Next time some Windows guy tries to claim that he's "never had any malware"

[chas_m]

Show him this:

Microsoft says cybercrime bust frees 4.7 million infected PCs | Reuters

Key quote: ""Those victims are currently not aware they are infected."

This is the bigger problem, and this is the reason why its become a multi-billion dollar industry: the victims don't think they have a problem (and consequently don't do anything about it), but the harm these "zombie PCs" do is enormous.

4.7 million infected PCs may not sound like a lot, but this is half of the number of units that were infected ahead of Microsoft's seizure of No-IP domains temporarily last week, and this is just the machines infected through one network (and only some very specific malware).

The problem exists on easily an order of magnitude more computers than the ones MS is trying to go after at the moment.

Bottom line: Windows users may think they've been lucky, but in fact they probably haven't been. Sadly there's no Windows-based anti-malware software that even claims to catch everything, so there's little -- other than using the best one they can find -- that ordinary Windows users can do to help protect not just themselves, but everyone else on the Internet. One thing Windows users should consider is taking older machines that are no longer updated offline. It would really help.

[lclev]

The windows user who claims they have never been infected with malware is either not on the internet - at all - or is living in an alternate universe. I had to turn around and head back to work just today because I got a call that a user could not log on to their computer. Problem? They had downloaded something that had malware with it and the server locked it out. I had to fix the problem before they could log back on to the server shares.

It is very frustrating for me because supposedly they can not install anything yet somehow they manage it and I get stuck fixing the problem. There is nothing available that gets everything all the time. The amount of malware for windows is astronomical.

I have been pushing for a change over to apple computers but money is an issue. I can build or upgrade a windows computer a lot cheaper than what it cost to buy an iMac. Plus it is what they are use to and they are not big on learning a new OS.

I have added one iMac and one Macbook Pro so far. Those two computers are such a joy. They never need the attention the windows machines need. Oh, well, some day.

Lisa

[GrannySueSnaps]

I think there is one thing a lot of Windows users are unaware of, virus protection is one things malware is something else. I would imagine if you scanned any number of computers the majority would not have any malware software.

[lclev]

I guess it's all in how you define it. I use malware as a catch-all for viruses, trojans, bots, etc. That way I don't have to get technical. Actually, at work I just tell them they had a virus. Works for them.

I find we get more toolbar issues or changes to home page issues that redirect to places that get them blocked than any other problem.

Lisa

[Slydude]

I find we get more toolbar issues or changes to home page issues that redirect to places that get them blocked than any other problem.

Lisa

That does not surprise me at all. In less than a year I've had about eight instances of having to remove malware from boxes running Win XP, Win 7, and Win 8. There might have been more but I don't do it for a living and think twice about volunteering to do it. This kind of stuff tends to push my blood pressure through the roof.

In all of the cases the infestation was bad enough that getting on the Internet was impossible: The only browser was IE and that wouldn't open properly. In each case Malware Bytes found hundreds of suspicious things.

[Lifeisabeach]

I'm just going to copy/paste a comment I made a couple years ago (so much easier than re-typing this anecdote on my iPad!)

Years ago, when I was a regular Windows user, I was active on usenet in a PC support group. One week, we were in intense discussions about AV software. I had been reading up a lot on tests and reviews of AV software, and one thing that we had been recommending was to have two different AV software packages… one that actively scanned, a second one that you only ran on demand for a "second opinion". This came about because no single AV software was proven to catch everything. All them, without exception, missed some malware in independent tests.

So anyway, one regular was like "Well I'm fine with what I'm using. It gives me a clean scan every time, so it's doing its job just fine." I then said "How do you KNOW it's not missing anything? Just because it says you have no malware doesn't mean it's not overlooking any." So he thought about that, tried a second piece of AV software, and BAM! He had two pieces of malware running that his regular AV software (Norton or AVG i think) completely missed.

[Lifeisabeach]

I'd be curious to see a study done on Android phones. So many of those users think they are just too smart and savvy to get malware on their device, yet I doubt more than a insignificant minority are that sharp.

[lclev]

I'd be curious to see a study done on Android phones. So many of those users think they are just too smart and savvy to get malware on their device, yet I doubt more than a insignificant minority are that sharp.

I still have my Samsung Note II and I run Lookout on it. I just don't want to take the chance. The google and samsung app stores are not as well policed as the apple app store. Paranoid? Probably but I have spent too much time cleaning up messes to take the chance.

I am waiting for the iPhone 6 to come out and then I plan to take a walk on the wild side and ... gasp!... go anti-virus free!

Lisa

[Slydude]

@LB That reminds me of the Call For Help show that used to be on G4 Tech TV. At one point they connected a Windows box to the Internet and ran it for a period of time without being behind a router or using malware protection. After some time, maybe 30 days, they started checking things out. The box was not only littered with malware but it took 4 different programs to remove it all IIRC.

[Lifeisabeach]

@LB That reminds me of the Call For Help show that used to be on G4 Tech TV. At one point they connected a Windows box to the Internet and ran it for a period of time without being behind a router or using malware protection. After some time, maybe 30 days, they started checking things out. The box was not only littered with malware but it took 4 different programs to remove it all IIRC.

A couple years ago, I had a Windows VM compromised (can't remember if it was Win XP or 7 at the time). It was a browser hijacker, I believe. I literally have no idea how it even happened. I only had a couple programs on there, all from "trusted sources". I can honestly say that's the only time I've had malware in Windows. Well, actually there was the one time I deliberately put one on to see what it did exactly. THAT was a learning experience. LOL!

[chas_m]

Just to be clear about something: this is not about "ha ha stupid Windows users" or "I've never had malware."

This is about the FACT that most zombie-ware/botware/etc runs without the user being aware of it AT ALL. So you may THINK you're malware free because nothing you have or do is being affected, but that's NOT necessarily a sign of infection. A lot of this malware doesn't "face" the user or their stuff at all, it just hijacks the processors (very craftily so you won't notice) and helps run the zombie networks that are spamming, scamming and spreading more malware all over the place. Company I did some work for recently discovered that their servers were CRANKING at 100 percent capacity all night long. During business hours, these things behaved within normal limits. So why were they going into overdrive at night?

Finally found out that the servers had malware on them that mined bitcoins when the servers were not otherwise being used. This had been going on for at least MONTHS. No Anti-Virus program ever caught it.

All I'm saying here is that no Windows user can afford to be smug about their supposed lack of "infection." Unless you're extremely vigilant, there's a good chance your machine is in fact working for someone else some of the time.

[vansmith]

I'd be curious to see a study done on Android phones. So many of those users think they are just too smart and savvy to get malware on their device, yet I doubt more than a insignificant minority are that sharp.

No less savvy that Mac users - 1% of Android phones are infected with malware (source) whereas something like Flashback hit between 0.5 and 1% of Macs (source). This is, after all, despite misinformed perceptions to the contrary, due to Android's deep and layered security model (source, source).

This is about the FACT that most zombie-ware/botware/etc runs without the user being aware of it AT ALL.

And hence the need to shun complacency and practice good computing. Any device with an operating system can become susceptible to malware whether you know it or not.

[chas_m]

Thanks for once again hijacking a thread that has nothing to do with Android and turning it YET AGAIN into an Android thread. Very tiresome. Please try to focus, this thread is about Windows infections that are not caught by typical anti-virus scans and are doing a lot of damage. Nothing to do with Android. Nothing to do with Macs.

[Lifeisabeach]

Thanks for once again hijacking a thread that has nothing to do with Android and turning it YET AGAIN into an Android thread. Very tiresome. Please try to focus, this thread is about Windows infections that are not caught by typical anti-virus scans and are doing a lot of damage. Nothing to do with Android. Nothing to do with Macs.

Aww gee whiz Chas, but you didn't set the ground rules when you started the thread.

[vansmith]

Thanks for once again hijacking a thread that has nothing to do with Android and turning it YET AGAIN into an Android thread. Very tiresome.

It's a little tiresome that you keep putting out odd misinformed and unsolicited critiques about Android/Google too so maybe you stop doing that (source, source, source)? And there's nothing wrong with introducing things to the conversation.

Please try to focus

Thanks for patronizing me.