How Windows Gets Infected By Malware

Research shows that just 5 popular programs were responsible for over 98% of virus infections due to missing security updates. Last year Danish security group CSIS spent 3 months collecting real time data from malware exploit kits which cause up to 85% of all virus infections by automated ‘drive-by’ attacks. A ‘drive-by’ attack is one where users are infected just by visiting a website – they don’t have to knowingly download or click on anything.

The research aimed to show how Windows gets infected by malware and revealed that more than 30% of infections were due to missing security updates. The following programs were found to be most vulnerable to virus infection if they were not up to date i.e. they had missed previous security updates:

Java
Adobe Reader/Acrobat
Adobe Flash player
IE (Internet Explorer)
Windows HCP (Help)
Apple Quicktime

Their respective vulnerability is shown below for comparison:

infection

Looking in more depth at the specific vulnerabilities found in these programs, the most notable thing is that many dated from 2010 back to 2004 i.e. they were old vulnerabilities which have long since been fixed by security updates from the program developers.

So, if users had just kept all these programs up to date, in many cases they could have avoided being infected – “as much as 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five (* see note) specific software packages”.

* Note: five packages because the sixth (Windows HCP) is as an integral part of Windows, not an individual software package, so it should be patched by monthly Windows updates.

How To Update These Programs – All of the programs except IE are optional on Windows computers – if you don’t already have a particular program installed you do not need to install or update it:

Java – The current version of Java is available from Oracle here. Once installed, check in Add/Remove Programs (XP) or Program Features (Vista/7) if you still have any older versions of Java installed – if you do, uninstall all the older versions.

I have previously recommended uninstalling Java for better security. One of the reasons Java is attacked so often is because it is installed on so many computers – why make yours a target if you don’t need it? Very few people do…

Future updates – by default, Java checks for updates automatically and pops up a message when an update is available.

Adobe Reader/Acrobat – The current version of Reader is available from Adobe here – untick the optional install of McAfee Security Scan/Google Toolbar unless you really want it.

Future updates – by default, Reader checks for updates automatically and pops up a message when an update is available.

Adobe Flash player – Google Chrome users do not need to update Flash player as it is integrated into Chrome – just make sure Chrome is up to date by clicking on the Wrench (spanner) icon and selecting ‘About Google Chrome’. For other web browser users, the current version of Flash player is available from Adobe here – untick the optional install of McAfee Security Scan/Google Toolbar unless you really want it.

Future updates – by default, Flash player checks for updates automatically and pops up a message when an update is available.

IE (Internet Explorer) – The latest version of IE for XP users is IE8. The latest version of IE for Vista is IE9 – available here and for Windows 7 is IE11 available here.

Future updates – IE updates are included in monthly Windows updates. It is advisable to keep Windows up to date automatically.

Apple Quicktime – The current version of Quicktime is available from Apple here.

Future updates – by default, Quicktime checks for updates automatically and pops up a message when an update is available.

Conclusion

The study looks at how Windows gets infected by malware and proves that keeping these 5 programs up to date can drastically reduce the chances of virus infection. Once the programs are up to date they all offer you future security updates automatically – so it easy to keep on top of them in future.

Share this: