Microsoft #DroidRage Tweet Shows How Malware Has Moved Past Windows

Yahoo Contributor Network

"Do you have an Android malware horror story?" Microsoft asks through its @windowsphone Twitter account, in what may be one of the most ironic tweets of the year.

After all, it wasn't that long ago that "virus" and "worm" stories made headlines on a regular basis, all of them about "computer viruses" which were really Windows viruses. Just a few years ago, Apple advertised the fact that a Mac "Doesn't get PC viruses" as a reason to buy one.

But this year, 600,000 Macs were infected by the Flashback trojan, an epidemic which exceeded the scale of history's single largest Windows infection. And now ​Microsoft​ is implying that its phones don't get malware, as a way to advertise them. How did things get to be this way, and what will malware and virus authors do next?

​When virii attack

For years, Microsoft's DOS and Windows operating systems were the biggest targets for virus and malware authors simply because they were the least secure. Today's PC security best practices had yet to be built into them, and trying to bolt features on to ancient programming code was a half-baked solution at best. HugeWindows malware epidemics spread as the malware programs were able to install themselves without explicit permission and operate without user intervention.

​Network effects

One reason Microsoft Windows dominated the computing world for years and years was simply because it was dominant. More people using Windows meant more profits for Windows app developers, which meant more games and apps for Windows, which meant more people buying Windows PCs so they could use Windows games and apps.

Like with apps, malware is a business that makes money for the people who write it. And while it was theoretically possible to infect a computer running a more secure operating system, like OS X (used on Macs) or Ubuntu (powered by Linux), it was considered impossible to get it to spread far enough to be profitable. Whereas on Windows it was (and still is) possible to infect vast numbers of PCs, even chaining them into zombified "botnets" which act as supercomputers-for-hire.

​How the mighty have fallen?

OS X's more secure design makes it extremely hard to infect with malware -- normally. The Flashback trojan sneaked in this year using the Java web browser plugin, which is bundled with the Mac's Safari web browser and was poorly maintained.

Plugins like Java and Flash open up new ways to infect a computer, which was one reason why Apple stopped including the Flash plugin (already absent on its iPhone and iPad) by default. Apple created a fix for the problem, but not before over half a million Macs were infected.

​What about on smartphones?

Unlike Apple and Microsoft's app stores, the Google Play store allows anyone to submit anything with no review. It's up to Android smartphone and tablet users to look at the "permissions" each game or app requests, as well as the reputation of their developers, and decide whether or not to install them.

While some consider this approach more "trustworthy" and respectful of users, it's also helped lead to a comparatively enormous number of malware infections on Android, including "The Mother of All Android Malware," which completely took over tens of thousands of phones last year.

​Are you #DroidRage-ing yet?

Microsoft's tweet says "we may have a get-well present" for people who send it their best or worst stories of Android malware. Even if all the apps in the Windows Store are virus-free, however, there are still far fewer of them than there are for Android.

Jared Spurbeck is an open-source software enthusiast, who uses an Android phone and an Ubuntu laptop PC. He has been writing about technology and electronics since 2008.

View Comments (17)