Friendly fire - isn't
|
|
|
Three out of four rootkit infections are on Windows XP
FREEMIUM antivirus vendor Avast warns that unpatched Windows XP machines continue to pose a serious threat to the internet ecosystem by harbouring three quarters of all rootkit infections.
The company has an unique insight into the threat landscape thanks to over 130 million active Avast! antivirus installations worldwide that send it malware telemetry. According to a recent analysis performed by the firm's researchers, 74 per cent of 630,000 rootkit samples found in the wild originated from Windows XP machines.
This rootkit infection rate is almost two times higher than the decade-old operating system's global usage share of 38 per cent. Avast's statistics show that 49 per cent of its customers have XP running on their computers.
The numbers clearly show that the high Windows XP infection count can't simply be explained by its market share. "One issue with Windows XP is the high number of pirated versions, especially as users are often unable to properly update them because the software can't be validated by the Microsoft update," said Przemyslaw Gmerek, Avast's leading rootkit expert.
Rootkits are serious threats because they function at the lowest levels of the operating system, which makes them hard to detect. For example, some rootkits hook the file system drivers to hide malicious files.
Others even operate outside the OS, giving them much more control over machine. These are called bootkits because they infect a partition's Master Boot Record (MBR) and, according to Avast, they are responsible for 62 per cent of all rootkit infections.
The top MBR rootkit family is known as Alureon, TDL or TDSS. The latest variant, TDL4, is capable of self-propagation and can infect 64-bit versions of Windows Vista and Windows 7.
These Windows flavors employ advanced protection technologies like mandatory driver signing, Patchguard and User Access Control (UAC).
Computers infected with TDL4 operate as part of a botnet whose use of the KAD peer-2-peer network for updating purposes has led to security researchers from Kaspersly Lab calling it indestructible.
Avast claims that Alureon variants account for 74 per cent of all MBR rootkit infections, but just to put this number into perspective, Kaspersky Lab estimates that the TDL4 botnet alone is made up of 4.5 million infected computers.
Windows 7 has slowly eaten away at Vista and XP's market share for the past two years, but the rootkit problem won't go away anytime soon. Microsoft will continue to support Windows XP until 8 April, 2014, and rootkit creators have already demonstrated their ability to defeat all defences in its newer operating systems.
On 12 April, Microsoft issued a Windows 7 security update which, according to security researchers, targeted TDL4 in particular. The modifications it made rendered the rootkit ineffective, but new variants bypassing the patch were spotted by 3 May. µ
Tags: Security
Share this:
Share
W is right; games. Mac and Linux are not gamer platforms. Mac simply because there aren't enough to make it profitable. Linux because as you said if you aren't tech savy........... Then there is the 'you shouldn't have a computer' crowd. You know the ones who's anti-virus expired last year. MS shares some of the blame, at some point they have to end compatibility with x86.
Games.
The comment about TDL4 infecting 64 bit machines is disingenuous as it (the virus) have the same level of control as in the 32 bit environments. To insinuate that you perhaps shouldn't bother going to a 64 bit o/s because it really isn't that much safer is not true.
See quote: "...However, due to the limitations of working with 64-bit programs, cmd64.dll code only provides communication with the botnet command and control servers." In other words, it has rudimentary functionality - at best.
Richard, "MS imprisonment", really?!? You've never heard of Apple or Linux? Or do you feel that dispite its faults, MS has the superior product? Possibly Apple's too expensive and your then truly imprisoned in the no 3rd party Apple world or not tech-savvy enough to get all the things from Linux that you get with XP.
Avast is the one indicating their users have the root-kit, I don't think I'd be br bragging about that if I were running an Anti-Malware company.
Personally I have both a system that runs XP and one that runs W7, and I like XP better because W7 makes me feel I'm a guest and lack control.
And of course that is what MS went for with W7 so it's not exactly imaginary.
As for infections, I am managing to keep my XP clean I think (and W7 comes with infections out of the box - like silverlight).
And if you actually read the details of the various updates w7 constantly receives you'd know that it's not exactly hack-proof, but it has a better reputation since the updates are done secretly in the background these days so very few people are aware what catastrophic failures they keep discovering.
As for the remark that MS allows illegal copies to be patched with critical patches, yes but only a selection of updates and you would be doing it manually and you'd have to be very careful to not be detected as being illegal and not install the 'critical patch' that makes you screen go blank every 30 minutes and plasters illegal copy over the desktop, so it makes sense people do not go through that trouble with the risk of messing up their system themselves, and we are talking about reality, what people do and what the end results are, and not merely about theory.
That's exactly the issue - no matter how careful you surf on the internet, using an outdated and no longer supported OS (yes, unsupported, why do you think MS already terminated the support for XP for the enterprises?) can and will brake your OS. The problem is not user's alone, because once the machine is infected, it will then become a perpetrator of the infection.
Scyphe thats what Richard was saying as you so well put it,"all the issues and problems you get with legacy software that is no longer supported" If xp runs all his software and Richard is a good and careful surfer, why would you buy another os that will do the same thing.
Perhaps another smashing bell to the luddites that XP passed it's expiration date years ago. What people using arguments like "I still use XP mitch, and I'm going to continue to do so, until their is a compelling feature/reason to upgrade, which as of yet, has still not been revealed." don't seem to understand is that the only one their obstinacy really messes with is themselves with all the issues and problems you get with legacy software that is no longer supported, which this article is pointing out.
I just wanted to point out that Windows actually does allow critical security updates to be installed, even if Windows is detected as being pirated. The main reason why Vista and 7 have fewer rootkits is probably because of Kernel Patch Protection in the 64 bit versions.
I still use XP mitch, and I'm going to continue to do so, until their is a compelling feature/reason to upgrade, which as of yet, has still not been revealed.
MS did NOT choose to keep supporting XP out of benevolence, but because they couldn't afford to slash their own throat, when adoption of later systems was so tepid(as demonstrated by the extremely high percentage of XP users that remain).
I am increasingly hopeful that by the time I need to upgrade XP, another alternative will be attractive enough so that I can escape MS imprisonment for the first time, since my 80286.
I can imagine though you're still reeling from your predictions that Windows Phone 7 would quickly dominate the marketplace...LOL!!!
Windows 8 is nearly here making Windows XP nearly 3 OS's ago. I think its commendable Microsoft still supports the OS and will for some time to come but really its time Consumers moved to Windows 7 already.
As for AntiVirus software you get what you pay for and Avast is free. If you want free AV get Microsoft's free security suite if your going to pay almost all the top brand AV software can be had for $5.00-$10.00 on a special and sometimes includes licensing for 3 pc's.
People doing dumb things is not news.
Ever get the idea that these so called news articles are nothing more then Infomercials. Gets published with no cost vs Ad fees.
Seeing that we soon need botnets to fight the man I guess this can be viewed as good news.
And now that MS abandoned XP why do they still do the authenticity thing anyway? They don't even sell XP anymore right?
And finally I have a question: Does avast count the Low Orbit Ion Canon as an unwanted 'infection' when they released this bit of news? I'm seriously wondering.
And how about one of sony's rootkits? Or adobe's or Corel's or any of the big companies?
And another question now springs to mind, since it's avast saying this and they are an anti-virus software maker can we assume all those people that were infected are now clean? And how come all those people got infected when they have anti-virus as protection?