Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows XP PCs Breed Rootkit Infections

samzenpus posted more than 3 years ago | from the update-please dept.

Security 245

CWmike writes "Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said. Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs. While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines. Avast attributed the infection disparity between XP and Windows 7 to a pair of factors: The widespread use of pirated copies of the former and the latter's better security. Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits."

cancel ×

245 comments

Sorry! There are no comments related to the filter you selected.

really? (0)

Anonymous Coward | more than 3 years ago | (#36939374)

xp sp3 cracks easily with tools made for sp2. i use windows update and everything. upgrade, people!

Re:really? (2)

couchslug (175151) | more than 3 years ago | (#36939724)

Most people can't afford to upgrade or don't know how, and are running PCs so old buying a new OS isn't worth it and buying more RAM adds to the expense.

Light Linux distros (can) work fine on older hardware but only geeks can learn more than one OS without their heads exploding. Ya gotta wanna.

Puppy Linux is popular with curious noobs (I use the term in the most friendly way!), but what is most needed is a simple distro designed to play Flash games, surf da intarweb, and watch Youtube. I could load that on my friends "kid PCs" and save having to Ghost them so often.

Re:really? (1)

improfane (855034) | more than 3 years ago | (#36940038)

The friendly way to call someone a newcomer is newbie, not noob.

Re:really? (2)

toadlife (301863) | more than 3 years ago | (#36940066)

but what is most needed is a simple distro designed to play Flash games, surf da intarweb, and watch Youtube. I could load that on my friends "kid PCs" and save having to Ghost them so often.

What you're describing is called "Ubuntu" and it's been around for awhile now.

My son's netbook came with Vista "starter" edition and after the built-in system restore function hosed the system (this is what you get when you try to save 10 bucks by buying a laptop from a fourth-rate Chinese manufacturer) my only realistic choice was to load Linux on it. He is perfectly happy with it now, as all he did was play flash games on it and Flash (finally) works just as well on Linux as it does on Windows.

The problem with Linux comes it on when you want to do anything beyond browse the net and look at youtube videos.

Re:really? (2)

realityimpaired (1668397) | more than 3 years ago | (#36940234)

http://bodhilinux.com/ [bodhilinux.com]

Minimalist. Can be full-featured, that stuff is available, but at its core, it gives you a desktop, an internet connection, and a browser. You will need to add Flash, because it's non-free, but it may be what you're looking for. :)

water still wet (5, Insightful)

smash (1351) | more than 3 years ago | (#36939378)

Is this really a surprise?

Re:water still wet (5, Interesting)

Lennie (16154) | more than 3 years ago | (#36939410)

I've actually seem stories with other numbers as well, where most of the new malware for windows is coming out for Windows 7; Windows XP already has enough malware and people don't seem to be writing any new ones. The old ones already work fine I guess.

Why write new malware? (2)

FoolishOwl (1698506) | more than 3 years ago | (#36939524)

The other day, I was looking at yet another hyperbolic report from Symantec that 60,000 new malware variants are released per day. Among the many reasons I find this claim dubious is that it's pretty damned obvious that most malware infections are on old Windows XP installations, which is significantly less secure than newer versions of Windows, especially if they're not being updated regularly. And in those circumstances, why would anyone be wasting time and effort writing new malware, when old malware can already move in and claim the PC as part of a botnet?

Re:Why write new malware? (0)

Anonymous Coward | more than 3 years ago | (#36939638)

They'll treat any new signature (read: anything someone repacked with different settings of a private packet - etc) as "new malware", hell someone can compile it with different compiler settings / embed a different data file into it, they'll count it as new malware as well, but that has been what these companies have been doing for a long time now.

Re:water still wet (5, Informative)

hairyfeet (841228) | more than 3 years ago | (#36939952)

The difference is if UAC is active and you are using a Chromium based or IE so that you have low rights mode (WTF Firefox? it has been FOUR YEARS already, get on the ball!) it is actually pretty damned hard to infect Windows 7 without getting the user actively involved. Of course getting the average user to help you install malware is trivially easy, even after all these years of MSFT trying to warn people not just to run any old thing they find on the net. But as someone who fixes machines 6 days a week I can tell you that the infection rate once I got most of my customers to switch to 7 went waaaay down. And Windows 7 doesn't really take much more than XP I have several family members on late model P4s with 1Gb of RAM that Win 7 is running just fine on. They don't have Aero but who cares.

But I have to agree about TFA and pirated Windows. Ballmer, in yet another proof of his incompetence killed the $50 Windows 7 HP upgrade which frankly was the best weapon against piracy I'd ever seen. Guys that had been running pirated Windows for years went legit thanks to that affordable upgrade path. But now that it is gone I'm seeing "Xp Pro Corp SP3 Razr1911 Edition" machines again alongside the pirated Windows 7 machines on Craigslist. you can always spot the pirated versions BTW, as they ALWAYS use the most expensive SKU. When you have a PC that isn't worth $120 running a $200+ copy of Windows Ultimate? yeah its pirated.

The thing is while the pirates know about Autopatcher and WSUS Offline the folks they are selling these machines to don't and since they won't pass WGA (the Windows 7 hack lasted for awhile but I'm now seeing folks that bought PCs with Win 7 off of CL coming in with WGA warnings) most are simply disabling Windows Updates. Folks don't know nor realize it is off and just think their PC is slowing down because "it is getting older" instead of the truth, it is has more viruses than a Bangkok Whore.

Re:water still wet (0)

Anonymous Coward | more than 3 years ago | (#36939620)

Is this really a surprise?

I see no where mentioned that claims it IS a surprise.

In fact, none of the summaries on the Slashdot front page have that word in them at the moment, yet HALF of them have a post claiming it was said, denouncing it should be, and getting modded up.

To answer your question: I am sorry you feel it should be surprising, and then question yourself about it. But to the rest of us, no, it is not.

Yes, it is a surprise. (1)

khasim (1285) | more than 3 years ago | (#36940238)

Check the old /. threads.
How many times have you seen the claim that "if Linux had the same marketshare as Windows ..."? Marketshare was identified as the deciding factor in what "mal-ware" was written.

Now this seems to contradict those claims.

good (-1)

Anonymous Coward | more than 3 years ago | (#36939400)

Well if you're going to run an illegal copy you deserve everything you get.

Re:good (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36939420)

Unfortunately the effect is that it impacts others, these are the machines which get used as zombies for spamming, ddos attacks etc.

Re:good (1)

couchslug (175151) | more than 3 years ago | (#36939984)

There are plenty of legal copies. That has zilch to do with them getting rooted. Most PC users know nothing about security. Not "very little", but "nothing". That will never change.

people need to upgrade (5, Funny)

Anonymous Coward | more than 3 years ago | (#36939446)

so rootkit authors can focus on Windows 7

Nah (0)

Anonymous Coward | more than 3 years ago | (#36939490)

people need to upgrade so that they can experience the joys of losing all their work when Microsoft decides it is time for your system to receive a security patch while you are busy with something else.

Complain to your application's maintainer (1)

tepples (727027) | more than 3 years ago | (#36939690)

losing all their work when Microsoft decides it is time for your system to receive a security patch

Complain to your application's maintainer. Windows notifies applications before the system is about to restart for updates. Applications that don't save the user's work are defective.

Re:Complain to your application's maintainer (1)

Vlad_the_Inhaler (32958) | more than 3 years ago | (#36939812)

My mainframe access is via a terminal emulator running under Windows. That is not the sort of thing which can simply be 'saved'.
Since mainframe access is via VPN which means a firewall blocks Microsoft Update, not normally a problem. Once though, I booted, waited for Net traffic to cease (meaning the virus scanner had updated) and then fired up the VPN. A couple of minutes later, some out-of-sync update finished applying itself and it then informed me it was going to boot in a few seconds. That was when I turned auto-update off. If I want updates, I'll ask for them.

Re:Complain to your application's maintainer (2)

green1 (322787) | more than 3 years ago | (#36940042)

Any update system that forces a reboot at an arbitrary time without giving the user the option of when is convenient for them is defective. I'll reboot, on MY schedule, not the computer's. There is no excuse to not offer this flexibility.

Re:Nah (1)

Anonymous Coward | more than 3 years ago | (#36939742)

Bad troll. You can tell Windows what to do about updates and restarts.

If you can't handle that, go back to you mac where your daddy Steve Jobs decides what you can install and when.

Or reinstall... (2, Insightful)

Tatarize (682683) | more than 3 years ago | (#36939992)

The claims above are likely more due to the length of time of the install than anything to do with the OS itself. I've had my current install of windows for like four years. Nobody with Windows 7 can say that about their OS. And a lot of times spyware ridden machines just stay that way. I demand they look at the data from "time since install" and tell me that that isn't just directly correlated and explains away most of the XP dataset.

BS! (0)

Anonymous Coward | more than 3 years ago | (#36939454)

What BS! I am still running SP2 (in a Linux VM) because SP3 is a POK.... and it breaks too many of my necessary applications!

Re:BS! (1)

asdf7890 (1518587) | more than 3 years ago | (#36939838)

Which applications does it break?

I've not come across anything since shortly after SP3 came out that has had any trouble at all (I still run XP as my main home desktop, and in VMs at work). Even our more conservative clients that won't yet move away from IE6 are running SP3, so presumably they have no problems even with some of the ancient software they run that they don't want to update/replace for one reason or another.

pirates can get security updates (4, Insightful)

lseltzer (311306) | more than 3 years ago | (#36939456)

Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates. And honestly, SP3 is over 3 years old. It's hard to hold Microsoft or even Windows XP accountable for users refusing to upgrade.

Re:pirates can get security updates (5, Insightful)

CastrTroy (595695) | more than 3 years ago | (#36939476)

Well to be fair, if you install windows XP from a recovery image or from an original CD you have from the original version, your computer could probably be pwned before you even have the time to download the service packs.

Re:pirates can get security updates (0)

Anonymous Coward | more than 3 years ago | (#36939498)

Get a 25$ NAT-router and don't watch porn while you install the updates.

Re:pirates can get security updates (1)

lseltzer (311306) | more than 3 years ago | (#36939510)

Or download the standalone SP3 image first. That said, Microsoft should do more rollup updates.

Re:pirates can get security updates (1)

RobertLTux (260313) | more than 3 years ago | (#36939946)

and grab the AutoPatcher offline patch set while you are at it so you can get the post sp3 patches installed before you go online for the first time (hint MSSE comes as part of the last few patch sets)

Re:pirates can get security updates (0)

Anonymous Coward | more than 3 years ago | (#36939588)

I had this problem happen to me. To install the ATT DLS I needed to boot to Windows to run their software. It also couldn't be run through a NAT during initial installation. Since I didn't use Windows much it was way out of date of updates. There was no way around temporarily running an insecure setup.

It didn't take long to get a worm. The only time I have ever had malware on my system (that I know about) all thanks to the DSL account setup program. I learned later that I could have called customer support and had them setup the account for me without that software.

ATT was smart with their Uverse service; NAT by default.

Re:pirates can get security updates (1)

Osgeld (1900440) | more than 3 years ago | (#36939938)

get out of here normal person, any nerd with a half of brain would have just gone to the boxes IP address as its just a little router that you plop a user name and password in

Re:pirates can get security updates (0)

Anonymous Coward | more than 3 years ago | (#36939658)

That's why you disconnect the computer from the Internet before downloading the updates.

Oh, wait...

Re:pirates can get security updates (0)

Anonymous Coward | more than 3 years ago | (#36939704)

Only if you are not behind a hardware firewall. That is one of the points I make to my clients why they need a hardware firewall. Many newer machines have factory restoration software that clients use from time to time and I remind them that software is usually years behind current updates. Since many clients refuse to spend the money on hw firewall, I usually take longer giving back their PCs for I must update the PC fully before they take back home to surf the Net. Even when they are not infected, I must update the PCs while I can.

Re:pirates can get security updates (1)

Osgeld (1900440) | more than 3 years ago | (#36939922)

yea if your connected directly to the internet like your cablemodem direct into PC or dialup, otherwise no it wont

Re:pirates can get security updates (1)

redkcir (1431605) | more than 3 years ago | (#36940138)

This is true, but the only thing I think Microsoft does right is that you can get the service pack on CD for free from them. If you don't wait too long after it comes out. As a hopefully responsible computer repair person I try and keep these on hand for such an occasion. And yes, for those in the business that complain it is "cost prohibitive" to their business, I know this as well. I admit I work out of my house and have a much smaller overhead to cover. Just saying.

Re:pirates can get security updates (2)

roc97007 (608802) | more than 3 years ago | (#36940166)

That's why you download the admin version of the service packs *first* and burn them onto CD. Although admittedly most people wouldn't think to do that.

Re:pirates can get security updates (1)

ShakaUVM (157947) | more than 3 years ago | (#36940206)

>>Well to be fair, if you install windows XP from a recovery image or from an original CD you have from the original version, your computer could probably be pwned before you even have the time to download the service packs.

I once watched a friend of mine get extremely frustrated as he kept reinstalling XP over and over, only to have it get owned before the patching finished.

I finally took pity on him and put a hardware firewall between his computer and the internet... after, I think, the third time it happened. =)

Re:pirates can get security updates (1)

countertrolling (1585477) | more than 3 years ago | (#36939508)

Yeah, since you're so adamant, why don't you cough up the 200 dollars or whatever it takes for me to upgrade? You know, maybe I don't feel like running on that treadmill. My old system runs perfectly fine.

Re:pirates can get security updates (1)

realityimpaired (1668397) | more than 3 years ago | (#36939718)

My old system runs perfectly fine.

That doesn't mean that you're not an idiot for not installing the free updates/upgrades that Microsoft provides for security reasons. That was the GP's point, you realize? He's not suggesting people go out and buy a copy of Windows 7 because they're using Windows XP, he's suggesting that they log in to Windows update and install the critical service updates and service packs.

MS prevents pirates from getting new features. They don't prevent pirates from getting security updates. That's because MS, as evil overlordy as they are (and Apple is *way* worse IMO) is smart enough to realize that it's good for *everybody* if you are running an up-to-date system with current security patches.

Re:pirates can get security updates (1)

countertrolling (1585477) | more than 3 years ago | (#36939806)

Read his post again. He's most definitely 'suggesting' that I go out and buy Windows 7. He didn't say 'update'. He said 'upgrade', and that shit ain't free. The suggestion is bogus. I'm not going to spend money where I don't need to, or don't have.

Re:pirates can get security updates (0)

Anonymous Coward | more than 3 years ago | (#36939888)

He meant upgrade to SP3, doofus, and the entire point of his post was that even people with dodgy versions of XP can get the security updates.

Re:pirates can get security updates (1)

roc97007 (608802) | more than 3 years ago | (#36940188)

Not only is it not free, it's ridiculously priced for just something I use to load Adobe Photoshop.

Re:pirates can get security updates (1)

Redneck_Moron (1992422) | more than 3 years ago | (#36939736)

"Yeah, since you're so adamant, why don't you cough up the 200 dollars or whatever it takes for me to upgrade? My old system runs perfectly fine." These are the same people who don't understand that Smog laws are there for the greater good of everyone. "I'm not paying for that new exhaust system, the smoke doesn't bother me. My car runs just fine." I don't care how good your old computer runs. If you are infected with a root-kit, and are now spreading disease to my modern OS, your apathy is part of the problem.

Re:pirates can get security updates (1)

countertrolling (1585477) | more than 3 years ago | (#36939850)

The expression of my opinion of the 'greater good' is not safe for work or something a child should see. I've seen the unmitigated suffering it causes, so I'll leave it at that. and don't confuse apathy with poverty. When I have extra cash to throw away on toys, I might reconsider your position

Re:pirates can get security updates (1)

roc97007 (608802) | more than 3 years ago | (#36940196)

I predict you will be a proponent of the "greater good" right up to the moment it unjustly affects you.

Re:pirates can get security updates (1)

sunfly (1248694) | more than 3 years ago | (#36939654)

Microsoft makes it hard for genuine users.

Pirates download the latest update very easily.

If your one of the millions of legitimate users out there that just want to replace a failed hard drive in an old pc, or grab one of the millions of off lease pc's on the market that usually come sans hard drive, you will likely use an old install CD. This makes it a real pain to get all the service packs installed.

MS really should have the latest fully patched XP ISO downloadable right from their web site. It is not like they don't already have an authentication service already in place.

Re:pirates can get security updates (1)

Anonymous Coward | more than 3 years ago | (#36939730)

Most normal pirate-user had the “your copy may not be genuine” on the past, so now days it’s normal to just turn off the windows update to be safe.

Re:pirates can get security updates (1)

Florian Weimer (88405) | more than 3 years ago | (#36939760)

Just so it's clear to everyone, you don't need a "genuine" version of Windows to download and install critical updates.

That depends on where you are. In Germany, Microsoft has run warning dialogs that security updates may break your installation if you use an illegal copy. Microsoft has integrated WGA with the update process, making people using illegal copies uneasy about using the update process. There have even been conflicted statements about whether critical updates are available to everyone. Apparently, this does confuse users, even those who have paid the licensing fee for the software they run.

Pirates don't want memory-upgrades then (3, Informative)

Vincent77 (660967) | more than 3 years ago | (#36939788)

The memory-demands for SP3 have increased a lot - Where SP2 runs well with 512MB, you need at least 800MB for SP3 to run basic software like IE and Office smoothly. Though this is not official, I have seen too many cases with unresponsive PCs after the upgrade. A good reason to revert back to SP2 if people don't know how or dare to upgrade hardware nor want to spend another €300,- to €500,- on a new computer.

Re:pirates can get security updates (1)

redkcir (1431605) | more than 3 years ago | (#36940060)

To "upgrade" an operating system so it doesn't work with your hardware and has less features than the one you have is ludicrous. And asking you to pay almost the price of a PC every couple of years adds insult to injury. I don't think it's hard to hold Microsoft accountable at all. While not everyone has the cash to "upgrade", being without a PC in todays world is becoming less and less an option, especially for those in school. And while Linux is still a good option for those with some skills, it still isn't user friendly to the masses.

Re:pirates can get security updates (1)

roc97007 (608802) | more than 3 years ago | (#36940150)

Shrug. I don't happen to have a spare $139 and Windows XP runs my applications just fine. It's important to remember, the OS isn't the application. The OS runs applications.

The real root cause (1)

tick-tock-atona (1145909) | more than 3 years ago | (#36939500)

Standardising on a non-free operating system thus encouraging people to download rootkitted warez.
Most people worldwide genuinely can't pay $250+ [amazon.com] for an operating system.

Re:The real root cause (1)

The Snowman (116231) | more than 3 years ago | (#36939540)

Most people worldwide genuinely can't pay $250+ for an operating system.

I can find Windows 7 Home Premium x64 [newegg.com] for $95, a much more affordable amount than $250. If you have one of the few PCs that can only run 32 bit OSes, that one is $5 more.

Re:The real root cause (1)

tick-tock-atona (1145909) | more than 3 years ago | (#36939576)

Does Newegg.com ship internationally? [newegg.com]

Newegg.com does not currently ship internationally; we only deliver to locations within the United States and to Puerto Rico.

Re:The real root cause (1)

Jaktar (975138) | more than 3 years ago | (#36939640)

The only "problem" with that version is that it's for system builders. This could be a problem if someone needs support (and if they're still running XP, they just might need a little help doing upgrades).

Limitation of OEM licensing (1)

tepples (727027) | more than 3 years ago | (#36939714)

The only "problem" with that version is that it's for system builders.

In fact, it might even be copyright infringement to buy and install that version on your own computer. Microsoft says [microsoft.com] OEM software is for computers you plan to sell at arm's length, not for computers you plan to use.

Re:The real root cause (1)

FoolishOwl (1698506) | more than 3 years ago | (#36939846)

$95 is a more realistic price for Windows 7 for most users willing and able to pay for software. However, even in wealthy parts of the world, people who think it's reasonable to buy computer hardware often don't think it's reasonable to buy software, since it's so easy to get bootleg software. In much of the world, "legit" proprietary software is practically unheard of, and since you want bootleg Windows XP to run bootleg Microsoft Office or bootleg Starcraft, you don't have any interest in Fedora or Ubuntu or SUSE.

I'm coming to think the real challenge to FLOSS isn't the people who will spend $500 on proprietary software rather than $0 on free (as in speech) software, but the people who will spend $0 on bootleg proprietary software instead of $0 on free software.

Re:The real root cause (1)

realityimpaired (1668397) | more than 3 years ago | (#36939756)

Most people genuinely don't have to pay that much for the operating system, thanks to bundling agreements and volume licensing. I bought my current laptop with Ubuntu preinstalled on it. I saved $30 off the cost of the exact same laptop, with the exact same spec, with Windows 7 Home Premium x64 preinstalled. Ergo, the Windows tax is net only $30. Yes, I would have had to deal with the preinstalled crap that comes with it, but it's a Dell, and it's in their business line of products (Vostro v130, if you feel like checking it out for yourself, they still sell that model), meaning that the only preinstalled crap I would have had to remove was a trial version of Crapafee antivirus.

Re:The real root cause (1)

MacTO (1161105) | more than 3 years ago | (#36939832)

If everyone jumped onto the free operating system bandwagon overnight, you would have the very same problem. Only it would come in the form of "Hello Kitty Ubuntu: a cute computer for cute girls" or "Machobuntu: the rugged OS for the tough guy." (Sorry about the stereotypes, but grandma said she'd root my box if I poked fun at the elderly yet again.)

Then there are other attack vectors. The basic problem is that most people don't have the ability to verify the authenticity of the stuff that they install.

Well better plan for windows 7 to go long term (1)

Joe_Dragon (2206452) | more than 3 years ago | (#36939512)

Well better plan for windows 7 to go long term as the NEW GUI in windows 8 make it vista / ME 2. And seeing how good windows 7 is Big business may just stick to it for a long time like they did with windows XP.

Re:Windows 8 GUI (1)

TaoPhoenix (980487) | more than 3 years ago | (#36939552)

I bet someone will come up with a utility that restores the GUI back to sanity.

Re:Windows 8 GUI (1)

Anonymous Coward | more than 3 years ago | (#36939666)

The "Metro" interface that people are talking about is not the default GUI anyway. That is the GUI intended specifically for tablets and even then it is entirely optional. People who actually watched any of the published videos would have seen the user jumping back to a stock Windows 7 explorer desktop in the middle of the demo and running normal applications.

Metro is more like Windows Media Center, a secondary UI intended for a specific environment. That said, I do hope that MS considers better integration with Metro and Explorer with tablet installations of the OS as I can see elements of Metro working better in that form factor. On a desktop or laptop it would be absolutely horrid, though, and I doubt most people would ever see it.

Re:Well better plan for windows 7 to go long term (0)

Anonymous Coward | more than 3 years ago | (#36939568)

Exactly.

How many of those XP machines arrived from the factory with Vista installed? Huge numbers of Vista machines were downgraded to XP when businesses/users experienced the full effect of Vista's shittiness. Many of those machines were 2008/2009 models and may not be due for an upgrade for another couple of years.

Counterfeits? (0)

Anonymous Coward | more than 3 years ago | (#36939514)

I find the term "counterfeit" in regard to software misleading or at least odd. I could see using it if it was marketed as legitimate, but the term makes no sense otherwise. Most people know their copy is not legit.

Another Reason: Time (2)

JohnSearle (923936) | more than 3 years ago | (#36939580)

Here's a few premises:
1. The probability getting an infection increases with time.
2. The average person probably does not format their system and give a clean install until the system becomes nearly unusable (it would cost them money and time).
3. Windows XP has been in use for a long time.

Given these, I would figure that another reason why there would be so many infected PCs with XP out there is that the XP installations have been in use for a lot longer than any of the newer OS installations. I would go as far as to guess that most people today would rather buy a new PC than get a professional to reinstall XP, meaning that these systems currently running XP would have been installed quite a number of years ago.

Just a thought...

Re:Another Reason: Time (0)

Anonymous Coward | more than 3 years ago | (#36939778)

Here's a few premises:

1. The probability getting an infection increases with time.

2. The average person probably does not format their system and give a clean install until the system becomes nearly unusable (it would cost them money and time).

3. Windows XP has been in use for a long time.

Given these, I would figure that another reason why there would be so many infected PCs with XP out there is that the XP installations have been in use for a lot longer than any of the newer OS installations. I would go as far as to guess that most people today would rather buy a new PC than get a professional to reinstall XP, meaning that these systems currently running XP would have been installed quite a number of years ago.

Just a thought...

Why would anyone reinstall an OS? I see why you might install a different OS, but why on earth would you spend time installing the OS you already have?

Re:Another Reason: Time (-1)

Anonymous Coward | more than 3 years ago | (#36940334)

Why would anyone reinstall an OS? I see why you might install a different OS, but why on earth would you spend time installing the OS you already have?

If you've ever used Windows before, you would know exactly why you would want to "reinstall" the OS. A Windows installation gets real nasty over time, and does tend to get slightly slower after a while. Yes, even when no viruses or other malware are present and with constant defragging; drivers and services that programs install (often secretly and enabled-by-default in the installer) tend to drag a system down slowly over time. Just give it time. It's not as bad as it used to be, but it still happens. Reinstalling the OS was a regular thing for me back when I used Windows (up to XP SP2) and getting the system settings right, installing all my programs (even with their installers all in one nice area on a disk), and setting up those programs to my preferences was a chore, but it's something that pretty frequently had to be done once defragmenting stopped being enough.

Even in Linux, I often do a complete fresh installation of the latest distro version, wiping the / partition but keeping /home. It's much cleaner than attempting an upgrade, but sometimes it's not a bad idea to just backup /home, nuke the partition, and do a 100% fresh installation of the new version... keeps the system nice and clean, with the major downside being that you'll have to reconfigure some programs, but it's not near as bad as the same task in Windows.

Re:Another Reason: Time (1)

mikael (484) | more than 3 years ago | (#36939796)

And the system becomes unusable due to all the file logging going on. Whenever I upgrade the OS on my system, I always like to do an audit of where all the file space has gone. First of all, backup all project data, then remove them. Remove all download files (rpm's, zip's, exe's, bz2's, webpages) and personal files). With all those gone, there shouldn't be any considerable file space used, yet gigabytes of space were still used...

As someone who's done rendering and animation, and used the file browser to preview images, I found about 2 Gig's of filespace had disappeared just from thumbnails alone. A 60-second animation took around 3000 frames, or 3000 images. After a good few number of projects and reference photographs, that's a whole load of data space gone.

Windows XP also maintained log files that are updated as the system boots up - one for the hardware after power-up, another for XP device drivers, and another for applications. If these log files became inconsistent (through a crash and reboot), they wouldn't clear. It wasn't apparent whether they had to be cleared manually, but those files just got bigger and bigger over time. This would jam up disk defragmentation as well. Found about 6 Gigabytes after 5 years. Also, whenever you update your web browser, while the old version may be deleted, the cache directory isn't. That was another chunk of diskspace lost.

Re:Another Reason: Time (0)

Anonymous Coward | more than 3 years ago | (#36939808)

I would go as far as to guess that most people today would rather buy a new PC than get a professional to reinstall XP, meaning that these systems currently running XP would have been installed quite a number of years ago.
 

A professional to reinstall XP? Are you serious? That professional is me when I was 13/14 years old as I was the nephew that knew about computers. Who gets a professional to reinstall their computer? It is always the family member/friend who "knows" computers or the uncle with the computer business which he runs out of his converted shed. If you walk into a store and ask someone to reinstall your copy of XP you walk out with a brand new windows 7 computer and a printer which "interfaces well with I/O port on your PC" (actual quote of clerk in a store).

Also I don't think normal people measure down time in money. They measure it in annoyance and potential farmville harvest lost.

Re:Another Reason: Time (1)

couchslug (175151) | more than 3 years ago | (#36939996)

IME you are quite right. Bubba and LaQueefa run their machines until they stop working, which can be a very long time. They can't afford professional repair rates, so it's either have a local geek reload warez (because they lost the recovery media) or buy a new PC.

Big deal, blow them out easily with (-1)

Anonymous Coward | more than 3 years ago | (#36939678)

RC Tools you already own on the Windows install media itself (use this, NOT a winnt32.exe /cmdcons LOCAL installation of Recovery Console) by using RC Tools LISTSVC, DISABLE (1st 2 are "optional" depending on rootkit design involved), & FIXMBR commands...

In the case of an MBR$ originated rootkit protected by a driver, you have to do this order for it to work:

---

1.) Bootup via Windows install media from DVD/CD (read only inviolate environs, so you have a valid bootsector)

2.) Do the listsvc "patrolling/scanning"

3.) Execute disable vs. any bogus drivers once verified thus (or, if you don't get a VALID KNOWN RESULT).

4.) Reboot to Recovery Console again

5.) Use the fixmbr command to refresh the HDD's bootsector with a valid one

---

DONE! vs. MOST rootkits...

* That is, provided that the driver itself does NOT protect the registry area that disable affects (because it does NOT take effect until next bootup & if a driver for a rootkit's designed to not only protect the bootsector, but also the registry load area for said bogus driver too).

LISTSVC will show ANY/ALL drivers &/or services a rootkit may employ!

(A serious, TRUE "rootkit"? It will utilize a driver, because a driver can deceive any Ring3/RPL3/Usermode app, even ProcessExplorer.exe - Another valuable tool for cleaning up malware rootkits may "haul in" to operate, say, a botnet or for other nefarious machinations, by using its DLL Pane view mode to see if any "hidden" processes are running hooked by DLL injection (libs) under running apps OR services, via API call intercepts)).

DISABLE cuts them off ("head them off @ the pass", more-or-less) - bear in mind, this ONLY TAKES after a reboot though (rewrites driver init. areas in the registry).

FIXMBR rewrites MBR$ (master boot record) & fixes the bootsector (should the rootkit employ this means of infestation/infection).

* AGAIN/IMPORTANT - Bear in mind that rootkits of "more modern design" can use a "blended threat" combination of the above (which IS what the "indestructable rootkit" a few weeks ago used, & this method? Destroys the "undestroyable"... easily!)

APK

P.S.=> NOW, should the rootkit employ a "patched bogus .sys driver file" of an actual system image file (usually one oriented to File/Disk I-O usually, think atapi.sys/disk.sys usually), instead?

No problem there either!

It's really just a bit more "sleuth work" using listsvc really, if not already knowing the bogus driver's name in question!

(Because most of the time, bogus drivers DO NOT keep a "description field", however also, keep in mind, SOME LEGIT ONES ARE THIS WAY TOO!)

Yes, it helps to KNOW the bogus driver file name involved too (in the case of the "indestructable rootkit" above from a few weeks ago, it was hello_tt.sys)...

I.E. -> THEN, You'd 1st copy LEGIT ones from the OEM CD you're using, to a CD read only media for overwrite of the bogus patched OS driver files...

(Because by default, RC bootups allow access to the CD/DVD for install itself, as well as %WinDir% &/or %SystemRoot%, which you CAN ALTER for more via secpol.msc OR gpedit.msc mind you IF needed)

OR BETTER YET

Open up Service Pack files &/or hotfixes for more current better ones!

(WinRar can do this, so can hotfix/servicepack commandline switches IF needed)

Also - folders beneath Windows itself via Windows System/File Protection do so as well as yet another valid alternate possible source, but inviolate read-only CD/DVD media is preferred, or a servicepack/hotfix compressed file as first noted...

You can then use the COPY command from Recovery Console to OVERWRITE replace the bogus one either from drivers from the OEM install Windows media on CD/DVD, or, from a copy of an updated real driver from MS on a CD copy you made... per instructions below! DEL RC command can work too, & COPY afterwards...

(Don't worry - Drivers do NOT PAGE THEMSELVES once in memory, like ordinary executables do (which is WHY folks see Windows paging still, even IF no pagefile.sys is present when monitoring for paging activities))

Thus, it should not be "locked vs. access" @ that point - that is, unless it has been programmed to PROTECT ITSELF vs. overwrite, or protecting not only say, the bogus MBR$, but also its registry driver init. areas... this will make them pretty much, TRULY, "indestructable, imo!

(Again - The ONLY fear(s) I have are trojan rootkit drivers that protects registry driver loads/initializations areas, &/or protecting themselves from overwrite)

However - I haven't seen that, not YET @ least, but... if it happens? "HOUSTON WE HAVE A PROBLEM!" (& it's "nuke it from orbit" @ that point quite possibly!)

Now - To "mop up" ANY ring3/rpl3/usermode malware they may "haul in" also, which the "indestructible rootkit/botnet" did for example?

Well... ProcessExplorer works!

(With DLL view mode pane enabled, to see if any running processes or services are bogus, as well as being "hooked" via bogus lib/dll injections)

See - because once you "knock-the-chocolate" out of the rootkit running in Ring 0/RPL 0/kernelmode?? Nothing can deceive ProcessExplorer (via API call intercepts), & IT CAN SEE INTO ANYTHING IN USERMODE!

Yes, even a program loaded into memory - an almost "in-memory disassembly/dump" is possible too...

Yes - it's a "never fail" tool vs. signatures-based antivirus programs when their ID & remove methods fail or don't exist... (& their heuristics too, which do get "false positives" also @ times + are NOT set "on by default" or "to-the-max" by default usually either))

... apk

No. (0)

unity100 (970058) | more than 3 years ago | (#36939684)

A lot of people use xp sp2 because sp3 doesnt bring much to the table, despite causing numerous issues with the computer (granted, most of them are fixed) and a lot of programs out there.

in addition, sp2 has a reputation in gaming circles to be the most bloat-free windows version to be used in gaming. and you will find that xp pro sp2 is still highly ranked in downloads in warez sites. (pro has message queueing, which is used to reduce latency in online games by gamers) moreover, there are special modified or slipstreamed xp sp2 versions in such sites - stripped of even more bloat, and reduced to core components needed for gaming.

a lot of people who run windows 7, download these xp sp2 versions just to use them with games apparently, judging from the posts in the discussions under those files.

so go figure.

Re:No. (2)

Grave (8234) | more than 3 years ago | (#36939896)

Ah, yes, because using an insecure, malware-prone OS for gaming makes sense. Nothing like being part of a botnet, having your credit card and personal information stolen, and getting your gaming accounts hacked in order to shave 5ms off your ping and gain 10fps. Your hardware is going to have a vastly bigger impact on gaming performance than your OS, and frankly I'm not clear what gaming "circles" are, in 2011, wanting to use XP SP2 anymore unless they are using outdated hardware.

I think the bulk of these SP2 installations are going to be corporate users who are wiping brand new systems with Windows 7 and installing an ancient corporate image. You would think that security concerns would make it worthwhile to update badly written software that is broken by OS vulnerability patches, but that's just "not in the budget" for a lot of companies.

Re:No. (1)

unity100 (970058) | more than 3 years ago | (#36939972)

yes it makes sense. 'security' is not the word of the day when you are gaming. 'fps' and 'ping' are. so, you got that right. there are people who are trying to gain 5 fps over 110 fps. foolish ? for you maybe. for them, it is their thing.

sp3 is malware? (0)

Anonymous Coward | more than 3 years ago | (#36939700)

at least that is what it seems like after you install it.
my pc slowed to a crawl after i installed that patch

"counterfeits" (2)

caseih (160668) | more than 3 years ago | (#36939712)

It always bugs me to hear people use "counterfeit" when talking about illegally copied or distributed software. Do people not understand what these words mean? Apparently not, since we're still talking about "piracy" in a non-piracy sense.

If someone in China were to dress up Linux to look like Windows and sell it as if it were MS Windows, that'd be counterfeit. But so-called "pirated" Windows XP installations are not counterfeit, obviously. I guess it's all about manipulating public thought. Is your copy of windows "genuine?" The thought is quite silly if you think about it. Of course it is genuine. It's windows isn't it? Legal copy? That's the real question. Genuine advantage indeed.

Re:"counterfeits" (1)

Anonymous Coward | more than 3 years ago | (#36939802)

If someone sells you XP purporting it to be legitimate, and you believe them, then you could say they sold you a "counterfeit" copy of the OS. If you buy it from them knowing it's an illegal copy, that follows the more traditional understanding of "piracy" in the copyright sense. People who go to China and buy 500 DVDs for $10 know that they're illegal copies. They are actively participating in "piracy".

As for home users how just download things for their personal use and no money exchanges hands, that does not follow the traditional definition of "piracy" and I prefer to use the term "copyright infringement" for that activity.

Re:"counterfeits" (2)

bigtrike (904535) | more than 3 years ago | (#36939988)

The CDs are made to look like the ones from Microsoft, complete with fake holograms. How is that not a counterfeit?

Re:"counterfeits" (1)

Anonymous Coward | more than 3 years ago | (#36940326)

The CDs are made to look like the ones from Microsoft, complete with fake holograms. How is that not a counterfeit?

Because that's not the kind of Windows XP installs they're talking about and you know it! If you had a "counterfeit" copy under your description - complete with fake CD and holograms - why would you not have updated past SP2 ? That's right - because the only reason to "avoid updates" (even though, as has been mentioned, you don't HAVE to) is because they know it is fake (copy of their friend's CD plus a code/patch from the Internet) and they think that they'll be found out if they update.

Nice try though.

This was about as useful as the recent study ... (0)

Anonymous Coward | more than 3 years ago | (#36939762)

on IQ of various browser users. It was shown that MSIE users rate well below 100, which to non-Windows user, was already well known and understood. Of course XP is rooted. Has been all along inspite of what MS and their idiot users claim. I see it on my logs. I see it everytime somebody ask for help on their windows boxes. Personally, I think that window losers should be able to claim insanity and stupidity on such crimes as copyright theft.

New computers are CHEAP! (0)

Redneck_Moron (1992422) | more than 3 years ago | (#36939770)

For most of the people out there running XP (not all) your machine is an antique. I don't care if it's "only 5 years old" it's ancient. The idea of people complaining about the cost of an OS upgrade is ludicrous. Shop around, you will probably find a machine that is miles faster than your current computer for less than $400. And if you can't afford that, maybe you shouldn't be sitting around using a computer.

Re:New computers are CHEAP! (0)

Anonymous Coward | more than 3 years ago | (#36939870)

I suppose you do not understand that US$400 is more than much of the world's population earns in an entire year. People hang on to older computers because they have no desire to upgrade or because they cannot afford to. How many GHz should a person need to send email and word process? 2? 10? 200?

Re:New computers are CHEAP! (1)

eepok (545733) | more than 3 years ago | (#36939930)

Just a quick note: Those sub-$400 computers frequently come with at least two of the following variables:

(1) No monitor
(2) Onboard Video
(3) 3GB or less RAM with Windows 7 booting up to 1.8GB RAM used.
(4) Sub-300w power supply (OK for greener computer, Bad for video cards)
(5) Bad computer case (either flashy buttons stacked on actual buttons, severe space limitations, etc.)

Re:New computers are CHEAP! (1)

couchslug (175151) | more than 3 years ago | (#36940020)

PCs are vital nowadays, and most of the world can't casually shell out 400 bucks.

I can, but I know MANY folks who can't, including people with large families who need multiple PCs for their kids.

Re:New computers are CHEAP! (1)

ShipiboConibo (808524) | more than 3 years ago | (#36940342)

Some people rarely ever see $400 dollars that could be justifiably spent on a new PC. Yet they may have some ancient XP disc lying around. Not to mention it does run far better on old hardware. Determined people get things done with what they have.

W7 less secure than XP? (2, Interesting)

no-body (127863) | more than 3 years ago | (#36939774)

> Windows XP computers are infected with rootkits out of proportion to the operating system's market share

This statement lacks considering time the OS are in use:

XP 11 years - since 2001
W7 2 years - since 2009

So, with 2 years W7 gathered 12 % of infections having 31 % market share, that's 6 % infections/year
and 11 years of XP gathered 74 % of infections having 58 % market share, that's 6.7 % infections/year

Since market share started from 0, let's assume linear increase of market share since release and use W7 with 16.5 % and XP with 37 % average market share over time.

W7 gets 6 % infections/year with 16.5 % market share and XP 6.7 % infections/year with 37 % market share.

Which give factors for W7 0.37 and XP 0.18 infections/year/market share.

W7 more secure? Fat chance!

Re:W7 less secure than XP? (0)

Anonymous Coward | more than 3 years ago | (#36939990)

your maths sucks

Sounds logical to me (1)

houghi (78078) | more than 3 years ago | (#36939844)

The machines are longer online, so they had more time of being infected. They will be less likely to have users who are tech savy and want to run the latest. As they are less tech savy, they will know less on how to protect themselves.

Frost pisT (-1)

Anonymous Coward | more than 3 years ago | (#36939848)

what better way... (0)

Anonymous Coward | more than 3 years ago | (#36939872)

to force the upgrade of MicroScam softwarez.

alternative explanation (1)

Anonymous Coward | more than 3 years ago | (#36939906)

Most of the XP installations are probably OEM, and people never upgrade them because they're typical Windows users, they're afraid of "breaking something" or they don't have admin rights because they lost the password or got the computer from someone else. The fact that you have to reinstall everything from scratch and might lose your software licenses keeps many people (including myself) from installing Windows 7. Rootkits on XP might be overrepresented simply because XP systems have been running for a longer time, and if the user can't patch them for lack of admin rights they have a bigger chance of getting infected over time.

The notion that you can't easily get cracked XP-SP3 or 7 is bullshit btw.

Re:alternative explanation (1)

couchslug (175151) | more than 3 years ago | (#36940044)

"might lose your software licenses keeps many people (including myself) from installing Windows 7."

Keyfinders are your friend.

So are VMs. I have XP and 7 running in Virtualbox, and if anything malfunctions I can revert to a Snapshot.

And a jolly good thing, too (1)

petes_PoV (912422) | more than 3 years ago | (#36939914)

If all PCs were fixed so they didn't catch or pass on viruses what would all the "security" companies do for a living? Maybe instead of spreading FUD they should just step up a gear. Since this survey has identified a nice big market (i.e. out of support/illegal and therefore un-upgradable O/S's) why don't they stop bleating and start creating products to satisfy this demand?

Re:And a jolly good thing, too (1)

Urkki (668283) | more than 3 years ago | (#36940300)

Yeah! The vast potential of customers who don't like to pay for their software, that market is totally untapped!

No, wait, I think the malware business has that market covered and monetized pretty good, actually. And some of those companies specialize in spreading their own anti-malware kits too. I think it'll be really hard to enter that market for legitimate anti-malware companies.

Auto-update failure keeps people at SP2 (5, Informative)

osu-neko (2604) | more than 3 years ago | (#36940046)

I was running SP2 until a couple months ago because Windows Update failed to update me to SP3. It turns out that if you had upgraded Internet Explorer to some version under SP2 (IE8?), it would not upgrade to SP3 because doing so would break the downgrade process (you could upgrade to SP3 flawlessly, but if you tried to downgrade back to SP2 it would break) unless you first downgraded IE before upgrading to SP3. Therefore, SP3 would not be listed in Windows Update, and it would not tell you that it was hiding the upgrade, or why. Utterly idiotic. I assume a lot of people are still running SP2 not because their using an unlicensed version, but precisely because, like me, they have a legit installation, but just don't know SP3 was out and being hidden from them, with Windows Update cheerfully telling them every week that their system is perfectly up to date.

Interesting ... (1, Interesting)

garry_g (106621) | more than 3 years ago | (#36940050)

... so in spite of the (supposed) improved security of Win7 and the (in comparison) short time it has been around, a quarter of all infections are on Win7?
While it is understandable that the decade old OS is easier to attack, this is definitely no good track record for Win7 ...

When was the last time you reinstalled XP? (1)

AftanGustur (7715) | more than 3 years ago | (#36940108)

One major contributing factor for infected XP machines to stay infected is that users don't get installation CDs any longer.

Microsoft changed the license years ago so buyers of brand new PCs really don't have any choice, if they want to reinstall their machines, other than taking them back to the shop (and spend $$$) or install a pirated version.

Yep (1)

roc97007 (608802) | more than 3 years ago | (#36940124)

So everyone go out right now and pay the $139 for Windows Home Premium. I'll wait...

(This should cause a measurable bump in the economy. Any moment now...)

Why are we debating this? (1)

ShipiboConibo (808524) | more than 3 years ago | (#36940294)

This is clearly a misuse of statistics for the purpose of piracy propaganda. As others have pointed out, XP has simply been around much longer. It hasn't been long since it was the standard OS on new machines. It was also the last of the OS's to be included as physical media with a new PC (most new PC's just have a restore partition these days, last I checked). Oh, and in my experience XP runs better on low-resource virtualization setups than Windows 7... ESPECIALLY if you avoid SP3! Come on gang, lets not play in to this loaded debate.

Confirmation Bias? (2)

asdf7890 (1518587) | more than 3 years ago | (#36940350)

Could there be some confirmation bias that is clouding the true meaning of the collected stats?

It may not just be that the the remaining XP users are less careful/knowledgable/what-ever on average so aren't fully patched with service packs and so forth either by choice or ignorance. A lot of those XP installs have been around a long time, so have had a much longer period (compared to the average Windows 7 or Vista install) in which they could have been exposed to malware.

Many of the installs not properly patched up with security updates could be a symptom of this, rather than a cause, as there are plenty of examples of malware that block some or all updates from being installed (either accidentally due to the damage they do while hacking their way in, or deliberately as a self preservation measure).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?