Windows XP biggest 'haven' for rootkits —Report

Here's an added incentive for users of computers running Microsoft's venerable Windows XP operating system to upgrade: there is a good chance that they are hosting rootkits. Antivirus firm Avast has cited data showing that three-fourths of rootkits are running on the aging but still-popular XP, Computerworld reported recently. "According to our stats, as many as a third of XP users are running SP2 (Service Pack 2) or earlier... Millions of people are out of support and their machines are unpatched," Ondrej Vlcek, the chief technology officer of Avast, said in an interview with Computerworld. The Computerworld article said 74 percent of the rootkit infections found by Avast were on machines running XP, which accounts for about 58 percent of all Windows systems in use. Worse for XP users, Microsoft stopped supporting XP Service Pack 2 with security patches as early as last year. Rootkits are software that can run undetected on computers, and can potentially spread malware to other systems. Compromises involving rootkits usually run undetected and make an infected PC available to the controllers of botnets for cybercrime such as sending spam - or spreading malware to other machines. Vlcek urged users running legal copies of XP to upgrade to XP Service Pack 3. "Moving to SP3 is the most basic thing that should be done," he said. Avast Software based its findings on a survey of more than 600,000 Windows PCs. Computerworld said the Avast survey found XP's share of the infection was much larger than Windows 7's, which accounted for only 12 percent of malware-infected machines. Windows 7, launched in 2009, presently powers 31 percent of all Windows PCs, the Avast figures showed. Two reasons for infection Avast cited two reasons for the infection difference between XP and 7: the use of pirated copies of XP, and better security on Windows 7. Vlcek speculated many users of XP SP2 declined to update to the still-supported SP3 because they are running counterfeit copies of XP - likely out of fear of getting black screens and nag notices. On the other hand, Vlcek cited Windows 7's stronger security, especially that of its 64-bit version. "The 64-bit version [of Windows 7] has some technologies that really make it much more difficult for rootkits to infect the computer," said Vlcek. He pointed out Windows 7 64-bit's kernel driver-signing feature help keep rootkits off machines, although he admitted he had expected the number of infected machines running Windows 7 would be "even smaller." Latest rootkit Some of the latest rootkits —including Alureon, TDL, Tidserv and TDL-4— install themselves into the Master Boot Record (MBR), the first sector of the hard drive. This makes the rootkit even tougher to detect, as it is loaded before the operating system and security software. Avast said it found that rootkits which infected the MBR were responsible for 62 percent all rootkit infections. — TJD, GMA News