Tyler Moffitt, security analyst at Webroot, was responding to questions posed by iTWire in connection with the company's releasing its 2020 Threat Report.
At least one security firm — Avecto — has pointed out that removing admin rights from the regular user would mitigate would mitigate 80% of the critical vulnerabilities found in Microsoft products in 2017.
But Moffitt does not agree with this. "This [insisting that a user account be created before the Windows system is used] probably will not work too well for the average home user as they need those admin rights to do anything with their computer, such as installing Chrome, games or a security solution," he said.
Asked why the fact that ransomware was only aimed at Windows systems was not acknowledged by Microsoft and security firms, Moffitt had a different take.
"The problem here is not that Windows is the most bug-ridden operating system that allows attackers in to deliver malware like ransomware - ransomware has been made for Mac, Linux and other IoT devices," he said.
"The issue here is what operating system is the most commonly used - if you are a criminal and you are trying to hit the most amount of people, because the game is accuracy in numbers, then you would go after the pool of Windows users.
"Windows holds about 90% market share of all computers and Mac is about 9%, so it makes total financial sense for a criminal to focus on Windows. If Mac had 90% share of all computers, then you can bet that most of the malware would be for Mac.
"Windows 10 was a pseudo acknowledgement of this fact, because now users do not have the option to ignore updates. Updates are the only way that Windows can patch all the exploits that criminals leverage to infect machines. While it is not going to outright fix the issue, Windows 10 is doing a much better job than the previous Windows versions."
He said he had not noticed any additional language in the Windows End User Licence Agreement to guard against claims for ransomware attacks. "I have not seen any - pretty much, you are on your own using the Windows operating system. It is up to the end user not to click on things they should not, according to Microsoft."
The Threat Report issued by Webroot was different from many others from other companies in the same space in that it did not hesitate to mention Windows as one of the biggest attack platforms.
Moffitt said this was justified. "We mention Windows so much because that is the operating system that is overwhelmingly infected. It's therefore useful to delve into the insights around Windows infections - what types of Windows machines are infected more, i.e. Windows 7 machines are 150% more likely to be infected than Windows 10 machines.
"Because of that, we can give insight into why certain regions get infected more - because they use older, out of date operating systems."
He said the figures in the Webroot report were based on more that 95 million sensors that fed data into the company's database.
Some findings of the report:
- Phishing URLs encountered grew by 640% in 2019.
- 1 in 4 malicious URLs is hosted on an otherwise non-malicious domain.
- 8.9 million URLs were found hosting a cryptojacking script.
- The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, Google, PayPal and DropBox.
- The top five kinds of websites impersonated by phishing sites are crypto exchanges (55%), gaming (50%), web email (40%), financial institutions (40%) and payment services (32%).
- Malware targeting Windows 7 increased by 125%.
- 93.6% of malware seen was unique to a single PC – the highest rate ever observed.
- 85% of threats hide in one of four locations: %temp%, %appdata%, %cache%, and %windir%, with more than half of threats (54.4%) on business PCs hiding in %temp% folders. This risk can be easily mitigated by setting a Windows policy to disallow programs from running from the temp directory.
- IP addresses associated with Windows exploits grew by 360%, with the majority of exploits targeting out-of-date operating systems.
- Consumer PCs remain nearly twice as likely to get infected as business PCs.
- The data reveals that regions most likely to be infected also have the highest rates of using older operating systems.
- Of the infected consumer devices, more than 35 percent were infected more than three times, and nearly 10% percent encountered six or more infections.
- The continued insecurity of consumer PCs underscore the risk companies face in allowing employees to connect to business networks from their personal devices.
- Trojans and malware accounted for 91.8% of Android threats.