http://news.zdnet.com/2100-1009_22-6082615.html

Many Windows PCs have been turned into zombies, but rootkits are not yet widespread, according to a Microsoft security report slated for release Monday.

More than 60 percent of compromised Windows PCs scanned by Microsoft's Windows Malicious Software Removal Tool between January 2005 and March 2006 were found to be running malicious bot software, the company said. The tool removed at least one version of the remote-control software from about 3.5 million PCs, it added.

"Backdoor Trojans…are a significant and tangible threat to Windows users," Microsoft said in the report. ...

I've stated it many times before, but I'll state it again. Despite all the talk about viruses and virus removal programs...

True viruses are extremely rare!


In fact, when a user states that they have a virus, or a virus removal program claims it found a virus, 99% of the time it's not a virus, but rather a form of trojan horse.

For too long now, antivirus companies have turned a blind eye to the real malware problems: Spyware, Trojan Horses, and Worms. Most antivirus software is ineffective toward these common threats. The reason for this, is the average user incorrectly identifies the above threats with viruses, so when they purchase security software, they purchase the ones that stress "Virus Removal".

A few years ago, viruses were the common threat. A virus is like the punk who goes around breaking car windows; his intent is simple destruction. However, the internet has grown and so has the punk. Now, his motivation isn't destruction...it's money. Hence, viruses almost no longer exist and have been taken over by money making malware such as the type I described.

True viruses are extremely rare! Very true. I've tried telling that to people many times. A scanner like ewido is probably more useful than something like NAV or McAfee, certainly better than AVG.

Edit: Wouldn't you kind of notice if your PC is a zombie? Wouldn't that person realize something's wrong and turn it off? PCs don't usually run that slowly and do odd things without permission.

Very true. I've tried telling that to people many times. A scanner like ewido is probably more useful than something like NAV or McAfee, certainly better than AVG.

Yes exactly! For my customers, I place three icons on the bottom right of their desktop: Ewido online malware scan (for Trojans, keyloggers, worms, etc), Ad-Aware or Spybot (for spyware), and Ccleaner (to decongest the browser; set it to clean at startup)

Wouldn't you kind of notice if your PC is a zombie? Wouldn't that person realize something's wrong and turn it off? PCs don't usually run that slowly and do odd things without permission.

That depends on many factors: 1) The sophistication of the rootkit, 2) The knowledge of the user, 3) The computer speed, 4) The internet speed.

Back to our previous discussions of "Safe Computing" ...

It is really important, at all times, to know who is talking to what and when!

Essential icons I have in the systray: Network connection icon and Zone Alarm Icon ... I SEE network activity!
That goes hand in hand with having the router and modem where you can see the LEDs blinking.

When nothing should be connecting to the web and you see activity lights flickering away...
That is an immediate alarm bell telling you to make a quick inspection of your system to tell you what it is, who it is talking to, and why it is active.

I have encountered a few online functions, particularly with online gaming, where an app fails to close the connection when you close the program and remains connected to a server. I have found others that fail to close a port, specific to use of that app, after closing a program.

What would be a really usefull app to curb this would be something that would flash a FULL SCREEN warning window when network activity, other than ICMP keep alive pings to the router and network, is detected when no internet accessing programs are active on the machine.

Auto update and download programs are becoming more and more common these days but I still get really aggrevated at anything that connects to the web behind my back and without my express permission.

Other than Nod32 signature update checks, I turn them all off!