fits for HTML scenario and not everything fits into native app.
        Ram U
      • Rama.NET: You still are not listening. Google Chrome will have

        Native Client, that allows you to run C/C++ code that is verified, and run in a sandbox to give you near native compiled C/C++ code speed.

        http://en.wikipedia.org/wiki/Native_client

        They are also working on Portable Native Client, that will have intermediate code that is translated into local machine code on the final device, so, one binary would run on either x86 or Arm for instance. Again, this is for C/C++ code. Much different that a virtual machine like for Java or C#.
        DonnieBoy
      • Reply to DonnieBoy.

        A friendly reminder about using Wikipedia links in these posts.

        I found the material deleted the next day when I referenced Wikipedia information. It's better to just copy the info. and back it up and use as needed without references.
        Joe.Smetona