Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft: One In 14 Downloads Is Malicious

CmdrTaco posted more than 3 years ago | from the wonder-where-they-surf dept.

Security 290

alphadogg writes "About one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5% of users ignore the warnings and download malicious Trojan horse programs anyway. IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen."

Sorry! There are no comments related to the filter you selected.

NEWSFLASH: Some People are Terminally Ignorant (2, Insightful)

h4rr4r (612664) | more than 3 years ago | (#36165998)

These are the same folks that only change the oil in their cars when the warning light comes on.

Re:NEWSFLASH: Some People are Terminally Ignorant (0)

Anonymous Coward | more than 3 years ago | (#36166234)

It's a reminder not a warning light.

Re:NEWSFLASH: Some People are Terminally Ignorant (0)

Anonymous Coward | more than 3 years ago | (#36166302)

Perhaps h4rr4r is a vastly experienced driver and remembers the days before there were maintenance indicators. The warning meant low oil pressure or some perhaps other engine problem - if you've waited to change your oil until that light comes on you're in deep trouble.

Re:NEWSFLASH: Some People are Terminally Ignorant (1)

h4rr4r (612664) | more than 3 years ago | (#36166406)

Vastly experienced?
Not even been driving two decades.

Re:NEWSFLASH: Some People are Terminally Ignorant (0, Troll)

Anonymous Coward | more than 3 years ago | (#36166292)

My boss would be a perfect example of these kinds of people. Yesterday, I trekked into his office once again to clean the latest malware off of his laptop. It was one of the Google search hijack trojans that lands every search link on a shady advertisement page. First, tried rebooting into safe mode and running malwarebytes. That didn't do shit. Then, I tried combofix and ssdfix. That didn't work either. Finally, I said, "Hey, boss, you know that shiny iPad you just paid 600 bucks for? Why don't you just use that and problem solved." All he does is read and respond to emails and browse around on the net anyway. Get him a bluetooth keyboard for his tablet and he's off and running. I told him that if he finds he can't do without a desktop, we'll make a trip to the Apple Store at the St. John's Towne Centre. "They'll fix you right up."

Re:NEWSFLASH: Some People are Terminally Ignorant (3, Funny)

h4rr4r (612664) | more than 3 years ago | (#36166432)

I had a boss once drive in circles in the parking lot with the hood up, to cool an over heating engine.

Re:NEWSFLASH: Some People are Terminally Ignorant (2)

Chrisq (894406) | more than 3 years ago | (#36166370)

These are the same folks that only change the oil in their cars when the warning light comes on.

Or in the case of my brother-in-law when my sister said the light was on, covered the warning light with a bit of tape so it wouldn't annoy her. She carried on driving until the engine seized up.

Re:NEWSFLASH: Some People are Terminally Ignorant (-1)

Anonymous Coward | more than 3 years ago | (#36166614)

With Linux this simply doesn't happen! Linux users are more intelligent than everyone else, we don't fall for stuff like this. And even if we did, the superior security in most Linuxes would protect the user from any damage anyway. I say we portion of a seperate internet for people who use Windows and MacOS, where they can go about their sheepish ways doing what their told and downloading malware. We free-thinkers, here in Linux land, won't miss you one bit.

Re:NEWSFLASH: Some People are Terminally Ignorant (1)

mellon (7048) | more than 3 years ago | (#36166696)

This is why security solutions based on users making correct decisions can't work. It's bizarre how many of the programs on our computers still depend on this.

Re:NEWSFLASH: Some People are Terminally Ignorant (1)

h4rr4r (612664) | more than 3 years ago | (#36166760)

Drop out the "security" part and you will be closer to the truth.

Windows needs repositories/appstore now, it does not need a new ribbon interface, more shiny crap or anything else as bad. When they get that done, give me the ability to delete/replace open files like you can on a real multi-user OS.

"Malicious" (5, Funny)

Anonymous Coward | more than 3 years ago | (#36166024)

On the list of malicious files, as determined by the Microsoft Corporation:

- Google Chrome
- ubuntulinux.iso
- antivirusotherthansecurityessentials.exe
- iTunes
- *ipod*.exe
- gmail.com/index.html

Re:"Malicious" (0)

commodore64_love (1445365) | more than 3 years ago | (#36166238)

I sincerely hope you are trolling (bkspc)(bkspc)(bkspc) Joking.

I'm using IE-8 and I've never encountered this SmartScreenWhatever? I've seen it plenty of times on Firefox though, and think it's a good idea. Maybe these warnings would have stopped me from downloading FoxTab (PDF creation tool) and infecting my laptop. Lesson learned.

Of course if users ignore the warnings ("DANGER: Malicious site. Proceed? YES"), then it doesn't do much good. I suppose they deserve whatever they get. Sadly my brother is one of those and I spend a lot of time cleaning-up his computer, because he just clicks "yes" to everything. I don't think he even bothers to read the warning.

Re:"Malicious" (2)

mr1911 (1942298) | more than 3 years ago | (#36166804)

Sadly my brother is one of those and I spend a lot of time cleaning-up his computer, because he just clicks "yes" to everything. I don't think he even bothers to read the warning.

Quite cleaning his computer. Otherwise he has no incentive to change his behavior.

Re:"Malicious" (4, Insightful)

Missing.Matter (1845576) | more than 3 years ago | (#36166310)

antivirusotherthansecurityessentials.exe

I know you're joking, but this one is pretty close to the truth. Norton and McAffee do more to slow down computers than actual malware does.

Re:"Malicious" (1)

bugs2squash (1132591) | more than 3 years ago | (#36166400)

Not only that, but it's damned hard to tell the difference between something actually from McAfee and some (other) crap from the internet. For example, most of the services running on my computer with names starting with McAfee are listed as "Unknown" manufacturer. When popups appear they always look fake, the window decorations (like the close icon in the top right corner) are always non-standard and the warnings are overly dire and hyped-looking. They just look unprofessional. Finally, it's so damn hard to get rid of McAfee, it comes pre-installed when you buy the PC (another bad sign IMHO) and just won't go away without extra-ordinary efforts to dispose of it.

Re:"Malicious" (3, Interesting)

Tanktalus (794810) | more than 3 years ago | (#36166570)

This is what I call the second Microsoft Tax. The first one is the extra ~$30-$60 you pay on your computer that goes to Microsoft for their OS (prices assume it's a new rig with the OEM version pre-installed). The second one, this one, is the extra money you spend on CPU cycles and RAM to run the anti-malware software so that you still have as much CPU power/RAM as you need for what you really bought the computer for.

Re:"Malicious" (2)

Gilmoure (18428) | more than 3 years ago | (#36166922)

NetBSD: Full Speed Ahead!

Linux...please! (-1)

Anonymous Coward | more than 3 years ago | (#36166044)

With Linux this simply doesn't happen; Linux users are more intelligent than everyone else, we don't fall for stuff like this. And even if we did, the superior security in most Linuxes would protect the user from any damage anyway. I say we portion of a seperate internet for people who use Windows and MacOS, where they can go about their sheepish ways doing what their told and downloading malware. We free-thinkers, here in Linux land, won't miss you one bit.

Here is the list of top 5 malicious Downloads. (5, Funny)

LWATCDR (28044) | more than 3 years ago | (#36166050)

1. Ubuntu
2. Firefox
3. Chrome
4. OpenOffice
5. VLC

Re:Here is the list of top 5 malicious Downloads. (1)

Chrisq (894406) | more than 3 years ago | (#36166126)

You missed Java

You Missed: +1, Helpful (0)

Anonymous Coward | more than 3 years ago | (#36166188)

Windows XP.

Yours In Miami,
K. Trout

Re:Here is the list of top 5 malicious Downloads. (3, Interesting)

DrScotsman (857078) | more than 3 years ago | (#36166294)

The grandparent was listing jokes, not actual malicious software.

Of course I jest, but which other Windows program anywhere near as popular brings up UAC prompts out of nowhere in the way Java updater does without even being "opened"? I bet Java is partially to blame for a huge number of users blindly clicking "Yes" to all UAC prompts - in the average user's eyes it just won't stop prompting until you accept its damn update.

Re:Here is the list of top 5 malicious Downloads. (1)

kvvbassboy (2010962) | more than 3 years ago | (#36166392)

Mod parent up. I am ashamed to say that I am guilty of this. I tried uninstalling Java, but soon found that I couldn't do without it.

Re:Here is the list of top 5 malicious Downloads. (2)

thePowerOfGrayskull (905905) | more than 3 years ago | (#36166436)

I would say that UAC is to blame, since you get promoted to install or update any software. Since you obviously want the software, of course you're going to authorize it. This has the unfortunate effect of rendering UAC useless - people get used to allowing every time it asks, because they need to in order to complete the task at hand.

Re:Here is the list of top 5 malicious Downloads. (1)

amliebsch (724858) | more than 3 years ago | (#36166602)

That's not true, and at the very least there is absolutely no reason why it would need administrative privileges just to *tell* the user there is an update, which is what the Java updated does.

How to get free software signed? (1, Informative)

tepples (727027) | more than 3 years ago | (#36166246)

Your joke has a point. Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com] . And as I understand it, existing Authenticode CAs sell certificates only to businesses, not to individuals.

Re:How to get free software signed? (1)

amliebsch (724858) | more than 3 years ago | (#36166334)

Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com].

What is your source for this claim?

[msdn.com] (1)

tepples (727027) | more than 3 years ago | (#36166644)

Any Free [gnu.org] application that isn't digitally signed with Authenticode will get flagged by IE's "SmartScreen application reputation" filter [msdn.com].

What is your source for this claim?

I already linked my source in my grandparent post. If you want title and author before you click through: "'Stranger Danger' - Introducing SmartScreen® Application Reputation" by Ryan Colvin, posted on 13 Oct 2010 3:03 PM [msdn.com] . From this page:

To help establish your application's reputation, consider doing the following:

Digitally sign your programs with an Authenticode signature

Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs.

Re:[msdn.com] (1)

amliebsch (724858) | more than 3 years ago | (#36166792)

Except nowhere on that site does it say that ANY application NOT digitially signed WILL get flagged.

Instead it is saying that digitally signing is ONE way you can HELP get your software NOT flagged. "Reputation" is based on more factors than "digitally signed."

How to give an app reputation without a company? (1)

tepples (727027) | more than 3 years ago | (#36166904)

"Reputation" is based on more factors than "digitally signed."

But for a new application or a new version of an application, the only clear way that I can see to give it any reputation in the first place is to sign it. Otherwise, the first few dozen people who download it will be pressured to delete it immediately.

Re:Here is the list of top 5 malicious Downloads. (0)

vistapwns (1103935) | more than 3 years ago | (#36166270)

+5 informative? None of these programs generates a warning for downloading. I just don't get slashdot, you all consciously lie and go along with it. It's not at all true, maybe it's funny? Certainly I don't understand an high informative mod for something that is categorically false.

Re:Here is the list of top 5 malicious Downloads. (3, Funny)

Anonymous Coward | more than 3 years ago | (#36166344)

Call an engineer. The sense of humor module on the vistapwns bot has crashed again.

Re:Here is the list of top 5 malicious Downloads. (2)

Inda (580031) | more than 3 years ago | (#36166360)

It's funny because it's true!

Only it's not, like you say.

I've been guilty of steering threads by using all five (yes, I only get five) mod points on the first post, and the following child posts. It's gaming the system and gaming the other users with mod points - they blindly mod up if they see a post that's been modded previously. I know it's wrong but I've been here a long time and I don't care.

I have five mod points today. I promise I'll do good with them.

Funny vs. In; why a lot of free apps aren't signed (1)

tepples (727027) | more than 3 years ago | (#36166376)

Certainly I don't understand an high informative mod for something that is categorically false.

It's a joke. Slashdot awards karma for "In" moderations, does nothing for Funny, and takes karma away for Overrated. If moderators fight over whether a comment is Insightful or Overrated, no damage happens to the poster's karma. But if moderators fight over Funny vs. Overrated, the poster loses some karma every time it's moderated Overrated. This has caused some moderators to try using Insightful instead of Funny.

SmartScreen doesn't throw up a warning for #2, #3, and #4 on the list because they're digitally signed by Mozilla, Google, and Oracle respectively. But a lot of free programs aren't digitally signed because their authors can't afford to incorporate to get the Authenticode certificate to sign them.

Re:Here is the list of top 5 malicious Downloads. (1)

oakgrove (845019) | more than 3 years ago | (#36166394)

Er, because you can't get karma for funny but you can for informative so many people mod that way? There is also the philosophical argument that anything that is particularly funny is meta-informative anyway since depending on the context of the "joke" it tells you as much about yourself and others who think it's funny as what it is actually overtly talking about.

Re:Here is the list of top 5 malicious Downloads. (1)

memojuez (910304) | more than 3 years ago | (#36166592)

+5 Funny, yes; Informative, no.

Yes, We're Doing Great Work (1)

Gr33nJ3ll0 (1367543) | more than 3 years ago | (#36166052)

"What we're doing here is VERY necessary, I mean just look at these numbers we've generated to justify our existence here a Microsoft" said Jeb Haber

Re:Yes, We're Doing Great Work (1)

vistapwns (1103935) | more than 3 years ago | (#36166252)

You know, there are legal avenues a shareholder can pursue if he/she feels that MS is lying. I'm guessing you don't feel like putting your money where your mouth is however.

Re:Yes, We're Doing Great Work (3, Insightful)

h4rr4r (612664) | more than 3 years ago | (#36166496)

Only for very blatant lies. Otherwise I would be suing damn near every company that ever had an advertisement.

Really? (4, Funny)

Random2 (1412773) | more than 3 years ago | (#36166064)

I didn't realize IE was downloaded so frequently.

Surprise (1)

revscat (35618) | more than 3 years ago | (#36166066)

That is a surprisingly high number, even after all these years of knowing about various rootkits, viruses, and other malware that have so persistently affected Windows. 1 in 14? That's... crazy.

And what is the economic cost of having to deal with this crap? It must be well into the billions of dollars by now.

It's also consistently depressing that inertia is such that Windows seems like it will maintain its desktop dominance for the foreseeable future. There are better OSes out there. USE ONE, PEOPLE. Please!

Re:Surprise (0)

Anonymous Coward | more than 3 years ago | (#36166224)

I've run Windows since 3.11 without incident. It has nothing to do with the OS, and everything to do with the user.

Re:Surprise (0)

Anonymous Coward | more than 3 years ago | (#36166288)

That's the only solution, using another OS.
When confronted with a dialogue that warns the user he's about to do something stupid he'll probably obey it, but after a time, he won't even bother reading it, he'll just click next > next > next > ok. It's a really stupid system.

I remember seeing about a subway crash, where the driver simply didn't notice that something was wrong but kept on the speed, it was a system, if he fainted, or removed his hand the train would automatically stop. They're both the same thing, do it long enough, and you won't notice it.

So, remove the problem, and the problem is an inherently insecure OS. Say what you will but giving root access to an user is idiotic.

Re:Surprise (1)

amliebsch (724858) | more than 3 years ago | (#36166368)

At some point the user needs root access, don't you think? Unless you're ready to just give up all control over your system.

Re:Surprise (1)

tepples (727027) | more than 3 years ago | (#36166402)

giving root access to an user is idiotic.

Without administrative access, how would "an user" (anything like "an hero"?) install an application that is useful and not malicious?

Re:Surprise (2)

oakgrove (845019) | more than 3 years ago | (#36166506)

Without administrative access, how would "an user" (anything like "an hero"?) install an application that is useful and not malicious?

Millions of people do it [apple.com] daily [apple.com] . The walled garden has its benefits.

Re:Surprise (1)

h4rr4r (612664) | more than 3 years ago | (#36166550)

So does giving up other freedoms. Choice means risk.

The walled garden however does not protect from malicious apps all the time. There have been stories when apps that did non-approved things made into into the apple appstore.

Re:Surprise (1)

bmo (77928) | more than 3 years ago | (#36166840)

>There have been stories when apps that did non-approved things made into into the apple appstore.

False. Every app in the Appstore has been approved. Approval has been rescinded, but in order for something to make it to the App store, it must be approved in the first place.

The fact that it makes news when approval is rescinded means that it's exceedingly rare. I can only think of a few notable incidences - the "I'm Rich" icon/app, a publisher gaming the ratings system, and something more recent that escapes me at the moment.

Not out-and-out malware and certainly not 1 in 14.

--
BMO

Re:Surprise (2)

h4rr4r (612664) | more than 3 years ago | (#36166530)

Just tell "make install" to put it under your $HOME.

Installing an application does not need admin access unless you need it to be available for everyone.

Re:Surprise (1)

vistapwns (1103935) | more than 3 years ago | (#36166318)

Which general purpose OS will stop the user from DOWNLOADING a piece of malware? Pretty much none, except something like iOS but users would scream bloody murder if MS only allowed whitelisted applications to run on Windows. The DOJ would have Balmer's head before he finished the sentence declaring that was MS' new course. I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is no better just less used.

Re:Surprise (1)

oakgrove (845019) | more than 3 years ago | (#36166624)

I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is no better just less used.

Obviously you like Windows. It is unfortunate that Windows users are attacked so frequently and I really do think a solution needs to be found. It seems reasonable to me that if there were a healthy mix of desktop operating systems in the marketplace malware authors would have a much harder time spreading their trash around and Windows users would be much better off. That being the case, wouldn't you want alternative choices to be brought to people's attention whenever it is relevant? Operating system diversity is already happening with the advent of tablets and mobile phones, and internet enabled set top boxes/tv's taking up a larger and larger share of people's "screen time" so whether you agree with this or not, Windows market share on the internet is going to decline so you may as well make the best of it.

Re:Surprise (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#36166462)

What does this have to do with the operating system at all? People will always click to see the cute bunny. Until you find a way to stop them, malware downloads will persist.

Re:Surprise (0)

h4rr4r (612664) | more than 3 years ago | (#36166572)

Your slashdot handle is fucking awesome. It wins on so many levels.

Re:Surprise (1)

bmo (77928) | more than 3 years ago | (#36166546)

>That is a surprisingly high number, even after all these years of knowing about various rootkits, viruses, and other malware that have so persistently affected Windows. 1 in 14? That's... crazy.

It's not crazy when you see the number of malware definitions in your average malware detector. There are nearly 6 *million* definitions for Bit Defender. I have it installed in Linux for scanning Windows files. And thousands of malicious applications/infections are being made every day.

Windows users have been conditioned to go to $RANDOMWEBPAGE to download "free" software, or to pirate software from untrusted sites. They have never heard of trusted and signed repositories. The closest they get to that is download.com and tucows, and those are just horrific sites. Windows users get hosed every day because of this conditioning.

The best way to build a botnet is to put your bit of evil in a wanted application and upload it to a torrent site or stick it on rabidshare or whatever.

And then we have the gnutella network. Yes, limewire is no longer being made. That doesn't mean the network is down or that the last version of limewire no longer works or that frostwire is not available.. And people still get hosed downloading "Microsoft.office.installer.crack.exe" from there.

I believe that 1 out of 14 software downloads on Windows is a low number. I fully believe that it's half. Cracks and keygens are probably 90 percent infected. I'm not saying that the original authors of cracks and keygens put in the evil bits themselves. I am implying, however, that these cracks get spliced to malware and then hosted on more fake keygen sites and stuck in torrents and warez sites than you can shake a stick at.

It's not that Linux is more secure from this kind of shit. It's not, because natural stupidity beats artificial intelligence every time. We do, however, have various practices in place to put up a barrier between the hostile network and the dumb user, and these things teach the user it's better to go to the trusted repo first than to go somewhere down a dark alley on the interbutt.

--
BMO

Re:Surprise (1)

Rary (566291) | more than 3 years ago | (#36166558)

It's not the OS, it's the users. My malicious download rate on Windows is approximately 0 in infinity. That's because I don't click on every random link on every website I visit, I read dialogs before clicking "OK", and I download things from trusted sites. While in theory, that still doesn't make me completely immune, in practice it's been good so far.

People need training, not a new OS.

Re:Surprise (1)

h4rr4r (612664) | more than 3 years ago | (#36166646)

You try that. They don't want training and they don't care.

Over here in reality I will suggest MS follows the repository/app store model. This will not only condition people to stop downloading random crap off webpages, but also will allow updates to all software be made in a centralized way. They should like others allow users to add their own trusted repositories, which some will need and the truly ignorant will never bother with.

Would be even higher (0)

Anonymous Coward | more than 3 years ago | (#36166074)

...if they counted in windows updates.

Why (2)

mehrotra.akash (1539473) | more than 3 years ago | (#36166078)

Why does MS even have these stats?

Re:Why (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#36166488)

Primarily to give the paranoid something to chew on. Also to spy on us.

Yet another slashvertisement (0)

Anonymous Coward | more than 3 years ago | (#36166090)

Are you guys even trying anymore?

Re:Yet another slashvertisement (0)

Anonymous Coward | more than 3 years ago | (#36166206)

They have to, as we're all using add blockers and can't see the adverts at the top and left. It always amuses me to see the lock of bewilderment on Windows users faces when you explain to them they can have more than the one browser on their comouter ...

By Windows users, or by IE users? (2)

mehrotra.akash (1539473) | more than 3 years ago | (#36166108)

"About one out of every 14 programs downloaded by Windows users turns out to be malicious, "

Windows or IE?

If windows, how are they collecting these stats?

Re:By Windows users, or by IE users? (0)

Anonymous Coward | more than 3 years ago | (#36166174)

Since about 14 out of every 14 programs downloaded by Windows users is downloaded by IE, what's the difference?

Re:By Windows users, or by IE users? (0)

Anonymous Coward | more than 3 years ago | (#36166304)

Untrue.

Posted on my Windows box with Firefox.

Re:By Windows users, or by IE users? (1)

Rary (566291) | more than 3 years ago | (#36166578)

IE usage is currently estimated to be below 50%, so it would be more like about 6 out of every 14 programs downloaded by Windows users are downloaded by IE.

TL;DR: Social Engineering is the Future of Malware (1)

Deathlizard (115856) | more than 3 years ago | (#36166128)

I've been saying this for years. Hell. it's in my Sig.

Eventually, software would get so security conscious that it would be easier to fool the user rather than hack the software.

Re:TL;DR: Social Engineering is the Future of Malw (1)

tepples (727027) | more than 3 years ago | (#36166466)

I read your journal article. So with your four rules in mind, how is an operating system supposed to distinguish between A. an intentionally malicious computer program and B. a safe program that happens to have been developed by an individual as opposed to a business?

Idiots abound. Film at 11. (0)

Anonymous Coward | more than 3 years ago | (#36166148)

And this, children, is why the iPhone is a walled garden.

This is actually part of a bigger problem (4, Insightful)

conner_bw (120497) | more than 3 years ago | (#36166156)

For example, email. On a personal level many of my friends and family have stopped using it and require me to communicate via Facebook. The problem for me is that I don't have a Facebook account. The problem for them is that they don't want spam.

In the case of downloads we see people moving towards online services instead of executable binaries. Proprietary online services.

Computer professionals don't complain because they get paid. Users don't complain because they are protected. There's an economic professor who wrote some books, name I forget as I type (please reply if you know?), his last was about the idea that peasants would live behind a kings walls in exchange for protection against marauders. The price was taxes and serfdom.

Welcome to the age of digital serfdom?

How many for Apple? (1)

digitaldc (879047) | more than 3 years ago | (#36166164)

We need the stats for Apple in order to make a comparison. Does anyone even know?

Re:How many for Apple? (1)

Wovel (964431) | more than 3 years ago | (#36166800)

If Apple released a stat, everyone would call them spies.

It is likely under 1/10'000 though.

Well, in fairness ... (5, Insightful)

gstoddart (321705) | more than 3 years ago | (#36166212)

Despite Microsoft's attempts to completely nanny people, they've almost taken it too far ... which means that people start ignoring/disabling the warnings.

The other week I launched IE on a new server install ... the very first warning message is "You are about to access the internet, and people can see what you do" -- which gets a "do not show me this again" before I dismiss.

As soon as you submit into a search engine, you get told "You are about to submit something on the internet, are you sure" -- which also gets a "do not show again".

By the time I tell it I don't want it to save passwords, autocomplete forms, and that, yes, I really do want Google as my default search ... well, I've stopped listening to anything "helpful" IE is telling me.

I rank the utility of the stuff that MS has "designed" to make IE safe right up there with the error messages that amount to "something bad has happened, contact your admin" --- oooh, that's informative. And, since I'm the admin ... give me some f'ing idea as to what went wrong so I can try to fix it.

Microsoft build in really pedantic and lame safeguards, which get turned off and/or ignored for the rest of time since they don't actually do anything useful.

Re:Well, in fairness ... (0)

Anonymous Coward | more than 3 years ago | (#36166556)

They do actually do something useful. If you turn them off, microsoft can then blame the user if there is a problem. If they didn't do anything with their computer it wouldn't get infected!

Re:Well, in fairness ... (1)

tepples (727027) | more than 3 years ago | (#36166580)

And, since I'm the admin ... give me some f'ing idea as to what went wrong so I can try to fix it.

Under Windows XP, it was Start > Control Panel > Administrative Tools > Event Viewer. I haven't tracked where the system log viewer has moved in Windows Vista and Windows 7.

Re:Well, in fairness ... (1)

h4rr4r (612664) | more than 3 years ago | (#36166728)

Compare that to /var/log/messages one time. Event Viewer is a sad replacement indeed. If you are even given anything other than "error number 0, some random app failed, the dev never did put any real logging in. The whole fact that windows logging is displayed in a GUI pretty much shows the braindeadedness. Windows: a decently designed kernel held down by a joke of a userland.

Re:Well, in fairness ... (1)

gstoddart (321705) | more than 3 years ago | (#36166754)

I haven't tracked where the system log viewer has moved in Windows Vista and Windows 7.

It's just right click on "My computer", and then "Manage" ... it's up near the top. Been there since at least W2K3, but it still works on my Vista machine.

Sometimes, I have received the "something bad, contact your admin" message when nothing useful gets put into the even log -- diagnosing network flakiness for instance sometimes gives utterly useless information.

Using their repaid "wizard" usually ends up serving no purpose since it amounts to "plug in your cable, did this help?".

Re:Well, in fairness ... (0)

Anonymous Coward | more than 3 years ago | (#36166924)

It's in the same place in every version of Windows:

WINKEY+R

eventvwr

ENTER

Re:Well, in fairness ... (1)

brainzach (2032950) | more than 3 years ago | (#36166872)

The article states that Microsoft is trying to correct most of the problems you are complaining about with IE9.

The design is to stop giving out warnings from applications from reputable companies, something that smart computer users learn to filter on their own. If it works correctly, the result will be significantly less false positives and more meaningful security warnings.

This can't be right (2)

Riceballsan (816702) | more than 3 years ago | (#36166244)

Seriously only 5% of people ignore warnings? I would have to say about 75% of people I have seen download regardless of if you say "warning this will completely reduce your computer into a pile of steaming dung" in exchange for a screensaver with kittens, and then if you cut it down from that to IE users... well then I'd put that number closer to 95% would ignore the warnings.

I've ignored the warnings... (3, Insightful)

wilgibson (933961) | more than 3 years ago | (#36166260)

and yes that means I use IE. But, when it consistently tells me things like Downloader_Diablo2_enUS.exe can harm my computer after downloading it from battle.net I tend to not believe in its ability to really determine if something is malicious or not. As always, proper instruction on internet safety will go farther than a security feature that any idiot can bypass.

skip the 14th.... (1)

stanlyb (1839382) | more than 3 years ago | (#36166286)

that's why i download 13 apps, and skip the malicious 14th app....

Repositories for the Win (0)

Anonymous Coward | more than 3 years ago | (#36166298)

Perhaps this would be a good enough reason for Microsoft to spend some of their considerable wealth to implement something akin to a repository for trusted software. Apple is already going in this direction with the App Store, and Linux users have been enjoying command line installs of trusted software for years. I understand that it would be a bit harder for Microsoft because they have to support all sorts of legacy BS, but even a gradual transition (like what Apple seems to be doing) would be better than nothing. I guess that installers would have to add their own repos, and that people would try to make it a vector for malware, but it should be easier to police that as opposed to trying to figure out if whatever random crap you download off the internet is legit or not. Plus, then we wouldn't need to have a dozen different update mechanisms start on every reboot. I just got Win 7 recently, and I actually kind of like it, but I really miss being able to run 'sudo apt-get upgrade' to update everything.

Re:Repositories for the Win (0)

Anonymous Coward | more than 3 years ago | (#36166474)

Yes, repositories [debian.org] for the win [eweek.com] !!

Re:Repositories for the Win (0)

Anonymous Coward | more than 3 years ago | (#36166900)

Because two issues from a couple of years ago that were quickly announced, and fixed, is way worse than 1 in 14 installed apps being malicious.

Windows updates? (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36166322)

So does this count include windows updates?

The actual number surprises me as I would have thought that it would be higher given how many people fall for social engineering, and want free screen savers and the like.

How do they know this? (1)

whizbang77045 (1342005) | more than 3 years ago | (#36166448)

And how did they determine this? Does this mean they are monitoring all usage of Windows continually?

Does Microsoft mean (1)

unity100 (970058) | more than 3 years ago | (#36166500)

their own patches and sneak-updates and call-home code they shove to their users ?

Its no wonder ... (0)

Anonymous Coward | more than 3 years ago | (#36166502)

The safest way to cruize the net is to get off the Windows drug. I have been preaching that to alot of my friends and customers but they have treated me like Ron Paul at a Democrat Dinner. I personally consider MS products to be the "Great Beast" of Computers. All the eye candy they push out to customers and agreements on new computers sold seem to mesmerise these "sheeple" and they continue to spend vast amounts of money to companies to fix their computers. Moving to Linux is the best way to get away from all this virus stuff. Every customer I have moved to linux has ceased to have any problems with malicious software attacks. Sure, Linux has its problems but for the most part any problem you might have with linux running on your pc is minor compared to the pain of MS products. I bet most infections come in as kids ignore warnings as they are too busy trying to load a new game or video from sites like facebook. Nevermind the warning - I just want to see this video or play this game!

Just a thought (2)

destroygbiv (896968) | more than 3 years ago | (#36166520)

"IE's SmartScreen has blocked more than 1.5 billion Web and download attacks" How many of these were actually factually malicious? Perhaps that is why people are ignoring the warnings? You can block (nearly?) 100% of malware by simply being Amish

1 in 14? (1)

VincenzoRomano (881055) | more than 3 years ago | (#36166534)

I think they also hacked the statistics system!

The proposed solution, (4, Funny)

HeckRuler (1369601) | more than 3 years ago | (#36166648)

Is to block every 14th download, thus making Windows malware free!

Followup (1)

HeckRuler (1369601) | more than 3 years ago | (#36166690)

About one out of every 14 programs downloaded by Windows users turns out to be malicious

Although the team admitted that this is mostly due to all non-Microsoft software as being labeled as "Malicious". (to microsoft)

Re:The proposed solution, (0)

Anonymous Coward | more than 3 years ago | (#36166920)

I disagree. The solution is to add more warning screens until people decide the download isn't worth it. This feature will be in the next version of windows and will only cost another 2 Gigs of RAM. And, as an added bonus, in the next version of windows after that, it will maintain it's 2GB ram cost while having a beautified presentation!

mocking MS is misleading (0)

Anonymous Coward | more than 3 years ago | (#36166672)

MS is right about one thing. The levels of malicious stuff around has never been higher. Looking at the comments above, I notice lots of mocking about windows, microsoft and their users.

One of the interesting things about the internet is noting how much malware comes from windows hosts and in the internet in a general sense - how much is shipped via compromised / rooted *nix boxes.

This garbage might be aimed at the windows platform, but its not the only one being circumvented. And thats a harsh truth if you happen to be sat there on a Linux box thinking the sun shines out of your own ass and making the grand assumption that your platform is superior to 'them'.

I am doubtful of the statistic (1)

aepervius (535155) | more than 3 years ago | (#36166704)

Their anti malware program flagged some cheats I downloaded as trojan (no they were not) and heck some program I made (yes I do not program malware). I think it simply find some hook code for low level memory hook and simply mistake it for a malware.

ONE in 14? (0)

Anonymous Coward | more than 3 years ago | (#36166724)

Please, either use the word or the number. 1 in 14, or one in fourteen.

How do they come up with these numbers? (0)

Anonymous Coward | more than 3 years ago | (#36166758)

I've not encountered a single "malicious download" for more then a decade using reputable sites and common sense (and I'm using the term malicious in a very broad sense, including many things more innocuous then actual malware), if people download random files such "song.mp3.exe" or "FileRenamer Pro DX Gold 2011" this tells more about the user base then about the actual amount of malicious content out there, it looks fishy to me that they even *have* this data in the first place, if this comes only from IE users, well IE is reknown for garnering a less security aware userbase then other browsers (if we overlook corporate use, where people shouldn't be downloading random files anyway), many people stopped using IE specifically due to security risks such as promptless unsigned ActiveX installation being enabled by default originally, even if the browser is far more secure nowadays, I haven't yet heard of a single person that went back to IE after dumping it.

Too many warning = warning ignored! (0)

Anonymous Coward | more than 3 years ago | (#36166764)

There is SOO many warning here and there that people don't even bother read them anymore and click yes yes. I'm part of the those people that get annoyed by "security message" that bug me all the time.

If the site is confirmed for sending virus, then a warning should be display, else it should not.

Easy pickings... (1)

Kamiza Ikioi (893310) | more than 3 years ago | (#36166880)

At least 1 in 14 programs is from A) a file sharing site, B) a porn site, and C) an email link. I have no data, but my experience on fixing computers is that this is the bulk of the problem. The rest are adware sites.

I don't get them myself mainly because, I use Gmail (no spam), Chrome w/ ad blocking extension (no ads), Pandora (no file sharing)... ... I just have to be really careful about using quality porn sites.

Statistics (0)

drdanny_orig (585847) | more than 3 years ago | (#36166896)

Warning: 4 out of 5 statements of "fact" from Microsoft are completely made up.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?