Sunday, October 09, 2011

How Windows PCs Get Infected with Malware

CSIS Security Group in Denmark conducted a study of almost three months where they collected real-time data from various so-called exploit kits that Danish users were exposed to.  As described by Peter Kruse, Partner and Security Specialist at CSIS:
"An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits."

How PCs Get Infected

The CSIS study revealed that as much as 99.8 % of all virus/malware infections were a direct result of not updating five specific software packages.  Aside from missing Microsoft security updates, the study revealed the following out of date programs as being the most used by malware:  Java JRE (37%), Adobe Reader and Adobe Acrobat (32%), Adobe Flash (16%) and Microsoft Internet Explorer (10%).

Third-Party Software

Setting aside browser and operating system for the moment, what is notable from the CSIS study is the impact of third-party software, notably Java JRE, Adobe Reader and Adobe Acrobat and Adobe Flash.

Oracle Java JRE
When it comes to Oracle Java JRE, you may have it installed on your computer but might not even need it.  Following are reasons why someone may need Oracle Sun Java installed on their computer:
  • Playing on-line games generally requires Java.
  • With OpenOffice, Java is needed for the items listed  here . 
  • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
  • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
If the above does not apply to you, consider uninstalling Java.  In the event you discover that it is needed, you can always download the most recent version.

Adobe Products
Regular readers of this blog are familiar with my postings of critical updates for Adobe products.  You may not realize, however, that there have been over a dozen critical updates of Adobe products just this year between February and September.  Combined, out-dated Adobe products were the direct result of 48% of the infections in the analysis.

Although I will continue providing updates for these products, it is advisable that you check that you have the most recent versions of Adobe products.  Personally, I switched to an alternate PDF reader some time ago.  There are a number of open source readers available from http://pdfreaders.org/.  Others include Nitro Reader and Sumatra PDF.

Internet Explorer

Although Internet Explorer is listed as shown in the CSIS analysis as the most affected browser, the report falls short in not breaking down the statistics by browser version.  According to the IE6 Countdown, at the end of September, 2011, 9% of the world is still using IE6.

It is not very likely that 66% of  reported thousands of users in the analysis who had been exposed to drive-by attacks were using IE9.  Nonetheless, Denmark should be commended with only 0.7% of the users still on IE6.  The percentage still using IE7 is unknown.  Considering the high percentage of affected Windows XP computers, it would not be surprising to learn that the majority have not updated to IE8.

References

CSIS: This is how Windows get infected with malware
IE6 Countdown
Microsoft Download Center - Windows Internet Explorer 8 for Windows XP


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


No comments: