back to article Microsoft: Pirates at high risk of malware infection

Web-based attacks are on the rise, but according to Microsoft security researchers, the risks involved with casual browsing are nothing compared to the dangers of downloading and sharing illicit software, videos, music, and other media. In the latest edition of the Microsoft Security Intelligence Report, published on Monday, …

COMMENTS

This topic is closed for new posts.
  1. Lars Silver badge
    Joke

    From now on

    I will use only Microsoft.com (and never use any Microsoft products) I will be safe now, I hope.

    1. Anonymous Coward
      Anonymous Coward

      I had no idea

      I had no idea how much spying Microsoft were into, yes they are watching you right now.

    2. LarsG
      Meh

      HEADLINE

      Microsoft disappointed that numbers of Win8 pirate copies are down 95% compared to XP, Vista and Win7.

      An insider reported that while Microsoft publicly claim that the reason behind this are the anti piracy and security measures built in to the program, the truth is somewhat different.

      There are concerns from on high that they have got it wrong, that the release will fail and that the lack of piracy interest is down to the unpopularity of Win8.

      1. h4rm0ny

        Re: HEADLINE

        And this insight into the inner discussions of upper MS management is confirmed by...?

  2. Big-nosed Pengie
    Linux

    Microsoft: Windows users at high risk of malware infection

    I fixed that for you.

    1. Anonymous Coward
      Anonymous Coward

      Windows users at a higher risk of malware infection

      There, fixed your fix.

      Easy mistake to make when your head is stuck in the sand.

      1. Ben Tasker

        Re: Windows users at a higher risk of malware infection

        Just to be pedantic, saying that one category of user is at high risk doesn't necessarily indicate that no other category is at risk.

        For that matter, saying that category is at a higher risk doesn't necessarily indicate that any other category is at risk. A probabability of 0.1 is still higher than 0.

        So, both title were correct, but yours doesn't imply what you thought.

    2. Wade Burchette
      Stop

      Re: Microsoft: Windows users at high risk of malware infection

      Yeah, and London is more secure from terrorists than New York City because London has never had a plane crashed into one of its buildings. Essentially this is what you are saying: The system that is targeted more because more people use it is less safe than the system that is targeted less. Every complex system has its weaknesses. If Mac was the dominant PC, then it would have the same problems with malware as Windows. The same with Linux. If Linux truly was secure, there would be no need to antivirus programs for my Android phone.

      1. Anonymous Coward
        Anonymous Coward

        @Wade Burchette - Re: Microsoft: Windows users at high risk of malware infection

        Although Linux based, Andrdoid is not Linux. And the fact that you are running an anti-virus on it is also not relevant since there are people who were tricked into buying and running anti-virus on Linux. In the end, maybe Mac and Linux could be vulnerable some day while Windows certainly has been all the time. And it still is. I mean like now. Just count the malware titles having "Win32/" in their names and you'll be able to see it with your eyes.

      2. Ben Tasker

        Re: Microsoft: Windows users at high risk of malware infection

        @Wade

        The system that is targeted more because more people use it is less safe than the system that is targeted less.

        Not necessarily true. It's quite possible that an OS that is targeted less could still be less safe than one which is targeted more. All that can accurately be said is that you are more likely to encounter malware aimed at the OS that is targeted less. It doesn't necessarily make you less safe though (for example, if the vendor is quick at releasing security patches).

        If Linux truly was secure, there would be no need to antivirus programs for my Android phone.

        Someone else has already pointed out the issue with comparison to Android, so I'll skip that bit. But ask yourself, if I told you BenOS was 'truly secure' would you run it without ever checking for malware? Not necessarily an 'on-access' scanner, but perhaps a cursory check every now and then? I wouldn't and I don't think anyone with a modicum of sense would - in other words the availability/use of AV is a really poor measuring stick as it usually pays to be careful regardless of what you're running

  3. Old Handle

    That was about equal parts Captain Obvious martial and pure nonsense. Okay, yes malware is sometimes disguised as warez (does anyone still use that term?). But to start with, classifying a key generator as malware is clearly nothing but propaganda. And the fact that they're even collecting data on it with a supposedly anti-malware, not anti-piracy, product strikes me as unethical.

    But more importantly, their statistics were unimpressive, and I suspect they knew it. If 83.2% of infected system do not show evidence of pirated software, then right off, they're not making a very strong case. When they say 76% of of system with evidence of pirated software also have malware, that's starting to sound interesting, but they never clearly state how much higher than normal that is. And considering their expansive definition, it wouldn't surprise me at all if close to that percent of the general population had something "potentially unwanted".

    1. Robert Carnegie Silver badge

      So - read the licence.

      "But to start with, classifying a key generator as malware is clearly nothing but propaganda. And the fact that they're even collecting data on it with a supposedly anti-malware, not anti-piracy, product strikes me as unethical."

      I hope that didn't strike you too hard. As far as I recall, the click-through licence for the "Malicious Software Removal Tool"

      www.microsoft.com/security/pc-security/malware-removal.aspx

      which you see at least the first time you install it, authorizes Microsoft to delete anything on your PC that they don't like. So you may want to think twice about that.

      1. Ben Tasker

        Re: So - read the licence.

        Because putting something into your Terms & Conditions is all that's required to make it ethical?

        It might make it legal (depending on the term) but it doesn't make it ethical any more than spraying a notification across Tower bridge would.

        1. Oddb0d

          Re: So - read the licence.

          The stats being discussed were clearly taken from installs of MS Security Essentials (and possibly Forefront) which requires user permission to report detections back to MS, it is clearly stated when you install the program and is easily turned off with a single checkbox.

          I fail to see anything unethical here.

          1. Ben Tasker

            Re: So - read the licence.

            I fail to see anything unethical here

            I suspect the OP's point was that classifying something harmless (to your machine/data) as malware just so you can report back is unethical. Some keygen's carry malware, but not all do, so if those that don't are being reported back it's a bit of an issue.

            That said, my post was more in response to the previous poster who implied it was ethical because it was in the terms and conditions.

  4. Mike Flugennock
    Coffee/keyboard

    PIRATES at high risk of malware infection?

    Y'mean, like people who actually paid for stuff aren't at any risk? Are you guys sure that those "Microsoft Security Researchers" didn't issue that statement as some kind of prank, or a troll, or something?

    Microsoft Security Intelligence Report? Trustworthy Computing Group? Christ, somebody tie me to a railroad track...

  5. Kevin 6
    Thumb Down

    Wow

    What about the people who pay for legit programs from the store, and have the CD riddled with malware?

    I've had it in the past a stamped CD infected with a virus before. That's not counting Symantec or McAfee software which have done more damage than most malware strains I've seen to the computers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wow

      Sony's rootkitted music CDs as well.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wow

        I thought they were referring to the PCs in China that were sold with infected Windows (how can you tell?), considering that this report was released after they've probably got that one fixed.

  6. Tom 35

    Sounds like they are leading up to...

    Everyone has to buy Windows 8 and only buy your software from the Windows 8 app store. Only then will you be safe.

    If you get it from any place else it will kill a kitten, then crap on your kitchen table.

    1. Miek
      Linux

      Re: Sounds like they are leading up to...

      "it will kill a kitten, then crap on your kitchen table" -- I thought that was it's main functionality.

  7. Gweilo

    Keygen a threat?

    "Win32/Keygen, in particular, was the most frequently detected potential threat across every version of Windows studied."

    1) Download software from legit site

    2) Find keygen. Run in a sandbox to get a serial number while blocking any potential side effects

    3) Run installer, input serial

    I've got a box full of bootleg CD installers. Never had a single infection from any. And a lot less hassle than from the legal software with its incessant nagging to upgrade and phoning home.

    Warez sites have feedback and forums and infected stuff is reported pretty quickly and blacklisted. A lot quicker than MS will admit they have a problem

    I'm not addressing any moral issues, just the bullshit equation of warez with viruses that these "surveys" by software vendors always make. I think the major malware vector is the browser by far, and MIcrosoft's IE led the way in making that easy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Keygen a threat?

      "I've got a box full of bootleg CD installers. Never had a single infection from any. And a lot less hassle than from the legal software with its incessant nagging to upgrade and phoning home."

      So, what you are saying is that you steal stuff and cover your tracks so that you are {hopefully} protected from any nasty side effects of your illegal activity.

      If you can't afford to pay for something, find an open source equivalent.

      1. This post has been deleted by its author

      2. The BigYin

        Re: Keygen a threat?

        "So, what you are saying is that you steal stuff and cover your tracks so that you are {hopefully} protected from any nasty side effects of your illegal activity."

        I think they are saying that they infringe the copyright license, I don't think they are stealing anything. Not that that makes it any better. Of course, they could have a legit copy and are using the bootleg to by-pass all the DRM nonsense that gets in the way of a decent playing experience.

        "If you can't afford to pay for something, find an open source equivalent."

        Open Sources (and even Free Software) are not always zero-cost. I agree with the sentiment; don't consume or simply wait for the price to come down. That game? It'll be in the bargain bucket soon enough, and if it's a good game it'll still be a good game.

        1. Anonymous Coward
          Anonymous Coward

          @The BigYin - Re: Keygen a threat?

          You're mixing freeware with free software. Nothing in the license of free and open source software says anything about cost of that software (except maybe for distribution costs). It is all about the freedoms being granted to you by the person/organization distributing the software.

    2. Anonymous Coward
      Anonymous Coward

      Re: Keygen a threat?

      so the main threat is a false positive heuristic detection based on filename?

      the pirates be doomed I tell ya

      1. Miek
        Linux

        Re: Keygen a threat?

        "so the main threat is a false positive heuristic detection based on filename?" -- No, those files are categorised as "KeyGens", in that, they generate illicit keys for software and get detected as mal-ware because their use is harmful to the software makers business not your PC itself.

  8. Anonymous Coward
    Anonymous Coward

    You can get viruses from films and music files? This is news; unless you count the old "you need this codec to play this not-a-video-file-at-all" scam.

    1. Anonymous Coward
      Anonymous Coward

      Bad form replying to myself, I know; but...

      "A category of malware called ASX/Wimad can disguise itself as a number of popular media file formats – including MP3, AVI, and WMV, among others – and exploit a Windows Media Player bug to download a malware payload."

      HAHAHA! Own goal from Microsoft there.

      1. h4rm0ny

        "HAHAHA! Own goal from Microsoft there."

        Why "HAHAHA!" ? Every infected PC is a victory from criminals that rip others off or use the infected machine to spam you or DDOS businesses. Activity that costs us all either directly or indirectly. Why celebrate when a flaw is found in an OS or piece of software? You're basically a football fan for companies, aren't you?

        1. Anonymous Coward
          Anonymous Coward

          re: harmony or whatever

          Yes, it does cost us, directly and indirectly, and you know what? I've never received a check from Microsoft paying me back for the time I've spent fixing their mistake.

          If you have a name and address I can send an invoice to, please forward it to The Register. I'm sure they'll send it on to me.

        2. Anonymous Coward
          Anonymous Coward

          You don't get the irony of Microsoft warning people about -and it was in the first paragraph- about the dangers of music and video files when the main dangers are both the fault of Microsoft software?

          1) The only malware named in the article that would give you a dose was not either a music or video file; but a file that exploits Windows Media Player to get in.

          2) As Rattus Rattus points out, the default setting of Windows is to hide file extensions; which helps miscreants no end.

          3) Of course, the browser can be javascripted into downloading naughtyware; but that could happen to any browser.

          The main dangers to iffy films and music then are Microsoft-generated. I was laughing at the hypocrisy of the warning; not at the victims. And for the record I have no particular axe to grind with any company (except, possibly Sony) and am using Windows to type this.

    2. Rattus Rattus

      Or, since Windows oh-so-helpfully hides file extensions by default, someone may have downloaded a file called "britneys_tits.mpg.exe"

    3. Killraven

      Multiple times I've had .WMV files try to install something that wasn't a codec when I tried to play them. I no longer play in this format, converting to something else first, if I really want to see it.

  9. Ole Juul

    preying indeed

    "Preying on the desire to 'get a good deal' is a form of social engineering that has been around for a long time, but it's proving to be a perennially popular method for malware distributors," writes Joe Blackbird of Microsoft Malware Protection Center."

    Indeed, I've seen many a new computer come pre-installed with what at first appears to be a free OS.

  10. Killraven
    FAIL

    Everything old is new again...

    While providing no real information that we didn't know ten years ago, it's a fair enough article. Too bad that the entire things reeks of being nothing more than yet another setup for a derogatory byline.

  11. Anonymous Coward
    Anonymous Coward

    And I wouldn't be surprised

    if companies like Microsoft and Adobe deliberately release malware-infected versions of their products onto bittorrent sites, 1) to give their "pirated products always contain malware" claims credence and 2) more likely, to allow them to track and trace people pirating their software.

    Like the shills that claim in the comments on torrent sites "OMG this torrent has a VIRUS!!!!1one!1!" for one that actually doesn't, or alternatively "All those claiming there's a virus in this are LYING!!!1one!" for one that they've planted that does.

    As with anything in life, use your head and take your chances.

  12. Paul J Turner

    Pirates at high risk of malware infection

    Or a free copy of 'Windows 8' as the rest of us know it.

  13. tomban
    Holmes

    See icon

    See title

  14. Anonymous Coward
    Windows

    Microsoft is part of the problem too...

    Now, before I continue let me stress out that this isn't a black/white kind of situation and I'm not 'attacking' Microsoft over this because I can fully understand why they're doing what they do.

    Microsoft fights software pirates and I can respect that. I don't always agree with it but in the end I do think one can only respect if a company tries to protect its income. However; there's one thing which I think doesn't do them much credit and only puts the Net as a whole at risk.

    Because Microsoft has a tendency to block off pirated (illegal) computers from receiving (security) updates. I can understand that MS doesn't want "freeloaders" to usurp their services, ones which regular customers pay for (keep well in mind that keeping an OS updated for years isn't an easy nor cheap task). However; the other side of the medal is that many of these illegal users simply decide to turn off security updates and leave it at that, thus forming a potential risk for others. After all; who knows what could be happening on those boxes?

    Its the one policy I think Microsoft should change. Supply global security updates, no matter the state of the OS ((il)legal or not), so that at the very least you don't risk a large dose of infected Window PC's. Apart from that MS should do everything in their power to block these illegal copies. For example by blocking them as they do now (at one time I even had a customer coming in to ask "how to get rid of that weird black background....", well; duh!).

    But please make sure that even these illegal copies are up to date where security is concerned before you had a chance to lock them out! I'm pretty sure it could reduce quite a bit of problems.

    1. Sir Runcible Spoon

      Re: Microsoft is part of the problem too...

      I'm pretty sure I read once that MS are accepting of piracy because it means that there is ground-roots support for their product, which means when those people who were too poor/tight to pay for the OS get into a business environment the business has to use MS because it's all most people know.

  15. Anonymous Coward
    Anonymous Coward

    Serves them right

    They deserve the malware that they get from pirating.

  16. Anonymous Coward
    Anonymous Coward

    don't go into the murky corners of the internets!

    go to piratebay instead!

  17. b166er

    It is strange how people like to blame Windows(Microsoft) for these problems.

    If a user downloads a malicious software (often against the advice of the browser) and runs it against the advice of User Account Control and proceeds to infect their computer, it's not Microsoft's fault in any way.

    "classifying a key generator as malware is clearly nothing but propaganda"

    Unless executing that keygen happens to install a trojan? Basic logic, if someone wants something for free, they will download a keygen, so if an attacker wants control of a PC, offer a keygen with payload.

    1. Ben Tasker

      It is strange how people like to blame Windows(Microsoft) for these problems.

      If a user downloads a malicious software (often against the advice of the browser) and runs it against the advice of User Account Control and proceeds to infect their computer, it's not Microsoft's fault in any way.

      Indeed, but if they download a movie, run it and find that it contains a payload designed to exploit a weakness in Windows Media Player, I'd say the ball is firmly in Microsoft's court in that instance.

      classifying a key generator as malware is clearly nothing but propaganda

      You're both right, simply classifying any keygen as malware is propaganda. If on the other hand, certain generators include a payload then it's malware. I'm sure the two could probably be seperated in the stats, but then it's not very convenient is it?

  18. a well wisher

    more usable ?

    " (at one time I even had a customer coming in to ask "how to get rid of that weird black background...."

    MS possibly didn't think that thru - if anything the black background makes it more usable not less

  19. jonfr
    Boffin

    License and Windows

    The fact is nobody "buys" Windows. Any version. If anyone spend a little time reading the EULA it is clear that you are just licensing Windows (insert version here) from Microsoft. So it can stop working at any time. This also goes for every proprietary software out there.

    Speaking of "piracy" when the EULA claim you are buying license for the software does not add up. The actual terms is that people are running unlicensed software. That is not piracy as the greedy CEO types it is. But I do not see how copying files is piracy to start with.

    Then there is the fact some television shows are not released for Europe. Same goes for many movies.

    As for malware infections. Microsoft have them self to blame. As Windows is based on poor technology. Since it is made for profit and not security.

    I only run games on my licensed copy of Windows XP. Not going to move to Windows 7 until I get a new gaming PC. If it comes with Windows 8. I am going to delete it and install Windows XP.

  20. Anonymous Coward
    Anonymous Coward

    Dangers of web-based casual browsing ?

    "Web-based attacks [on Windows] are on the rise, but according to Microsoft security researchers, the risks involved with casual browsing [under Windows] are nothing compared to the dangers of downloading [to Windows] and sharing illicit software, videos, music, and other media".

This topic is closed for new posts.

Other stories you might like