How Windows Gets Infected With Malware

Orome1 writes "Since Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits, CSIS has actively collected real time data from them for a period of three months. The purpose of their study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk. They monitored more than 50 different exploit kits on 44 unique servers / IP addresses. The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates."

How Window Gets... hu wha?

[sgt scrub]

A window can get infected? Lies I tell you!

Update early. Update often.

[mrflash818]

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash.

Update early. Update often.

Re:Welll

[QuantumRiff]

I can't tell you how much I wish Windows Update would update other applications.. I guess I've turned into a crusty, bearded old Linux geek.. but one command to update everything kind of spoils you. (and being able to install and uninstall more than one application at a time is nice too).

Re:70% on fully updated installs.

[Moheeheeko]

The day that people stop clicking on "want bigger pen0r?" or "see x clebrity naked here" links is the day that 30% jumps to 90%. The fact is is that a fully updated maintaned system is virtually malware proof if the user uses common sense.

Re:Welll

[houstonbofh]

Plug-in repositories are one thing I WISH windows would steal from Linux!

Re:70% on fully updated installs.

[Dunbal]

Stupid users eh? Explain the following: Yesterday I visited the top site google provided for a search I did. I was not searching for anything particularly exotic or deviant, certainly not pornographic or illegal. Immediately on visiting the site with my Windows 7 machine, Microsoft Security Essentials pops up to alert me of a "severe" threat (Trojan:JS/BlacoleRef.A) it had located in my browser cache (Firefox 7.01). I did what the security program said, and it says the threat was removed. I have no idea if it was removed or not, my only choice with such an obfuscated, complicated OS is to assume that the tools I am given are not lying to me and are doing the job that they are.

However should I be infected in the above scenario, how exactly does this make me a "stupid user"? I've had a PC since the late 1970's. I can code in ASM, Cobol, Fortran, Basic, C, C++. I like to think I know how computers work. I don't click "Yes" to everything, and I don't run programs from dubious sources anywhere other than a virtual machine. Should I be going through my registry and boot files daily to not be a "stupid user"? Isn't that what an OS is supposed to do for me - take care of the basic functions of my machine while I run the programs I need? Are you just going to troll me by saying "use linux instead you noob"?

Re:70% on fully updated installs.

[Anonymous Coward]

You say:

Salient point is that, fully updated and patched installs let 70% of the infections through.

TFA says:

The conclusion of this study is that as much as 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages.

Re:70% on fully updated installs.

[jijacob]

The catch here is that *you* set the laptops up. Had you given the wives an Ubuntu CD and left them to their own methods, odds are they wouldn't be so happy.

Re:70% on fully updated installs.

[ThePilgrim]

Except having it set up is how most people receive windows