Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

One in fourteen Internet downloads is Windows malware
ZDnet ^ | 18 May 2011 | Steven J. Vaughan-Nichols

Posted on 05/19/2011 8:51:36 AM PDT by ShadowAce

Yes. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use, “1 out of every 14 programs downloaded is later confirmed as malware.

If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”

Window PCs has far, far more malware trouble than Macs, and I can’t resist mentioning that after in twenty-years of Linux, we’ve seen a real-world example of Linux malware–not counting the Android malware mess. Ironically, these latest appalling Windows malware numbers are shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.

While it’s true that SmartScreen in IE9 is doing excellent work in protecting Windows users form Internet-borne malware, it leads to other questions. The biggest, to my mind, is that, since Microsoft proudly boasts that IE9’s new “Application Reputation will prevent more than 20 Million additional infections per month (on top of existing SmartScreen URL reputation blocks),” why doesn’t Microsoft offer IE9 to its XP users?

I mean Microsoft just said that there’s an incredible amount of Windows malware out there on the Internet. Seriously Microsoft, instead of spending money of ads trying to con… convince people to shell out hard earned cash for new Windows PCs, why not port IE9 to XP. According to the April 2011 average of the various sites that measures client operating systems on the Web, Windows XP has 39.11% of the market while Windows 7 only has 28.5%. Would it really be that much trouble-any trouble?–to deliver better Internet security to the majority of your customers?

In the meantime, no matter what operating system you run, and yes that includes Macs and Linux, you need to take anti-virus software and malicious Web sites seriously. Android users, for example, can’t get 99.9999% of the malware out there, but their Google application sessions can still be spied on and if you’re not securing your network sessions, it doesn’t matter what you’re running, your Web sessions can still be hi-jacked with Firesheep.

Sure, Windows, with or without IE9 has more security problems than all the other operating systems rolled together, but today network insecurity is everyone’s problem.


TOPICS: Computers/Internet
KEYWORDS: internet; macmalware; malware; windows; windowsmalware
Steven is still having troubles with his writing. All errors are his (I cut and pasted the source code from the site).

He still makes a couple of points though.

1 posted on 05/19/2011 8:51:41 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 05/19/2011 8:52:28 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

3 posted on 05/19/2011 8:53:16 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
...why doesn’t Microsoft offer IE9 to its XP users?

That's an easy one. Microsoft doesn't want you using XP; they want to suck you into the Windows 7 plantation.

How to make a Microsoft executive roll on the floor laughing: suggest that they make a terrific app backwards-compatible with an older generation of their OS.

4 posted on 05/19/2011 8:58:35 AM PDT by COBOL2Java (Obama is the least qualified guy in whatever room he walks into.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Steven is still having troubles with his writing.

Yet since he's a Windows basher you still like to post his articles. This is no different than saying more highway accidents involve cars than trucks, since most desktop computers are Windows. As for his inference Linux is in-penetrable, it's still by far the most hacked web server, close to 5 to 1 more Linux servers hacked than Windows according to the defacement archive stats for 2010.

http://www.zone-h.org/news/id/4737

Nothing personal, just keeping it real.

5 posted on 05/19/2011 9:15:57 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Can someone post the picture of Captain Obvious.


6 posted on 05/19/2011 9:19:02 AM PDT by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; Swordmaker
Hi ShadowAce, thanks for the ping. (Psst... Swordmaker.... over here...)

Ain't it a riot? In an article whose subject is "Windows malware", the LEAD SENTENCE STILL CONTAINS "Mac Users". Can't avoid getting that dig in there, can they? Gotta get those page hits. It's all about being a tech-writer prostitute.

I swear, these tech writers could teach the whores of Thailand a thing or two.

Oh, well... I'm running a mix of Win7 and XP on my many various Windows boxes, and probably won't switch to IE9 (from IE8) until either: a) I ditch XP entirely, not for a couple more years, or b) Microsoft wises up and releases a version of IE9 for XP. (Uh, best of luck with that!)

7 posted on 05/19/2011 9:19:15 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Golden Eagle; ShadowAce
Hi GE, nice to see you back.

> close to 5 to 1 more Linux servers hacked than Windows

Correct me if I'm wrong, but according to that same page you reference, the number of Linux servers was also about 5 times the number of Windows servers. Meaning they're about equally attacked percentage-wise.

> Nothing personal, just keeping it real.

Real slanted.

BTW, Microsoft is cozying up to Linux bigtime now. I'd say your enthusiasm for boosting Steve "Linux is a cancer" Ballmer ought to slack off, since he's obviously gone over to the Dark Side...

8 posted on 05/19/2011 9:34:54 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: dayglored
In an article whose subject is "Windows malware", the LEAD SENTENCE STILL CONTAINS "Mac Users".

Because it was written by a prominent Linux pumper, and there is longer a peace settlement in the *NIX universe against Microsoft, since Apple starting locking things down to increase their profits as well. Google did the typical open source thing by trying to copy iOS with Android, and unleashed their hounds on Apple, and has so far seen it work with a lot of Androids being sold. It may be short lived however, as their open security model is already failing, and they're facing patent suits on multiple fronts now from not only Apple, Microsoft, and Oracle, but small timers who are winning their suits as well.

9 posted on 05/19/2011 9:38:09 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 7 | View Replies]

To: Golden Eagle

Hey, GE, welcome back! Haven’t seen you around in ages!


10 posted on 05/19/2011 9:44:42 AM PDT by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: dayglored
Correct me if I'm wrong, but according to that same page you reference, the number of Linux servers was also about 5 times the number of Windows servers. Meaning they're about equally attacked percentage-wise.

Those numbers are the total number of Linux servers hacked, verses Windows servers hacked, being roughly a 5 to 1 ratio (~1.1 million to ~200k), from the internet at large. The stats for server O/S footprint on the internet at large aren't of interest of the defacement archive, and are hard to measure as Apache vs IIS would be the expected comparative, but Apache runs on Windows and other versions of Unix as well.

Netcraft does the most respected job of tracking webserver O/S type, and does show Apache with a larger number of sites than IIS, but again that includes some Windows and most other versions of *NIX, and it's still no where near a 5 to 1 ratio verses IIS as we see in Linux defacements. More like 2 to 1:

http://news.netcraft.com/archives/2011/04/06/april-2011-web-server-survey.html

11 posted on 05/19/2011 9:58:57 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 8 | View Replies]

To: UB355

There ya go ................ FRegards


12 posted on 05/19/2011 9:59:14 AM PDT by gonzo ( Buy more ammo, dammit! You should already have the firearms .................. FRegards)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Still Thinking

Thank you, our country is in need, greater than at any time in my lifetime, and this site is still the best resource on the web for material to counter the left. My contributions to tech threads will be limited, as the IT industry is not our greatest concern at this time, but my long standing belief that Intellectual Property created in the US is a valuable resource, and should be protected rather than freely given away, or allowed to be stolen by the rest of the world, is as strong as ever. Unfortunately that means we as citizens may have to endure the mechanisms that protect this property, but most everything that is worth protecting has a lock or a fence around it as well. Thanks again.


13 posted on 05/19/2011 10:06:24 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 10 | View Replies]

To: ShadowAce; humblegunner; shibumi

And I’ll bet most of those come from the “blogosphere” - blogspot, myspace, examiner, etc. etc.


14 posted on 05/19/2011 10:07:03 AM PDT by Larry Lucido
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
The headline says one in fourteen downloads. The article refers to program downloads. Downloading movies, songs, pictures, etc. wouldn't include programs. The headline makes the problem seem much more dire than it should.
15 posted on 05/19/2011 10:07:23 AM PDT by Dilbert56 (Harry Reid, D-Nev.: "We're going to pick up Senate seats as a result of this war.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

And probably half of them are browser “add-ons” like emoticon creators. I know somebody who got nailed by those multiple times, she just couldn’t accept that those cute little emoticons might be evil. IT was about ready to kill her.


16 posted on 05/19/2011 10:09:31 AM PDT by discostu (Come on Punky, get Funky)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

My wife yelled at me last week to come look at her computer. Her Mac had a big warning that malware had been found on her computer and to hit OK for a full scan.

She didn’t click the link and I closed the browser with ho apparent harm but that is the first time I’ve seen something like than on the Mac.


17 posted on 05/19/2011 10:18:49 AM PDT by dangerdoc (see post #6)
[ Post Reply | Private Reply | To 7 | View Replies]

To: dangerdoc
> My wife yelled at me last week to come look at her computer. Her Mac had a big warning that malware had been found on her computer and to hit OK for a full scan. She didn’t click the link and I closed the browser with ho apparent harm but that is the first time I’ve seen something like than on the Mac.

Well, every website you or I visit knows, as part of the HTTP protocol and environment, what kind of computer we have (both OS and browser (agent)). It's trivial to craft a message that is correct and specific to the user.

Which is why I've always laughed when Windows-style malware dialogs appear on my Mac or Linux boxes. I mean, how lame is that???

The fact that Mac OS-X is nearly bulletproof against real viruses -- at the BSD operating system level -- doesn't mean the applications don't have holes, and CERTAINLY doesn't do a d@mn thing to prevent the user from being a naive fool and clicking boxes they shouldn't.

The only defense against "social engineering" attacks on a Mac is identical to the defense on Windows -- a combination of fierce skepticism and the ability to resist temptation. Curiosity killed the cat, I've heard...

18 posted on 05/19/2011 2:41:07 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: dangerdoc

It’s called “Scareware” and on the Mac the only way it will do any damage is if you authorize it to do so by typing in your userid and password and allow it to install, as long as you don’t do that, even if you download the file, it will just sit there dormant, the program won’t run. On Windows it will just install even if the user is passive.

And on a Mac to remove it, it is fairly straightforward. Usually on Windows, you have to go in and edit the registry, which is a very dicey proposition for a non-techie, hence the need for anti-malware software to be installed on a PC.


19 posted on 05/19/2011 2:48:35 PM PDT by dfwgator
[ Post Reply | Private Reply | To 17 | View Replies]

To: dayglored
The only defense against "social engineering" attacks on a Mac is identical to the defense on Windows -- a combination of fierce skepticism and the ability to resist temptation. Curiosity killed the cat, I've heard...
. . . and my experience is that "fierce skepticism" is a lot easier for me to bring to the Unix box than to the WindowsTM one.
Some Windows users posting here seem to take offense at my attitude of "fierce skepticism" related to OS X virus warnings. As far as I'm concerned that's their problem, tho . . .

20 posted on 05/19/2011 6:18:06 PM PDT by conservatism_IS_compassion (DRAFT PALIN)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Golden Eagle
Google did the typical open source thing by trying to copy iOS with Android, and unleashed their hounds on Apple, and has so far seen it work with a lot of Androids being sold. It may be short lived however, as their open security model is already failing, and they're facing patent suits on multiple fronts now from not only Apple, Microsoft, and Oracle, but small timers who are winning their suits as well.

Uh oh, looks like Google's in trouble... so you're saying Android will likely... what? Fail? Be wiped out? Come on, you're man enough to spout the scary sounding ominous stuff, be man enough to go on record with what it means.

21 posted on 05/19/2011 7:28:07 PM PDT by MichiganMan (Oprah: Commercial Beef Agriculture=Bad, Commercial Chicken Agriculture=Good...Wait, WTF???)
[ Post Reply | Private Reply | To 9 | View Replies]

To: conservatism_IS_compassion; Swordmaker
> . . . and my experience is that "fierce skepticism" is a lot easier for me to bring to the Unix box than to the WindowsTM one.

Maybe that's because Windows is now so full of warnings... granted that Win7 is a LOT better than Vista, which was a bad joke.

I run one of my Win7 boxes with the default UAC (User Account Control) setting, and another with it somewhat looser (it's a crashbox for debugging new software, nothing much to lose). The "default" UAC setting quickly taught me that most users will get so jaded and bored "clicking through" the warnings, that they might as well just turn the warnings off entirely.

> Some Windows users posting here seem to take offense at my attitude of "fierce skepticism" related to OS X virus warnings. As far as I'm concerned that's their problem, tho . . .

There simply aren't any OS-X viruses in the wild, so the warnings are just BS at present. (Trojans, yes, because they are attacks on the USER not the OS.)

Frankly, at this point, I don't expect real OS-X viruses to show up in great numbers in the future either, because the handhelds running iOS and Android will be a much more useful platform for the virus writers. I am slowly coming to the opinion that Mac OS-X may well maintain it's "clean image" forever, simply because during the decade when it became the premier consumer OS, and thus would have been a target, it was too hard to breach; and now the handhelds are presenting a more attractive and numerous target.

Think about it -- why would a virus writer concentrate their effort these days on Mac OS-X? Much more useful to get something working for Android or iOS. Or the old standby, Windows, though that, too, is becoming harder and harder to breach. A fully patched, up-to-date Win7 system is about as solid as OS-X, which is a great achievement for Microsoft. A decade too late, but nonetheless a great accomplishment, and much appreciated by those of us who work with and live with Windows every day.

22 posted on 05/19/2011 7:36:26 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: MichiganMan

It means if you’re using Android you might not only be using an operating system that has legal questions, but is turning out to be by far the least secure mobile platform out there. It’s also suffering from lots of bugs, from what I’ve heard from several friends who have tried it out. Things like it constantly making calls they don’t mean to, which I get from them all the time, it sometimes even making calls when it should actually be ringing with an incoming call instead. It’s become such a problem there’s even an app out there called Call Confirm to help stop it.

Is it such a disaster that it’s going to completely fail? Not at this point, too many are too far invested, especially Google. But the endless claims it is equal to iOS, in both security and stability, are now falling on many deaf ears. One of my friends even returned his Android after only 3 months, he’s a businessman and simply couldn’t stand all the random calls it made completely on its own. Considering all the reports since then about Android malware and lost passwords I’m sure he’s glad he did, too.


23 posted on 05/20/2011 6:49:40 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 21 | View Replies]

To: dayglored
The "default" UAC setting quickly taught me that most users will get so jaded and bored "clicking through" the warnings, that they might as well just turn the warnings off entirely.

Keep in mind you probably know in the back of your own mind that do to your own due diligence you're not being exposed to threats while using the system though, which does make it seem unnecessary. If however you had different browsing habits, for example, and didn't keep your malware protection up to date, etc, then you might better recognize the importance when it started popping up to block threats you were being exposed to. So for you maybe you should turn it off, but that doesn't mean it's not a very important security feature for others. Besides, if it wasn't there, all the detractors would point to the Mac as having something similar and wonder why Windows doesn't have anything, remember? ;-)

A fully patched, up-to-date Win7 system is about as solid as OS-X, which is a great achievement for Microsoft. A decade too late, but nonetheless a great accomplishment, and much appreciated by those of us who work with and live with Windows every day.

Yes it has definitely taken a long time to secure Windows compared to Mac, but there are several reasons for that - much bigger target, less secure habits of users, many more 3rd party apps and many more features built into the O/S. Once again though it mostly comes down to the habits of the users, and what they download and where they take their browsers. Hit the wrong site and there's almost nothing you can do to protect yourself from being exposed to something damaging, in one way or another.

24 posted on 05/20/2011 7:06:51 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 22 | View Replies]

To: Golden Eagle
> Hit the wrong site and there's almost nothing you can do to protect yourself from being exposed to something damaging, in one way or another.

True enough, that.

> If however you had different browsing habits,...

I've heard estimates that over 80% of porn and other "edgy" sites are infection vectors. Flies to sugar. Or maybe flies to sh*t... :)

> Yes it has definitely taken a long time to secure Windows compared to Mac, but there are several reasons for that - much bigger target, less secure habits of users, many more 3rd party apps and many more features built into the O/S.

And let's not forget that not too many years ago, Microsoft was still adding "cool" features like automatically executing programs that arrive attached to email without "bothering" to notify the user (ah, for the innocence of the old internet!). It takes many years to convince the software guys that they really have to rip that crap out because the bad guys are taking advantage of it.

And there's Marketing's idea of feature sets. Microsoft is heavily invested in its ever-growing features list -- after all that's the only leverage they have to make people pay them more money year after year. Well, that and making new versions of essential applications incompatible with older versions of Windows... (cough) IE9/XP (cough) IE10/Vista (cough).

Of course, Apple does exactly the same thing with their OS, apps, and hardware. Such is the reality of the business... but security-wise Apple had the advantage of starting over in the late 90's, by layering their GUI over an established BSD Unix foundation. They leapfrogged Windows like it wasn't even there. OTOH, if Apple had tried to merely "improve" the old MacOS the way Microsoft continues to merely "improve" NT, Apple would have died out completely by 2003.

When do you suppose Microsoft will finally stop polishing the NT turd, and put the Windows GUI over Unix? (And I'm only half kidding: Microsoft was a Unix house two decades before Apple became one, and they know it's the right way to do things.) Opinion?

25 posted on 05/20/2011 11:24:25 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: dayglored
. . . and my experience is that "fierce skepticism" is a lot easier for me to bring to the Unix box than to the WindowsTM one.
Maybe that's because Windows is now so full of warnings... granted that Win7 is a LOT better than Vista, which was a bad joke.
No, My dealings with Windows pretty much stopped with Win 98, when I fell for a trojan because I was so worried about Windows viruses. Shortly after that, I saw a shiny new OS X box, and I haven't looked back - except to upgrade to an intel box so I could run Leopard.
I run one of my Win7 boxes with the default UAC (User Account Control) setting, and another with it somewhat looser (it's a crashbox for debugging new software, nothing much to lose). The "default" UAC setting quickly taught me that most users will get so jaded and bored "clicking through" the warnings, that they might as well just turn the warnings off entirely.
Some Windows users posting here seem to take offense at my attitude of "fierce skepticism" related to OS X virus warnings. As far as I'm concerned that's their problem, tho . .
There simply aren't any OS-X viruses in the wild, so the warnings are just BS at present. (Trojans, yes, because they are attacks on the USER not the OS.)
.

26 posted on 05/20/2011 1:04:34 PM PDT by conservatism_IS_compassion (DRAFT PALIN)
[ Post Reply | Private Reply | To 22 | View Replies]

To: conservatism_IS_compassion
> Shortly after that, I saw a shiny new OS X box, and I haven't looked back - except to upgrade to an intel box so I could run Leopard.

Incidentally, your old PPC box will still run Linux just fine. I'm running Fedora Core 10 on my PPC MacMini. And it will read Mac HFS+ disks, easing volume sharing and whatnot. :)

27 posted on 05/20/2011 2:30:51 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: dayglored
I saw a shiny new OS X box, and I haven't looked back - except to upgrade to an intel box so I could run Leopard.
Incidentally, your old PPC box will still run Linux just fine. I'm running Fedora Core 10 on my PPC MacMini. And it will read Mac HFS+ disks, easing volume sharing and whatnot. :)
Yeah, but my daughter was happy to have it running Panther.

It's been given a decent burial now, I believe; she got a Win7 box for her birthday. Which should be good, right?


28 posted on 05/20/2011 4:11:45 PM PDT by conservatism_IS_compassion (DRAFT PALIN)
[ Post Reply | Private Reply | To 27 | View Replies]

To: conservatism_IS_compassion
> Yeah, but my daughter was happy to have it running Panther. It's been given a decent burial now, I believe; she got a Win7 box for her birthday. Which should be good, right?

Win7 is a very decent operating system. IMO, by far the best desktop OS Microsoft has ever produced.

29 posted on 05/20/2011 5:25:51 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 28 | View Replies]

To: dayglored
Win7 is a very decent operating system. IMO, by far the best desktop OS Microsoft has ever produced.

Yeah, I'm happily running Debian here, but I recently built a system for a buddy and installed Win 7 Home Premium on it. After spending some time with it I must say its a rather nice OS. Maybe familiarity would breed contempt but my initial impression after a few hours is that I wouldn't mind running it if I was in the market for an OS.

30 posted on 05/20/2011 6:56:54 PM PDT by MichiganMan (Oprah: Commercial Beef Agriculture=Bad, Commercial Chicken Agriculture=Good...Wait, WTF???)
[ Post Reply | Private Reply | To 29 | View Replies]

To: dayglored
not too many years ago, Microsoft was still adding "cool" features like automatically executing programs that arrive attached to email without "bothering" to notify the user (ah, for the innocence of the old internet!).

Holy cow does that bring back some memories! How long did that feature even last, about a month was about all wasn't it? I remember the day I found out about it, and I thought to myself this must be the stupidest idea ever. To this day might still take the cake! But they're still always adding new things in there, which is its best selling point, along with backwards compatibility. As for them converting to *nix, probably never, for those two reasons alone, which sell more copies than better security ever will to most folks.

31 posted on 05/20/2011 7:12:19 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 25 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson