back to article China is world's most malware-ridden nation

Some 55 per cent of Chinese computers are infected with malware, the highest of any country worldwide, according to the latest Annual Security Report from Panda Security. The Spanish security vendor’s Panda Labs research team reported 27 million new strains of malware in 2012, bringing the total in its database to 125m. It said …

COMMENTS

This topic is closed for new posts.
Silver badge
Linux

Malware

for Mac and Windows but no mention of Linux?

1
1
Silver badge

Re: Malware

Don't encourage them for heaven's sake!

I dare say it'll only be a matter of time before malware specifically targetting Linux will be out there. It already targets Android, and I'd imagine it won't be long before someone is hosting a dodgy APT mirror for Ubuntu full of trojan-ed debs/isos causing headaches for all concerned.

4
0
Bronze badge

Re: Malware

It's a classic numbers game - if you're going to put effort into writing malware, you write it for platforms that have a high head count relative to effort. In the past, this was exclusively Windows as MS had the market stitched up.

As times move on and mobile platforms as well as Apple's OSX gained traction, these get attacked.

OS that are prevalent in home user kit is also a more likely to be attacked - it's amazing how many machines with no (or expired Symantec etc) there are. Corporates tend to be better protected, so require more effort. As Linux in the end-user context is not too common (not to mention has more forks than my mums cutlery set), it's not worth the effort at the moment, ergo no virii.

2
1
Bronze badge
Headmaster

de viro

ergo no virii.

Latin plural for virus is non existent, or very rare. English is viruses.

As Linux in the end-user context is not too common (not to mention has more forks than my mums cutlery set)

Linux, nor *BSD are not designed in the constant afterthought way. "Let's do what we can and think later", unlike that very popular system. AV is not needed on a normal system by principle, since it's too much prone to errors of both the 1st and 2nd order.

2
0
Silver badge

Virii?

What's Latin for malware? Come on, come on!

Virus.

Goes like?

Annus

Plural is?

Anni.

Viri. Understand? Now write it out a hundred times.

2
3
Bronze badge
Linux

@Stuart Longland

I dare say it'll only be a matter of time before malware specifically targetting Linux will be out there.

You dare too much, sir. Just want to point out to some inconsistencies in your argument (smells of Windows logic to me):

-- it's been a matter of time for 20 years now. Saying, it's not popular is incorrect statement. Think (web) servers, supercomputers, embedded devices etc

-- implementing your hypothetical trojaned debs and isos might a little harder than you think, you gotta poison the apt-keys first, since the apt system checks every package for it's gpg signature and some sha sum. As for the isos, again Ubuntu and everyone else publish the sha sums along with gpg/pgp signatures, you can routinely check against (I recall that a vanilla Windows didn't even have a util for md5sum)

-- equating Android with Windows from the malware pov popularity needs a leap of faith and a little ignorance/fud. I yet have to meet someone who had suffered from an Android malware, while almost all my friends experienced it on Windows.

MS Windows has no transparent permissions system, no mandatory sandboxinx container for an app (unique uid per every app) . Yes, a better solution is indeed a trusted repositories/ports.

3
0
Anonymous Coward

Re: Malware

Very few people in China run it.

0
0
Anonymous Coward

Re: @Stuart Longland

There is malware out there specifically targetting Linux. I'm not sure if you recall the various worms in the first half of 200x, or if you're unaware of the families of router worms out there (specifically targeting Linux-based firmware, and likely still being actively developed).

I use Linux on the desktop because Windows IS crap, but that's because it's a clone of *VMS without any of the useful utils or the DEC shell, and thus doesn't suit what I need to do. But Linux's security isn't perfect either, and I would usually spend some time hardening my systems if they're going to be internet-facing. Even then, things like Apache won't play ball brilliantly with fstack-protection options and so lack important security measures.

The number of memory corruption exploits in default Linux desktop software like Firefox is also ridiculous, and I see there's even a Java plugin in the browser enabled by default in popular distributions now, and glibc's only real benefit is that there are so many null pointers that you're likely to hit a DoS while trying to gain code exec.

I believe ettercap's sourceforge was backdoored for a while (possibly by zf0, my memory fails me) and said backdoored source was including in multiple repositories, too.

There are sadly multiple ways of ingress on any even semi-popular desktop/mobile operating system and Linux is no exception.

1
0
Anonymous Coward

Re: Malware

Erm, I thought virii was one of those rare irregular plurals, actually meaning "men" and not "viruses"... something which might handily catch out your common or garden wise-arse with little actual knowledge... as it appears to have done more than once here. While the plural of virus can only be viruses, perhaps ironically, the first occurrence of "virii" here can possibly be forgiven...

it's not worth the effort at the moment, ergo no virii.

it's not worth the effort at the moment, so no men [are bothering with it]

1
1
Silver badge

@eulampios

You're correct that Linux is popular for "servers, supercomputers, embedded devices etc" - but no-one should be browsing* the Internet or plugging random USB sticks into such devices, the malware vector du jour. The most dangerous person (from a security perspective) in any organisation is the one who says "I don't need to worry about security, because my platform is inherently secure".

* If you have sysadmins browsing from a server, they need a stern talking-to; if your firewall permits such access, you need tighter rules.

1
0
Anonymous Coward

Re: Malware

"Very few people in China run it".

This report was about the world not China along. IBM is running a lot of Linux, for instance, the Post Office, in China.

0
0

The reson for very little Linux malware

The general public don't know how to secure a machine. They buy a Windows box off the shelf and run with it as is, not bothering to install AV, tighten down permissions, adding service patches, etc. They also like to download software from unheard of sites and run them on their machine, getting infected by who-knows-what.

If Linux came pre-installed in off the shelf boxes, the same members of the public would make the same mistakes they do with windows machines.

Remember, that the majority of people who install Linux are like the Average Windows user on this site. We are all the kind who like to fiddle with out machines and tinker with the settings. We don't get infected because we don't do stupid things. The general public don't tinker with their machines enough to install Linux themselves.

Should Linux ever overtake Windows in the Preinstalled Operating System market, then it will have just as many open doors for the virus writers to infect through.

1
1
Silver badge
Linux

Re: The reson for very little Linux malware

"not bothering to install AV".

You are right, of course, but lets not forget that AV is needed only because the OS, or programs, are insecure.

Every virus attacks a weakness in the software. There are and there have been and there will be more virus attacks on Linux too. But the +1M viruses written for Windows cannot be explained only by the number of Windows machines even if I understand it's the simple and (only) explanation Microsoft has to offer.

Unix is simply more secure through its architecture. There are of course, too, bad stuff, going on where there is really no difference at all between what ever OS, weak passwords and such things. Also it's not only about desktops being attacked, servers are attacked too (not that you claimed otherwise).

"We are all the kind who like to fiddle with out machines and tinker with the settings"

May bee, but that is exactly what one would expect not to have to do when buying a "box off the shelf".

2
2
Bronze badge

@Chris

but no-one should be browsing* the Internet or plugging random USB sticks into

I do it all the time and nothing happens to me. Yes I do have a noscript (mostly to block the idiotic ad scripts) and the with AppArmor/SELinux profiling to guard against those Java/js and many more 0-day risks. A file won't execute by itself when a usb stick is inserted into the machine.

When I was a gullible Windows user (<2004) it happened to me many times both with many floppies and on IE.

On a proper server there might be some additional precautions and guards, like mount and AppArmor/SELinux policies. When it usually gets hacked it's not malware or a vulnerability related, but an ssh policy, bad password, poorly implemented custom software or cgi scripts

0
0
Bronze badge

@WIze

The general public don't know how to secure a machine.

Some sophisticated commercial software manufacturers don't know or care, so why demanding it from the general public? My own experience of installing variants of Ubuntu and Linux Mint has not yet concluded with a single malware infection case, moreover, in those cases a system once being installed to solve some serious Windows issues would not need any further intervention, it just runs and runs.

Anyways, I presume your knowledge about Linux a purely theoretical.

You should know, that unlike Windows users, GNU/Linux and *BSD users do not install from the unknown sources. The sources are known and trusted, called repositories, (or ports for *BSD)

Of course you have to be fixing the Windows mindset, and this Windows education (thanks to Microsoft and corruption for our schools) for the first few days. When a user tries to go out to the Web to download and install something. Instead of firing up a package manager to only search for and check the desired packages: "I had to do it on Windows, now this is too simple and logical to be true!"

We who use Linux/BSD usually don't do stupid things, however, our OS is not in the habit of betraying us either.

1
1
Bronze badge
Mushroom

Re: Malware

You are a bit behind the times. There are over 800 types of known malware that are written specifically to target Linux..

And Android (based on Linux) has more Malware that Windows managed in ~ 15 years!

0
2
Anonymous Coward

Re: Malware

Isnt China the largest user of Linux on the desktop?

0
0
Anonymous Coward

Re: @Stuart Longland

Try installing Powershell. Its more capable than any shell available on UNIX or Linux based systems.

0
0
Anonymous Coward

Re: The reson for very little Linux malware

" it will have just as many open doors for the virus writers to infect through." - Actually Linux is a lot worse than Windows these days for vulnerabilities.

Just look at where Linux is used heavily on the Internet - and even though that doesn't involve console user interaction, Linux boxes have roughly a 3 times higher risk of being hacked than a Windows one.

0
0
Anonymous Coward

Re: The reson for very little Linux malware

Explain how Android has even more viruses in a much shorter time than Windows then? After all. it's a version of UNIX / Linux.

0
1
Anonymous Coward

Re: The reson for very little Linux malware

Erm, but that's not demonstrably not correct. "Unix is simply more secure through its architecture" - actually Windows should be more secure from the architecture as it has a more secure hybrid microkernel architecture - with a much smaller attack surface than a monolithic kernel. Also Windows has full ACL security baked in from the kernel upwards, whereas with Linux its a bolt on afterthought with options such as SEL Linux.

0
1
Bronze badge

Re: Malware

You are a bit behind the times. -- I am.

There are over 800 types of known malware that are written specifically to target Linux.. -- They are written already, contrary to what other commenters are saying? Nice, when will they finally start spreading? How do I get "infected"? Please, don't advise me to download, chmod and run it in the terminal.

And Android (based on Linux) has more Malware that Windows managed in ~ 15 years!

Yeah, it Android has many, very few people really saw one.

1
0
Bronze badge
Facepalm

@AC, the power user of shell, aka powershell user

You also state that Visual Studio is a match to the GNU Emacs, Microsoft Equations plugin is more powerful/convenient than texlive suite, and that Microsoft Windows 8 RT is a slimmer system than GNU/Linux, Android or iOS, both on ARM and x86.

0
0
Silver badge

Re: @Stuart Longland

I assume you've heard of openVMS ?

0
0
Silver badge
Pint

Re: The reson for very little Linux malware

"Windows should be more secure". My opinion too. Still I think most of the Windows machines out there will happily try to run any .exe file if you click on it.

1
0
Silver badge
Devil

Re: The reson for very little Linux malware

" Also Windows has full ACL security baked in from the kernel upwards, whereas with Linux its a bolt on afterthought with options such as SEL Linux."

Don't forget, the oft forgotten FreeBSD has kernel acl support at default

0
0
Silver badge
Thumb Down

Re: @Stuart Longland

> Try installing Powershell. Its more capable than any shell available on UNIX or Linux based systems.

Demonstrate a autoconf generated Bourne Shell script running unmodified in PowerShell then maybe it has a use to me.

0
0
Anonymous Coward

Re: The reson for very little Linux malware

Agreed - BSD is relatively secure. But I was talking about Linux, which really isnt.

0
1
Anonymous Coward

Re: @AC, the power user of shell, aka powershell user

I cant see where i state that. But Visual Studio is certainly one of the best IDEs on the planet. And indeed - something that is already there is more convenient for equations than a third party addon.

The only exception there is Windows RT - but then its a full OS - not a cutdown like Android and IOS. Its certainly slimmer than most Linux distributions though.

0
0
Bronze badge

GNU Emacs

But Visual Studio is certainly one of the best IDEs on the planet.

I have used VS.for some time and have been using GNU Emacs. That's why I know that VS is a narrowly oriented IDE, a mouse clicking IDE.

*grep-mode ( a hyperlinking grep putput buffer)

*tons of prog languages, (La)TeX in VS? Any CAS'?

*running a shell (hence any command) on a region wit arguments?

*tex editing capabilities that can't be beat (vim is the only one that can compare to this), with elisp built into, hot keys etc

*tramp mode to run sudo/su/ssh etc

*dired mode - a file manager

*email client

*terminal emulator

*info-mode a help environment, fast and easy to navigate

*org-mode - spreadsheets, publishing and beyond

*calc (both standalone and embedded): can your ide perform calculations with infinite precisions? units conversion, differentiate and take integrals?

Its certainly slimmer than most Linux distributions though.

Yeah, right exactly: more than 12gb of Win RT < 5.6 gb Ubuntu, both with office , plus Ubuntu got much more, like GNU Emacs

<---------- ElReg, WTF, where the GNU Emacs icon?

0
0
Silver badge

Re: @Stuart Longland

I should probably clarify my position here.

(1) I'm well aware of the position of Linux in the IT industry. It is widely deployed just about everywhere except the consumer desktop or business workstation. Even there, it has been slowly increasing.

(2) As for gpg key signing first have a read of http://wiki.debian.org/SecureApt then have a read of http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html

(3) Unless you've checked the ISO image that a CD was produced from for tampering, there is no guarantee that someone hasn't compromised the gpg executable and related libraries and thus, totally hosed the protections.

(4) OEM installs and such-like leave people the most at risk, since the user has no opportunity to verify their installation hasn't been compromised. We've already seen this on Windows.

Admittedly (2) can be easily overcome, APT thankfully does store the FULL and COMPLETE 64-bit ID, it really should be storing the fingerprint. Many people solve (4) by doing the installation themselves, and (3) requires people to do careful checking of their own.

MD5/SHA/RIPEMD on their own is not a defence, and for what its worth, signing binaries on Windows tends to use SSL-style techniques. A system that is based on a hierarchy of trust rather than GPG's web-of-trust. This system isn't infallible either.

Unfortunately (3) and (4) is going to be a bit unrealistic for the average consumer who just wants to use their computer. Thus malware will continue to be a problem, and it will jump ship to whatever target is deemed to produce the most bang per buck.

The rest of us, need to remain vigilant.

1
0
Bronze badge

Re: @Stuart Longland

Hello Stuart,

(2) this is just a hocus-pocus with key IDs

your link talks about the so-called "gpg/pp key ID collision", there is no problem with that, these are truncated versions of the fingerprints (hashes of the actual keys), these are not used to verify signatures, all more so, to forge a file signature. A key ID is used for the identification purposes. You can check you local public ring file (.gnupg./pubring.gpg that stores longer longer hashes) or run

gpg --list-keys --fingerprint

There is also a massage written by Jon that explains it even better.

(3) yes I referred to the iso hashes and signatures of the hash files, these are the ones you find published. CD's integrity is are checked not for security purposes but rather to see if the burned correctly.

(4) not applicable, I was talking about Linux, even if OEMs "finally grow up" and start shipping with Linux I am almost sure, to use a system of my choice, it would be great just because no MS tax is involved.

sha256, sha512 is not good defense? with salts and multiple iterations. Maybe when quantum computers become a reality...

( with no collisions known and yet no theoretically possible ones?) a salted sha512 password hashing is used in most distros about 5 or so now

It is easier just to hack a machine that signs packages, but one machine is not enough, since things are multiply signed, moreover, you'd have to collide hashes of the source code as well. In those cases when git is used for versioning, good luck succeeding there as well.

So risks is non-zero, yet (with modern technology) is infinitesimally small

--regards

0
0
Anonymous Coward

Re: GNU Emacs

Windows RT uses about 8GB actually for the OS and preinstalled apps - including a full install of Office.

0
1
Bronze badge

Re: GNU Emacs

Windows RT uses about 8GB actually for the OS and preinstalled apps - including a full install of Office.

No, about 12gb. But this doesn't make any difference. So one would wonder what does it need it for, maybe it's just an indication of bloat? Preinstalled apps, why preinstall them ? Any GNU/Linux would then use 40g with installation. I am imagining Linux Mint iso 45gb (with preinstalled apps)

1
0
Bronze badge
Coat

Lovely numbers

I still bet staff will randomly plug in usb drives infected with stuff and then wonder this file isnt working and this annoying person from IT keeps telling me to say something is attacking my machine.

0
0

Lets see...

China has:

- traditionally low IT knowledge in the masses

- has relatively new access to the internet

- has almost non-existent awareness campaigns about IT Security

- are traditionally skint

- are skeptical of US products, and AV is no exception

Ergo...lots of uneducated internet newbies getting infected and because they were too skint and uneducated about where to get and install AV, and too untrained to recognise the symptoms of infection = huge malware infection rates.

0
0
Anonymous Coward

Re: Lets see...

Plus they run IE6 a lot too.

1
0
Silver badge

100% of Chinese are infected by this same malware

It's called communism......and apparently it's extremely difficult to remove.

0
2
Silver badge

Re: 100% of Chinese are infected by this same malware

Lots of people trying to make lots of money, and lots of competition - doesn't sound like the spirit of communism to me. Regardless, in this case it is malware called Americanism which is causing users to use a virus prone operating system. And yes, it is extremely difficult to remove.

2
0
Anonymous Coward

Re: 100% of Chinese are infected by this same malware

The communism part is their lack of care for their workers or copyright laws.

0
1
Silver badge

Re: 100% of Chinese are infected by this same malware

@ Ole

>Lots of people trying to make lots of money, and lots of competition

That could also refer to Russia.

>doesn't sound like the spirit of communism to me

See above

>in this case it is malware called Americanism which is causing users to use a virus prone operating system

No, people always have the choice, Linux is free after all. I imagine that no-one forces them to use windows. If people aren't willing to change their OS for themselves then the large commercial compaines will definately try their best to sell their wares... Again that's not the fault of the Americans.

The last I looked the Chinese Government were definately communist. The fact that corruption appears to be rife is another problem.

0
0
Anonymous Coward

Re: 100% of Chinese are infected by this same malware

"Communist" is just a word. They're not "Communists" in the way of the Soviets were, nor the North Koreans, nor even the Cubans, or even less any of the Western Communist parties (who don't want to be associated with China anymore). They're actually an aristocracy, and it's closer to the Chinese Imperial model than to anything Marx or Engels envisioned.

Americans loving to be scared of Communists, they like to repeat the word as a mantra.

About choice: You're not aware of the market ways there. Banks, e-commerce websites in China are forcing users to install software so they can access their accounts online. That software is only available for Windows. So unless you want a useless PC that you can do nothing with online, you must install Windows.

Yes, the lack of consumer protection is the thing to blame there, sadly.

But Linux has its uses, like when the Chinese government ostensibly developed its own distro, Red Flag Linux, to threaten Microsoft. MS gave in, accepted extremely low licensing costs, access to the Windows source code, and obligingly replaced some crypto bits by a Chinese version, just in case those NSA Capitalists would have put something there (why would they ever suspect those nice, honest Capitalists to do that, I wonder?).

1
0
Silver badge

Re: 100% of Chinese are infected by this same malware

@AC 12:38

I think you may find that the CPC was in fact founded, in 1921, upon Marxist ideas. They have also included a few of their own ideals but the gist of things remain the same.

or would you prefer that I had called it a totalitarian ?

0
1
Silver badge

The stats may lend some credence to the Chinese government’s oft-heard refrain that it is a victim, not a perpetrator, of cyber crime.

Maybe, but I don't think so. From the little that I've seen, it would be the malware attached to keygens and assorted other less-than-officially-gained softwares that is causing it.

Like I said, from the little that I've seen (several corporate sites), that kind of thing is so rife, they have boxes that either can't be rebuilt, or even re-install certain software that's causing problems because they "don't have the installation files anymore".

1
0
Bronze badge
Facepalm

All that malware geez..........A well at least the bamboo curtain seems to be good for keeping something in.

0
0
Anonymous Coward

>rounds up cyber hoodlums and crime gangs

as recruits for the cyber army?

0
0
FAIL

PC Security is Shithouse

We've been talking about the country with the greatest incident of malware. What about the one with the least? Looking at the report, it turns out to be Sweden, at 20.25 percent of infected PCs. It's not in single figures, as one would hope. Instead, it's just over a third of the Chinese figure - not a tenth or a hundredth. One deduces that every other country in the world has a higher infection rate than the 20.25% given above. It's a disgrace. At least a fifth of the world's PCs are infected, and the average is probably closer to a third.

I have a dream: to live in a world where, without too much IT knowledge, you can buy a PC and use it without being infected with crap. To type your assignments without being corrupted by random software, and to use your broswer without being hassled by redirects and login/password thefts.

But we don't live in that world. Turns out PCs have a greater infection rate that sharing needles in a crackhouse held in a TB ward.

3
0
This topic is closed for new posts.

Forums