Forgot your password?
typodupeerror
Security Windows Technology

Microsoft: One In 14 Downloads Is Malicious 290

Posted by CmdrTaco
from the wonder-where-they-surf dept.
alphadogg writes "About one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5% of users ignore the warnings and download malicious Trojan horse programs anyway. IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen."
This discussion has been archived. No new comments can be posted.

Microsoft: One In 14 Downloads Is Malicious

Comments Filter:
  • by h4rr4r (612664) on Wednesday May 18, 2011 @09:52AM (#36165998)

    These are the same folks that only change the oil in their cars when the warning light comes on.

    • by Chrisq (894406)

      These are the same folks that only change the oil in their cars when the warning light comes on.

      Or in the case of my brother-in-law when my sister said the light was on, covered the warning light with a bit of tape so it wouldn't annoy her. She carried on driving until the engine seized up.

    • by mellon (7048)

      This is why security solutions based on users making correct decisions can't work. It's bizarre how many of the programs on our computers still depend on this.

      • by h4rr4r (612664)

        Drop out the "security" part and you will be closer to the truth.

        Windows needs repositories/appstore now, it does not need a new ribbon interface, more shiny crap or anything else as bad. When they get that done, give me the ability to delete/replace open files like you can on a real multi-user OS.

      • The problem is for a home/SMB user (who can't/won't pay for proffessional IT to make the descisions) the only real alternative would be to have those descisions made for you by a coporate overlord like sony, MS or apple.

        Experiance from smartphones and games consoles shows that when corportate overlords make those kind of descisions they don't always have their users best interests at heart.

        • by cdrguru (88047)

          The problem is for a home/SMB user (who can't/won't pay for proffessional IT to make the descisions) the only real alternative would be to have those descisions made for you by a coporate overlord like sony, MS or apple.

          Experiance from smartphones and games consoles shows that when corportate overlords make those kind of descisions they don't always have their users best interests at heart.

          Yes, except there is no other real solution. What is needed is to get the hundreds of thousands of general-purpose computers with "open" operating systems and replace them with something like an iPad. Sure, you can add "approved" applications to your computer, but you cannot "administer" it in any meaningful way - that is done remotely, by someone else. Best of such "administration" is not needed, but whatever it is the user isn't qualified or capable of doing it right.

          OK, there are a few people that nee

          • Oh, and I would have zero problems with a requirement - worldwide - that says to connect a "general-purpose" computer to the Internet you have to have a license of some sort. Something you have to prove your qualifications to get.

            This works so well for roadways. In general, Jersey barriers [wikipedia.org] are the only things between you and the afterlife. Thank God for concrete.

    • by mangu (126918)

      These are the same folks that only change the oil in their cars when the warning light comes on.

      When the warning light comes on it's a sign to add oil, not change it.

      Although it's a car analogy, this one is not good. Compared to downloading malware, not changing oils is pretty harmless. Most car owners would be able to drive a new car without changing oil at all for ten times the manufacturer recommended mileage.

      I myself once used a Geo Prizm for fifty thousand miles without an oil change. It was a company car with a long-term rental. When the time for the first change came, I phone the rental company

      • by tom17 (659054)

        Except old grubby oil can leave residue. Not a big deal except for the hydraulic lifters. When the little oilways in them get clogged up, they can no longer self adjust. This can lead to large clearances, resulting in excessive valvetrain wear.

        I'm not one to talk, but please, change your oil :)

  • "Malicious" (Score:5, Funny)

    by Anonymous Coward on Wednesday May 18, 2011 @09:54AM (#36166024)

    On the list of malicious files, as determined by the Microsoft Corporation:

    - Google Chrome
    - ubuntulinux.iso
    - antivirusotherthansecurityessentials.exe
    - iTunes
    - *ipod*.exe
    - gmail.com/index.html

    • Re:"Malicious" (Score:5, Insightful)

      by Missing.Matter (1845576) on Wednesday May 18, 2011 @10:14AM (#36166310)

      antivirusotherthansecurityessentials.exe

      I know you're joking, but this one is pretty close to the truth. Norton and McAffee do more to slow down computers than actual malware does.

      • Not only that, but it's damned hard to tell the difference between something actually from McAfee and some (other) crap from the internet. For example, most of the services running on my computer with names starting with McAfee are listed as "Unknown" manufacturer. When popups appear they always look fake, the window decorations (like the close icon in the top right corner) are always non-standard and the warnings are overly dire and hyped-looking. They just look unprofessional. Finally, it's so damn hard t
      • Re:"Malicious" (Score:4, Interesting)

        by Tanktalus (794810) on Wednesday May 18, 2011 @10:32AM (#36166570) Journal

        This is what I call the second Microsoft Tax. The first one is the extra ~$30-$60 you pay on your computer that goes to Microsoft for their OS (prices assume it's a new rig with the OEM version pre-installed). The second one, this one, is the extra money you spend on CPU cycles and RAM to run the anti-malware software so that you still have as much CPU power/RAM as you need for what you really bought the computer for.

  • by LWATCDR (28044) on Wednesday May 18, 2011 @09:55AM (#36166050) Homepage Journal

    1. Ubuntu
    2. Firefox
    3. Chrome
    4. OpenOffice
    5. VLC

    • by Chrisq (894406)
      You missed Java
      • Re: (Score:3, Interesting)

        by DrScotsman (857078)

        The grandparent was listing jokes, not actual malicious software.

        Of course I jest, but which other Windows program anywhere near as popular brings up UAC prompts out of nowhere in the way Java updater does without even being "opened"? I bet Java is partially to blame for a huge number of users blindly clicking "Yes" to all UAC prompts - in the average user's eyes it just won't stop prompting until you accept its damn update.

        • Mod parent up. I am ashamed to say that I am guilty of this. I tried uninstalling Java, but soon found that I couldn't do without it.
        • I would say that UAC is to blame, since you get promoted to install or update any software. Since you obviously want the software, of course you're going to authorize it. This has the unfortunate effect of rendering UAC useless - people get used to allowing every time it asks, because they need to in order to complete the task at hand.
          • by mlts (1038732) *

            Even without UAC priv escalation, there is a lot malicious software can do in a user context without having to get administrative rights. Just a mass file slurp of documents to an offshore blackhat site can cause a lot of damage.

        • That, and the fact that the updater doesn't always remove the older java versions. Leaving the user with the security holes still intact.

    • Your joke has a point. Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com]. And as I understand it, existing Authenticode CAs sell certificates only to businesses, not to individuals.
  • Really? (Score:5, Funny)

    by Random2 (1412773) on Wednesday May 18, 2011 @09:56AM (#36166064) Journal

    I didn't realize IE was downloaded so frequently.

  • That is a surprisingly high number, even after all these years of knowing about various rootkits, viruses, and other malware that have so persistently affected Windows. 1 in 14? That's... crazy.

    And what is the economic cost of having to deal with this crap? It must be well into the billions of dollars by now.

    It's also consistently depressing that inertia is such that Windows seems like it will maintain its desktop dominance for the foreseeable future. There are better OSes out there. USE ONE, PEOPLE. Please

    • Which general purpose OS will stop the user from DOWNLOADING a piece of malware? Pretty much none, except something like iOS but users would scream bloody murder if MS only allowed whitelisted applications to run on Windows. The DOJ would have Balmer's head before he finished the sentence declaring that was MS' new course. I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is n
      • by oakgrove (845019)

        I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is no better just less used.

        Obviously you like Windows. It is unfortunate that Windows users are attacked so frequently and I really do think a solution needs to be found. It seems reasonable to me that if there were a healthy mix of desktop operating systems in the marketplace malware authors would have a much harder time spreading their trash around and Windows users would be much better off. That being the case, wouldn't you want alternative choices to be brought to people's attention whenever it is relevant? Operating system d

    • What does this have to do with the operating system at all? People will always click to see the cute bunny. Until you find a way to stop them, malware downloads will persist.
    • by bmo (77928)

      >That is a surprisingly high number, even after all these years of knowing about various rootkits, viruses, and other malware that have so persistently affected Windows. 1 in 14? That's... crazy.

      It's not crazy when you see the number of malware definitions in your average malware detector. There are nearly 6 *million* definitions for Bit Defender. I have it installed in Linux for scanning Windows files. And thousands of malicious applications/infections are being made every day.

      Windows users have been

      • [GNU/Linux distributors] do, however, have various practices in place to put up a barrier between the hostile network and the dumb user, and these things teach the user it's better to go to the trusted repo first

        The historical problem here is that GNU/Linux distributors have historically been reluctant to allow non-free software into their repositories. Not all applications can be made free [pineight.com]. It'll take a while to see whether Ubuntu can succeed in bucking this trend.

    • by Rary (566291)

      It's not the OS, it's the users. My malicious download rate on Windows is approximately 0 in infinity. That's because I don't click on every random link on every website I visit, I read dialogs before clicking "OK", and I download things from trusted sites. While in theory, that still doesn't make me completely immune, in practice it's been good so far.

      People need training, not a new OS.

      • by h4rr4r (612664)

        You try that. They don't want training and they don't care.

        Over here in reality I will suggest MS follows the repository/app store model. This will not only condition people to stop downloading random crap off webpages, but also will allow updates to all software be made in a centralized way. They should like others allow users to add their own trusted repositories, which some will need and the truly ignorant will never bother with.

  • by mehrotra.akash (1539473) on Wednesday May 18, 2011 @09:57AM (#36166078)

    Why does MS even have these stats?

  • by mehrotra.akash (1539473) on Wednesday May 18, 2011 @09:58AM (#36166108)

    "About one out of every 14 programs downloaded by Windows users turns out to be malicious, "

    Windows or IE?

    If windows, how are they collecting these stats?

    • by kbielefe (606566)

      That's actually a really good question. You'd think if they could count them they could stop them.

  • I've been saying this for years. Hell. it's in my Sig.

    Eventually, software would get so security conscious that it would be easier to fool the user rather than hack the software.

    • by tepples (727027)
      I read your journal article. So with your four rules in mind, how is an operating system supposed to distinguish between A. an intentionally malicious computer program and B. a safe program that happens to have been developed by an individual as opposed to a business?
  • by conner_bw (120497) * on Wednesday May 18, 2011 @10:02AM (#36166156) Homepage Journal

    For example, email. On a personal level many of my friends and family have stopped using it and require me to communicate via Facebook. The problem for me is that I don't have a Facebook account. The problem for them is that they don't want spam.

    In the case of downloads we see people moving towards online services instead of executable binaries. Proprietary online services.

    Computer professionals don't complain because they get paid. Users don't complain because they are protected. There's an economic professor who wrote some books, name I forget as I type (please reply if you know?), his last was about the idea that peasants would live behind a kings walls in exchange for protection against marauders. The price was taxes and serfdom.

    Welcome to the age of digital serfdom?

    • Interesting point and I'd like to read that professor's work, but I don't believe online services are flourishing for security reasons, but rather that it's coincidental from the average user's perspective. The whole point of this story is that people are not aware and knowledgeable enough about technology and security, so I doubt they factor it in highly enough to use it in their decision to chose an online service.

      Security is rarely mentioned in the list of features of these services: nothing in Flickr [flickr.com],

      • by conner_bw (120497)

        >Interesting point and I'd like to read that professor's work

        Several search combinations later:
        Mancur Olson: Power and Prosperity

    • The problem is that Windows (and MacOS and Linux) is a "Wild West" operating system where anyone with admin access (ie., most home users) can trash the whole operating system. We're going to have to move to a model where the OS provides each application a sandbox, and nothing can modify the operating system, and no application can directly modify any other application. The band-aid security that's out there will never be adequate.

    • by istartedi (132515)

      I love that analogy because those of us who resist FaceBook and deal with the marauders are knights.

    • Re: (Score:3, Insightful)

      by mr1911 (1942298)

      For example, email. On a personal level many of my friends and family have stopped using it and require me to communicate via Facebook. The problem for me is that I don't have a Facebook account. The problem for them is that they don't want spam.

      Huh? The vast majority of what shows up on Facebook is spam. OK, maybe not in the traditional sense given the spam is whatever inane thing someone decides to post rather than a Viagra ad. Oh, you mean the private message thing that no one seems to know how to use because they post conversations in their statuses?

  • We need the stats for Apple in order to make a comparison. Does anyone even know?
    • by Wovel (964431)

      If Apple released a stat, everyone would call them spies.

      It is likely under 1/10'000 though.

  • by gstoddart (321705) on Wednesday May 18, 2011 @10:06AM (#36166212) Homepage

    Despite Microsoft's attempts to completely nanny people, they've almost taken it too far ... which means that people start ignoring/disabling the warnings.

    The other week I launched IE on a new server install ... the very first warning message is "You are about to access the internet, and people can see what you do" -- which gets a "do not show me this again" before I dismiss.

    As soon as you submit into a search engine, you get told "You are about to submit something on the internet, are you sure" -- which also gets a "do not show again".

    By the time I tell it I don't want it to save passwords, autocomplete forms, and that, yes, I really do want Google as my default search ... well, I've stopped listening to anything "helpful" IE is telling me.

    I rank the utility of the stuff that MS has "designed" to make IE safe right up there with the error messages that amount to "something bad has happened, contact your admin" --- oooh, that's informative. And, since I'm the admin ... give me some f'ing idea as to what went wrong so I can try to fix it.

    Microsoft build in really pedantic and lame safeguards, which get turned off and/or ignored for the rest of time since they don't actually do anything useful.

    • by tepples (727027)

      And, since I'm the admin ... give me some f'ing idea as to what went wrong so I can try to fix it.

      Under Windows XP, it was Start > Control Panel > Administrative Tools > Event Viewer. I haven't tracked where the system log viewer has moved in Windows Vista and Windows 7.

      • by h4rr4r (612664)

        Compare that to /var/log/messages one time. Event Viewer is a sad replacement indeed. If you are even given anything other than "error number 0, some random app failed, the dev never did put any real logging in. The whole fact that windows logging is displayed in a GUI pretty much shows the braindeadedness. Windows: a decently designed kernel held down by a joke of a userland.

      • by gstoddart (321705)

        I haven't tracked where the system log viewer has moved in Windows Vista and Windows 7.

        It's just right click on "My computer", and then "Manage" ... it's up near the top. Been there since at least W2K3, but it still works on my Vista machine.

        Sometimes, I have received the "something bad, contact your admin" message when nothing useful gets put into the even log -- diagnosing network flakiness for instance sometimes gives utterly useless information.

        Using their repaid "wizard" usually ends up serving no pur

  • by Riceballsan (816702) on Wednesday May 18, 2011 @10:08AM (#36166244)
    Seriously only 5% of people ignore warnings? I would have to say about 75% of people I have seen download regardless of if you say "warning this will completely reduce your computer into a pile of steaming dung" in exchange for a screensaver with kittens, and then if you cut it down from that to IE users... well then I'd put that number closer to 95% would ignore the warnings.
  • by wilgibson (933961) on Wednesday May 18, 2011 @10:11AM (#36166260)
    and yes that means I use IE. But, when it consistently tells me things like Downloader_Diablo2_enUS.exe can harm my computer after downloading it from battle.net I tend to not believe in its ability to really determine if something is malicious or not. As always, proper instruction on internet safety will go farther than a security feature that any idiot can bypass.
  • So does this count include windows updates?

    The actual number surprises me as I would have thought that it would be higher given how many people fall for social engineering, and want free screen savers and the like.
  • their own patches and sneak-updates and call-home code they shove to their users ?
  • "IE's SmartScreen has blocked more than 1.5 billion Web and download attacks" How many of these were actually factually malicious? Perhaps that is why people are ignoring the warnings? You can block (nearly?) 100% of malware by simply being Amish
  • I think they also hacked the statistics system!
  • by HeckRuler (1369601) on Wednesday May 18, 2011 @10:38AM (#36166648)
    Is to block every 14th download, thus making Windows malware free!
    • About one out of every 14 programs downloaded by Windows users turns out to be malicious

      Although the team admitted that this is mostly due to all non-Microsoft software as being labeled as "Malicious". (to microsoft)

  • Their anti malware program flagged some cheats I downloaded as trojan (no they were not) and heck some program I made (yes I do not program malware). I think it simply find some hook code for low level memory hook and simply mistake it for a malware.
    • by bmo (77928)

      >false positives

      Every single warez kiddie claims this.

      How do you know the difference between a false positive and a real warning?

      You can't.

      You're infected, son.

      --
      BMO

  • At least 1 in 14 programs is from A) a file sharing site, B) a porn site, and C) an email link. I have no data, but my experience on fixing computers is that this is the bulk of the problem. The rest are adware sites.

    I don't get them myself mainly because, I use Gmail (no spam), Chrome w/ ad blocking extension (no ads), Pandora (no file sharing)... ... I just have to be really careful about using quality porn sites.

  • Big Bloody Surprise THAT is!! Freaking Windows warns you about EVERYTHING. "If you do XYZ, your machine may be at risk." You can hardly turn around without Windows warning that it'll put your computer at risk. Tell that four or five hundred times to the average user, and then profess surprise when they start to ignore the warning????
  • ...stupid people who download this malware.
    Just last month I was warned putty.exe was found in my system. Later tinyproxy was discovered. And I went even as far as installing VNC Server!

    It isn't very long since I disabled the antivirus to download actual worm to the computer. Like, the guy got a webpage infected with some nasty stuff, and it embedded links to self in headers of the PHP files. So, to remove it, I had to download the PHP, edit out the infected lines and upload it back. But no, downloading php

  • I still get frequent messages on microsoft's pages saying "if you see the yellow bar with a warning at the top of the page, right-click and install the control". For years they had pages that said "you will get a certificate warning when you press submit. click ok to ignore it and continue."

  • Most programs should run in an environment that has far fewer privileges than the user running it. Especially games. All a game really needs to talk to are its own files, the screen, the input devices when it has focus, and its own Internet server. Those are essentially the restrictions under which a web page or Flash program runs.

    Anything which needs more privileges than that should either have to be signed by somebody to indicate responsibility for the program, or the entire system has to be put in

  • by Dcnjoe60 (682885) on Wednesday May 18, 2011 @11:37AM (#36167530)

    The majority of downloads on our Windows computers seem to be Microsoft patches, so 1 out of 14 being malicious sounds about right.

Suburbia is where the developer bulldozes out the trees, then names the streets after them. -- Bill Vaughn

Working...