Windows XP PCs Breed Rootkit Infections

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Rootkit infections are alive and well and living in your local XP setup. That is pretty much the finding by Avast Software after a survey of 600K Windows based systems. The percentage of infection to market share shows Windows XP far out of proportion to the remainder of the other systems.

Vlcek assumed that many of the people running XP SP2, which Microsoft stopped supporting with security patches a year ago, have declined to update to the still-supported SP3 because they are running counterfeits.
Click to expand...
 
Avast :D

Let me guess they all have to buy more avast software?

If someone pirated SP2, whats stopping them pirating SP3? Or just pirating a recent OS?

The way of representing data in the table is stupid. I don't even have to explain why...XP is still outdated and should be culled however.
 
Ive worked and fixed pc's for many yrs now ( about 9 yrs roughly) First of all avast is always the first thing i remove and mcafee becuase thats how the pc first got Infected LULZ. I use kaspersky AV and Suites on all infected machines and never once found a single rootkit. Once or twice ive used combofix but it never finds anything so i know there not infected that bad and besides by default kaspersky runs a rootkit scan but never finds anything either. Avast is ranked like 11th LULZ..http://anti-virus-software-review.toptenreviews.com/
 
Was SP3 harder to pirate or something? I think it is more likely that the average Joe user doesn't even know about SP3.
 
Average people don't know about SP3 or even what an SP is, but the bigger issue is that XP is just prone to these kinds of infections. Working in the computer repair industry, most infected systems I see are XP, even SP3. People just don't use good protection if at all and they surf with outdated IE.
 
Ya, its most likely just polling from average less tech savvy joes than anything. Probably alot of those systems are from companies who havnt upgraded even.

Anyways, this is not really surprising. Remmeber, WinXP has been out far longer than the other OS's. Of course they are going to be more viruses and exploits out for that OS over newer ones.....

And ya, SP3 is just as pirated as SP2, so I didnt understand that point.....
 
Someone needs to tell these people how easy it is to pirate Windows 7.
 
I wish Microsoft could just blanket state that XP has come to end-of-life status, and remote nuke all XP machines to force people to upgrade :p
 
#1 People who pirate Windows are going to avoid Windows update. The updates can fix the unauthorized activation. So they stay disabled, and people sit in the dark about getting updates.

#2 People who are running XP are likely to not give two craps about keeping up with their Anti Virus software. I blame this more on Dell, HP, and etc because they always wanna include a trial copy of Norton Anti Virus. A very short trial which stops updating, and leaves your PC vulnerable. Which is very sad cause there's lots of free good alternatives, just to keep the PC safe.

#3 Anti Virus programs aren't evolving as fast as the viruses either. I've ran into a lot of computers with some very persistent infections. The infections are so bad, that the computer just needs to have the OS reinstalled. Windows XP or Windows 7 it doesn't matter. Even if you could fix it, the time is better spent on reinstalling.

#4 Sad to say but machines running Windows XP are still around because they still run. As long as the virus doesn't interrupt the functions that people need out of their computer, people won't know or care. It's not until the internet isn't working, or errors pop up on the screen is when they bring the machine to get fixed.
 
honestly there are still alot of Windows XP die hard fans out there (well can't blame them because of the performance of Vista before), they have these weird notion of saying "windows 7 sucks stick to XP" especially to newbies, though if asked if they have tried Windows 7, a large percentage will say "didn't bother, a friend of a brother of an uncle's aunt of the cousin of the neighborhood cat told me so.." :(
 
fightingfi said:
Ive worked and fixed pc's for many yrs now ( about 9 yrs roughly) First of all avast is always the first thing i remove and mcafee becuase thats how the pc first got Infected LULZ. I use kaspersky AV and Suites on all infected machines and never once found a single rootkit. Once or twice ive used combofix but it never finds anything so i know there not infected that bad and besides by default kaspersky runs a rootkit scan but never finds anything either. Avast is ranked like 11th LULZ..http://anti-virus-software-review.toptenreviews.com/
Click to expand...

Back in college I wrote a simple rootkit for a security course. No scanner ever found it when it was installed, but recently, Microsoft security essentials detected the source code still sitting on my hard drive as malware and promptly deleted it without asking. Not happy about that but I thought it was pretty impressive.
 
Ashbringer said:
#3 Anti Virus programs aren't evolving as fast as the viruses either. I've ran into a lot of computers with some very persistent infections. The infections are so bad, that the computer just needs to have the OS reinstalled. Windows XP or Windows 7 it doesn't matter. Even if you could fix it, the time is better spent on reinstalling.

#4 Sad to say but machines running Windows XP are still around because they still run. As long as the virus doesn't interrupt the functions that people need out of their computer, people won't know or care. It's not until the internet isn't working, or errors pop up on the screen is when they bring the machine to get fixed.
Click to expand...

I currently have about 1/2 the systems at my office running Windows 7 64bit. The rest are running XP SP3 with all the latest patches. Probably 95% of the viruses i've seen over the last 2 years has been on the XP systems, or unpatch Windows 2003 systems used by out software testers .. they've been warned :)

I can usually get rid of any malware, even root kit stuff, although in some cases I've had to manually remove files that none of the scanners could find.
Since most the XP users are basic office users with the same systems/software, I have all thier data on the servers, so if they get hit with something really bad, I just swap out the system. Also works good for any hardware/software problems when I'm on vacation :)
 
The problem is that people who don't want to change, buy a new PC.

Because their old photos are in some shitty old Windows 98 program that they brought forward to XP and its no longer made, and instead of learning how to use the computer, they'll just sit lovingly and stare at their virus box.

I can't wait for XP to die off finally. Developers that are dragging their feet on 7 compatbility need to have their toenails pulled off one at a time till they complete the necessary task of evolution.
 
Ashbringer said:
#1 People who pirate Windows are going to avoid Windows update. The updates can fix the unauthorized activation. So they stay disabled, and people sit in the dark about getting updates.

#2 People who are running XP are likely to not give two craps about keeping up with their Anti Virus software. I blame this more on Dell, HP, and etc because they always wanna include a trial copy of Norton Anti Virus. A very short trial which stops updating, and leaves your PC vulnerable. Which is very sad cause there's lots of free good alternatives, just to keep the PC safe.

#3 Anti Virus programs aren't evolving as fast as the viruses either. I've ran into a lot of computers with some very persistent infections. The infections are so bad, that the computer just needs to have the OS reinstalled. Windows XP or Windows 7 it doesn't matter. Even if you could fix it, the time is better spent on reinstalling.

#4 Sad to say but machines running Windows XP are still around because they still run. As long as the virus doesn't interrupt the functions that people need out of their computer, people won't know or care. It's not until the internet isn't working, or errors pop up on the screen is when they bring the machine to get fixed.
Click to expand...

#1 Can does not mean will. There are methods to get around that and have been for years, so if people really cared about updating (pirated or not) then I imagine they would.

#2 This comes down more to ignorance than a lack of caring. Many people still do not understand just how dangerous certain types of malware can be to your personal and financial well-being.

#3 They've always been in catch-up mode. This isn't new as it has pretty much been the case since the beginning and signature-based detection (still the primary method despite a lot of work on heuristics) is by its nature ALWAYS reactive. It's a lot harder to play good defense than good offense.

#4 People ignore the issue of cost at their own peril. Attempt to justify to someone why they should upgrade to Windows 7 from Windows XP. Now take into account the fact that they are either out of work, aren't making good money, or are already deeply in debt. Now lets assume that in say many of these cases they would have to buy a whole new computer, even IF they knew how to upgrade. This would seem pretty typical.
 
fightingfi said:
Ive worked and fixed pc's for many yrs now ( about 9 yrs roughly) First of all avast is always the first thing i remove and mcafee becuase thats how the pc first got Infected LULZ. I use kaspersky AV and Suites on all infected machines and never once found a single rootkit. Once or twice ive used combofix but it never finds anything so i know there not infected that bad and besides by default kaspersky runs a rootkit scan but never finds anything either. Avast is ranked like 11th LULZ..http://anti-virus-software-review.toptenreviews.com/
Click to expand...

the ignorance is strong in this one.
 
This news is the equivalent in saying 2+2=4. I'm pretty sure it's been common sense for years now. XP is THE platform for all kinds of nasties.

But that doesn't stop me from using it, until I upgrade. Don't worry folks, NoScript, Foxit, and everything by Mark Russinovich has my ass covered. Fuck a virus scanner or any other bloatware.
 
fightingfi said:
Ive worked and fixed pc's for many yrs now ( about 9 yrs roughly) First of all avast is always the first thing i remove and mcafee becuase thats how the pc first got Infected LULZ. I use kaspersky AV and Suites on all infected machines and never once found a single rootkit. Once or twice ive used combofix but it never finds anything so i know there not infected that bad and besides by default kaspersky runs a rootkit scan but never finds anything either. Avast is ranked like 11th LULZ..http://anti-virus-software-review.toptenreviews.com/
Click to expand...

Norton #4 and AVG #6... I lol'd. I would take that with a huge grain of salt.
 
Zarathustra[H];1037576110 said:
I wish Microsoft could just blanket state that XP has come to end-of-life status, and remote nuke all XP machines to force people to upgrade :p
Click to expand...

This
 
sKiDmArK said:
Norton #4 and AVG #6... I lol'd. I would take that with a huge grain of salt.
Click to expand...

why? that particular site may not be legitimate but ratings like this are based on features and detection rates. many of the a/v products most hated by consumer pc repair groups actually have great detection rates, they just tend to be more invasive than the typical consumer wants. keep in mind that most of the overly invasive products are from companies who primarily do enterprise security. in the environments these groups are used to dealing with, there is an expectation of their network being securely locked down.
 
demografik said:
why? that particular site may not be legitimate but ratings like this are based on features and detection rates. many of the a/v products most hated by consumer pc repair groups actually have great detection rates, they just tend to be more invasive than the typical consumer wants. keep in mind that most of the overly invasive products are from companies who primarily do enterprise security. in the environments these groups are used to dealing with, there is an expectation of their network being securely locked down.
Click to expand...

Because I've specifically used variants of both products in recent years, and the detection rates are flat out horrible. We ditched Symantec (Norton) in our enterprise environment because it was absolutely worthless, and we were paying out the ass for it.
 
sKiDmArK said:
Because I've specifically used variants of both products in recent years, and the detection rates are flat out horrible. We ditched Symantec (Norton) in our enterprise environment because it was absolutely worthless, and we were paying out the ass for it.
Click to expand...

i work for a competitor of symantec so i can't say too many nice things about them but i wouldn't go so far as to call their product worthless ;) that said, if you were using norton (the consumer product) in an enterprise environment, i've found your problem.

i'm not sure how you "using" the products is more credible than a controlled test with a specific list of viruses/malware used and detection rates ranked.
 
demografik said:
that said, if you were using norton (the consumer product) in an enterprise environment, i've found your problem.

i'm not sure how you "using" the products is more credible than a controlled test with a specific list of viruses/malware used and detection rates ranked.
Click to expand...

I did say Symantec silly. We had Endpoint, and now use Webroot which has been much better experience... in both detection/removal, and intrusiveness.

I was stating my opinion from personal experience. We've setup a honeypot at work and tested quite a few AVs. I'm not an expert on any of them, but Symantec was completely horrible at detection and removal (and bloated), and I haven't had faith in AVG detection for a couple of years now.
 
sKiDmArK said:
Norton #4 and AVG #6... I lol'd. I would take that with a huge grain of salt.
Click to expand...

The URL alone pretty well would keep me away. Its like clicking on "We-disgused-this-website-as-avirus-lollolololol-ufail.com"
 
You must log in or register to reply here.
Back
Top