Microsoft malware and Nitol – don’t panic

Today’s media is awash with stories of how brand new computers are being infected with malicious software before they even leave the factories where they’re made.

Software giant Microsoft claims that 20% of the computers it tested were infected with viruses. One, called Nitol, could potentially steal personal information that will give criminals access to your bank account, or make your computer part of a network that topples large company websites through what’s known as a distributed denial of service (DDoS) attack.

Sounds terrifying doesn’t it? As do many of today’s headlines. It’s easy to see why consumers (and companies) could be worried about these findings. A statement from security specialist FireEye, says:

‘It seems that today’s ever-determined hackers have truly upped their game and taken cybercrime to the next astonishing level. According to Microsoft, some of the malware was capable of remotely turning on an infected computer’s microphone and video camera, posing a serious cyber espionage issue for consumers and businesses alike.’

Are we too afraid?

Personally, I don’t think phrases such as ‘cyber espionage’ and ‘next astonishing level’ are particularly helpful. A previous Which? Computing report has shown that a basic belt-and-braces approach to securing your computer can help you to stay safe.

Providing you have a firewall, anti-virus software and ensure that these and your operating system are kept up-to-date, you’re unlikely to fall victim to malware.

Education has a crucial role to play, too, and it’s important that people are aware of the dangers of so-called phishing attacks and other scams that use social engineering to con you into clicking on malicious links.

But being educated about the risks associated with certain software shouldn’t always mean panicking whenever something like this hits the headlines. Indeed I think these panics can lead to a rise in scareware whereby would-be criminals attempt to sell fake security programs.

Time for a reality check

Take this story, for example. A cursory glance at the news stories could lead you to believe that 20% of new computers coming out of factories have malware on them, but that’s a long way from the truth.

In reality, Microsoft digital security officers examined 20 computers in total from different cities in China. Twenty per cent equates to just four computers. Only one of these was infected with the aforementioned Nitol virus. True, as FireEye comments:

‘If the exploitation of supply chain vulnerabilities should become an emerging trend, it should be taken very seriously indeed, as it the impact could be far-reaching, costly and destructive.’

However the key word here is ‘could’. Four infected computers don’t make an epidemic. I’d imagine that infiltrating a computer manufacturing plant is tricky stuff. Not impossible, but nothing that should spread panic among those looking to buy a new PC.

My advice to anyone buying a new computer would be as follows:

Update your operating system and anti-virus software as soon as you go online
Make sure your firewall is turned on
Download an anti-spyware program

Personally, I’d like to see security companies spreading more useful tips on staying safe, to make sure that people have the correct support in place, and don’t panic the next time malware hits the headlines. What do you think?

thelm says:

14 September 2012

The pre-installation of malware doesn’t really sound like a big problem at the moment – the big manufacturers (who import pre-configured machines in to the UK) will probably have very strong measures to prevent corruption of machines during manufacture – the legal liabilities and consequential damage to branding are very high. It is always the case that you have to get up and running with security as soon as you get a new computer (updates, security package, back-up routine), but it’s not worth getting worried until either you’re security package flags something or the manufacturer highlights a problem.

william says:

As all my PCs are home built, this doesn’t bother me much. Now if you’d mention the malware had been planted in the BIOS then I might have taken note. What this could lead to, if indeed its not already happening is malware being added to internet enabled devices, like TVs etc. Now that’ll be much harder to detect and remove. Wonder if they’ve got their claws into the modem/router manufacturers yet too. Sadly this could be the tip of the proverbial iceberg.

David says:

15 September 2012

Let’s be honest… If you don’t want to get malware, just use a different operating system such as Ubuntu or – if you are really paranoid about security – use PC-BSD, but it has fewer apps available at the moment compared to Ubuntu, e.g. apps such as Google Earth.

I never get malware and I have kept Windows 7 for when I have *no* choice but to use it e.g. Nokia Ovi Suite for my mobile, for backing up my phone etc.

A good way to encourage people to try a different operating system is to install it on a spare laptop and use it mainly for internet use, especially online banking. Keep Windows for those apps which only work in Windows, such as games.

Ubuntu
http://www.ubuntu.com/

PC-BSD
http://www.pcbsd.org/

Windows = easy malware infections – even worse when using Microsoft Internet Explorer too!!!!

Terry Farrell says:

21 September 2012

I’d be delighted and give my full support to Which? if it started a campaign to stop manufacturers of computers, tablets and mobile phones from installing massively ghastly bloatware.

It would be great to be able to switch on a new computer, tablet or mobile and find just the Operating System running and let me – THE PERSON PAYING FOR THE DEVICE – choose what extras are to be installed. I want to be able to choose my email client, my web browser, my anti-virus and not have some deficient rubbish permanently locked onto my device.

I totally agree with you Terry Farrell.

The amount of junk pre-installed that guzzles resources and makes the computer run slower. Every user could un-install the junk they DON’T ever need and never intend on using and the computer will boot up faster and run faster. The only pre-installed “junk” that’s needed are tools provided by the manufacturer to change the laptop’s brightness and find new drivers. Why don’t the manufacturer’s ONLY pre-install the drivers (for those who don’t know, “drivers” are programs that make your devices work, like the webcam) and a tool for keeping these drivers up-to-date? Better than tons of rubbish that people don’t want or need!

I’m not the only person who rants about this problem, read more:
http://www.whylinuxisbetter.net/items/crapware/index.php?lang=

alfa says:

25 September 2012

I also totally agree.
My new laptop came with a month trial of Mcafee. After uninstalling, using Mcafee removal tool and installing my choice of internet security that supposedly also removed Mcafee, surprise, surprise, it has not all gone !!!
I also bugs me that operating system installation discs are not provided on most new PCs and you can only restore them to the state you first received your computer in.

Snowdin says:

Simple advice. Never ever, ever, believe a newspaper headline that quotes relative risk. The only risk of any value is absolute risk. Here the later-to-be-revealed sample size and location (China) turn the headline into a bad joke.
I agree with the comments on junkware but to the advice on buying a new computer I’d add
Make sure Windows Updates are turned on, and always check late on Update Tuesday, the second of each month.
Get an Update checking programme and use it regularly. Examples are FileHippo Update Checker, which is my personal favourite, Secunia PSI which occasionally finds updates I wasn’t aware of, and the Vulnerability Scanner in Kaspersky Internet Security.
Some people would add “make sure Java isn’t installed or enabled” as it is so consistently insecure and so frequently exploited.

As I write the IE6,7,8 and 9 security hole (10 is OK) that has been publicised for days by F-Secure and the German Government, but not by anyone I’ve seen in the UK, has just been patched so get downloading from Windows Update.

22 September 2012

If Windows was made to be secure from the beginning, it would not be necessary to install all these different “security” apps. Since I use Ubuntu instead of Windows, I don’t have to worry about viruses and not having everything up-to-date, because every app installed is kept updated and you cannot get a virus on Ubuntu just by clicking on something malicious online e.g. “smiley faces” or “registry optimizer” etc.

I have seen anti-virus software scare the user with false alarms or block people from receiving e-mail attachments like pictures, documents etc. Also anti-virus software slows-down the computer, can cause conflicts and could even prevent important updates being installed!

Windows is NOT a secure operating system, regardless of what the marketing people at Microsoft want us to believe. Windows is just another example of an Americanised computer industry that puts money and glossy marketing before quality!

Help

New computers infected with malware, but don’t panic

Are we too afraid?

Time for a reality check

Search

Latest discussions

Take our community survey

Vote in our poll

Are we too afraid?

Time for a reality check

Search

Latest discussions

Take our community survey

Vote in our poll

Join the debate

Related discussions