- Monday, 11 January 2010
- INQ Mobile
- RSS
Advertising is the rattling of a stick inside a swill bucket - George Orwell
Microsoft blames malware on illegally copied software
SOFTWARE GIANT Microsoft is claiming that PCs in countries with high rates of software 'piracy' are more likely to be infected by malicious code because users don't install security patches.
Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center claims there is a link between use of illegally copied software and malware infection rates.
He argues that since software 'pirates' don't get security updates because Windows Update might reveal their dodgy setups, they are getting crucified with malware.
He said that China's software 'piracy' rate is more than four times that of the US and the use of Windows Update in China is significantly below that in the US.
This also applies to Brazil and France, which also have a higher 'piracy' rate and lower Windows Update usage, he said.
However looking at the figures it appears that they do not back up Microsoft's claim. If it were true you'd expect that no computers in China, Brazil or France would work because they'd be chock full of malware, while those in the glorious US would be malware free.
In fact it appears to be the other way around. France's infection rate of 7.9 PCs per 1,000 in the first half of 2009 was under the worldwide average of 8.7 PCs per 1,000. China also has a low rate of malware infections with 6.7 PCs per 1,000. Both countries have relatively high percentages of PCs loaded with dodgy software.
Of the countries he mentioned, only Brazil seems to fit the Vole's argument. Brazil's malware infection rate was 25.4 PCs per 1,000, nearly three times the global average.
Serbia and Montenegro had the highest infection rates in the world, with 97.2 PCs out of every 1,000 afflicted with malware, but then there are also high populations of illegally copied software there too. µ
Share this:
Share
I bet their report doesnt state how many PC's per thousand are trashed by a Windows Update. Windows update, although useful can be as destructive as Malware, therefore its best turned off, and run manually when it suit the user.
Also most malware and viruses can easily be defeated or even not even infect machines that are used sensibly that have security software and not a single patch.
So, simply put, pathes are not the answer to Viruses and Malware. In reality using Firefox + ABP will reduce the amount of PC's infected more than patches will. The fact that MS forced IE onto millions of PC's has been the biggest single cause of malware infected PC's, so MS should add FF to their Automatic Updates.
A little food for thought.
Andy
Remember the old joke: russia has 5 million PC's and only 3 copies of Windows.
But its more likely that these infected pc's are not running any virus or firewall software.
the interesting point is the infection rate for non updated pc's - much lower than expected!
IMHO malware visits more frequently the one-handed-browsing people. In China this kind of content is banned hence the lower malware penetration.
Microsoft are the ones ones who started denying updates and security patches for their OS with the "Genuine Advantage" initiative.
Great, so you punish people for ripping off the software that is prone to malware anyway by denying them security updates so that they inadvertently proliferate the malware to others.
Brilliant! who thought of that one?
The only reason that Windows is so widely used is because people are accustom to getting it for almost free.
They are not going to be able to put that Genie back in the bottle without forcing people to adopt Linux instead because the vast majority of people are simply not going to pay a high price for an operating system.
Never going to happen, so Microsoft is just going to have to deal with the situation that they themselves created.
"Although about 3 million computers get sold every year in China, but people don't pay for the software," he said. "Someday they will, though. As long as they are going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade." ~Bill Gates~
There is your answer.
I know lots of people who have been caught out by malware who have got legal copies of Windows (XP/Vista) and they have still got bogged down with malware.
I think some of it is user education, such as clicking on popups that redirect to malware which some of these users blindly install!
Rob
Even if it were true, that isn't the fault of the pirates, it's the fault of Microsoft choosing to knobble hooky copies with its windows update.
If they weren't worried about having their machine shut down they would leave the updates enabled (as they are by default).
Anyway, some of the worst infected places I have seen are companies, who of course have a licence bundle with MS, so no worries on that front. They choose to "vet" all updates before deployment (which is fair enough given some of the compatibility issues that crop up), but some are update policies lax to the point of being "missing presumed in the pub".
TfL (Transport for London) for example, were having their network taken down (the brute force log on attempts were causing auto lock out of domain accounts) by conficker a full six months after the MS patch which stopped conficker!
Microsoft thinks that a decrease in Windows Updates leads to an increase in malware? Maybe.
The reported data shows that a decrease in Windows Updates is related to a decrease in malware.
I'm inclined to wonder if there isn't a third variable at work - namely internet access.
I have nothing more to go on than blind assumption, but if the reported countries have fewer computers connected to the internet, it would explain both the decrease in Windows Updates AND decrease in Malware.
So effectively, the presented data cannot be used to draw any conclusions about the efficacy of Windows Updates.
Microsoft thinks that a decrease in Windows Updates leads to an increase in malware? Maybe.
The reported data shows that a decrease in Windows Updates is related to a decrease in malware.
I'm inclined to wonder if there isn't a third variable at work - namely internet access.
I have nothing more to go on than blind assumption, but if the reported countries have fewer computers connected to the internet, it would explain both the decrease in Windows Updates AND decrease in Malware.
So effectively, the presented data cannot be used to draw any conclusions about the efficacy of Windows Updates.
How many computers have been infected due to outlook's poor/non existent security? what about internet exploder? lacking activeX plugin security?
Microsoft management is obviously not listening about educating users...we started with simple stuff, malicious exe etc...moved on to tsr viruses and mbr infects...fake drivers, fake system files, registered svchost programs...next stop; trusted installer.
MS should follow standards, listen more to their own security experts and educate users instead of giving them more security centres...
The widespread infection of PCs in Brazil is because of governmental efforts to make PCs accessible to the general public.
What you should read is: The government filled the internet with n0Obs that install smiley packs, that download free anti-virus software recommended by ad banners and really think Jane sent them a poem in .exe format.
Maldita inclusão digital!
....security patches, because Microsoft won't deliver them to allegedly pirated copies of Windows.
And because Microsoft slip in new versions of WGA to legit machines that then crap put - Microsoft has lost a huge amount of trust with those of us that manage networks with their products on them.
I understand that Microsoft want to protect their IP - but they created a monster that negatively impacts 99.5% of their customers for the bad behavior of the other .5%.
I can't imagine that those determined to pirate Windows are ever going to buy it, but those who have purchased it deserve (yes, Mr. Ballmer - deserve) no less the positive experience of enterprise customers when it comes to keeping machines up to date without the (cough) value-add of WGA.
It really, really doesn't make us feel like we purchased anything of value when we have to effectively "show id" every month or two in order to keep it running. Instead, it becomes all-too-much like flying commercial air - with Microsoft as the TSA, in terms of attitude and ability.
It really does boil down to who surfs the 'net while in the admin account. I don't, even behind a certified firewall with gateway A/V and A/S. If you surf naked (ok get that image out of your heads) in a plain user account 90+% of the malware, all flavours, can't install themselves. I am sure that most US web surfers do so in the admin account. So it is amazing that the US infection rates are so low.
So means you used the genuine windows copy and regularly update your windows wont get infected?? Come on Microsoft.....your product the one should be blame not the malware or whats so ever... Im giving up with your pathetic poor performance software....your operating system will be slow after a while even though no spyware or malware in it.even though you claimed your windows 7 is the best product its still the same.. it will slow down after you install all the software..bla bla....the same thing happen again......end of story....move to linux :)
as a windows 7 tester,i dont see anything special with it.i still prefer windows xp as a second system.my first choice is a ubuntu and GNOME.it`s soooooo easy to use,no virus,no slow boot,no spyware,no damn programs running in the background eating all my memory.no program getting in my start up folder without me knowing....ahhhhh I LOVE LINUX.
One thing that no one seemed to have mentioned was Internet Explorer. Everyone is already aware of how insecure and vulnerable the previous versions of that browser are. Even though authorized versions of windows can easily update and install the latest version of IE, those who are unable to install patches also aren't allowed to install the latest version of IE. Of course there are ways around it, and you can easily install alternatives without any problem... but a lot of people in other countries just use the browser that came installed with their version of Windows.. and if they try to download a newer, more secure version of IE, they are given an error message if it fails the "check". The same thing with Windows Media Player.. I should now.. I've chatted with thousands of people from just about every country in this world.. and most people can't even play back simple webcam videos because their obsolete version of WMP does not have any codecs installed and they can't update to any newer or current version.
I think you're on to something. I'd like to see the malware ratios when compared to countries with low monthly data caps. If your Internet connection is capped at 5GB/month, you're not going to waste it all on weekly Microsoft updates.
It seems to me that Microsoft is spinning the lack of Windows Updates on piracy, not their own inability to release patches with the minimum amount of overhead.
I agree with Yavor the porn factor is massive in malware and a far more likely culprit......and Microsoft you must realize much of the copied software is now fully degradable...so they tell me.
My PC sits behind a hardware firewall configured in stealth mode. I never use IE when I can avoid it, and whatever surfing I do is normally done with Firefox (NoScript and AdBlock, obviously).
I also avoid Windows Update with religious attention, and I scan my PC every month for malware.
I know not to open any mail sent by a friend I've never known, and friends I do know do not send me images that are actually exe files.
Oh, and I force the file extension to be visible, since I know what it means.
I have had no malware issues for more than six years, and I see no reason why I should get any in this configuration.
On the other hand, I cannot count the number of times I have read that Windows Update has screwed up X thousands of PCs due to a dodgy bit of code that had unintended consequences.