STE WILLIAMS

Microsoft has noticed Flame, the malware supposedly burning up the middle east and spreading like wildfire to the rest of the world, and has taken steps to stop it before becoming an uncontrollable conflagration.

Redmond’s chief concern, according to Mike Reavey, a Senior Director of the Microsoft Trustworthy Computing effort, is that Flame pretends it’s a legitimate piece of Redmond-written code. Reavey uses this blog post to describe how Flame pulls that off:

“We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.”

The company also feels the unsigned certificates could be used to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks” on all versions of Windows.

That outcome, and the idea that Microsoft is behind Flame, are obviously not things Redmond wishes to spread widely, so it has tweaked the Terminal Server Licensing Service so it “no longer issues certificates that allow code to be signed.”

There’s also a new security advisory, lucky number 2718704, that starves Flame of oxygen before it can seriously singe your Windows setup. In what may well be the non-surprise of the year, Redmond suggests you apply the patch ASAP, lest you go up in smoke. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/04/microsoft_douses_flame/

Microsoft’s decision to enable the “Do not track” feature by default in Internet Explorer 10 should please privacy advocates, but it has sparked condemnation from the online advertising industry.

Microsoft made the announcement on IE10 with the release of the (probably) final beta for Windows 8 on Thursday, and Brendon Lynch, chief privacy officer at Microsoft, wrote a lengthy blog post explaining the company’s position. He said consumers should have more control of what happens to their data and should decide if they want more personalized advertising.

“We hope that many consumers will make a conscious choice to share information in order to receive more personalized ad content. For us, that is the key distinction,” he said. “Consumers should be empowered to make an informed choice and, for these reasons, we believe that for IE10 in Windows 8, a privacy-by-default state for online behavioral advertising is the right approach.”

But the Digital Advertising Alliance, the industry body representing almost all online advertisers, promptly called foul. It has worked with Microsoft and the government for over three years on proposals to ensure privacy and still allow tracking without “Do not track” being turned on by default, it said, and now Redmond has acted unilaterally.

“While new Web technologies deliver more relevant advertising to consumers, comprehensive industry self-regulation is also providing consumers with meaningful choices about the collection of their data. The Administration and FTC have praised these efforts,” said DAA general counsel Stu Ingis in a statement. This “threatens to undermine that balance, limiting the availability and diversity of Internet content and services for consumers.”

Track attack

The DAA told the Wall Street Journal that the industry representatives and government had agreed that the advertising world would regulate itself and honor “Do not track”, so long as browser manufacturers didn’t make it a default setting. Nevertheless Microsoft received praise from US congressman Edward Markey (D-Mass.), co-Chair of the Bi-Partisan Congressional Privacy Caucus.

“Microsoft is taking an important first step towards greater privacy protections for consumers by making ‘Do Not Track’ the default for its new browser,” he said. “It is my hope that Microsoft and other companies will go further in the future, so that ‘Do Not Track’ also means ‘Do Not Collect,’ giving consumers the ability to say no to both targeted advertising and collection of their personal data.”

Advertisers are no fools – they know that if “do not track” is the default setting then most users will leave things that way and their information flow will dry up, whereas only the privacy-conscious will turn on the feature manually if it is switched off. Microsoft’s move with IE10 has a lot of people in the online advertising industry nervous, but it is difficult to see how they could make the company change its mind. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/advertisers_angry_do_not_track/

The Europe-v-Facebook campaign organized by Austrian law student Max Schrems is claiming victory after the social networking giant announced it is holding a vote on updates to its operating policy.

“Today we are asking you to join our second global site governance vote,” said Elliot Schrage, VP of communications and public policy on the company blog. “Voting will be facilitated by an application developed on Facebook Platform by Wildfire, and an independent auditor will examine the vote tabulation to further ensure accurate results. We strongly encourage you to participate in the vote on our new revised documents.”

Schrems, 24, has been waging a personal crusade against Facebook’s data policies and made a succession of complaints about their breaking of EU law to the Data Protection Commissioner in Ireland, where Facebook has its European headquarters. This led to an audit by the authorities and in response Facebook made alterations to both its Statement of Rights and Responsibilities and Data Use Policy and submitted them for public comment.

Under Facebook’s own rules, if more than 7,000 people comment on policy revisions then they are put to a vote, and if more than 30 per cent of the world user base votes then that result is binding, rather than advisory. Schrems set up Europe-v-Facebook to try and trigger a vote and claims that English users have filed over 7,000 comments and German customers more than 30,000, forcing Facebook to the ballot box.

“The user does not really get to vote on the content of the 40,000 comments. Right now we would suggest to rather vote for the old policy, since this would force Facebook to take another attempt to comply with the Irish regulators,” Schrems told El Reg in a statement. “At the same time we are wondering how long Facebook wants to keep on playing this tiring game. It’s time that they simply comply with the law, just like any other company.”

Schrems said his objective was to make all data collection and advertising opt-in rather than collection by default. He’s posted up a list of suggestions but, unsurprisingly, says Facebook isn’t interested in discussing the issue further and certainly isn’t promoting the voting process other than via a link on its corporate pages. This makes a successful turnout of 30 per cent of its 901 million users highly unlikely before the vote ends on June 8.

Facebook raised the threshold of user voting to 30 per cent in the wake of the fuss caused in 2009 over changes to its terms and conditions, giving it ownership of all user data on its servers. Zuckerberg pleaded that he needed a license to use content properly but then the company backtracked and reinstated the old terms. This latest kerfuffle may cause Facebook to reexamine its corporate democracy policies once more.

“Personally we would understand if Facebook is amending this mechanism, even though it has that bitter taste of ‘democracy is only respected if it brings the right results,’” Schrems said. “We think it perfectly shows how this platform is changing from a user based system to a money-driven cooperation.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/facebook_terms_vote/

A laptop belonging to the former boss of MI5 has been nicked while she was passing through Heathrow Airport.

Dame Stella Rimington’s computer was swiped after she left the machine on a luggage trolley at Heathrow airport last Tuesday, The Sun reports. There’s no evidence the theft was anything more than opportunistic. Even so the SO15 police counter-terrorism command is investigating the incident, which has raised concerns because of the possibility that the computer might contain contact details for Rimington’s former colleagues, even though she left the service 16 years ago.

Rimington, 77, served as the first female Director-General of the UK’s Security Service (aka MI5) for four years between 1992 and 1996. It’s thought her appointment inspired the casting of Judi Dench as spy chief “M” in recent editions of the James Bond films, though Rimington as Security chief was in charge of mainly UK-based spookery as opposed to the overseas operations of the Secret Intelligence Service (MI6).

A source apparently told The Sun: “Dame Stella seems to have forgotten the tricks of her tradecraft since leaving MI5. CCTV shows the laptop in the upper compartment of her trolley as she left the terminal building at Heathrow last week.

“It’s possible it was taken while her back was turned. But it seems more likely that she left the computer on the trolley and somebody took it after she was driven away.”

Since retiring as a spymaster, Rimington has become a novelist. It’s unclear whether the swiped laptop (brand unknown) was either backed up, encrypted or password protected.

Back in 2000, two serving MI5 officers lost their laptops in the course of buying a train ticket and having a drink in a bar, respectively. It’s to be hoped that computer security among spooks has improved since but it’s difficult to know for sure.

MI5 does not have a press office and avoids comment on intelligence matters.

Graham Cluley, senior technology consultant at web security firm Sophos, commented:

“Whoever stole Dame Stella’s laptop was not targeting her specifically and is more interested in selling the computer down the pub than attempting to uncover any secrets on her hard drive.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/ex_mi5_boss_lost_laptop/

Cyberattacks on Iranian nuclear program were a US-Israel effort started under the Bush administration and continued by President Obama, The New York Times reports.

The confirmation from Obama-administration officials that Stuxnet was a joint US-operation comes from extracts from a forthcoming book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, by David Sanger that’s due to be published next week.

The NYT teaser piece reports that Operation Olympic Games was devised as a means to throw sand in the works of Iran’s controversial nuclear program. It was initially embarked upon in 2006 without much enthusiasm, as a preferable alternative to withdrawing objections against an Israeli air strike against Iran’s nuclear facilities. There was little faith that either diplomacy or tougher economic sanction would work, especially since the international community might be expected to regard warning about another country developing weapons of mass destruction with extreme scepticism after the Iraq War debacle.

General James E Cartwright, head of a small cyberoperation inside the United States Strategic Command, developed the plan to create Stuxnet. The first stage involved planting code that extracted maps of the air-gapped computer networks that supported nuclear labs and reprocessing plants in Iran.

Development of the payload came next and involved enlisting the help of Unit 8200 – the Israeli Defence Force’s Intelligence Corps unit – which had “deep intelligence about operations at Natanz”, and the NSA. Bringing the Israelis on board was important not just for their technical skills but as a means to discourage a pre-emptive strike by Israel against Iranian nuclear facilities.

Keeping the Israelis on-side involved persuading them that the electronic sabotage by “the bug”, as it was known, stood a good chance of succeeding. This involved destructive testing against P1 high-speed centrifuges, surrendered by the the former Libyan government of General Gaddafi when it abandoned its own nuclear programme back in 2003. Iran also used the same P-1 centrifuges, sourced from a Pakistani black market dealer.

Small scale tests were a great success, prompting a decision to plant the worm in Natanz using spies and unwitting accomplices (from engineers to maintenance workers) with physical access to the plant, around four years ago in 2008.

Operation Olympic Games proved successful at infecting industrial control systems and sabotaging high-speed centrifuges while getting the Iranians to blame themselves or their suppliers for the problems.

Obama allowed the operation to continue even after the Stuxnet code escaped from Iran’s Natanz plant back in 2010, via an engineer’s computer, allowing the code to begin replicating across the net, something only possible due to a design mistake. Obama gave the go-ahead for the continuation of the scheme, with the development of fresh version of Stuxnet, after hearing the the malware was still causing destruction.

Sanger’s account of the joint US-Israeli effort to develop Stuxnet is based on interviews with current and former US, European and Israeli officials involved in the (still secret) program.

The US government only recently admitted the existence of programs to develop offensive cyberweapons, and has never admitted using them. There’s was discussion about using electronic attacks against Libyan air defence systems in the run-up to NATO-led air attack against the Gaddafi regime last year but that option was rejected.

The US relies more heavily on technology than almost any other country in the world and is much more vulnerable to cyber-weapons than most. Using cyber-weapons, even if they were narrowly targeted and closely controlled, could enable hostile government or hackers to justify electronic attacks against US interests.

Stuxnet is back in the news because of this week’s publicity about the Flame worm, a cyber espionage toolkit that infected computers in Iran and elsewhere in the Middle East. US officials told Sanger that Flame was not part of Olympic Games, while declining to say whether or not the US was behind the headline-grabbing attack.

Industry experts had long speculated that Stuxnet, which involved the use of zero-day exploits and knowledge of industrial control systems, was a state-sponsored project highly unlikely to have been the work of criminal hackers. A US-Israeli joint project was widely rumoured to have led to the creation of Stuxnet.

Sanger’s research is more evidence in support of this theory and the only real question is why officials have begun talking about the secret spy op.

The reasons could be political, security experts speculate.

“Obama wanted to get credit for Stuxnet, as that makes him look tough against Iran,” said Mikko Hypponen, chief research officer at F-Secure. “And he needs that as Presidential elections are coming.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/stuxnet_joint_us_israeli_op/

WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.

The security patch was applied on Tuesday following reports by KrebsOnSecurity that a hacker was auctioning rights to abuse the vulnerability through an underground hacking forum. The then zero-day blind SQL injection supposedly created a mechanism for miscreants to break into web hosting firms that rely on WHMCS’s technology. The exploit was on offer at $6,000 for sale to a maximum of three buyers.

In a notice accompanying the patch release, WHMCS stated that it was notified about the problem with its systems by an “ethical programmer”.

Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.

The potential of this is lessened if you have followed the further security steps, but not entirely avoided.

And so we are releasing an immediate patch before the details become widely known.

Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.

The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them – as we hope our past history demonstrates.

The advisory references an incident last week when hackers tricked WHMCS’s own hosting firm into handing over admin credentials to its servers. The crew that pulled off the hack, UGNazi, subsequently extracted the billing company’s database before deleting files, essentially trashing its server and leaving services unavailable for several hours. The compromised server hosted WHCMS’s main website and supported customers’ installations of the technology.

UGNazi also seized access to WHMCS’s Twitter profile, which it used to publicise locations from which the compromised customer records might be downloaded. A total of 500,000 records, including customer credit card details were exposed as a result of the breach. Hacktivists justified the attack via unsubstantiated accusations that WHMCS offered services to internet scammers.

Last week’s breach involved social engineering trickery and wouldn’t appear to be related to the SQL Injection vulnerability patched by WHMCS on Tuesday. Since applying the patch WHMCS has come under attack from a fresh run of denial of service assaults, confirmed via the latest available update to WHMCS’s Twitter feed on Tuesday afternoon.

We’re currently experiencing another heavy DDOS attack – seems somebody doesn’t like us protecting our users with a patch … Back online asap

WHMCS’s website remains difficult to reach, at least from Spain, but its official blog, can be found here.

The firm was unreachable for comment at the time of publication. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/whmcs_ddos_follows_patching/

Microsemi, manufacturer of the ProASIC3 field-programmable gate array (FPGA) that researchers Sergei Skorobogatov and Christopher Woods claim has a highly hackable backdoor, has issued a statement (PDF) about the attack.

The statement also casts doubt on the experimental method used to detect the backdoor, as it says the company “has not been able to confirm or deny the researchers’ claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification.”

The statement also says “there is no designed feature that would enable the circumvention of the user security.”

The document goes on to say that the internal test facility the researchers cracked, by obtaining a key after secretive electronic snooping, does indeed exist but is “disabled in all shipped devices” and “can only be entered in a customer-programmed device when the customer supplies their passcode, thus preventing unauthorized access by Microsemi or anyone else.” The FPGA can also, the statement says, be configured so the internal test facility is disabled and access is not possible, with or without a passcode.

On our reading, the statement says the “backdoor” is a feature in the form of an internal test facility, not a bug. While the researchers may have been able to extract a key, their work does not therefore constitute a revelation because it accesses a known set of functions that aren’t hidden from customers.

Here in El Reg’s antipodean eyrie, we’re therefore keen to know if Skorobogatov and Woods worked with a brand new FPGA, because if we take Microsemi’s word for it there’s no reason a virgin ProASIC3 would have a passkey lurking within. But we can imagine a used ProASIC3’s passkey being extracted using the researchers’ cunning methods.

How did the key get there? It’s tempting to suppose that spies got wind of the research, intercepted the FPGA before it reached the lab and inserted a key for the team to find. The resulting explosive finding of a “backdoor” means we all now worry more about China. That makes somebody happy.

We’ve no idea who’s spies would have bothered, but feel justified in floating the idea because this will almost certainly be far from the oddest theory concocted to explain the affair. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/silicon_backdoor_rebutted/

Security experts have warned multinationals with bases in Hong Kong that they are not immune to cyber attack from China despite the shared sovereignty between the Special Administrative Region (SAR)and its mainland parent.

The Chinese authorities have long been blamed for either officially sanctioning cyber espionage attacks on foreign public and private organisations or turning a blind eye to financially motivated or patriotic attacks on western companies and states launched from within the People’s Republic.

Some believe there is an unwritten agreement between the hacking community and the authorities that these activities can continue as long as no government organisations or firms operating in China are touched.

However, experts in the SAR have said multinationals appear to be fair game for Chinese hackers.

Roy Ko, centre manager of the Hong Kong Computer Emergency Response Team (HKCERT) told The Reg that his team works closely with its Chinese counterpart to source the location of attacks on local firms.

“Hong Kong’s immunity depends on our capabilities to defend, not because we’re part of China,” he argued. “We have a good communications channel in place with the China CERT, so when the attacks have come from China we can seek their help and advice.”

Ian Christofis, an acting manager for Verizon in North Asia, recently told The Reg that multinationals on the mainland were worried about IP theft via malicious insiders and said Hong Kong firms were equally in the crosshairs.

“Hong Kong is just as much a target as anywhere else. Hong Kong firms should not be complacent,” he added.

Guido Crucq, GM of security solutions Asia Pacific for integrator Dimension Data, agreed.

“Cybercriminals are into hacking for the money, so we advised our clients that we can’t let our guard down simply because we are doing business in a location which we consider as friendly territory,” he said.

However, lawmaker Samson Tam, who is a legislative councillor for IT in the SAR, preferred to play up the threat to locally-based firms from outside of China.

“Most attacks come from smaller countries or areas with looser controls, so international police force co-operation is very important,” he told The Reg.

“Mainly they are financially-motivated attacks because we don’t have many political, cultural or religious tensions here.”

In any case, as has been proven in the past, it can be frustratingly difficult for experts to accurately trace back a cyber attack to source.

Given its large online population, China will naturally have a sizeable number of compromised machines which either home-grown or foreign hackers can use to launch attacks, said HK CERT’s Ko. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/01/experts_warn_hing_kong_attacks/

Analysis Flame may be big in size but it’s nothing like the supposedly devastating cyberwarfare mega-weapon early reports of the malware suggested.

The cyber-espionage toolkit – reckoned to have been in circulation for at least two years and possibly much longer – created a fire-storm of publicity after Iranian authorities published a stark warning about the virus on Monday.

On the same day, antivirus experts at Kaspersky Labs and Hungarian security researchers at the Laboratory of Cryptography and System Security (CrySyS), who had been independently working on analysing the same malware, published their own preliminary analyses.

The Kaspersky experts had been called in by the International Telecommunication Union, which wanted to crack the riddle of a mystery Trojan outbreak that was wiping data off compromised machines in the Middle East.

Flame, which comes with a complex variety of libraries and swappable modules, weighs in at a monster (arguably bloated) 20MB. That’s about 40 times larger than Stuxnet, a heavyweight itself by malware standards.

But size is far less important than how many systems it has infected and what damage it causes.

Who’s on the hit-list?

Estimates from Kaspersky (here) suggest Flame has only infected 1,000 Windows-powered computers almost exclusively across the Middle East in countries including Iran, Israel and Syria, though it has been found as far down as Sudan in north Africa.

Compromised targets include governmental organisations, educational institutions and home users. Circumstantial evidence suggests that the data-stealing malware infected systems at Iran’s main oil export terminal on Kharg Island in the Persian Gulf last month, prompting a decision to disconnect systems there. Flame may also have infected the computers of high-ranking officials, causing a “massive” data loss, unconfirmed reports suggest.

Iranian authorities, who claim to have developed an antidote to Flame, are pointing the finger of blame towards Israel, suggesting the encryption scheme used by the worm is characteristic of those built by Israeli malware writers. The encryption link is tenuous at best.

Nonetheless the Iranian angle adds intrigue, especially in light of the Kharg Island infection. Yet a sober look at the malware suggests its spread is modest and its actions on compromised systems are standard fare for modern viruses, contrary to reports earlier this week.

Game changer? Maybe not

Rather than redefining cyberwar and cyberespionage, as Kasperky researchers initially claimed amid Iranian warnings that the malware was “a close relation to the Stuxnet and Duqu targeted attacks”, Flame is bloated and overhyped, according to rival security vendors.

Flame is a precise attack toolkit rather than a general-purpose cyber-weapon, the argument goes. It hasn’t spread very far and might well be restricted to systems administrators of Middle East governments.

“While it really doesn’t do anything we haven’t seen before in other malware attacks — what’s really interesting is that it weaves multiple techniques together and dynamically applies them based on the capabilities of the infected system,” Patrik Runald of Websense explains.

“Also, Flame has been operating under the radar for at least two years, which counter-intuitively may partially be attributed to its large size.”

My dad’s botnet is bigger than yours

By comparison to the 1,000-or-so systems hit by Flame, the Flashback Trojan infected 600,000 Mac OS X computers earlier this year and created the first botnet on Apple machines in the process.

The DNSChanger Trojan, linked to click-fraud and scareware scams, compromised four million Windows machines prior to a takedown operation in March.

The infamous Conficker worm hit upwards of 9 million systems, forcing the disconnection of systems at Greater Manchester Police for three days while also causing disruption at a hospital and the local council, and even managed to infiltrate the Houses of Parliament.

A run of Windows worms – Sasser, Nimda and Code Red – caused network congestion and comparable disruption when they appeared in separate incidents between 1999 and 2004. Viruses that spread by email attachments – such as the Love Bug, SoBig and Anna Kournikova nasties – brought mail servers and inboxes to their knees.

Banking Trojans created using the ZeuS or SpyEye toolkits have resulted in massive losses to banks and small businesses while infecting hundreds of thousands of systems.

Flame, on the other hand, has only infected hundreds of PCs. The malware is clearly designed for information-gathering and espionage but, again contrary to early reports, it isn’t doing anything much out of the ordinary from a technical perspective.

Spy craft

The malware infects computers running Microsoft’s operating system, and stealthily installs itself before stealing information, logging keystrokes, sniffing network traffic and capturing screenshots. It can also surreptitiously turn on microphones to record audio conversations, and then uploads all of this data to remote command-and-control servers.

Flame is built with many interlinked modules and is capable of handling a complex mix of remote instructions. Dozens of pieces of malware or malware frameworks infecting millions of PCs bundle similar capabilities.

Slurps info from Bluetooth kit

When Bluetooth hardware is available, Flame collects information about discoverable devices near the infected machine.

Only the Bluetooth activity in this list is in any way remarkable, says PandaLabs.

Another curious and somewhat innovative feature of the malware is its ability to turn its worm-like spreading functionality on and off.

“Even though it is a worm, its spreading mechanisms are disabled. It looks like whoever is behind it can activate that feature when needed,” explains Luis Corrons, technical director of PandaLabs.

The malware also bundles clean-up routines designed to purge it from systems that have been compromised.

“There seems to be a module named ‘browse32’ that’s designed to search for all evidence of compromise (eg, malware components, screenshots, stolen data, breadcrumbs, etc) and carefully remove them,” Gunter Ollmann, VP of Research at Damballa explains.

“While many malware families employ a clean-up capability to hide the initial infection, few include the capability of removing all evidence on the host (beyond trashing the entire computer). This, to my mind, is more reflective of a tool set designed for human interactive control — ie, for targeted attacks.”

Next page: If Stuxnet was the Ali of malware, then Flame is a Sumo wrestler

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/31/flame_hype_analysis/

One in six Windows PCs worldwide are hooked up to the internet with no basic security software, according to a study by McAfee.

The computer security firm’s study, conducted across 24 countries using data from an average of 27 to 28 million personal computers each month, found 17 per cent of machines were running with either disabled or nonexistent antivirus software and firewall defences.

The survey’s figures come from anonymised data voluntarily submitted by consumers around the world using the free diagnostic tool McAfee Security Scan Plus. The Windows-only software checks the user’s computer for threats, antivirus software and firewall protection.

Web surfers who install Scan Plus are likely to have a problem with their computers that prompted them to use the technology in the first place – so they might be less well protected than the general population. McAfee’s figures are thus probably best regarded as indicative rather than definitive.

The US ranked in the bottom five least-protected consumer PC populations, with 19.32 per cent of punters living without basic security, according to McAfee’s stats. The situation was much better, but still not exactly brilliant, in Finland where only 9.7 per cent of consumer PCs went unprotected.

The lack of antivirus software puts valuable documents, such as pictures and financial records, at risk of destruction if malware corrupts a system. A separate study found that consumers globally say 27 per cent of their digital files would be “impossible to restore” because they are not backed up properly.

McAfee has a clear self-interest in talking up the need for consumers to run antivirus suites. Along with Symantec and Kaspersky Lab, it is the main supplier of paid-for security software to consumers, after all. Many basic and perfectly functional antivirus packages for Windows are also available from the likes of Avira, Avast or AVG. Microsoft also supplies a basic antivirus scanner.

Each of these scanners are far from effective at blocking brand-spanking new banking Trojans or botnet agents, but they are the best defence (along with patching) punters have against ruthless hackers. So the question arises: if security software is important, why isn’t everyone running it?

McAfee reckons that some consumers avoid using antivirus software in the mistaken belief that they are unlikely to be hit by viruses.

“Many consumers still believe that by simply sticking to known ‘safe’ sites, they’ll be protected from all forms of malicious content,” McAfee comments in a blog post about its scan results, published on Tuesday.

“The fact is: the prevalence of sophisticated attacks is rising at an alarming rate. Furthermore, with the adoption of smartphones and tablets, mobile malware has become an immediate threat due to easily accessible personal data like financial and credit card information stored on mobile devices.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/30/unprotected_windows_survey/