Saturday, October 15th 2011

Got A Virus? It's Your Fault Says Microsoft

Yes, that's right the maker of notoriously vulnerable software is now blaming you, the user, should you get a virus, trojan or other malware infection on your Windows computer. However, it does look like they have some justification for saying this. For those with long attention spans, Microsoft have just released their 168 page Microsoft Security Intelligence Report 6MB PDF, with the stated aim of providing:
An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011
The first thing to note about the report is that it is limited to its Malicious Software Removal Tool and Microsoft's other anti-malware products. Zero-day attacks that it can't detect are not included in the findings. So, surely it can't all be the user's fault then? It also means that the security angles from third party security vendors such as Kaspersky, Norton and McAfee aren't represented here.
By far the biggest attack vector with 44.8% is infection with the help of the user, where they're duped into running some dodgy attachment or clicking an equally dodgy link. What with the generally very low level of computer literacy of most ordinary users, this is hardly surprising. Taking second and third place are two autorun options, USB at 26% & network at 17.2%, with all the others at surprisingly low levels, especially the exploit when update is long available, standing at only 3.2%.

Next up are the well known operating system vulnerabilities. 32-bit XP SP3 is by far the most insecure of recent OS's, with 10.9 Computers Cleaned per Thousand (CCT) which is unsurprising, considering the many hundreds of patches required since its 2001 release. Vista SP1 32-bit is a bit better at 8.8 CCT (so much for the much-touted enhanced security at it's 2007 retail launch), with the 64-bit version somewhat better at 6.7 CCT. From there, OS security improves significantly with the best being Windows 7 SP1 64-bit, which is to be expected, at a low 1.1 CCT. Server infections are surprisingly high though, considering that they are based on the same code base as their client counterparts. For example, Server 2008 R2 has the same underlying code as Windows 7, yet it's CCT is 3.3 times higher, at 3.6. Why should this be, since the admins that run them can be assumed to know about patching and general good security practice?

Of infections due to third party software vulnerabilities, Java takes the cake with between one-third and one-half of all observed exploits. Again, old versions are the most vulnerable and as Java auto updates, there's really no excuse to be running such old versions.

Because core OS security has increased so much in recent years, cybercriminals haven't stood still. Since duping uninformed "clueless" users is the most effective form of attack, they have now moved on to social networks in a big way, as they are so popular. Considering the type of fraudulent ads which can sometimes be seen on the side of a Facebook page, where the picture and text suggest one thing, but actually lead you to something completely different and obviously fraudulent when looked at a little more closely, it looks like the social networks themselves could do more to protect their users by vetting their advertisers more stringently.

One significant enhancement to computer security, is Microsoft's proactive stance on eradicating botnets in the last few years. On several occasions now, stories have been published covering particular botnets that were taken down by Microsoft working together with law enforcement in various countries to track down the command and control servers and websites, putting them out of action and thus disrupting the botnet. The infected machines can then be cleaned up later. This writer has from personal experience, seen spam drop from up to around 50 items a day to maybe 6 or 7 per week which is a great improvement, so this strategy is clearly working.

The conclusion for such a big report is remarkably concise, so is quoted in full:
Unfortunately, the process of eliminating malware from a computer is likely to become much harder in the next few years. Malware has become a lucrative business for the criminals who create and distribute it, and they have a financial incentive to find new ways to evade detection and make malicious files and processes harder to remove.

Therefore, understanding how malware spreads, operates, and defends itself at a fundamental level should be considered a prerequisite for IT professionals charged with protecting their users from attack and containing outbreaks when they occur. However, the best guidance is that which helps prevent malware infection from ever occurring. For more information about how to prevent malware infection, see the Microsoft Malware Protection Center at www.microsoft.com/security/portal.
Overall though, it doesn't seem like infections are down much, with social media phishing taking up the slack as clueless users blindly run malware and click on bad links. It would be desirable if the overall rate dropped, so that criminals would be put out of business and be forced to work for a living like everyone else or preferably, sit in jail.

One thing that surprisingly wasn’t mentioned in the report is the need to run a hardware edge firewall on your network. Without it, it's only a matter of time until Windows gets hacked into, regardless of how well patched it is. Thankfully, every decent modern home router has one of these built in and is switched on by default, addressing this critical requirement. For corporate networks, using a hardware firewall is a standard security policy decision.

Another worthy line of attack against botnets is the ISP. In some cases, ISP's monitor their user's internet connections, looking for patterns of behaviour that indicates a compromised machine. If found, they notify the user, usually by email. They may also slow down the connection, filter it or turn off access completely, depending on the user agreeemnt and the severity of the attacks, until the customer has addressed the problem

Due to its 168 pages, the report is very detailed and covers a wide range of topics, so covering them all is beyond the scope of this story. However, some of the more interesting areas covered in the report are: the rising attacks on Android smartphones, Flash Player exploits, spam, phishing and malware sites, rogue security software, Process Explorer and strategies for eradication of malware from infected machines.

Finally, the big takeaway from this report, is the usual advice of running the latest versions of all your software, including the OS (64-bit where possible) patch it as patches are released, use internet security software, use a hardware firewall and of course not forgetting user savvy to avoid getting duped by social engineering tricks into doing something stupid. Reckless user behaviour is by far the biggest part of this problem, just like car accidents.Source: InfoWorld, Microsoft Security Intelligence Report 2011
Add your own comment

105 Comments on Got A Virus? It's Your Fault Says Microsoft

#1
Ahhzz
Easy Rhino said:
sorry but i stopped reading after this line. this is supposed to be news, not opinion. if this were posted in any other section on this site it would be closed due to trolling.
hmm.... looks like Mod Trolling...
Posted on Reply
#2
de.das.dude
Pro Indian Modder
Mussels said:
oh look, a pirated copy of that software i didnt want to pay for!

*double clicks crack, blames ensuing virus on crap antivirus product/OS*
dont forget, hey look free facebook emoticons! *click*
woah an iPhonie for 100$!! *click*
look a free online lottery *click*

meh... internet noobs :p
Posted on Reply
#3
Derek12
de.das.dude said:
dont forget, hey look free facebook emoticons! *click*
woah an iPhonie for 100$!! *click*
look a free online lottery *click*

meh... internet noobs :p
Haha I remember some false antivirus software and the typical "your computer has 9385998783 errors click here to fix it" or the "You have 1 new message click for read it" or the &%/$%"" false download buttons. Result: "go write format C:" . And I was fooled (when I was a n00b) :mad:
Posted on Reply
#4
qubit
Overclocked quantum bit
Easy Rhino said:
sorry but i stopped reading after this line. this is supposed to be news, not opinion. if this were posted in any other section on this site it would be closed due to trolling.
There's no trolling from me. :rolleyes: You'd be in a better position to criticise if you'd actually read all of it instead of throwing insults at me, don't you think? Come back to me with a reasoned argument, making constructive points and I'll debate it with you, if you must.

Ahhzz seems to have a point...
Posted on Reply
#5
Frick
Fishfaced Nincompoop
qubit said:
There's no trolling from me. :rolleyes: You'd be in a better position to criticise if you'd actually read all of it instead of throwing insults at me, don't you think? Come back to me with a reasoned argument, making constructive points and I'll debate it with you, if you must.

Ahhzz seems to have a point...
I'll try: That statement you made is not true anymore, and it feels like a low one, coming from you. I know you know better.
Posted on Reply
#6
qubit
Overclocked quantum bit
Frick said:
I'll try: That statement you made is not true anymore, and it feels like a low one, coming from you. I know you know better.
Eh? I was just defending myself. I have no idea what you mean.
Posted on Reply
#7
Derek12
Frick said:
I'll try: That statement you made is not true anymore[...]
Well, historically it's true more vulnerabilities were discovered in MS products, but again, may have to do with the usage share of their products, and interest from virus makers or crackers to infect them, and not fault from Microsoft (as far I know) etc. none software escape from the viruses and worms and vulnerabilities even non Microsoft products.
Posted on Reply
#8
Frick
Fishfaced Nincompoop
qubit said:
Eh? I was just defending myself. I have no idea what you mean.
The first sentence in your article.
Posted on Reply
#9
de.das.dude
Pro Indian Modder
Derek12 said:
Haha I remember some false antivirus software and the typical "your computer has 9385998783 errors click here to fix it" or the "You have 1 new message click for read it" or the &%/$%"" false download buttons. Result: "go write format C:" . And I was fooled (when I was a n00b) :mad:
you know the software, i know people who actually believe with their heart that its an antivirus!
Posted on Reply
#10
qubit
Overclocked quantum bit
Frick said:
The first sentence in your article.
No, because it's justified by what follows - it's a classic situation of taking something out of context otherwise. :)
Posted on Reply
#11
Derek12
de.das.dude said:
you know the software, i know people who actually believe with their heart that its an antivirus!
Yeah they are very similar to any legit AV, and they says "your computer has virus, remove them", and really they do the opposite, as the infamous WinFixer/WinAntivirus crap :mad: try to convince these people to install a real AV like Kaspersky, NOD32, Avast etc, their computer would be happy :)
Posted on Reply
#12
micropage7
Derek12 said:
Yeah they are very similar to any legit AV, and they says "your computer has virus, remove them", and really they do the opposite, as the infamous WinFixer/WinAntivirus crap :mad: try to convince these people to install a real AV like Kaspersky, NOD32, Avast etc, their computer would be happy :)
you mean fake AV?
but in some cases local AV performs better for local virus than others
Posted on Reply
#13
Frick
Fishfaced Nincompoop
qubit said:
No, because it's justified by what follows - it's a classic situation of taking something out of context otherwise. :)
No. It's not justified. I've read the piece some times now and "the maker of notoriously vulnerable software" is never justified in it.

I think you thought we were complaining about the "pass blame on the user" thing, but that part is accurate.
Posted on Reply
#14
qubit
Overclocked quantum bit
Frick said:
No. It's not justified. I've read the piece some times now and "the maker of notoriously vulnerable software" is never justified in it.

I think you thought we were complaining about the "pass blame on the user" thing, but that part is accurate.
Does Microsoft not have a reputation of notoriously insecure software? Of course they do, it's been that way for years and was well deserved. Only in recent history have they made signficant strides in security. My second phrase acknowledges that they have a point in finally pointing the finger at the user. The data from Microsoft also supports this - whether one accepts their data is another matter and not the point here.

Besides, there's such a thing as an irreverent writing style which spices things up a bit, which is what I do, so enjoy the humour! :toast:
Posted on Reply
#15
Derek12
micropage7 said:
you mean fake AV?
but in some cases local AV performs better for local virus than others
Yeah those rogue software scams, for example WinFixer I wasn't victim of this one but similar ones which I can't (and hope not to) remember :)
Posted on Reply
#16
Frick
Fishfaced Nincompoop
qubit said:
Does Microsoft not have a reputation of notoriously insecure software? Of course they do, it's been that way for years and was well deserved. Only in recent history have they made signficant strides in security. My second phrase acknowledges that they have a point in finally pointing the finger at the user. The data from Microsoft also supports this - whether one accepts their data is another matter and not the point here.
It was well deserved is the point I'm trying to make, whereas the very first words in this article make it sound like they still deserve this, which they don't.
Posted on Reply
#17
qubit
Overclocked quantum bit
Frick said:
It was well deserved is the point I'm trying to make, whereas the very first words in this article make it sound like they still deserve this, which they don't.
No, they don't deserve this reputation any more. However, I dunno why people are getting so hung up on that first sentence. As I said, irreverent writing style and there's an example.

In the rest of the article, I pretty much agree with Microsoft and put the blame at the hands of clueless users - heck, I even used the term. So no, I'm not bashing them for having insecure software, as they used to have.
Posted on Reply
#18
sy5tem
Batou1986 said:
Chances are if your reading this you already know it to be true.
Thankfully ppl are EDIT:**-uneducated-** so i will still have plenty of computers to fix.
this make like 15% of my remote support .. "my computer is slow I DID NOT DO ANYTHING!"

lol ohh look into history CRACK & PORN! got there magicly!

LOLOLOL
Posted on Reply
#19
TurdFergasun
MS makes shitty software, designed to artificially support MS trained "techs" aka false middle men. that is all. quit defending beligerant piss poor programming, unless you're one of the fools who've paid their bribes to receive MS certification, then i guess you have a vested interest in pimping the status quo.
Posted on Reply
#20
FreedomEclipse
~Technological Technocrat~
TurdFergasun said:
MS makes shitty software, designed to artificially support MS trained "techs" aka false middle men. that is all. quit defending beligerant piss poor programming, unless you're one of the fools who've paid their bribes to receive MS certification, then i guess you have a vested interest in pimping the status quo.
you dont need a Microsoft tech to tell you your computer as absolutely FUBAR'd. theres people out there who can do it for you for less :toast:

Far from defending Microsoft but becoming MS certified really opens up a lot of doors when it comes to jobs, even if you dont stay within the hardware/software support sector.
Posted on Reply
#21
cdawall
where the hell are my stars
can i just say I agree that if you got a virus it is your fault. I have gone a couple of years now virus free.
Posted on Reply
#22
m4gicfour
To repurpose something w1zzard said once:

Sure, I could have a virus free computer, if I RTFM and paid for legitimate software, but OH ZE NOES I needs my free porn, iPod, motorcycle, PS3, XBOX and dodgy antivirus download from a site I found from a banner ad IQ test asking whether or not the picture is of a woman or a potato
Posted on Reply
#23
Mussels
Moderprator
the potato spelled intelligence wrong
Posted on Reply
#24
newtekie1
Semi-Retired Folder
I agree with Microsoft. I clean viruses as part of my living, and in the past 6 years of doing it professionally, I have yet to find clean a virust that didn't get on the computer by the user doing something stupid. And it amazes me how many times I've heard "the anti-virus wouldn't let me do blah blah blah, so I uninstalled/disabled the antivirus"...
Posted on Reply
#25
m4gicfour
Mussels said:
the potato spelled intelligence wrong
Lol I know, just part of the charm.

newtekie1 said:
I agree with Microsoft. I clean viruses as part of my living, and in the past 6 years of doing it professionally, I have yet to find clean a virust that didn't get on the computer by the user doing something stupid. And it amazes me how many times I've heard "the anti-virus wouldn't let me do blah blah blah, so I uninstalled/disabled the antivirus"...
Yup. That kind of thing seems to come from people who ask questions like "Can you download some more RAM", so it's kind of understandable. If your level of knowledge of the device is THAT low, it's not really surprising. To tap an old cliche: Headlight Fluid.
Posted on Reply
Add your own comment