Malware Malware Malware

As much as the supporters of that other OS claim malware is not a problem with that other OS, businesses still make money profiting from malware. Avast reports that 49% of its 130million users run XP and 74% of the 630K rootkits Avast has found run XP. Even the much-vaunted “7” got only a month’s respite when “7” was patched against the TDL4 rootkit. TDL4 can propagate and create botnets from “7” clients.

see Three out of four rootkit infections are on Windows XP

Malware is a problem that will not go away while the world continues to use that other OS. Switch to GNU/Linux or Android/Linux and have IT that works for you.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

18 Responses to Malware Malware Malware

  1. Contrarian says:

    “Would you do business with a company that says, “We were robbed!””

    Are you saying that all these multiple hundred thousand dollar to multimillion dollar attacks alleged to be occurring continually are being ignored by the victims because they are too embarassed to seek compensation or justice? Surely one or two would cry “Foul!”. I pointed to a bunch of them that were publicized and there was no mention of Windows being at fault. The consumer does not care one whit for your malware argument and so is not motivated to try Linux as a cure for such a non-problem.

  2. Would you do business with a company that says, “We were robbed!”, and the information was customers’ credit card numbers, or personal information? They are very reluctant to do that. Therefor a law was passed to compel businesses to reveal such events. If that information can be taken so can engineering drawings that give competitors and advantage. The losses are real. $billions don’t describe them.

    Individuals, OTOH, tend to feel there’s nothing very important on their PCs. Identity theft or theft of a credit card number may be real but not immediate. The consumer does not know the mechanism. Spam clogging networks and malware bogging down PCs is something the consumer should be aware of but folks we see around here tell them to buy a faster PC so they can “afford” the malware. Consumers are victimized multiple times in Wintel.

  3. Contrarian says:

    One of your cites pointed to this site:

    http://www.itsecurity.com/features/top-security-breaches-2007-012208/

    and I think that it illustrates my point. If you look at this long list of significant breaches, can you find any that could be laid at Microsoft’s door? The majority are inside jobs or physical thefts. A couple are hacks or potential for hacks into web sites, but no mention of how it was accomplished or what might be the factor that caused the problem.

    What I never see is any anectdotal evidence that describes how a company or an individual was actually robbed or harmed by all this. Certainly security providers will publish a lot of fearful reports on how terrible the problem might be if you are careless. They have an axe to grind, though, and their case is presented with as much bias as you read into anything that Microsoft might say about how Windows is a winner in the TCO arena.

    It seems to me that anyone being damaged in the millions is going to look for the perpetrator and is going to either get them some jail time or will prevail in a civil suit that recovers damages. None of that seems to occur, however, at anywhere near the scale suggested by these reports as being the frequency and intensity of the incidence of malware.

    Until it gets more real, it is not going to be a factor in a person’s computer buying decision affecting OS choice.

  4. Contrarian wrote, “Where is the evidence that people are being savaged by malware?”

    Chuckle… If you haven’t seen malware, you need to open your eyes.

    “According to Michael Osterman, president of Osterman Research, with more than 78% of organisations experiencing malware breaches during the last 12 months, it’s clear these attacks are becoming a part of the fabric of the internet…Researchers also found that, whilst 30% of organisations surveyed reported no financial impact arising from an attack, 44% said that the cost of an attack was as high as $10,000 for a single episode.”

    see Enterprises accept malware as the price of internet business

    and

    “According to a June 2007 survey conducted by technology research firm Computer Economics Inc., organizations experience an average of 5 malware events per year. The number rises to 10 events per year for organizations with more than 5,000 desktop computers. Worldwide, malware damage cost businesses $13.3 billion in 2006, up from $3.3 billion in 1997.”

    see The Malware Burden

    and
    The 2008 Computer Crime and Security Survey found more than half of respondents (all sizes of businesses) had security incidents beyond a port scan. 50% of the incidents were a virus. The average cost of dealing with an incident was $289K. 97% used antivirus software.

    So, there is a problem and it costs people a lot of time and money globally.

  5. Contrarian says:

    You are just waving your hands, #oiaohm, the same as the others. I looked in the newspaper this morning and not one word about someone being robbed or even inconveninced by malware. Nothing in the paper. The only people ever saying anything at all are people selling antivirus software.

    No shock, horror, or even mild concerns, as far as I can see.

  6. oiaohm says:

    Contrarian go read some USA home land secuirty reports on costs of infections. We are not talking about small pennies here.

    Then read the numbers servers. Shock horror windows servers are more likely to be rapped by viruses and other issues. Even that it has smaller market share.

    Microsoft secuirty issues are many.

  7. Contrarian says:

    All of you silly puddings go on and on about the dangers of this malware and Windows’ extreme suseptibility to it as if it were some fatal flaw that made Windows useless. However, Windows remains the mainstay of the commercial and personal world. That seems to deny the idea that this is a very significant problem, if it is a problem at all.

    Where is the evidence that people are being savaged by malware? It only exists in the heads of the anti-MS crowd who are so desperate for consolation.

  8. twitter says:

    Oldman boasts of taking his Vista 7 computer, “directly on the internet,” as if doing things without a conventional “firewall” was some great stunt. It is a stunt with Windows, as honeynet studies have shown nothing but decreasing time to exploitation over the last decade. I think they are down to about a 30 second half life. The funny thing about firewalls, routers and access points is that they are simply computers that don’t run Windows. Why is it that Microsoft boosters like to brag about something everyone else has been able to do for decades?

    Let’s see if oldman now trots out the tired and well defeated popularity myth. It is well known that both Vista and Windows 7 were exploited before RTM when their market share was zero. Vista never got over 10% market share and Vista 7’s share is still decidedly minority. Here are some wonderful Windows 7 security failures from the 2009 onward, escalation flaws, UAC a broken sham, a threat to social networks and commerce, fails to meet US Federal security standards, SMB remote BSoD, another remote BSoD, the endless patch cycle does not miss a beat, buggy drivers offer worlds of opportunity for finger pointing. There’s probably more but I quit paying attention because Windows never really changes.

  9. Richard Chapman says:

    “There is nothing between me and the baddies but the windows 7 firewall! And guess what – No infections, no malware, NADA.”

    Then why do security people recommend using a Linux live CD or USB stick for online banking and not Windows of any vintage?

  10. If you happen to visit a set of sites with no infections, and “7” rejects random connections, this is very possible, but the malware artists love that other OS because many millions of machines allow all kinds of attacks.

  11. oldman says:

    “Using that other OS is like going in naked with a paper surgical mask over your nose and mouth.”

    The system that I am typing this from is directly on the internet. There is nothing between me and the baddies but the windows 7 firewall! And guess what – No infections, no malware, NADA.

    So either I am extremely lucky or windows 7 x64 at least isn’t as bad as you make it to be.

  12. oe says:

    Using linux in the modern web is like using a biohazard level 4 suit in the CDC or USAMRID germ labs, the ebola, lassa fever, other stuff can still get you but your pretty well protected. Using that other OS is like going in naked with a paper surgical mask over your nose and mouth.

  13. oldman says:

    “Is anyone going to defend the “all operating systems have security holes, therefore all operating systems are equal in security” statement with the hoped for readers appended logic?”

    Why bother Mr. Chapman, you have shown yourself too willfully ignorant of standard security practice/Policy.

    Any comment would fall on deaf ears.

  14. Richard Chapman says:

    Good points.

  15. I would add two points:

    1. There are literally millions of malwares for that other OS. About 1000 new ones appear every day because crime pays and that other OS is so welcoming, by design.
    2. That other OS is an example of “social engineering”, to OEMs and ISVs and retailers and IT people to support it and consumers to buy it without knowing the price or alternatives.
  16. Richard Chapman says:

    “Most malware today usually tricks the User, that can happen on any platform.”

    Partially true, not most as hundreds of thousands of Windows viruses prove otherwise. As more people switch to software (usually GNU/Linux) that is inherently more secure than what the Microsoft monopoly left them no choice but to use, the cyber criminals will become more reliant on tricking the user like you say. Often times though, that still requires compromising the user’s computer by way of some security hole. So the cyber criminal needs the aid of some malware.

    People still get fooled into giving their life’s savings to someone over the phone. The difference in the computer is that with the phone you have to pick it up to get defrauded, with the computer you just need to be using Microsoft’s product and visit a website.

    Now it’s time for someone to say, “All operating systems have security holes…”, or something similar. The “…” is the reader’s attempt to complete the logic of the statement with something like “so all operating systems are equally flawed”. That is the hope, anyway, of the statement’s author. Then how about this: All people get sick. So they all require the same medicine to make them better? Or they all die at the same age?

    If all operating systems are equally bad in security then they would attract equal attention from security vendors. Is this the case? Is the revenue/installation comparable? Does that mean the same average number of security holes per lines of code (40 million Windows vs 13 million Linux)? Or is it the same number of security holes regardless of lines of code? Does it matter if the OS is compiled, interpreted or a mix of both? How about the compilers used? Do you see the mess the “all operating systems are just as bad in security” half twisted logic statement opens up?

    Is anyone going to defend the “all operating systems have security holes, therefore all operating systems are equal in security” statement with the hoped for readers appended logic?

  17. Zombie Chan says:

    Android/Linux also has a malware problem->http://news.cnet.com/8301-27080_3-20078606-245/more-malware-targeting-android/

    XP is a terribly secured OS, most people know that.

    7 can get hit by malware too, we know that, but it is built much more secure than XP.

    Most malware today usually tricks the User, that can happen on any platform.

  18. Richard Chapman says:

    A Reality Gap this way comes.

Leave a Reply