Book Reviews
Recent reviews from Slashdot readers:
- Advanced Excel for Scientific Data Analysis Learn to turn Excel into something that rivals Mathematica using VBA, brains, and a heaping helping of fortitude.(Jack Herrington's review.)
- Nagios 3 Enterprise Network Monitoring A great book for anyone using Nagios as more than a casual user.(jgoguen's review.)
- Schneier on Security Schneier argues that security is not something you can buy; it is something you must get.(Ben Rothke's review.)
Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus
6768790
story
Comments: 348 + - News: Microsoft Links Malware Rates To Pirated Windows on Monday November 02, @07:07PM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicms.gif); width:75px; height:55px;
microsoft
background: url(//a.fsdn.com/sd/topics/topicwindows.gif); width:49px; height:65px;
windows
background: url(//a.fsdn.com/sd/topics/topicnews.gif); width:60px; height:66px;
news
CWmike writes "Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches. 'There is a direct correlation between piracy and the malware infection rate,' said Jeff Williams, head manager of the Microsoft Malware Protection Center. Highlighting research that showed worms to be the most prevalent computer security problem today, Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update. China's piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below the global average of 8.7 or the US's rate of 8.2. France's infection rate of 7.9 in the first half of 2009 was also below the worldwide average."
Related Stories
It is annoying to be honest to no purpose.
-- Publius Ovidius Naso (Ovid)
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
So.... (Score:5, Insightful)
So malware is Microsoft's fault for not patching pirated machines? Or did I miss something...
Re: (Score:3, Funny)
Nah, can't be. They wouldn't call it "genuine advantage" then, would they?
Re:So.... (Score:5, Insightful)
Yes and no. It is true that by limiting patches to "legitimate" copies, they are making the odds of malware infection worse, and in doing so, are contributing to the botnet problem that creates truckloads of spam, wasted bandwidth, DOS attacks, and other nightmares that hurt everyone including their legitimate users. So I think they're utter morons for acting the way they do.
That said, this is not the whole story. A large percentage of malware comes from people installing pirated software. People who pirate Windows are... wait for it... more likely to pirate other software, too. Therefore, you'd expect a strong correlation between malware rate and pirated copies of Windows even if Microsoft did everything they could to keep pirated copies of Windows patched. Their "Genuine Advantage" crap is merely compounding the problem.
Parent
Re:So.... (Score:5, Informative)
Parent
Re:So.... (Score:5, Insightful)
True, but funny enough pirated software contains much less malware than the original packages, which is one of the its many advantages.
Parent
Re:So.... (Score:4, Insightful)
Parent
Re: (Score:3, Interesting)
Sure, but... (Score:5, Insightful)
If I walked out of that store, and someone offered to give me an exact copy of that suit for free, I wouldn't complain.
Parent
Re: (Score:3, Interesting)
MS wants an absurd amount of money for Windows 7. I will not pay such an abusurd amount. I could use XP still, in which case MS makes $X. However, since it costs nothing to make a copy of Windows 7, I could get a copy off of the internet. MS still makes $X (with X being the same number, they did not gain or lose money from this), but now I have Windows 7. MS is just as well off either way, but now I am better off. If you ever took a basic class in game theory, you would realize that since I'm not going to pay an abusurd price and since MS does not lose money due to me copying Windows, the optimal choice is to copy Windows.
Also, if you bothered to ever read any of my comments, I specifically said if they charged a reasonable amount, I would gladly pay it. It's the fact that they want to charge 3-4x more than a reasonable amount that causes me to not pay for it (it's the same reason I do not buy from Apple, despite wanting one of their computers, because they massively overprice them). If they had a tangible product (a car, a book, a computer, etc), then they could get away with this because it would be costly to make a copy of it. However, with software / files, it costs nothing to make a copy, so their costs of production go to pretty much zip after they make the first copy.
Here's the missing piece in your logic: other customers are the third party in the system. Also, companies do not get to "charge whatever they want for a product", at least not if they want to stay in business. Let's assume MS needs a fixed profit to justify their fixed development costs. If it cost $100mil to develop (all inclusive), they might need to sell $150mil in order to beat the rate of return for their other investments and make the product worth developing. If there are 3 million people who wa
Re:So.... (Score:4, Insightful)
Go go gadget car analogy..
This is like saying a car company isn't liable for faulty brakes in case of an accident where the car is driven by someone who stole the car. The victim of faulty brakes isn't always the driver.
Parent
Re:So.... (Score:4, Insightful)
They also drive with the handbrake engaged all the time (not behind firewall, anti-virus, whatever) so it's shot and use wheels that are known to overheat brakes (lots more pirated stuff).
Damn that car company does their nefarious schemes know no bounds? Oh the humanity!
Suffice to say your analogy fails harder than their brakes.
Parent
I wonder... (Score:5, Funny)
Parent
Re:So.... (Score:5, Insightful)
You're not applying the proper spin. They are trying to spin it so the pirates look like the problem, when in reality they are holding everyone's security hostage in hopes of scaring a few users into buying a legit copy of Windows.
Parent
Re:MS Fuud (Score:4, Informative)
I, on the other hand, am inclined to think otherwise.
I don't think that anybody in their right mind would call Fedora Linux lacking in security, but if you were to download the install DVD for Fedora 11, the latest version, what you'd get is exactly what you'd have downloaded on the first day it was available. Then, after installation, you'd have to download all the updates needed to bring your system up to date. How is this different from what Microsoft does?
Parent
M$ Spin (Score:3, Interesting)
It's almost like M$ keeps moving the holes around and re-hiding them, but never fixing them. That would certainly permit the known holes and backdoors to be available for exploit but make it harder for 'unauthorized' (you did read the EULA, right?) entities to use them.
That is, however, only when M$ can be assed to patch in the first place. Not like they've dropped patches [computerworld.com] for versions they still claim to support.
Re: (Score:3, Insightful)
Look at it this way. You pirate windows, your box joins a botnet, and who suffers? Some other poor SOB. Somewhere there's a corporate site to DDOS, somewhere there's an account to brute-force, and Microsoft's reputation takes a fall. Remind me where's the genuine advantage in that again?
Re: (Score:3, Insightful)
I've paid for my Microsoft software and I still get a shitload of botnet-posted spam. Likewise, I have to do routine tech support for friends laptops with malware infested Windows installs despite the laptops having legit versions of Windows installed by the manufacturer.
So are you suggesting that Microsoft has no responsibility to myself and my friends, or are you saying that they're incapable of fulfilling that responsibility?
Re: (Score:3, Insightful)
To be totally fair, people who don't pay for their software (pirates) aren't actually customers, and Microsoft has no responsibility towards people who aren't their customers.
That's not totally true. If all those pirates were to dump Windows for some other O/S, then Microsoft's market share would drop, weakening their near monopolistic hold on the market which allows them to sell other things and force wretched terms on vendors.
WGA could be at fault (Score:4, Interesting)
Including Windows Genuine Validation is the likely culprit for this.
Re:WGA could be at fault (Score:5, Insightful)
The very same program that's well-known for marking valid copies as pirated and then holding people's data/work environment hostage until they cough up another $200+. Yeah, I'm leery of that kind of thing too. Why should I let them install a program that takes up a good 20MB of RAM when it's running to make me prove that I'm not a pirate?
Parent
Just suppose... (Score:3, Insightful)
Re:Just suppose... (Score:4, Informative)
Parent
Re:Just suppose... (Score:4, Interesting)
Have security patches installed in redistributed form, they are available from MS or even torrent sites
Am I the only one who sees the problem here? Why do you think all those machines are infected with malware in the first place? :-D
Parent
Re:Just suppose... (Score:4, Insightful)
Parent
Re:Just suppose... (Score:5, Insightful)
Suppose it was possible to apply security patches without installing Windows Genuine Advantage (malware by anyone's definition except Microsoft's). Would that make a difference?
Quite likely, but Microsoft is definitely within their rights to insist that people pay for their software. You and I may find it to be unwieldy, intrusive and obnoxious, but that's our problem, not theirs.
If people don't want to deal with the mess and hassle of keeping their Windows machines clean and up to date, they have alternatives. They can pony up for a Mac or they can install Linux. Heck, if they're absolutely committed to using Windows without paying, they can run it in a snapshotted VM on Linux.
Just last week I wrote a newspaper column [imagicity.com] advocating Ubuntu Karmic over Windows 7, so I'm no fan of Windows whatsoever. But as someone who writes a fair amount of software, I fully respect Microsoft's right to license it - and enforce that license - as they see fit.
The fact that they're doing so in such a way as to drive the world away from them is just gravy, as far as I'm concerned. 8^)
Parent
Re:Just suppose... (Score:4, Insightful)
Also, I take it that you haven't actually bothered to read the EULA that comes with Windows because it's an absolute joke. Worse still is that it changes regularly when doing updates and I'm willing to bet that if I call them and say that I'm rejecting the new version that they won't let me have my money back for the copies I've paid for.
Parent
Easily explained (Score:3, Interesting)
And the French refuse to install malware written in English.
Users are leery of applying patches because? (Score:3, Insightful)
And users (with both legit and pirated copies) are leery of applying patches because of Microsoft Genuine Advantage and its ilk. Does this come as a surprise to them?
Gee. I wonder why . . . (Score:3, Insightful)
. . . people would be "leery" of installing "security patches," MS having pushed down things like WGA as a "critical updates." Of fscking course the people running dodgy copies of Windows are going to assume that each new wave of patches might come with a copy protection trojan, in light of the fact they've done it before. So in fact, Microsoft has caused the problem they're bellowing about in the name of attempting to inhibit piracy of Windows.
Stands to reason. (Score:5, Funny)
They're pirates. Of course they're going to run malicious software.
What the hell else would pirates do with a computer, donate to charity and solve world hunger? No, they're going to use it to look up www.saucywenches.com [saucywenches.com] or download illegal treasure maps, or perform DDoS attacks on Royal Navy ships. They'd use a pirate version of Quicken to count their doubloons and inventory their treasure chest. They'd be looking up suspicious sites for syphilis treatments. They'd manually edit the Windows Registry with nothing but a cutlass and a corkscrew.
Always on Internet connections?.. (Score:3, Interesting)
Wouldn't the rates of infections be severely affected by how long the machine stays online? Because that increases both — the opportunity to infect the machine, and its value for the hijacker (as a spam-relay)?
With many organizations simply blocking the entire A- and B-class networks from China, even an always-connected server in China is not as hot a target as the one in US.
Also, one would expect, the machine owners' expected wealth to be a factor — some viruses blackmail the owner by threatening to delete their files... The poor Chinese may not even have a Paypal account to pay off the scumbags, so why go after them?
Accounting for all this may change the published statistics quite a bit...
Re:Always on Internet connections?.. (Score:4, Informative)
Parent
Broadband speed might be more of an issue (Score:4, Insightful)
I just recently returned from a trip to India and found that many of the cyber cafes and family homes that I visited were not running the latest service-packs for Windows. I would attribute that to mostly being because although they had "broadband" their speed even during off hours were more around the range of 64 to 128 Kbps with high latency due to over subscription. Can any of you imagine downloading Windows XP SP3 over that kind of connection? (Setup a speed limiter on your next bit torrent download at about 5 KBs/40 kbps and see how long that file takes to transfer) Along with the problem that most computers are purchased as cheaply as possible so they frequently run with the minimum amount of ram possible, making the use of Antivirus software and the latest Service packs way too slow to even browse the web.
Security patches and Anti-virus updates that are several megabytes a piece are fine for someone with a lowly 512 kbps broadband connection, but understand that most people in these countries like China and India still have very large modem and slow DSL that is extremely over subscribed at the ISP.
Even here in the US there are many people that have dial-up even if other options are available because they don't feel the broadband options provide a good cost/performance ratio. $40 for 512kbps WISP connection or $10 for a cheap dial-up connection. $480 + install for the first year, or $120 for a year of dial-up over a phone line they already have...
Please keep in mind that although 5+ Mbps broadband is available in most Metro markets there are still a lot of people that have much slower connections making many online services out of reach (Steam, hulu, and to some security patches).
Re: (Score:3, Interesting)
I just recently returned from a trip to India and found that many of the cyber cafes and family homes that I visited were not running the latest service-packs for Windows. I would attribute that to mostly being because although they had "broadband" their speed even during off hours were more around the range of 64 to 128 Kbps with high latency due to over subscription. Can any of you imagine downloading Windows XP SP3 over that kind of connection?
Yes. Download the file once, overnight. Proceed to install it on all machines. The full installation file download is a mere 316mb.
Penance? (Score:3, Funny)
Perhaps these pirates just feel such extreme guilt for copying Windows that they are rejecting patches and virtually flogging themselves with malware.
Re: (Score:3, Informative)
Or maybe the folks who don't give a shit about pirating windows also don't give a shit that their rooted machines are causing mayhem.
The solution... (Score:4, Interesting)
Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update.
Make Windows free.
Liscensed but uneducated users really at fault (Score:5, Insightful)
People would often call in with viruses/malware they've just been living with on a 2 year old computer, and when you asked them about what they use for antivirus, they wouldn't have a clue. "I used that link that was on my desktop when I bought it," they would say. Well, that 30 day trial will get you into more trouble than not applying your windows updates, especially when they're opening up all those emails from disposed Nigerian dictators.
Re:Liscensed but uneducated users really at fault (Score:5, Interesting)
I know a guy that has Nod32 antivirus installed.
Unfortunately for him, he doesn't seem to understand how to activate it. Every year he buys a new code, and loses it, without activating. It's now about 900 days since his subscription ended.
I took pitty and installed avast, but he doesn't know what the little A is, or even care, because he has Nod32 (which a friend recommended), and he thinks he's protected.
I agree that uneducated users are the issue.
Parent
Seems to be what microsoft wanted (Score:5, Insightful)
Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches.
When you purposely push out "security patches" that only disable copies of Windows that are pirated, then yes, they are leery of using them, and rightly so (Assuming their goal is to run Windows without paying, and not buying Windows or using another OS)
This is the exact situation Microsoft has stated they wanted to happen.
And before anyone starts, I am not suggesting Microsoft change their rules on supporting pirated copies of Windows.
It's theirs to choose how to support how they want.
Just that this is the only conclusion one could expect from their current choice.
Re:Seems to be what microsoft wanted (Score:5, Interesting)
When you purposely push out "security patches" that only disable copies of Windows that are pirated, then yes, they are leery of using them, and rightly so
Don't forget the legit copies they disable. Any of those OEM keys that shady computer repair shops have gotten their hands on.
Microsoft also disabled my legit key. Apparently if you activate Windows on 4 different motherboards with 3 different CPUs, 4 different types of memory, 3 different GPUs, 6 different HDD setups, from 3 different IPs/ISPs, they find it suspicious and refuse to give you a new key.
Of course, what actually happened was my PSU blew up my old board. It wasn't good for overclocking, so I got a different one. Then the new PSU blew up the new board(bad luck - never going Antec again) and some memory. After getting it fixed, I sold my CPU and upgraded that and my GPU. I was running out of space, so I also got an HDD upgrade. Then later I moved most of them over to a NAS. Eventually I wanted to upgrade again, so I gave a family member my old PC(after wiping Windows and installing Ubuntu, *gasp*) and tried to reactivate again on a new board with a new CPU + GPU + RAM + more HDDs.
Microsoft found it suspicious - too suspicious - and yet I'm in the right, because my XP key was only in use on a single machine. I believe a contributing factor was the ISP switching, and my IP geolocation resolving incorrectly. For a while it resolved to Ontario, then Alberta, then BC. Originally I could even watch Hulu (and I'm Canadian), so I know the geolocation software failed pretty badly.
Right now I'm using XP, but it's not the license key I originally bought. There's no way I'm letting a company force me to pay twice! Everyone I know buys a single license and uses it on every computer in their home, but here I am doing it the right way, and they screw me! Never again!
Parent
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Ummm.... If you've removed every single origional component and replaced them with new components how is that the same computer?
Same case? :P
I sold lots of parts, and moved old parts to a different computer. The Ubuntu PC I gave to my parents was made from old parts in a new case with a new PSU. Just because I did a total overhaul of my gaming PC doesn't mean it isn't the same rig. I have a gaming PC, and a work PC - I upgrade them both periodically, and I bought Windows licenses for both. I don't appreciate Microsoft disabling my key. :/
Correlation is not causation (Score:3, Funny)
but lets give MS the benefit of the doubt. After all, haven't they earned our trust? I'll take them at their word that stealing windows = malware. Fortunately, I don't have to steal windows anymore, a guy from nigeria says I'll be rich soon.
should it be like giving clean needles to junkies? (Score:3, Insightful)
Re:should it be like giving clean needles to junki (Score:4, Insightful)
Microsoft has a financial incentive to make people fear running unauthorized copies of Windows.
Parent
Could the China anomaly have anything to do with.. (Score:3, Interesting)
Re: (Score:3, Informative)
In Brazil several computer stores sell PCs wirh a pirated version of windows pre-installed. So it's very likely that a lot of those 'computer pirates' are computer iliterates. Also, pirate versions of any popular application, movies and songs can be easily bought on the streets at broad day light -- not in dark alleys. So, if a person sees "Computer with genuine MS Windows XP" it's not unlikely that they would ask the salesman "can you make it cheaper if you sell it with a pirated version of windows?", even
Re: (Score:3, Informative)
If it were me analyzing the data I'm afraid I would have to conclude that users who use windows update more often and use official copies of windows(US users) are more likely to receive a malware infection than users on pirated copies without using windows update(China).
Except that those who don't use Windows Update aren't included in the statistics. (Well, unless they manually download and run the MSRT, but that can't be a statistically significant number.)
Re: (Score:3, Interesting)
car manufacturer who goes and cuts stolen cars' breaks
More like a manufacturer who won't replace (possibly shoddy) brakes on cars because the owners didn't bother to register with them.