We all know that Windows is the most malware-ridden platform out there, but why is that? Windows is the most popular desktop operating system, but that isn’t the only reason – past decisions made Windows a fertile breeding ground for viruses and other malware.
We’ve previously explained why everyone should be using an antivirus on Windows, but we’ve also advised that Linux doesn’t need an antivirus. We covered some of the reasons why an antivirus is and isn’t necessary on each platform, but now we’ll look at how we got here.
Windows is a big target because it powers the vast majority of the world’s desktop computers and laptops. If you’re writing malware and you want to infect average computers users – perhaps you want to install a key logger on their systems and steal their credit card numbers and other financial data – you would target Windows because that’s where the most users are.
This is the most common argument for Windows having such a history of malware, and it’s true — but this isn’t the only reason, either. There’s a lot more to it than popularity.
Historically, Windows was not designed for security. While Linux and Apple’s Mac OS X (based on Unix) were built from the ground-up to be multi-user operating systems that allowed users to log in with limited user accounts, the original versions of Windows never were.
DOS was a single-user operating system, and the initial versions of Windows were built on top of DOS. Windows 3.1, 95, 98, and Me may have looked like advanced operating systems at the time, but they were actually running on top of the single-user DOS. DOS didn’t have proper user accounts, file permissions, or other security restrictions.
Windows NT – the core of Windows 2000, XP, Vista, 7, and now 8 – is a modern, multi-user operating system that supports all the essential security settings, including the ability to restrict user account permissions. However, Microsoft never really designed consumer versions of Windows for security until Windows XP SP2. Windows XP supported multiple user accounts with limited privileges, but most people just logged into their Windows XP systems as the Administrator user. Much software wouldn’t work if you did use a limited user account, anyway. Windows XP shipped without a firewall enabled and network services were exposed directly to the Internet, which made it an easy target for worms. At one point, the SANS Internet Storm Center estimated an unpatched Windows XP system would be infected within four minutes of connecting it directly to the Internet, due to worms like Blaster.
In addition, Windows XP’s autorun feature automatically ran applications on media devices connected to the computer. This allowed Sony to install a rootkit on Windows systems by adding it to their audio CDs, and savvy criminals began leaving infected USB drives lying around near companies they wanted to compromise. If an employee picked up the USB drive and plugged it into a company computer, it would infect the computer. And, because most users logged in as Administrator users, the malware would run with administrative privileges and have complete access to the computer.
It’s clear that Microsoft never designed the original release of Windows XP to survive on a dangerous Internet, and it showed.
In response to growing concern and malware infections, Microsoft became more serious about security with Windows XP Service Pack 2, which included a more powerful firewall and a variety of other security features, including a security center that nags users to install an antivirus program. With Windows Vista, Microsoft introduced User Account Control, finally encouraging Windows users to use limited user accounts. Windows today uses limited user accounts by default, ships with a firewall enabled, and no longer automatically runs programs with autorun. Windows 8 even comes with an integrated antivirus and other security features. These are just a few of the most visible security improvements Microsoft has made.
However, many computers connected to the Internet still use Windows XP. It’s also likely that a significant amount of users have not installed security updates. Microsoft’s installation of the Windows Genuine Advantage anti-piracy system through Windows Update caused many people, especially people using improperly licensed copies of Windows, to disable automatic updates. This leaves many Windows XP systems vulnerable.
The latest versions of Windows are much more secure than Windows 98 and the original release of Windows XP. However, Windows still remains a target.
While Android allows users to install software from outside Google Play and desktop Linux allows its users to install software from outside their software repositories, the majority of the software Android and Linux users install comes from a trusted, centralized repository. Users open their app store or package manager, search for the program, and install it.
On the Windows desktop, users have to open their browsers, search the web, download an application from a website, and install it manually. Many less-savvy users may end up downloading dangerous software or clicking a fake “Download” button that leads to disguised malware. Users may download and run potentially dangerous types of files, such as screensavers, without knowing that they contain executable code and can infect their system. People downloading pirated software from questionable websites may end up infected.
Operating systems that provide a trusted source of applications for users to search and install fare better. Microsoft had the chance to fix this with Windows 8, but the Windows Store doesn’t manage the installation of desktop applications.
There isn’t one clear reason why Windows has the most viruses of any operating system – like all things in life, it’s a combination of factors. Windows’ popularity among average computer users is a huge reason, although it’s also true that Microsoft’s apparent lack of concern for security in the early days made the problem much worse than it had to be. The lack of an official app store for desktop application also increases the risk for less-savvy computer users looking for software online. Users that don’t know the warning signs and what to avoid are much more vulnerable on the Windows desktop.