Viruses & Junk Software

The Quick Version

Windows has descended into a mess of infections designed to scam money from you. Anti-virus software is ignoring much of it and Microsoft are unable to fix it because of the way Windows is designed.

Fortunately you don't have to put up with it as there are some excellent alternatives to Windows.


Key Points

1. Windows has far more security problems than any other system.

2. Your Anti-virus software will not save you from a new breed of Junk Software, which it simply ignores.

3. Microsoft is unable to fix the problem because of the way Windows is designed.

4. There are good alternatives to Windows that can help you bypass all of this nonsense. Some of them are much cheaper than you would think.

 

Windows is a cesspit of security problems

stock-photo-19394361-man-clearing-the-drains.jpg

Whenever you see a story on the news of millions of computers being infected with some software that does nasty things, that will be Windows. A friend of yours says their computer is infected, that will be Windows. It's like people fighting in the Middle East or it snowing in Alaska, it's what you expect.

But what about the people whose computers are infected, what's it like for them? It varies enormously, here are some real life examples from my day job:

  1. A young mother finds that she cannot access the family photo collection. The first 5 years of her child's life are now inaccessible and she has a message on her screen saying the files have all been encrypted and demanding money to unencrypt them.
  2. Sweet little old lady is mortified when some oick breaks into her email account and sends all her friends and family a message saying she has tried this new form of Viagra, it was a blast and they should all buy it as well.
  3. Family cannot use their computer because it is overwhelmed with messages saying it is infected and demanding money to fix it.

I could write a book on all the different scams (maybe one day I will). The point is, you don't want to be on the receiving end of this stuff.


stock-photo-2699704-nerd-series.jpg

It's just kids mucking about!

Public perception always lags a long way behind the reality in technology. Regularly people will tell me that hackers are just kids doing it for devilment. Spotty youths programming in a back bedroom with bad skin, a ponytail, no girlfriend and the sole intent of getting the name of their favourite football team flashing on your screen.

What is it really? For the last 30 years it has been an ever growing criminal industry raking in billions of dollars a year stealing credit cards, displaying unwanted adverts, sending spam, performing ID theft and numerous other scams.


Is this only on Windows?

download (3).jpeg

The bit where you get bad software on your computer, yep, that's mostly Windows. Windows has become ground zero for this sort of thing. Its vulnerability to attack is baked into the way it works. Anybody can write software for Windows and publish it, including any evil <-insert swearing word of your choice here->. That's why I encourage people to think very carefully about if they really need Windows at all (see Windows or Not?).

The alternative platforms come from a very different place. They have been written in more recent years by geeks who have watched Windows descend into a cesspit of security problems. They didn't want that to happen to their systems, so they designed security in from the start (with Windows it's an add-on, an after thought).

Geeks will say that no computer is immune to infection, and I agree. The important thing here is the relative risk. Infections on Windows are extremely common, I certainly see more infected home PCs than I see clean ones. Worldwide we are talking hundreds of millions of PCs with some quantity of Viruses or Junk Software. At the other end of the scale the most secure system on the market today is iPad. That's only ever had one security scare (WireLurker) and it only applied in China to people who ignored all the security advice. 

We are not talking about the alternatives being slightly more secure than Windows, they're on a different planet, which is why you need to read Windows or Not? if you are tempted to get a computer running Windows.

To be fair to all concerned I do need to point out that not all the alternatives are as safe as each other (see Security Hierarchy for a league table), but everything else is vastly better than Windows in this one regard.


The Rise and Rise of Junk Software

If the viruses weren't enough on their own, we now have a new problem: Junk Software. Don't be surprised if you can't find any reference to that name, I had to make it up until the industry agrees on a term. You might see some places refer to "Potential Unwanted Programs" or PUP. But that's just a very wet term, used because people are worried about getting sued for using a more accurate description. In private geeks use very rude words for this stuff.

This problem is so new that it has not been codified and cataloged, but it's here and it's huge. For every full-on nasty "steal your credit card and defile your grandmother" virus I see in the field, I will see at least 50 cases of Junk Software.

What is it? Low quality software that irritates the hell out of people who get it. Here's how the scam works: You are offered a piece of software that purports to do something useful: download an mp3 from YouTube, convert a video to a suitable format to play on your phone, that sort of thing. This is just bait. Whilst you are installing the bait you will be clicking "ok", "yes", "get on with it" to all the questions it asks during the install without reading what they say (that's what everybody does). Those questions and the terms and conditions attached will give the scumbags permission to install all sorts of things on the computer and change all sorts of settings.

You thought you were just going to get a widget to watch some videos, but pretty soon your search is not on Google any more, there are a lot of adverts offering to clean up your registry or make the PC go faster (for a fee) and your home page on the Internet is now something weird looking.

It's not just that the software that does these things is irritating (although it is certainly that), it’s more that the software that does these things is probably going to cause all sorts of other problems as well. The symptoms listed above are often just the tip of the iceberg. You might also see crashing browsers, slow running, other programs not working and many other things. What we see in the workshop is that when we remove the Junk Software, not only does its trumpeted area of interest get better (it stops nagging you to clean up your registry, for example) other things on the PC start to behave better as well.

There's a plague of this stuff out there and anti-virus software is doing nothing to stop it. Let me just say that again in case you skipped over it: no matter what anti-virus software you have if you scan your machine it will say it's clean, even if you have a ton of Junk Software. If your great grandmother (who has never had a computer)  looked at the screen she would say it was infected just from all the pop-ups and other junk and yet the best anti-virus software on the market will act dumb.

Why? Because there are too many lawyers in the world.  Which, although accurate, sounds like one of those Zen sayings that have always left you calm, but a little confused. So we had better do the slightly longer version.  Here goes:

You gave this stuff permission to be on your system by keep pressing "ok" during the install (even if you weren't reading the small print). If the anti-virus software objects to it and removes it the authors of the Junk will sue them for defamation, loss of earnings, wearing a loud shirt in a built up area and whatever else they can think of. So they let it slide. End result: Windows might leave Microsoft all polished and lovely, but that's not how people are experiencing it in the home. What your average home user gets is a low quality screwed up pile of junk. See Who's the Gatekeeper for more details. 


Other types of attacks

Keeping evil software off of your computer is a very important part of staying safe on the Internet, but it's only fair to point out that there are other types of attack. If, for example, you fall for one of those "Hello, we are from your bank, promise, really, honest. Please come and sign into your account to validate it" type of scams (these are know as Phishing scams), then it won't matter what type of computer you have, the bad guys won't need to crack your software defences. It's just the same as a confidence trickster ringing your doorbell and fooling you in real life.

Having said that, the alternatives can help with a lot of other type of crimes. If a thief steals your Windows PC it's easy for them to read all of your files. Don't think putting a password on your account will stop them, any 13 year old can get around that, it's trivial. Put a 4 digit lock code on your Smartphone and no one will be using it for ID Theft. Switch on services like Find My iPhone and you can track where your device is on a map, send messages to the thief, lock the phone and wipe all your data from it, even after it has gone (your data will all be backed up to a cloud anyway, so no loss there).

And what about those scumbags who call up and say they are from Microsoft and they have to fix a major problem on your Windows PC (and then charge you $200 for not doing much)? They won't get far if you're not using Windows, they can't connect to it.

My wife (who is doing some proof reading on these pages) just came in and said "Put more real life stories in, those are good". That's easy, as I write every paragraph, the faces of people I have helped with their issues pop into my head, I have been trying not to make this 90% real life stories, but one more won't hurt: The worst "We are from Microsoft scam" I have seen was when an elderly couple called. They had never had a computer before, until their daughter gave them her old Windows Desktop. By chance, within 24 hours they got the call. Not knowing any better they let the scumbag in. But when it came time to hand over a credit card number they got suspicious. The scumbag (who was connected to the PC at this point), trashed the operating system so the PC would never boot again. It put the computer beyond economic repair. This scam always seems to run out of call centres in India. If, by chance, dear reader you are one of the scambags involved in this, ask your mom what "Karma" means, because I think you will be reincarnated as a maggot.

So, a big chunk of computer crime involves criminals installing bad software on your computer. Windows has a near monopoly over that. The alternatives are not immune to the other types of scams, but often, because of the way they are designed, they deal with the situation in a much better way.


Summary

Why on earth are you putting up with this? I'll tell you why... it's because it's what you're used to. You've spent years using this stuff, running your anti-virus software, fighting the good fight and all the time the problem has been getting worse and worse. You are the camel that stands there whilst one piece of straw after another is loaded on you until your back breaks. I'm saying all the time you have been standing there new safer employment opportunities for camels have been created. You can put down this load and find a better way.

What next?

Read Windows or Not? to see if you can avoid Windows and use one of the alternatives to stay safe.



But this is all nonsense!

The slaying of myths and misunderstandings

There's a staggering amount of misinformation and urban myth doing the rounds on the subject of home computers, often nonsense that is most definitely against your best interests. So let's prepare you for when someone "who knows about computers" comes knocking by covering the popular hogwash in advance.

But my anti-virus software will protect me!

It will help, but it certainly won't make you invulnerable to this stuff. If it did, that multi-billion dollar industry of computer crime would be put out of business tomorrow. Instead it's been growing very nicely for decades.

We get a steady flow of Windows PCs coming into the workshop that are so stuffed full of malicious software they are unusable. Some of them are so messed up the only fix is to wipe them of every bit of data on the disk and start again, the cost of which can put an older PC beyond economic repair. Almost every one of them has up to date anti-virus software from one of the top security companies.

How can this be? Anti-virus software's job is to keep this stuff out, if it fails surely that's a great scandal! The problem is anyone can write software for Windows and it can take some time before the anti-virus software realizes that something is bad, by which time it's done a fair bit of harm. Read my article on "Who's the Gatekeeper?" to understand why.

If someone tells you that you just need a different anti-virus program, they clearly know a lot less than they think. A computer magazine I saw put it most eloquently when it filled the cover with a headline saying "Windows Security isn't working".

Windows has always had infections, it's no worse than it has ever been!

Be cautious of anyone who tells you that. Especially if they come bearing gifts of impressive statistics. Such statistics come from anti-virus software companies. We have already established that anti-virus software companies ignore a huge zoo of evil Junk Software. I took out a little time from my day job to write this paragraph (because someone foolish said this to me). It's 3pm on a Monday afternoon and so far every call I have been to today has had at least 6 pieces of Junk Software on their computer. Symptoms have been different, but in each case it has been bad enough to call us in because the client considers the computer to be unusable and in need of fixing. In every case their anti-virus software says the machine is clean, so their case will not register on any statistics about infections. 

I am not saying that every call I go to is a Junk Software call (looks like my next one is a another dying hard drive [of course that might have Junk Software as well, the last hard drive replacement did] and then one after that is Python in a Ubuntu VM in Parallels on a Mac, one for the geeks in the audience there). My point is not that it is on 100% of the Windows PCs I encounter, but it is more PCs than not. So when I call it a plague I am not exaggerating. In sheer volume the rate of infection is the worse I have ever seen in this industry. The difference is that the type of infections are not quite evil enough to be picked up by the anti-virus and so go uncounted.

Right, back to work...

But my work PC is not infected and that runs Windows!

This is such a popular misconception I wrote an article just on this topic. Have a read of Business PCs to understand why the lessons you learnt from your work PC tell you nothing about the security of your home PC.

Surely Microsoft will sort this out!

People say to me things like "Microsoft are a huge company spending billions on R&D every year, they'll get this sorted". This is not a new problem, it has plagued Windows for decades, Microsoft have never fixed it. People still bought Windows anyway because the only alternative was Mac and that was much more expensive. Now there are many options and many of them are cheaper. Combine that with the rise and rise of Junk Software and security is the elephant in Window's room.

So will that pressure make Microsoft fix it now? Sadly no. Here's the problem: they can't fix it. No matter how much they want to, they have painted themselves into a corner. Two reasons: firstly fixing it would break everything that went before. Secondly anti-trust law would stop them fixing it. Let's look at those:

To stop criminals writing vicious software for Windows would require such fundamental changes that all the software that has been written for it up to now would stop working. Why do people buy Windows? Because it's familiar and it works with all their existing software and devices. Make the changes to lock down Windows and it would remove the reason people buy Windows in the first place. It would not be Windows any more. It would be Doors or Chaise Longue or Dog Biscuit or anything you want to call it, but not Windows, an entirely new creation. It would then have to compete with the now more established offerings of Chrome OS, iOS and Android. There would be no reason to buy it. Microsoft would love to fix the problem of security, but to do so would wipe out their income. Not something you do lightly when you are making billions from it.

The second problem is a too many lawyers type of problem (that really does crop up too much in modern living). When a company gets to have a dominant market share (in any industry, not just technology) legislation cuts in designed to stop such big companies beating up smaller companies. It's a part of the law called antitrust. With a 90%+ market share for decades Microsoft is definitely the sort of company that is covered by antitrust laws. They have stepped over the antitrust line more than once before and been fined billions of dollars as a consequence. They came close to the judges demanding Microsoft be split up it was so bad. 

What's any of this got to do with their inability to fix the security problems? Look at how the best of the alternatives does its security: That would be iOS, the system from Apple that runs iPad, iPhone and iPod (but not the Mac). If someone wants to put new software on iOS they have to submit it to Apple to check that it's not malicious. Apple controls everything on iOS. They will refuse to put this app in the store if they so much as dislike his haircut. End result: the quality of stuff in their store is very high. Apple takes a commission on every software sold for their system. If Microsoft tried to take the open system of Windows and lock it down in that way, the antitrust lawyers would be sharpening their knives. It's unlikely the company would survive. 

Microsoft are absolutely aware that they are at a huge disadvantage when it comes to security on home computers, they are just not in a situation where they can fix it (or publicly admit to it). Are they doomed? No, they are moving to make more of their income from online services that run on all types of computers. They know that Windows is in decline, but it will be around for a long time to come. However it's only going one way and the speed of decline is especially fast in the home market, it's clear for anyone to see in the sales figures.

But no one would want to attack my little computer!

If you are tempted to think you are safe from such nonsense because you don't undertake any financial transactions on your PC, think again.

  1. Firstly this fact will not stop criminals targeting your PC as they won’t know how you use your PC until after they have infected you.
  2. Secondly it is still worthwhile for them to infect you so they can use your PC to attack others.

No one using Windows is safe. 

But I don't look at porn!

There is a laughable urban myth that the way you get your PC infected with malicious software is to hang around the red light districts of the Internet. Implied in this is the idea that if you only stay on the straight and narrow you will be just fine.

Like a lot of widely held conceptions about computers, this is nonsense and nonsense in a harmful way because it can lead you into a false sense of security. The criminals are not daft, they evolve. They long ago worked out that if they could attack and compromise legitimate websites they would catch a lot of people unawares. So that's exactly what they do.

You might, for example, visit a website for knitting enthusiasts to find a lovely new pattern, no harm in that, surely. Only the person who put that site together might not know all the tricks to locking it down (although they may be able to make you a splendid scarf). The criminals might have got in and added a few extras to the site, extras that will attack you, install nasty software on your PC and then try to steal your credit card numbers, or access your bank account.

These are known as drive-by-downloads, it even happened to the official site of the Nobel Peace Prize. So no, you don't have to be looking at smut to get the PC infected, normal respectable websites will do nicely.

But I download software on my phone all the time!

A recent trend is that people have gotten used to getting software for free (or for very little) on their smartphones and tablets. That has made it difficult for programmers to make a living selling small utilities on the PC, so they bundle some Junk Software in with their own software because the makers of the Junk Software give them a kick back. That’s led to an explosion of Junk Software.

The reason you can download loads of stuff without getting bitten on a smartphone is because the manufacturers quality control what goes into their app store to stop bad stuff getting in (see Who's the Gatekeeper). If you try and apply that same habit of downloading whatever you feel like on a Windows machine you are going to get stuffed very quickly. This is particularly true of young people. They have grown up with smartphones, they treat their laptops the same way. I had one this week when a young man came home from his gap year of traveling. Within 2 days every PC in the house was unusable because of Junk Software. As each one stopped working he just went to the next and did the same. He wasn't an evil rogue, he was just applying what he had learned on one type of computer (his phone) to another (Windows laptops), which will get you into a lot of trouble very quickly.

I would know if my PC was infected!

People often describe their symptoms to me over the phone. Often I say "That sounds like you might have an infection, we had better get it into the workshop to investigate". "No, it's not infected" they say with absolute certainty. "How do you know?" I ask. "Because I have Norton/McAfee/Whatever and nothing is popping up on the screen" , they reply.

Two misconceptions here: Firstly that anti-virus software is invisible (which we have already disproved); Secondly that infections are noisy things that announce their presence. This comes from the old myth that infections are done for devilment by kids. It is true that some infections make a big fuss. An example would be fake anti-virus software. If this gets installed on your system it will claim that you have 237 different infections and the only way to fix them all is to purchase the full version of their anti-virus software at a cost of $50 thank you very much. Of course you are infected, but only by one thing, the thing that is demanding the $50. 

However, there are numerous other ways for the criminals to make money. If, for example, they want to wait until you type in your credit card number and then steal it, why make a song and dance about their presence? Why not lay low and keep quiet, which is exactly what they do.

Windows is the best!

It's tough for people to let go of their belief systems. Many people have only ever used Windows. They are still trapped in that mind set that the only options are a Mac or a PC and whichever one they use is great and the other type is evil spawn of the devil. Geeks call this being a fanboy and it is an insult indicating irrational behaviour.

If you are tempted to believe that Windows is the only way, take a look at your smartphone. That's a computer, a good one too. It takes tasks like reading your email and surfing webpages and presents them in a very different way to what you are used to on Windows and you (plus billions of other people) really rather like it. Is it too much of a stretch of the imagination that you might like a different sort of computer on your desktop? Sure it will take a bit of getting used to, but it might just be worth the effort. Have a look at Windows or Not? to understand why.


Your Comments

Don't be shy, say what you think. The comment system below is there for anyone to ask a question or make a point. Especially don't hold back if you are a normal person just trying to make sense of it all. It's easy to get the opinions of geeks on geeky matters. Much more interesting to hear how this works out for you or what bits need more explanation. No such thing as a silly question, jump in.