Linked by David Adams on Thu 30th Sep 2010 20:38 UTC, submitted by fran
Bugs & Viruses "To mark the first anniversary of Microsoft Security Essentials, the company has released some sobering statistics it has gathered during the past year via the free anti-malware software. According to Microsoft, Security Essentials has been installed on 31 million computers worldwide. Out of that group, 27 million users reported malware infections during the year."
Thread beginning with comment 443341
To view parent comment, click here.
To read all comments associated with this story, please click here.
nt_jerkface
Member since:
2009-08-26

Not only is most malware installed voluntarily but there is still a huge problem with people having older versions of XP installed with updates off.

It's an easy numbers game for criminals to play, they don't even have to go poking around for holes.

Reply Parent Score: 2

lemur2 Member since:
2007-02-17

Not only is most malware installed voluntarily but there is still a huge problem with people having older versions of XP installed with updates off. It's an easy numbers game for criminals to play, they don't even have to go poking around for holes.


Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge.

Clicking "OK" is not enough.

Reply Parent Score: 1

darknexus Member since:
2008-07-15

Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge.

Clicking "OK" is not enough.


Hmm, as I recall that's exactly what the iPhone does now isn't it? We all know just how much we love that...
Repositories won't solve the problem. Openness won't solve the problem. Why? Because people don't care. They're not going to vet the software, and given how easy it is to add repositories in, say, Ubuntu, the paradigm will simply shift from "click this link" to "want some naked pictures? Just add this repository..." Next thing you know, you've got an infected glibc or worse. It's been verified all right... by the repository owner, who signed it with their gpg key which *you* validated when you added the repository! Do you really think malware writers won't think of that should this shift ever happen on a broad scale? They won't need to infect existing repositories. Most users will do anything they're told if told correctly, so they need only add *new* repositories. Again, social engineering, right out in the open.
So, how do we stop that? Only allow software to be installed from approved repositories? Wait though, isn't that exactly what we hate about the iPhone and Apple?
Bottom line: No matter what paradigm shift may happen, the malware will not be far behind. Package managers are superior, but they will not end the problem. They'll shift the delivery mechanism, but they'll only divert it not stop it.
There's only one way to stop this: user education. People need to stop treating their computers like magic boxes, get some common sense, and a little basic knowledge. They need to treat computers like tools, you have to know at least a little about how to keep them running well and how not to damage them.

Reply Parent Score: 4

nt_jerkface Member since:
2009-08-26

It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated privilege.


That isn't a viable solution due to all the existing third party software. I would also rather not see all software go through MS first.

Getting people off XP would make a huge difference. XP isn't secure enough by default and so many of those old installs are hopelessly infested and need to be reformatted.

Adobe reader needs to be dumped as well. It's a completely unnecessary security risk.

Reply Parent Score: 2