From now on
I will use only Microsoft.com (and never use any Microsoft products) I will be safe now, I hope.
Web-based attacks are on the rise, but according to Microsoft security researchers, the risks involved with casual browsing are nothing compared to the dangers of downloading and sharing illicit software, videos, music, and other media. In the latest edition of the Microsoft Security Intelligence Report, published on Monday, …
Microsoft disappointed that numbers of Win8 pirate copies are down 95% compared to XP, Vista and Win7.
An insider reported that while Microsoft publicly claim that the reason behind this are the anti piracy and security measures built in to the program, the truth is somewhat different.
There are concerns from on high that they have got it wrong, that the release will fail and that the lack of piracy interest is down to the unpopularity of Win8.
Just to be pedantic, saying that one category of user is at high risk doesn't necessarily indicate that no other category is at risk.
For that matter, saying that category is at a higher risk doesn't necessarily indicate that any other category is at risk. A probabability of 0.1 is still higher than 0.
So, both title were correct, but yours doesn't imply what you thought.
Yeah, and London is more secure from terrorists than New York City because London has never had a plane crashed into one of its buildings. Essentially this is what you are saying: The system that is targeted more because more people use it is less safe than the system that is targeted less. Every complex system has its weaknesses. If Mac was the dominant PC, then it would have the same problems with malware as Windows. The same with Linux. If Linux truly was secure, there would be no need to antivirus programs for my Android phone.
Although Linux based, Andrdoid is not Linux. And the fact that you are running an anti-virus on it is also not relevant since there are people who were tricked into buying and running anti-virus on Linux. In the end, maybe Mac and Linux could be vulnerable some day while Windows certainly has been all the time. And it still is. I mean like now. Just count the malware titles having "Win32/" in their names and you'll be able to see it with your eyes.
@Wade
The system that is targeted more because more people use it is less safe than the system that is targeted less.
Not necessarily true. It's quite possible that an OS that is targeted less could still be less safe than one which is targeted more. All that can accurately be said is that you are more likely to encounter malware aimed at the OS that is targeted less. It doesn't necessarily make you less safe though (for example, if the vendor is quick at releasing security patches).
If Linux truly was secure, there would be no need to antivirus programs for my Android phone.
Someone else has already pointed out the issue with comparison to Android, so I'll skip that bit. But ask yourself, if I told you BenOS was 'truly secure' would you run it without ever checking for malware? Not necessarily an 'on-access' scanner, but perhaps a cursory check every now and then? I wouldn't and I don't think anyone with a modicum of sense would - in other words the availability/use of AV is a really poor measuring stick as it usually pays to be careful regardless of what you're running
That was about equal parts Captain Obvious martial and pure nonsense. Okay, yes malware is sometimes disguised as warez (does anyone still use that term?). But to start with, classifying a key generator as malware is clearly nothing but propaganda. And the fact that they're even collecting data on it with a supposedly anti-malware, not anti-piracy, product strikes me as unethical.
But more importantly, their statistics were unimpressive, and I suspect they knew it. If 83.2% of infected system do not show evidence of pirated software, then right off, they're not making a very strong case. When they say 76% of of system with evidence of pirated software also have malware, that's starting to sound interesting, but they never clearly state how much higher than normal that is. And considering their expansive definition, it wouldn't surprise me at all if close to that percent of the general population had something "potentially unwanted".
"But to start with, classifying a key generator as malware is clearly nothing but propaganda. And the fact that they're even collecting data on it with a supposedly anti-malware, not anti-piracy, product strikes me as unethical."
I hope that didn't strike you too hard. As far as I recall, the click-through licence for the "Malicious Software Removal Tool"
www.microsoft.com/security/pc-security/malware-removal.aspx
which you see at least the first time you install it, authorizes Microsoft to delete anything on your PC that they don't like. So you may want to think twice about that.
The stats being discussed were clearly taken from installs of MS Security Essentials (and possibly Forefront) which requires user permission to report detections back to MS, it is clearly stated when you install the program and is easily turned off with a single checkbox.
I fail to see anything unethical here.
I fail to see anything unethical here
I suspect the OP's point was that classifying something harmless (to your machine/data) as malware just so you can report back is unethical. Some keygen's carry malware, but not all do, so if those that don't are being reported back it's a bit of an issue.
That said, my post was more in response to the previous poster who implied it was ethical because it was in the terms and conditions.
Y'mean, like people who actually paid for stuff aren't at any risk? Are you guys sure that those "Microsoft Security Researchers" didn't issue that statement as some kind of prank, or a troll, or something?
Microsoft Security Intelligence Report? Trustworthy Computing Group? Christ, somebody tie me to a railroad track...
What about the people who pay for legit programs from the store, and have the CD riddled with malware?
I've had it in the past a stamped CD infected with a virus before. That's not counting Symantec or McAfee software which have done more damage than most malware strains I've seen to the computers.
"Win32/Keygen, in particular, was the most frequently detected potential threat across every version of Windows studied."
1) Download software from legit site
2) Find keygen. Run in a sandbox to get a serial number while blocking any potential side effects
3) Run installer, input serial
I've got a box full of bootleg CD installers. Never had a single infection from any. And a lot less hassle than from the legal software with its incessant nagging to upgrade and phoning home.
Warez sites have feedback and forums and infected stuff is reported pretty quickly and blacklisted. A lot quicker than MS will admit they have a problem
I'm not addressing any moral issues, just the bullshit equation of warez with viruses that these "surveys" by software vendors always make. I think the major malware vector is the browser by far, and MIcrosoft's IE led the way in making that easy.
"I've got a box full of bootleg CD installers. Never had a single infection from any. And a lot less hassle than from the legal software with its incessant nagging to upgrade and phoning home."
So, what you are saying is that you steal stuff and cover your tracks so that you are {hopefully} protected from any nasty side effects of your illegal activity.
If you can't afford to pay for something, find an open source equivalent.
This post has been deleted by its author
"So, what you are saying is that you steal stuff and cover your tracks so that you are {hopefully} protected from any nasty side effects of your illegal activity."
I think they are saying that they infringe the copyright license, I don't think they are stealing anything. Not that that makes it any better. Of course, they could have a legit copy and are using the bootleg to by-pass all the DRM nonsense that gets in the way of a decent playing experience.
"If you can't afford to pay for something, find an open source equivalent."
Open Sources (and even Free Software) are not always zero-cost. I agree with the sentiment; don't consume or simply wait for the price to come down. That game? It'll be in the bargain bucket soon enough, and if it's a good game it'll still be a good game.
You're mixing freeware with free software. Nothing in the license of free and open source software says anything about cost of that software (except maybe for distribution costs). It is all about the freedoms being granted to you by the person/organization distributing the software.
"so the main threat is a false positive heuristic detection based on filename?" -- No, those files are categorised as "KeyGens", in that, they generate illicit keys for software and get detected as mal-ware because their use is harmful to the software makers business not your PC itself.
Bad form replying to myself, I know; but...
"A category of malware called ASX/Wimad can disguise itself as a number of popular media file formats – including MP3, AVI, and WMV, among others – and exploit a Windows Media Player bug to download a malware payload."
HAHAHA! Own goal from Microsoft there.
"HAHAHA! Own goal from Microsoft there."
Why "HAHAHA!" ? Every infected PC is a victory from criminals that rip others off or use the infected machine to spam you or DDOS businesses. Activity that costs us all either directly or indirectly. Why celebrate when a flaw is found in an OS or piece of software? You're basically a football fan for companies, aren't you?
Yes, it does cost us, directly and indirectly, and you know what? I've never received a check from Microsoft paying me back for the time I've spent fixing their mistake.
If you have a name and address I can send an invoice to, please forward it to The Register. I'm sure they'll send it on to me.
You don't get the irony of Microsoft warning people about -and it was in the first paragraph- about the dangers of music and video files when the main dangers are both the fault of Microsoft software?
1) The only malware named in the article that would give you a dose was not either a music or video file; but a file that exploits Windows Media Player to get in.
2) As Rattus Rattus points out, the default setting of Windows is to hide file extensions; which helps miscreants no end.
3) Of course, the browser can be javascripted into downloading naughtyware; but that could happen to any browser.
The main dangers to iffy films and music then are Microsoft-generated. I was laughing at the hypocrisy of the warning; not at the victims. And for the record I have no particular axe to grind with any company (except, possibly Sony) and am using Windows to type this.
"Preying on the desire to 'get a good deal' is a form of social engineering that has been around for a long time, but it's proving to be a perennially popular method for malware distributors," writes Joe Blackbird of Microsoft Malware Protection Center."
Indeed, I've seen many a new computer come pre-installed with what at first appears to be a free OS.
if companies like Microsoft and Adobe deliberately release malware-infected versions of their products onto bittorrent sites, 1) to give their "pirated products always contain malware" claims credence and 2) more likely, to allow them to track and trace people pirating their software.
Like the shills that claim in the comments on torrent sites "OMG this torrent has a VIRUS!!!!1one!1!" for one that actually doesn't, or alternatively "All those claiming there's a virus in this are LYING!!!1one!" for one that they've planted that does.
As with anything in life, use your head and take your chances.
Now, before I continue let me stress out that this isn't a black/white kind of situation and I'm not 'attacking' Microsoft over this because I can fully understand why they're doing what they do.
Microsoft fights software pirates and I can respect that. I don't always agree with it but in the end I do think one can only respect if a company tries to protect its income. However; there's one thing which I think doesn't do them much credit and only puts the Net as a whole at risk.
Because Microsoft has a tendency to block off pirated (illegal) computers from receiving (security) updates. I can understand that MS doesn't want "freeloaders" to usurp their services, ones which regular customers pay for (keep well in mind that keeping an OS updated for years isn't an easy nor cheap task). However; the other side of the medal is that many of these illegal users simply decide to turn off security updates and leave it at that, thus forming a potential risk for others. After all; who knows what could be happening on those boxes?
Its the one policy I think Microsoft should change. Supply global security updates, no matter the state of the OS ((il)legal or not), so that at the very least you don't risk a large dose of infected Window PC's. Apart from that MS should do everything in their power to block these illegal copies. For example by blocking them as they do now (at one time I even had a customer coming in to ask "how to get rid of that weird black background....", well; duh!).
But please make sure that even these illegal copies are up to date where security is concerned before you had a chance to lock them out! I'm pretty sure it could reduce quite a bit of problems.
I'm pretty sure I read once that MS are accepting of piracy because it means that there is ground-roots support for their product, which means when those people who were too poor/tight to pay for the OS get into a business environment the business has to use MS because it's all most people know.
It is strange how people like to blame Windows(Microsoft) for these problems.
If a user downloads a malicious software (often against the advice of the browser) and runs it against the advice of User Account Control and proceeds to infect their computer, it's not Microsoft's fault in any way.
"classifying a key generator as malware is clearly nothing but propaganda"
Unless executing that keygen happens to install a trojan? Basic logic, if someone wants something for free, they will download a keygen, so if an attacker wants control of a PC, offer a keygen with payload.
It is strange how people like to blame Windows(Microsoft) for these problems.
If a user downloads a malicious software (often against the advice of the browser) and runs it against the advice of User Account Control and proceeds to infect their computer, it's not Microsoft's fault in any way.
Indeed, but if they download a movie, run it and find that it contains a payload designed to exploit a weakness in Windows Media Player, I'd say the ball is firmly in Microsoft's court in that instance.
classifying a key generator as malware is clearly nothing but propaganda
You're both right, simply classifying any keygen as malware is propaganda. If on the other hand, certain generators include a payload then it's malware. I'm sure the two could probably be seperated in the stats, but then it's not very convenient is it?
The fact is nobody "buys" Windows. Any version. If anyone spend a little time reading the EULA it is clear that you are just licensing Windows (insert version here) from Microsoft. So it can stop working at any time. This also goes for every proprietary software out there.
Speaking of "piracy" when the EULA claim you are buying license for the software does not add up. The actual terms is that people are running unlicensed software. That is not piracy as the greedy CEO types it is. But I do not see how copying files is piracy to start with.
Then there is the fact some television shows are not released for Europe. Same goes for many movies.
As for malware infections. Microsoft have them self to blame. As Windows is based on poor technology. Since it is made for profit and not security.
I only run games on my licensed copy of Windows XP. Not going to move to Windows 7 until I get a new gaming PC. If it comes with Windows 8. I am going to delete it and install Windows XP.
"Web-based attacks [on Windows] are on the rise, but according to Microsoft security researchers, the risks involved with casual browsing [under Windows] are nothing compared to the dangers of downloading [to Windows] and sharing illicit software, videos, music, and other media".