What’s a virus, anyway?
I’ve been writing about Windows security since before the turn of the millennium. Every edition in the Windows Inside Out series of books, starting in 2001, has had a lengthy section on security. Back in 2002, I co-wrote Microsoft Windows Security Inside Out for Windows XP and Windows 2000.
In every previous edition, the section on malicious software started with a lengthy glossary, explaining the differences between viruses, worms, Trojans, spyware, and other esoteric terms.
For the Deluxe Edition of Windows 7 Inside Out that went to the printer this week, I ditched that section completely. In 2011, those lines have become so blurred as to be practically meaningless.
Microsoft’s most recent security report lists threat categories by family. (The totals add up to more than 100% because some variants fall into multiple categories.)
Category | % Detected |
Misc Trojans | 31.6% |
Misc Potentially Unwanted Software | 25.5% |
Worms | 24.4% |
Trojan Downloaders and Droppers | 20.1% |
Adware | 17.4% |
Password Stealers & Monitoring Tools | 11.7% |
Exploits | 7.1% |
Backdoors | 6.6% |
Viruses | 5.9% |
Spyware | 0.6% |
You’ll find viruses down at the bottom of the list, just above spyware, which was a very big deal in 2005 but is practically nonexistent now.
I asked Microsoft for details on what exactly was included in the Viruses category, and they were kind enough to provide a list that wasn’t in the original report. Interestingly, the two entries at the top of the category were already on the top 10 list. Some variations of the Alureon and Frethog Trojans can be technically classed as viruses, because they inject code into system files as part of the infection process.
I found the last entry on the Top 10 Viruses of 2010 list even more interesting. Microsoft’s virus encyclopedia goes on for page after page with variants of malware in the Delf family. It starts withAdware:Win32/Delf and continues over 40 pages untilWorm:Win32/Delf.ZAB. That’s 2,359 variations from a single obscure family, covering just about every category in the malware universe.
And there’s the numbers game in a nutshell. I saw a headline from someone today marveling at the fact that there are 67,000 new threats aimed at Windows every day. Well, that’s only sorta kinda true. Most of those “new threats” are microscopic variations on an existing one, cranked out on the fly by automated malware toolkits that have learned how to slide past signature-based antivirus software.
And so we come full circle. Although it’s an odd way to look at things, malware is actually a market. An unfortunately healthy, thriving market. On the PC side, it’s large and mature, with reasonably skilled coders cranking out malicious product quickly, and an army of white hats well equipped to deal with them.
In the Mac universe (and in Android-land too), the malware market has only just begun to take off. The opportunities for malware developers on new platforms are practically endless. So, unfortunately, are the challenges for those who have to fight them off.
The good news about the bad guys is that they’ll be using a very predictable playbook. Those in the Mac security business who are willing to learn hard-won lessons from their PC counterparts will find life considerably easier. Those who insist that Macs and PCs are fundamentally different are in for a rude shock.
Related : PART - 2