ArsTechnica posted an article about malware. It described how hackers and malware companies have altered their delivery and execution of malware over the course of the last few years. It also went into some of economic aspects of malware distribution and the reason its still a popular choice for hackers.
I’d like to discuss the topmost reason malware still exhibits a problem for both home and corporate users. Microsoft Windows. Secure Computing has some statistics about malware, collected during specified date ranges. The report dated 8/01/07 to 8/31/07 shows some interesting figures. Ninety-seven percent of the new malware found is in the form of Windows Executable code. From my point of view, two things are causing this. And I will explain both.
Hackers are usually efficient, especially when there is money to be made. Therefore, they spend most of their time trying to come up with ways to circumvent Windows security measures in order to gain access and build a botnet, or flash adverts up on someone’s screen. So, since so many people around the world use Microsoft Windows the hackers have focused on that family of operating systems in order to maximize their efficiency. Could this be an inherit flaw in the Windows architecture? Maybe. That leads me to the next cause.
Windows has never been known to be the most secure, most stable, best performing operating system in existance. Unfortunately, its what most everyone uses on a daily basis. Its easy to use and comes with just about every new computer, so the installed base of Windows has gotten so large that its sustaining itself as the market leader in operating systems. Everyone knows how to use it, so they keep using it. This is good for hackers as stated above because they can write one version of their malware code and expect it to run on pretty much 75+% of all the computers out there. But, how do they get it to run on all those computers without being detected? Easy. Flaws in Windows have been around for a while. Once one is found, the hacking community jumps on it, adding the vulnerability to their list of ways to get into your computer. But why does this happen? Shouldn’t Microsoft be able to release patches that help to deter these nasty little bugs? Well sure, if their kernel were easy to change and they weren’t worried about breaking compatibility with the millions of programs written for it. Microsoft doesn’t like to change their underlying code too much, in fears it will break so much more. But, with that thought, they are running 10 year old code are the core of their operating system. There are bound to be alot of bugs that no one would have thought of 10 years ago that have slowly crept up and are being found and exploited by the hacking community.
Its all about the exploits. And at the same time, its all about the market share. I’m sure OS X and Linux aren’t as secure as people think it is. Its just that sight hasn’t been shifting away from Windows because its still so easy to exploit and it reaches so many people. Now, OS X is slowly creeping up the ladder of market share. As of October, 2007, Windows XP has 79% of the OS share. Windows Vista has 8%, Windows 98 and Windows 200 take up another 4%. That’s 91% of the computer polled. 6.5% of computer run OS X, with the remainder listed as “Other.” So, with 91% of the market share, its no wonder hackers are jumping on the chance to write malware capable of being run on those computers, especially since its so, relatively, simple to bypass the “security features” that have been band-aided together in the form of an Operating System.
But what can be done in order to combat this problem? Well, for now users can be education on how to install, configure, and update Anti-virus, Anti-Malware, and Anti-spyware software on current versions of Windows. As for the long term goal, Microsoft should go back to the basics and either plug all the security holes that these malware software are utilizing, or through out their current codebase and start from scratch.
I’ll save the politics of spyware for another article.
