infection rate: xp vs w7

Hi All,

You guys see this?

http://www.forbes.com/sites/gordonke...ays-microsoft/


Sort of makes you think about the accuracy of "conventional wisdom".

-T

On 12/21/2014 04:23 PM, Todd wrote:
Hi All,

You guys see this?

http://www.forbes.com/sites/gordonke...ays-microsoft/



Sort of makes you think about the accuracy of "conventional wisdom".

-T



Interestingly enough I am getting more infected machines from Win7 users
than I am from XP users...but it seems to be related mostly to the
person's browsing habits

On 12/21/2014 02:46 PM, philo wrote:
On 12/21/2014 04:23 PM, Todd wrote:
Hi All,

You guys see this?

http://www.forbes.com/sites/gordonke...ays-microsoft/




Sort of makes you think about the accuracy of "conventional wisdom".

-T



Interestingly enough I am getting more infected machines from Win7 users
than I am from XP users...but it seems to be related mostly to the
person's browsing habits

1+

Todd wrote:

You guys see this?
http://www.forbes.com/sites/gordonke...ays-microsoft/

Sort of makes you think about the accuracy of "conventional wisdom".

Looks more like the effect of statistics on a bigger audience along with
targeting by the malcontents at the bigger audience.

http://en.wikipedia.org/wiki/Usage_s...rating_systems

Windows 7 is the target favored because it has more users. Vista looks
good in your article because, gee, not a lot of users there so a pitiful
OS segment to target. While not quite as bad as Vista, XP (has become)
and 8 are also low-volume targets.

If you're a terrorist and have a batch of Anthrax, do you mail your
white powder letters to residents of some hick town in the middle of
nowhere or to residents in a large metropolis?

On 12/21/2014 07:28 PM, VanguardLH wrote:
Todd wrote:

You guys see this?
http://www.forbes.com/sites/gordonke...ays-microsoft/

Sort of makes you think about the accuracy of "conventional wisdom".

Looks more like the effect of statistics on a bigger audience along with
targeting by the malcontents at the bigger audience.

http://en.wikipedia.org/wiki/Usage_s...rating_systems

Windows 7 is the target favored because it has more users. Vista looks
good in your article because, gee, not a lot of users there so a pitiful
OS segment to target. While not quite as bad as Vista, XP (has become)
and 8 are also low-volume targets.

If you're a terrorist and have a batch of Anthrax, do you mail your
white powder letters to residents of some hick town in the middle of
nowhere or to residents in a large metropolis?


HI Vanguard,

Great analysis. I would add that ease of infection is
also a factor.

And, if you are looking for "security through obscurity",
you would want to avoid those operating systems that are
high on the bad guys list. Linux and Mac would qualify.
iOS seems to be off the bad guys radar too, although
it is not very obscure anymore.

Plus I would guess Android would be on the top of there
list too, especially since it "seems" to be easy to hack.

My favorite hack of all time is an Android hack:

http://www.intomobile.com/2013/08/06...vulnerability/

"Attackers could cause the unit to unexpectedly
open/close the lid, activate bidet or air-dry functions,
causing discomfort or distress to user."

But for "easy of hack", Windows still seems to be the choice.
And as Philo points out, their browsing habits have a lot
to do with it.

As a PCI tester, I have to second Philo big time. I spend
endless hours tightening things up that will probably never
be attacked. The PCI standards don't really address where
the attack will typically come from: your browsing and
eMail habits, which are insane to have on a Point of
Sale system. One has to remember that the bad guys are
by definition "lazy". They go for the easiest entry point,
which gets back to Philo's point.

-T

On Sun, 21 Dec 2014 16:46:04 -0600, philo* wrote:

On 12/21/2014 04:23 PM, Todd wrote:
Hi All,

You guys see this? http://www.forbes.com/sites/gordonke...ays-microsoft/


Sort of makes you think about the accuracy of "conventional
wisdom".

-T

Interestingly enough I am getting more infected machines from Win7 users
than I am from XP users...but it seems to be related mostly to the
person's browsing habits

Correlation is not the same as causality.

mechanic wrote:
On Sun, 21 Dec 2014 16:46:04 -0600, philo wrote:

On 12/21/2014 04:23 PM, Todd wrote:
Hi All,

You guys see this? http://www.forbes.com/sites/gordonkelly/2014/05/12/
windows-7-and-windows-vista-more-at-risk-to-viruses-than-windows-xp-says-microsoft/

Sort of makes you think about the accuracy of "conventional
wisdom".

-T
Interestingly enough I am getting more infected machines from Win7 users
than I am from XP users...but it seems to be related mostly to the
person's browsing habits

Correlation is not the same as causality.

The numbers in the graphs, don't differ enough
to form a cheering squad. The OS still has all its
attack surfaces (they didn't get rid of ActiveX).

If would have been more interesting, to see how much improvement comes
from using ASLR (turned on by EMET). And whether the infection rate
drops or not.

http://en.wikipedia.org/wiki/Address..._randomization

Paul

Paul wrote:

If would have been more interesting, to see how much improvement comes
from using ASLR (turned on by EMET). And whether the infection rate
drops or not.

http://en.wikipedia.org/wiki/Address..._randomization

ASLR is already in Windows 7; however, whether it gets used depends on
how an application was compiled (it they used the /DYNAMICBASE linker
flag). There was an update (http://support.microsoft.com/kb/2639308) to
force ASLR on apps not compiled to use it. Admittedly it is probably
easier to use EMET (although you'll have to figure out why some programs
misbehave to determine how to configure EMET) than doing registry edits.

ASLR is included in Windows 7. It's not available in Windows XP. You
can add more protection, like with an IPS (intrusion protection system)
software; e.g., EMET (make sure to get v5 although it is still
susceptible to many of the old [but minorly modified] attacks) or
MalwareBytes Anti-Exploit (which is out of beta but still causes too
many app crashes, like in Internet Explorer). Not all of EMET's
protections are usable under Windows XP. So you'd think with ASLR
included since Windows Vista that 7 would be less susceptible to attack
than Windows XP.

That's why it looks like the volume of users is affecting the stats
regarding infection: there's simply far more Win 7 users than XP users
so the numbers go up. The stats shown in the Forbes article are not
percentages but a volume count, so it's a misleading article. Also, I
suspect XP users abandoned Microsoft's security software (e.g.,
Defender, MSE) and long ago have prevanently moved to more robust
security software. The Forbes article doesn't mention what security
softwares were used on the PCs that they scanned. If the Win7 users
were just using what Microsoft gave them then, of course, they'd be more
susceptible to infection. We don't know what percentage of the scanned
PCs (none, some, or all of them) were end-user hosts or workstations
under a domain utilitizing enterprise-grade security.

There isn't sufficient information in the Forbes article to draw any
conclusion from those numbers. I scrolled through the Microsoft doc to
which Forbes referred but never saw the chart that Forbes put in their
article. So where did they get those stats? Did I miss in Microsoft's
report what Forbes claims is in there (for the chart that Forbes
showed)? I did see Microsoft's definition of "computers cleaned per
1000" was what their MSRT (Malicious Software Removal Tool) had
detected. That runs just once per month, gets loaded to run but
disappears afterward, and relies on the user to allow it to run (for
those that don't leave Windows configured to automatically download and
install updates or those that manually do the updates and accept
everything offered without reviewing the list). I would hardly rely on
a monthly scan by a Microsoft security program (MSRT) to tell me whether
I'm infected or not.

On 12/22/2014 2:11 PM, VanguardLH wrote:

There isn't sufficient information in the Forbes article to draw any
conclusion from those numbers. I scrolled through the Microsoft doc to
which Forbes referred but never saw the chart that Forbes put in their
article. So where did they get those stats?

The Microsoft doc referred to in the Forbes article is from May 2014.
The latest document (report number 17) is what's currently found when
you hit the the Forbes link. That report is from November 2014. Since
XP is no longer supported, it is no longer included in the reports. At
any rate, that explains why you couldn't find the chart in the
document - it's a different document.

Moe DeLoughan wrote:

On 12/22/2014 2:11 PM, VanguardLH wrote:

There isn't sufficient information in the Forbes article to draw any
conclusion from those numbers. I scrolled through the Microsoft doc to
which Forbes referred but never saw the chart that Forbes put in their
article. So where did they get those stats?

The Microsoft doc referred to in the Forbes article is from May 2014.
The latest document (report number 17) is what's currently found when
you hit the the Forbes link. That report is from November 2014. Since
XP is no longer supported, it is no longer included in the reports. At
any rate, that explains why you couldn't find the chart in the
document - it's a different document.

Same URL (http://www.microsoft.com/security/sir/default.aspx) but they
slide in the most recent SIR (Security Intelligence Report). ARGH!!!
Oh well, when I get some free time, I'll read the latest one.

On Sun, 21 Dec 2014 14:23:32 -0800, Todd wrote:

Hi All,

You guys see this?

http://www.forbes.com/sites/gordonke...7-and-windows-
vista-more-at-risk-to-viruses-than-windows-xp-says-microsoft/


Sort of makes you think about the accuracy of "conventional wisdom".

-T

It makes me wonder of what use is a post that tells me nothing, like was
AV software installed, what class of user are we talking about. I've been
using various flavours of windows for years and have never been infected
by a true virus. Of course, if you click on every link you can find and
respond to all email you might have a different story.

Todd wrote:
Hi All,

You guys see this?

http://www.forbes.com/sites/gordonke...ays-microsoft/



Sort of makes you think about the accuracy of "conventional wisdom".

-T
Duh...Convential wisdom is usually a pipe dream on something written 7
months ago. Data no longer significant and only for time sampled.

--
....winston
msft mvp consumer apps