While mobile malware is on the rise, and the fragmented marketplace makes it a tough world for cybercriminals to dominate, the world of desktop and laptop computing is far more clear-cut. According to Net Marketshare, as of last month, just over 90 percent of computers run some form of Windows, making Microsoft’s dominant OS the single most attractive market for cybercriminals to target.
And in the world of Windows threats, there are few experts as knowledgeable as Aryeh Goretsky, distinguished researcher at ESET. So how is the landscape of Windows threats looking as we near the halfway point of 2015? Fairly steady worldwide, Goretsky explains, though the raw data would indicate a few minor fluctuations: A quick data mining through some of our raw data showed that emerging markets in a number of African countries seemed to have the highest level of reported infections, while Japan was amongst the lowest. Of course, raw data such as this needs error checking and normalization, but it is interesting to note how infection rates mirror not just economic growth, but software piracy rates as well. For the most part the global threat level seems steady, barring a minor uptick in March – time will tell if this is a new trend, or merely a statistical aberration.
One group of Windows users especially liable to malware threats is Windows XP users, following Microsoft ending support for the venerable operating system last year. Despite this, Net Marketshare reports that around 17 percent of users worldwide like to live dangerously and have stubbornly refused to upgrade. What sort of threats have they been subject to? “Largely the same as those targeting newer versions of Windows, with RBot, Zbot, Sirefef, Dorkbot and Delf being among the most commonly-seen threats,” answers Goretsky.
“I did note a significant but declining number of AUTORUN.INF infections, which is interesting as AutoRun is disabled on newer versions of Windows as well as fully-patched versions of Windows XP. This means that there is still a population of computers out there running unpatched versions of XP.”
So are criminals targeting the small but dedicated group of people who stick with Windows XP, then? Goretsky thinks that’s unlikely – at least as an overall trend. “While malware authors frequently update their creations to avoid detection, from an attack perspective I would speculate that the need to do original vulnerability research for attacking Windows XP has diminished,” he explained. “If a patch is released for a vulnerability in a newer operating system such as Windows Vista or 7 which is also present in XP, the malware author can make use of exploit code for the vulnerability without having to worry about it being patched in XP.”
But what about those Windows XP owners that have paid for extended support? These tend to be corporations and governments where the need to update the infrastructure requires a longer game – are these patched versions of Windows XP as safe as the newer actively supported versions of Windows? Not really. As Goretsky puts it, “every version of Windows is more secure than the previous version, because each new version builds on Microsoft’s experience of defending and building threat models for the previous version.”
But just because the OS you’re running is more secure than the previous version doesn’t mean you can get complacent. “That doesn’t prevent someone from disabling security features in a newer version of Windows to make it less secure, or taking steps to increase the security in an older version of Windows in order to make it more resilient to attacks,” he explains.
“The majority of attacks we see targeting Microsoft Windows are financially-motivated, and this means those attacks are going to target the most frequently-used versions of Microsoft Windows. As of right now, that’s Windows 7.”
He’s right. Net Marketshare reports the six year old operating system as running on over half (58.04 percent) of computers worldwide. That should be of special concern, as Windows 7 has now passed out of mainstream support, as reported by We Live Security here. Extended support will be in place until 2020, but for those looking to the future, Windows 10 is in beta and offering built-in security features that Goretsky describes as “very promising.”
“For consumers, I think Windows Hello will be a very interesting authentication device, allowing a computer to recognise the user when they sit down in front of it,” he explains. “On the enterprise side, I think businesses will be interested in Device Guard, a technology that Microsoft just announced a few days ago to control whether programs are allowed to run, backed up by the computer’s own hardware to prevent the mechanisms from being bypassed in software.”
However both of these are only as good as they hardware they’re deployed on, Goretsky explains that they “rely on technologies which are either not yet widely-available or not deployed because the management tools are not yet publicly available.”
Still, as it’s not a final build, there could be more security tricks up Microsoft’s sleeves too, and we know that two factor authentication is to be ‘baked in’ to the operating system from the ground up, which is an excellent start. Could this change how cybercriminals have to go about their business?
“Malware authors, criminal hackers and the like may have to come up with some different approaches for infecting computers, they may even come up with some new types of threats which have not been seen before on the PC.”
But as promising as the early build of Windows 10 looks, Goretsky treats the new OS with the same caution you’d expect of someone with 26 years of professional computer security experience: “The criminals who have been making money off of malware are unlikely to stop doing so just because a new version of Microsoft Windows has come out.”
By Alan Martin, ESET