The vast majority of malware - more than 99 per cent - targets Windows PCs, according to a new survey by German anti-virus firm G-Data. G-Data reckons 99.4 per cent of all new malware of the first half of 2010 targeted Microsoft’s operating system. Just 0.6 per cent of the 1,017,208 new malware programs discovered in 1H2010 …
So 99% of malware targets an operating system with 90% market share.
Sounds like good business logic really. ;)
99% of ALL malware
That's 99% of ALL malware, not Personal Computer malware (i.e. malware targeting Windows, OS X, Linux, etc.).
Windows runs on much less than 90% of Internet-connected hardware.
91.34% in Aug 2010 apparently...
Considering that all their figures are based upon browsing, I'd class that as being internet connected... ;)
No, no, no, no
Web != Internet.
How many Web servers are running Web browsers? How many VPN gateways are running Web browsers? How many e-mail relays are running Web browsers? How many kerberos/SSL key servers are running Web browsers?
I could go on, but four examples of high-profile targets should suffice.
So serving doesn't count then? Browsing is not all there is on the internet ;)
The Internet does not just consist of The World Wide Web
I get your point now. I took malware to be something that required user intervention/trigger (i.e. malicious software run by a user), be it opening dodgy email with PDF attachment, or browsing infected website.
The question is though, where is the weak point or the best bang per buck? There will always be more consumers than producers - therefore PC (and mobiles etc...) will always outnumber servers.
But I see your point about web != internet.
It didn't take long
for the MS shills to trot out the old "it's because Windows is so popular" bullshit.
and it didn't take long for the Linux shills to moan either...
In Other News...
Bears...... ok, you know the rest
Windows can't help being popular...
Shall I make popcorn while the operating system flame-war commences?
I'll stay in my walled garden, thanks. It's nice here.
It Would Be The Same On Linux
..if Linux users were rootards (==people running as root always).
Internet Driving License is the only possible fix. But the rootards actually *do not want* to have the slightest clue. "Why is it not as simple as my fridge ? After all, it is just an electric device, right ?"
Let them be owned and move on. Darwin and survival of the fittest etc.
Written on Linux.
Was going to upvote your post
But your smug little tag line made me hit the wrong button.
Which popular distros make it easy to login as root?
Most Linux distributions make it easy to login as a non administrator.
Although they have stupidly copied Windows pop-up, OK, infect, if you tick the remember password checkbox.
"..if Linux users were rootards (==people running as root always)."
Eh, I don't think so, most newcomers to linux very quickly adapt and don't run as root, but of course there's a certain onus on the distribution to not provide password-less sudo access with the ALL target though polkit might be helpful in that regard.
I think it's just a matter of mentality, back when I ran windows I didn't really think twice what I downloaded and ran, running untrusted binaries is the norm (how else do you get to play games without cds). But when you start using linux (perhaps a smidgeon more than just dabbling) you very quickly become used to getting your software from trusted repositories, and I think most people would at least raise their eyebrow at running an untrusted binary.
For malware to gain a foothold on a linux machine you'd need to go more to the social engineering bit, getting users to trust your personal repository with loaded material, instead of trusting that users will just seek your stuff out on their own.
Just what I think.
exactly what I wanted to point out. Windows users are ignorants who could not care less about security. Instead of educating themselves they want to buy a "virus scanner" and forget the issue.
Then they download Skype from superdownloadWithDancingMonkeys.ru and wonder why they got new features and some features no longer work on their PC. Also, the DSL Modem is flashing the LED all the time.
I never used a virus scanner and I always make sure not to run as Administrator and keep all patched. Never had a virus on XP and now VISTA. Certainly never had one on Linux.
What an ambassador!
Seriously - you think you're going to get people to switch to the Chosen OS like that? I don't care how good the software is; as long as the public face of linux is arrogant, spoiled twits like StrongType, linux will remain hidden away in its niche.
Never had a virus?
>Never had a virus on XP and now VISTA. Certainly never had one on Linux.
That you know about?
Why do you need a survey to check this? If only because of Windows being the OS on 90% of the PC's then you'd expect at least 90% of the malware targeting it? You wouldn't even lift an eyebrow if it's more ... simply because of the "human" nature of these malware writers (not that I like them - I despise them), why would they spend all their time to try and catch a small fraction of a small percentage of the total PC population?
It's probably the most useless survey in a while. Why not make a survey like: water is wet is it?
Sounds like more spurious work to waste some government money ... now that might just be a eye-opener survey! How many surveys provide no benefit whatsoever? I'll wager it's also going to be in the high 90's.
So, this 1%
Does that imply that non-windows operating systems get viruses too?
Would be worth getting a note of them to use next time someone says they are bullet proof or don't need AV on their OS.
You pick the target with the least number of variants, and the best chance of propagation, which gives you only a small choice really. Going for a smaller but more technically astute target doesn't make sense, a lot of effort for less of a result.
If they're quoting 90% of PC's running Redmond's products, then someone's cooking the figures for the OS's in use rather than the sales of said systems, it possibly means apart from the 5% of Macs then the Penguin has got rather a larger market share than anyone would like to admit.
"If they're quoting 90% of PC's running Redmond's products, then someone's cooking the figures for the OS's in use rather than the sales of said systems, it possibly means apart from the 5% of Macs then the Penguin has got rather a larger market share than anyone would like to admit."
The machine in front of me has a Vista logo on it, but not a trace of it on the disk. Same deal at home. I generally prefer to build from parts to avoid paying M$ for stuff I don't use, but the employee discount was hard to ignore.
In short, your point is well-taken, but the 90% value might simply be one of the 99.437% of statistics that are made up on the spot.
Yeah that crapware subsidy is sure nice but the MS tax cuts into that quite a bit.
Facebook doesn't need any Trojans! (They do it themselves)
Given the lousy record of privacy protection from Facebook, it is obvious Trojan writers can save themselves time by concentrating on other social networks.
Although Facebook holds first place, many other websites need to tighten their security and make sure their server software is fully patched to current updates.
So Windows not so bad then?
Targeted by over 99% of malware and yet most people manage to do what they want and apparently enjoy doing it.
In fact, given that most Windows machines aren't even running as safely and securely as they could (even XP had the option to run as a limited user) it could be argued that MS and Windows are doing a bloody good job.
The OS might be a clapped out old banger under constant bombardment but it's still going and - apparently - still delivering passengers and goods where they want to go.
Cue the Lemming FUD Machine
> Targeted by over 99% of malware and yet most people manage
> to do what they want and apparently enjoy doing it.
No not really. It just has a long standing commanding market position that makes it difficult to flee from. People like you will help build that perception.
@So Windows not so bad then?
You have a valid point there, but then again, I guess you don't get called out to clear up the mess very often?
Hmm, and now for the icon choice...well, this is going to be a great flame war, so I might as well help stir it?
..are so smart. Other equally smart people like capable corporate sysadmins never granted their users Administrative rights. It happened in the millions !
And it was like this since Windows NT3.1, circa 1996. Windows XP is actually just (well, mostly) an optical remix of Windows NT3.1, very much like Windows VISTA and Windows 7. And all Windows Server 20xx versions.
Going deeper, WNT is just VMS++. All the security you *can* have with Windows today is mostly the work of Digital Equipment Corporation (may they be blessed in their existence in the corporate paradise).
Ex-DECer Dave Cutler is still in charge of WNT, including "Windows 7".
Computer Engineering Announcement Horn.
No flames here
If you feel the need to start a flame war then that's up to you. You'll have to do it without me though because I see no need to get worked up over operating system choice.
All I wrote was that considering how bad Windows is and considering how often it gets attacked most people seem prepared to put up with it. As another poster wrote it's not because it's good.
I think there are lessons to be learnt there and they are lessons so many in the Linux community have failed to learn. It just shows how little most people care about computers. It shows that for most people computing is an irrelevance and they accept any old crap if it mostly gets the job done. It suggests that trying to sell them an OS based on technical merit could be a waste of time.
As IT professionals we ought to note that and realise that we have to work harder/better to provide services that protect them from their own naivety. Starting flame wars and acting like geeks isn't going to help.
@No flames here
"Starting flame wars and acting like geeks isn't going to help."
Everyone who reads these boards is a geek, more or less by definition: We care about the details of computers and argue over the finer points because, to us, it matters. The majority of the world does not care or understand, which is why they consider us geeks for doing so.
"As IT professionals we ought to note that and realise that we have to work harder/better to provide services that protect them from their own naivety."
Do we let the woeful inadequacies of the average PC go uncommented? Either way, no one listens as they typically don't care (until bitten), don't have the extra money for Apple-based alternatives, or the geekiness needed for the Linux alternatives.
We could sell AV snake oil, but we all know here that is pretty useless against 0-day vulnerabilities and social engineering. Of course it helps a bit, but it is a plaster over a gunshot wound.
We could push for mandatory training and certification to be allowed PC access, but that sort of fascism wont cut it politically or economically. We could hope that schools and businesses would train people correctly so this was unnecessary, but we know the majority don't and realistically won't.
Maybe we could push for TV news programs to cover scams in a bit more detail so most PC users will see it, think and learn, as they won't be watching any geeky 'technical' TV programs that do help.
In the grand scheme of things, all that virtually anyone reading these comment boards can *actually do* is help a couple of family/friends (if they will listen) and, in a professional capacity, lock down and protect the system(s) under our control as best we can.
If anyone has a genuinely better suggestions I welcome them.
"Maybe we could push for TV news programs to cover scams in a bit more detail"
Turn on the news and what do you see, 100% useless bullshit.
some guys gunna burn a Koran, oh wow thats so amazing lets spend 5 hours reporting it every day even in the weeks after he changed his mind about doing it. yup 5 hours every day because hey the cricket story is getting a bit stale now so we have to report something. Who am I kidding, cricket is the most important thing ever. Please tell me more about it, because I'm DYING to know.
and before that it was Tiger Wood's mistresses. What an informative way to spent hundreds of thousands of hours of news bulletins and millions of words of text collectively. He'll probably have his own room in the library of congress soon because it's just that important.
the problem is people
Unpatched, decade old OSes running no anti-virus with users merrily clicking every viagra pop-up they see is sadly still the norm. Even in "professionally managed" IT departments I've encountered AV installations where the license was up to date, but the definitions hadn't been updated since installation. Add to that the problem of "forgotten" servers and desktops that are only used for year end audits or whatever and you end up with unpatched, unprotected loopholes
Flip side of that I know far more systems that have never been infected. Simple precautions... always run Windows Update, have protections in place (Microsoft Security Essentials is free and does a good job, SpyBot is great for extra profilactic measures for web browsing as well), don't expose your machine directly to the outside world (a router with reasonable levels of firewall is a great thing - don't forget to turn off remote access to it and change the default password!)
You're not allowed to drive a car, own a gun or even rent a chainsaw without some basic instruction ... why the heck do people think something with the potential power of a PC should be okay to use without taking some basic precautions?
Uhh, there's a significant difference there
"You're not allowed to drive a car, own a gun or even rent a chainsaw without some basic instruction ... why the heck do people think something with the potential power of a PC"
The last time I checked, a PC was unable to run someone over, fire a chunk of metal through their head, or slice them in half. Government regulations are there to protect people from being physically harmed or killed, not from being annoyed. The regulations are not there because of the societal impact of the device in question.
The pen may be mightier than the sword, but just because words can start a war doesn't mean a ballpoint should be as hard to own as an F16.
I did not know ...
... that there was more free software available for Windows than for Linux.
Installation vs. Usage
If one takes all the comments and arguments listed above then one can say that well over 90% of mainstream internet usage will take place on Windows-based machines, regardless of smart-PPC-enabled-tablets etc.
The vast and huge majority of users go on the internet at their work place and at home using PCs with Windows installed, so a solid couple of hours per day on average (including weekends) : nothing else can top that.
So the target for all the malware attacks is clearly Windows, especially with loads of legacy-based problems and security flaws that still haven't been correctly resolved, making it an easier target.
All the discussion about Apple toys, Linux rootards or not, the next couple of years the main target will be Windows. All the other internet-connected devices are of way less interest to the "bad guys".
"All the other internet-connected devices are of way less interest to the "bad guys"."
Not true at all. The most valuable targets would be the servers full of credit card information.
I suppose they resent how they are often treated by other people
But I do not think that is an excuse for the behaviour of these malware dwarfs. They should be caught, tried, and sent to prison for a long stretch.
They hide under your desk, you know.
P.S. Obviously a lot of virus vulnerable software only -happens- to run on Windows - Adobe Reader for instance.
"You're not allowed to drive a car, own a gun or even rent a chainsaw without some basic instruction ... why the heck do people think something with the potential power of a PC"
When the el reg headline is "Government introduces mandatory test to use internet" what will the comment section look like???
Microsoft always has and always will be a platform for others to make money. Including malware authors.
AV protection on Linux is actually quite good, most of the major AV firms have clients and the update definitions are the same as for windows. If you run email servers you should use it. If you run Linux email servers for a company you should pay for AV protection. If your an umbongo user you'll be fine without it.....just don't do:
As this is turning into a rather lame (thankfully) flame-war, I'll side with beer
These servers should not be on the internet in the first place, but that is a completely different story.
Aah .. and when I think of it, a lot of them are running Windows anyway, so that only comforts my theory .....
Windows isn't 90%
Malware developers concentrate on Windows because it is easy. Users are uneducated and anti-virus products are after-the-fact solutions so if your signatures aren't instantly updated you're going to get p0wned.
The iOS, Mac OSX, Android, Linux, Symbian and PalmOS would all be very attractive targets because they are quite likely more prevalent than Windows these days and yet they still don't get anything like the activity.
Market share of Windows is a smoke screen. Windows is insecure largely due to the users and the way much of the software out there still requires admin rights to work properly.
As you can see from my other postings I am happy to blast MS, Oracle, Adobe and others. But it is untrue that Windows users must run as Admin.
Firefox, OpenOffice, Word, GIMP, Bittorrent, Inkscape,Chrome and many, many others work perfectly as non-Admin. You might have to log in as Admin to perform updates (Mozilla, you read me ??), though.
Fact is that most Windows users are ignorants and that is as rude as telling an alcoholic that she drinks too much. Maybe pointless, but still the F@....g Truth.
I run Windows as non-Admin since WNT4.0 (1997 ?) and it works without any issues. Most users just start bitching when they have to use their precious brain cells to comprehend the difference between Admin and non-Admin users. Everybody is sooo concerned about those retards, especially the virus scanner guys who want to sell their wares to the ignorants.
Go Learn Computer-Thing. Bring Computer-Thing to Expert For Maintenance. Spend Money On That. Like You Do With Your Automobile-Thing.
Windows PCs" the author writes. Then, the commentards foul the water with server chatter which is irrelevant.
Of course Linux on the desktop is superior. That is why it has recently falled to .85% - less than 1% of web traffic.
The survey pertained to PCs.
Written from a box representing that vast less than one percent whilst logged in as Faux-Root, the increasingly popular Linux remedy for uppity Root users.
"All this windows hatred is a sickness."
...you tell the retards to prefix anything on their Ubuntu machine with sudo ?
sudo rm -Rf /tmp/..
sudo rm -f /lastFsckingBrainCellNotWastedOnFarcebook
After all, the retards "have a right" to a "simple user experience", as they have on Windows while being Admin.
% this % that
Wouldnt' matter if it was 90% market share or 50.000000001%, it would still make sense for the virus writers to aim for the largest segment, I'm more surprised its not 99.9999% - the 0.6% targeted at non-windows based machines are narrowing their audience - bad business.
If anything I'd guess the 0.6% were just experimenting to prove a concept.
It's a damn sight more than 99%
If your definition of malware embraces unwanted and irrelevant applicaitons which piggyback on legitimate software with installation selected by default.
This would include things like the Yahoo / Bing toolbars (Sure as hell not relevant to Sun/Oracle Java, but ibncluded nevertheless) Yahoo Toolbar, default search to Yahoo (AV bloody G)
If this crapware was actually any good, surely people would want it on its merits and there would be no driver to hide it in irrelevant applications.