Microsoft Links Malware Rates To Pirated Windows 348
CWmike writes "Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches. 'There is a direct correlation between piracy and the malware infection rate,' said Jeff Williams, head manager of the Microsoft Malware Protection Center. Highlighting research that showed worms to be the most prevalent computer security problem today, Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update. China's piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below the global average of 8.7 or the US's rate of 8.2. France's infection rate of 7.9 in the first half of 2009 was also below the worldwide average."
WGA could be at fault (Score:4, Interesting)
Including Windows Genuine Validation is the likely culprit for this.
patches break my other software (Score:2, Interesting)
I'm not hesitant of MS patches because of piracy, I'm hesitant because i use this machine to do all my Photoshop work and the last 4 auto patches crash Photoshop roughly every 6 min rendering my computer completely useless for it's primary purpose.
Easily explained (Score:3, Interesting)
And the French refuse to install malware written in English.
Re:Just suppose... (Score:2, Interesting)
Suppose it was possible to apply security patches without installing Windows Genuine Advantage..
I think it is possible. According to http://support.microsoft.com/kb/892130 [microsoft.com]:
What if I decide not to use Windows Genuine Advantage to validate my copy of Windows?
If you have a genuine copy of Windows but decide not to complete the validation process, you can still obtain critical software updates by using the Automatic Updates feature.
I'm not sure if this is true because I stopped using pirated copies of XP long before WGA came out, but it looks as though you can continue to receive updates via Automatic Updates even if you decline to use WGA. I think the more likely scenario is that many people disable automatic updates because they are either oblivious to updating software, don't care about updates, or are afraid their software is going to become disabled if it tries to phone home.
Re:Just suppose... (Score:4, Interesting)
Have security patches installed in redistributed form, they are available from MS or even torrent sites
Am I the only one who sees the problem here? Why do you think all those machines are infected with malware in the first place? :-D
safer users (Score:2, Interesting)
Always on Internet connections?.. (Score:3, Interesting)
Wouldn't the rates of infections be severely affected by how long the machine stays online? Because that increases both — the opportunity to infect the machine, and its value for the hijacker (as a spam-relay)?
With many organizations simply blocking the entire A- and B-class networks from China, even an always-connected server in China is not as hot a target as the one in US.
Also, one would expect, the machine owners' expected wealth to be a factor — some viruses blackmail the owner by threatening to delete their files... The poor Chinese may not even have a Paypal account to pay off the scumbags, so why go after them?
Accounting for all this may change the published statistics quite a bit...
The solution... (Score:4, Interesting)
Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update.
Make Windows free.
Could the China anomaly have anything to do with.. (Score:3, Interesting)
Re:Liscensed but uneducated users really at fault (Score:5, Interesting)
I know a guy that has Nod32 antivirus installed.
Unfortunately for him, he doesn't seem to understand how to activate it. Every year he buys a new code, and loses it, without activating. It's now about 900 days since his subscription ended.
I took pitty and installed avast, but he doesn't know what the little A is, or even care, because he has Nod32 (which a friend recommended), and he thinks he's protected.
I agree that uneducated users are the issue.
Re:Seems to be what microsoft wanted (Score:5, Interesting)
When you purposely push out "security patches" that only disable copies of Windows that are pirated, then yes, they are leery of using them, and rightly so
Don't forget the legit copies they disable. Any of those OEM keys that shady computer repair shops have gotten their hands on.
Microsoft also disabled my legit key. Apparently if you activate Windows on 4 different motherboards with 3 different CPUs, 4 different types of memory, 3 different GPUs, 6 different HDD setups, from 3 different IPs/ISPs, they find it suspicious and refuse to give you a new key.
Of course, what actually happened was my PSU blew up my old board. It wasn't good for overclocking, so I got a different one. Then the new PSU blew up the new board(bad luck - never going Antec again) and some memory. After getting it fixed, I sold my CPU and upgraded that and my GPU. I was running out of space, so I also got an HDD upgrade. Then later I moved most of them over to a NAS. Eventually I wanted to upgrade again, so I gave a family member my old PC(after wiping Windows and installing Ubuntu, *gasp*) and tried to reactivate again on a new board with a new CPU + GPU + RAM + more HDDs.
Microsoft found it suspicious - too suspicious - and yet I'm in the right, because my XP key was only in use on a single machine. I believe a contributing factor was the ISP switching, and my IP geolocation resolving incorrectly. For a while it resolved to Ontario, then Alberta, then BC. Originally I could even watch Hulu (and I'm Canadian), so I know the geolocation software failed pretty badly.
Right now I'm using XP, but it's not the license key I originally bought. There's no way I'm letting a company force me to pay twice! Everyone I know buys a single license and uses it on every computer in their home, but here I am doing it the right way, and they screw me! Never again!
Re:Broadband speed might be more of an issue (Score:3, Interesting)
I just recently returned from a trip to India and found that many of the cyber cafes and family homes that I visited were not running the latest service-packs for Windows. I would attribute that to mostly being because although they had "broadband" their speed even during off hours were more around the range of 64 to 128 Kbps with high latency due to over subscription. Can any of you imagine downloading Windows XP SP3 over that kind of connection?
Yes. Download the file once, overnight. Proceed to install it on all machines. The full installation file download is a mere 316mb.
Re:couldn't you legally force them to... (Score:3, Interesting)
car manufacturer who goes and cuts stolen cars' breaks
More like a manufacturer who won't replace (possibly shoddy) brakes on cars because the owners didn't bother to register with them.
M$ Spin (Score:3, Interesting)
It's almost like M$ keeps moving the holes around and re-hiding them, but never fixing them. That would certainly permit the known holes and backdoors to be available for exploit but make it harder for 'unauthorized' (you did read the EULA, right?) entities to use them.
That is, however, only when M$ can be assed to patch in the first place. Not like they've dropped patches [computerworld.com] for versions they still claim to support.
Re:MS Fuud (Score:2, Interesting)
What Microsoft does different from Fedora is to prevent copies of windows that raise the 'piracy' flag from downloading any updates.
Besides, the interpretation is flawed in more ways, by limiting the 'percentage users having malware on their computer' number to the users that run a specific tool, MSRT, which is normally found through windows update. For what it's worth, all this means is that people in china don't trust, or at least don't run MSRT.
MSRT: http://www.microsoft.com/security/malwareremove/default.aspx
Re:MS Fuud (Score:2, Interesting)
Every time MS releases a service pack, they slipstream the update into the ISO, recall from retail the CD's with the old version, and start shipping the new ISO to OEMs and retail. The reason that you don't see it as an end user is because they don't change the packaging to reflect this. Usually, the only people who will actually see the change are people who are ordering the CD/DVD version (as the SKU will change), and people with access to MSDN, where the old versions of the ISO are still available for historical reasons. (MSDN subscribers can get every version of Windows that's ever been released, going back to Windows 3.1, and MS DOS 5.0... don't copy that floppy!)
They can't slipstream normal security patches into the ISO and release it on the fly, because they aren't allowing normal users to download the ISO.... it's strictly OEM install and retail purchase. They release security patches every month, and the logistics of recalling/shipping a new ISO every 30 days would be far too expensive.
You can argue that OEMs have a moral obligation to run system update before they ship the computer to the end user, but when you consider that many systems end up sitting in a box at a retail outlet for weeks or months before they're sold, that ends up being a bit of a non-issue... the only times where that'd be even remotely useful is for computers that are built to order, but by necessity they still have to have a baseline image so that end users get the out-of-box-experience.
Obligatory disclaimer: I'm by no means an MS fangirl... I do have their software on an HTPC and a gaming laptop, but run Linux elsewhere... that said, I also have an MSDN subscription as a benefit from a previous job that they "forgot" to disable when I left the company.
Re:So.... (Score:3, Interesting)
MS wants an absurd amount of money for Windows 7. I will not pay such an abusurd amount. I could use XP still, in which case MS makes $X. However, since it costs nothing to make a copy of Windows 7, I could get a copy off of the internet. MS still makes $X (with X being the same number, they did not gain or lose money from this), but now I have Windows 7. MS is just as well off either way, but now I am better off. If you ever took a basic class in game theory, you would realize that since I'm not going to pay an abusurd price and since MS does not lose money due to me copying Windows, the optimal choice is to copy Windows.
Also, if you bothered to ever read any of my comments, I specifically said if they charged a reasonable amount, I would gladly pay it. It's the fact that they want to charge 3-4x more than a reasonable amount that causes me to not pay for it (it's the same reason I do not buy from Apple, despite wanting one of their computers, because they massively overprice them). If they had a tangible product (a car, a book, a computer, etc), then they could get away with this because it would be costly to make a copy of it. However, with software / files, it costs nothing to make a copy, so their costs of production go to pretty much zip after they make the first copy.
Here's the missing piece in your logic: other customers are the third party in the system. Also, companies do not get to "charge whatever they want for a product", at least not if they want to stay in business. Let's assume MS needs a fixed profit to justify their fixed development costs. If it cost $100mil to develop (all inclusive), they might need to sell $150mil in order to beat the rate of return for their other investments and make the product worth developing. If there are 3 million people who want the software, MS needs only charge $50.
Now, assume 50% of those customers are assholes (not you, of course) and will pirate the software. Now MS needs to charge $100 to make an acceptable return on their investment (1.5 million buyers). Now, we get guys like you, who feel that $100 is too much. Rather than just not buying the software, you pirate it as well, further reducing the number of paying customers, say to 1 million. Now, those who actually buy the software need to pay $150. You didn't cost MS any money, you did cost the actual paying customers money.
This, of course, means you are either an asshole or a sociopath. Either way, it is impossible to justify receiving the same service that others pay for by unilaterally deciding to simply copy it with acceptable social behavior. You do whatever you want, but you can't justify it as socially (or legaly) acceptable.
Re:So.... (Score:3, Interesting)