User Tag List

Results 1 to 4 of 4

Thread: Got A Virus? It's Your Fault Says Microsoft

  1. #1
    Member
    • Arif69's Gadgets
      • Motherboard:
      • Gigabyte H61 S2P B3
      • CPU:
      • Intel Core i3 2100
      • RAM:
      • G.SKILL Ripjaws X Series 8GB DDR3 1600 MHZ
      • Hard Drive:
      • Samsung 500 GB | Hitachi 1 TB
      • Graphics Card:
      • Gigabyte Radeon HD 5770 1 GB DDR5
      • Display:
      • Dell E1910H 18.5 Wide Lcd
      • Sound Card:
      • VIA HD Audio Codec
      • Speakers/HPs:
      • Creative Inspire 4400 | Logitech S-150 | Sony MDR-ZX100
      • Keyboard:
      • Lexma LK7550P Slim
      • Mouse:
      • Logitech B100
      • Controller:
      • Generic Usb Joystick
      • Power Supply:
      • ITS 500 Watt
      • Optical Drive:
      • Samsung SH-224BB 24X
      • USB Devices:
      • Transcend Jetflash350 16 GB
      • Operating System:
      • Win 7 Ultimate 64 Bit | Ubuntu
      • ISP:
      • KS

    Join Date
    Aug 2009
    Posts
    5,572

    Lightbulb Got A Virus? It's Your Fault Says Microsoft

    Got A Virus? It's Your Fault Says Microsoft

    Yes, that's right the maker of notoriously vulnerable software is now blaming you, the user, should you get a virus, trojan or other malware infection on your Windows computer. However, it does look like they have some justification for saying this. For those with long attention spans, Microsoft have just released their 168 page Microsoft Security Intelligence Report 6MB PDF, with the stated aim of providing:

    An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011
    The first thing to note about the report is that it is limited to its Malicious Software Removal Tool and Microsoft's other anti-malware products. Zero-day attacks that it can't detect are not included in the findings. So, surely it can't all be the user's fault then? It also means that the security angles from third party security vendors such as Kaspersky, Norton and McAfee aren't represented here.





    By far the biggest attack vector with 44.8% is infection with the help of the user, where they're duped into running some dodgy attachment or clicking an equally dodgy link. What with the generally very low level of computer literacy of most ordinary users, this is hardly surprising. Taking second and third place are two autorun options, USB at 26% & network at 17.2%, with all the others at surprisingly low levels, especially the exploit when update is long available, standing at only 3.2%.

    Next up are the well known operating system vulnerabilities. 32-bit XP SP3 is by far the most insecure of recent OS's, with 10.9 Computers Cleaned per Thousand (CCT) which is unsurprising, considering the many hundreds of patches required since its 2001 release. Vista SP1 32-bit is a bit better at 8.8 CCT (so much for the much-touted enhanced security at it's 2007 retail launch), with the 64-bit version somewhat better at 6.7 CCT. From there, OS security improves significantly with the best being Windows 7 SP1 64-bit, which is to be expected, at a low 1.1 CCT. Server infections are surprisingly high though, considering that they are based on the same code base as their client counterparts. For example, Server 2008 R2 has the same underlying code as Windows 7, yet it's CCT is 3.3 times higher, at 3.6. Why should this be, since the admins that run them can be assumed to know about patching and general good security practice?

    Of infections due to third party software vulnerabilities, Java takes the cake with between one-third and one-half of all observed exploits. Again, old versions are the most vulnerable and as Java auto updates, there's really no excuse to be running such old versions.



    Because core OS security has increased so much in recent years, cybercriminals haven't stood still. Since duping uninformed "clueless" users is the most effective form of attack, they have now moved on to social networks in a big way, as they are so popular. Considering the type of fraudulent ads which can sometimes be seen on the side of a Facebook page, where the picture and text suggest one thing, but actually lead you to something completely different and obviously fraudulent when looked at a little more closely, it looks like the social networks themselves could do more to protect their users by vetting their advertisers more stringently.

    One significant enhancement to computer security, is Microsoft's proactive stance on eradicating botnets in the last few years. On several occasions now, stories have been published covering particular botnets that were taken down by Microsoft working together with law enforcement in various countries to track down the command and control servers and websites, putting them out of action and thus disrupting the botnet. The infected machines can then be cleaned up later. This writer has from personal experience, seen spam drop from up to around 50 items a day to maybe 6 or 7 per week which is a great improvement, so this strategy is clearly working.

    The conclusion for such a big report is remarkably concise, so is quoted in full:

    Unfortunately, the process of eliminating malware from a computer is likely to become much harder in the next few years. Malware has become a lucrative business for the criminals who create and distribute it, and they have a financial incentive to find new ways to evade detection and make malicious files and processes harder to remove.

    Therefore, understanding how malware spreads, operates, and defends itself at a fundamental level should be considered a prerequisite for IT professionals charged with protecting their users from attack and containing outbreaks when they occur. However, the best guidance is that which helps prevent malware infection from ever occurring. For more information about how to prevent malware infection, see the Microsoft Malware Protection Center at www.microsoft.com/security/portal.
    Overall though, it doesn't seem like infections are down much, with social media phishing taking up the slack as clueless users blindly run malware and click on bad links. It would be desirable if the overall rate dropped, so that criminals would be put out of business and be forced to work for a living like everyone else or preferably, sit in jail.

    One thing that surprisingly wasn’t mentioned in the report is the need to run a hardware edge firewall on your network. Without it, it's only a matter of time until Windows gets hacked into, regardless of how well patched it is. Thankfully, every decent modern home router has one of these built in and is switched on by default, addressing this critical requirement. For corporate networks, using a hardware firewall is a standard security policy decision.

    Another worthy line of attack against botnets is the ISP. In some cases, ISP's monitor their user's internet connections, looking for patterns of behaviour that indicates a compromised machine. If found, they notify the user, usually by email. They may also slow down the connection, filter it or turn off access completely, depending on the user agreeemnt and the severity of the attacks, until the customer has addressed the problem

    Due to its 168 pages, the report is very detailed and covers a wide range of topics, so covering them all is beyond the scope of this story. However, some of the more interesting areas covered in the report are: the rising attacks on Android smartphones, Flash Player exploits, spam, phishing and malware sites, rogue security software, Process Explorer and strategies for eradication of malware from infected machines.

    Finally, the big takeaway from this report, is the usual advice of running the latest versions of all your software, including the OS (64-bit where possible) patch it as patches are released, use internet security software, use a hardware firewall and of course not forgetting user savvy to avoid getting duped by social engineering tricks into doing something stupid. Reckless user behaviour is by far the biggest part of this problem, just like car accidents.

    Source: InfoWorld, Microsoft Security Intelligence Report 2011

  2. #2
    Global Moderator
    • Codex's Gadgets
      • Motherboard:
      • Asus P8Z77-V
      • CPU:
      • Intel Core i7 3770k
      • RAM:
      • G.Skill Sniper 2x8G (9-9-9-24 Kits)
      • Hard Drive:
      • Samsung 850 PRO 256G SSD, Geil 512G SSD, HDDs: 2TBx1, 1TBx1, 500Gx1, 165Gx1
      • Graphics Card:
      • Sapphire R9 280x (Dual-x edition)
      • Display:
      • Triple monitors: Samsung S24300B + Dell E2210 x2
      • Sound Card:
      • CEntrance DACport Slim
      • Speakers/HPs:
      • Sennheiser HD598 / FLC 8s
      • Keyboard:
      • Thermaltek Challenger Pro
      • Mouse:
      • Logitech MX Master w/ Razer Goliathus Mid.
      • Controller:
      • Don't have one
      • Power Supply:
      • Inwin 750 watts w/ 80+ Bronze Certification
      • Optical Drive:
      • Asus DRW24B3ST
      • USB Devices:
      • 2TB Seagate External USB 3.0 drive
      • UPS:
      • Mercury 1.2KVA
      • Operating System:
      • Genuine Windows 10 Pro
      • Benchmark Scores:
      • Over nine thousand!
      • Comment:
      • ISP:
      • AntBD + AmberIT Dual Homed
      • Download Speed:
      • ~ 1200 KB/s
      • Upload Speed:
      • ~ 1200 KB/s

    Join Date
    Nov 2008
    Location
    Under your bed.
    Posts
    7,983

    Default Re: Got A Virus? It's Your Fault Says Microsoft

    The first line makes no sense. Of course it's the user's fault. If you got messed up by a virus/trojan/w/e, you have nobody but yourself to blame.

  3. #3
    Member
    • Flame's Gadgets
      • Motherboard:
      • MSI 880GMA-E35
      • CPU:
      • AMD Phenom II X6 1090T @ 3.2Ghz
      • RAM:
      • 2x4GB Transcend DDR3 1333MHz
      • Hard Drive:
      • 2TB Hitachi 7200RPM
      • Graphics Card:
      • XFX AMD HD6850 1GB
      • Display:
      • LG Flatron W1953T 18.5"
      • Sound Card:
      • Realtek HD Audio
      • Speakers/HPs:
      • Creative | A4Tech
      • Keyboard:
      • Genius KB 101
      • Mouse:
      • Genius X Scroll
      • Controller:
      • Genius Maxfire
      • Power Supply:
      • Tt TR2 500W
      • Optical Drive:
      • ASUS DVD-RW
      • USB Devices:
      • ADATA 320GB External HDD
      • UPS:
      • Prolink somethingsomething
      • Operating System:
      • Windows 7 Ultimate (64-bit)
      • Benchmark Scores:
      • 5.9 | 7.7 (without HDD)
      • Comment:
      • BEST! :D
      • ISP:
      • Spark
      • Download Speed:
      • 45
      • Upload Speed:
      • 35
    Flame's Avatar
    Join Date
    Aug 2008
    Posts
    1,457

    Default Re: Got A Virus? It's Your Fault Says Microsoft

    Its always the user's fault. People need to learn what to download and what not to download; what to click and what not to click, etc.



  4. #4
    Member
    • Fox Mulder's Gadgets
      • Motherboard:
      • Gigabyte GA-Z77-D3H Rev 1.1 (Currently dead) | Intel DH55TC
      • CPU:
      • Core i5 3470 @ 3.8 Ghz (Currently not used) | intel Core i7 860 @ 3.3 GHz
      • RAM:
      • Corsair Vengeance 1600 MHz 2x4GB
      • Hard Drive:
      • Western Digital Blue 1 Terrabyte
      • Graphics Card:
      • Sapphire HD 7950 Vapor-X OC With Boost 3GB GDDR5 || Gigabyte GTX 680 Windforce 4GB
      • Display:
      • Philips 191EL 19" LED @77 Hz
      • Sound Card:
      • Creative Sound Blaster Live! 24 Bit
      • Keyboard:
      • Corsair K70 RGB
      • Mouse:
      • A4Tech 2X Click
      • Power Supply:
      • Thermaltake Smart 650W Modular
      • Optical Drive:
      • Samsung DVD Writer
      • UPS:
      • Spark Power (!) 1200VA
      • Operating System:
      • Windows 10 Build 10162
      • Comment:
      • It gets the job done!
      • ISP:
      • BracNet
      • Download Speed:
      • 1 Mbps
      • Upload Speed:
      • 1 Mbps
    Fox Mulder's Avatar
    Join Date
    Jul 2009
    Location
    I don't live in a city.
    Posts
    5,182

    Default Re: Got A Virus? It's Your Fault Says Microsoft

    Of course it's our fault, we use Windows to begin with which is definitely a huge fault on our part, the biggest "bottleneck" in the history of computing is Windows, but Windows is just like women, you can't just live without 'em.

Similar Threads

  1. Replies: 17
    Last Post: June 26th, 2011, 15:45
  2. Virus !!!!! What to do?
    By Tarik in forum Technical Support
    Replies: 20
    Last Post: September 10th, 2010, 15:46
  3. Help me!!! Virus
    By shaikh_imtiaj in forum Technical Support
    Replies: 12
    Last Post: August 6th, 2009, 22:30
  4. Replies: 0
    Last Post: May 7th, 2009, 20:30
  5. Virus Help :|
    By _Nviable in forum Technical Support
    Replies: 19
    Last Post: March 31st, 2009, 01:28

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 0.18681 seconds with 14 queries.