Windows, Android malware still greatly outnumber those on Apple's platforms

AppleInsider

More than 34 million new malware samples have been discovered to date in 2022, with both Windows and Android remaining the most at-risk platforms compared to Apple systems like the Mac.

Malware illustration

Malware authors have been creating more than 316,000 new malware threats daily in 2022, according to data from Atlas VPN. The team's information is based on analysis of data from AV-Test GmbH, an independent antivirus and security vendor.

January saw the largest jump in new malware developments, with 11.41 million new malware samples registered in the first month of 2022. February saw 8.93 million malware samples, while March saw 8.77 million.

By the end of the first quarter of 2022, newly discovered malware threats reached 29.11 million.

The data was last updated on April 20, 2022. By that count, at least 5.65 million new malware samples were discovered so far in the month of April.

As far as the breakdown between platforms, Windows has seen 25.48 million new malware samples in 2022. At least 536,000 never-before-seen Android malware samples have also been discovered.

Apple platforms appear less affected, with macOS seeing 2,000 new malware samples in 2022.

Despite the relative rarity of macOS malware, Apple still finds the number of threats on the platform "unacceptable" compared to iOS. Vulnerabilities and exploits are not unheard of on iOS, but are rarer still than on macOS.

The prevalence of malware on competing platforms like Android and Windows has been a core argument from Apple against opening up its platforms. Apple has repeatedly argued that antitrust legislation in the U.S. and European Union could do real harm to user privacy and security.

Read on AppleInsider

jas99

Apple’s approach to security is working. 

Leave it alone, regulators. You simply don’t know what you’re doing. 

blastdoor

So Windows has 50 times more than Android, Android has 250 times more than Mac, and iOS is too small to report? Am I interpreting these numbers right? 

Seems like maybe Apple is doing something right. 

lkrupp

And I don’t think the old troll meme “security through obscurity” holds water anymore either. With macOS and iOS users having significantly more disposable income it would be logical for the bad guys to go after those users with great focus. But they don’t... or can’t.

blastdoor

lkrupp said:

And I don’t think the old troll meme “security through obscurity” holds water anymore either. With macOS and iOS users having significantly more disposable income it would be logical for the bad guys to go after those users with great focus. But they don’t... or can’t.

Also, Windows is more 'obscure' than Android, yet it would seem that Windows has far more malware (unless I'm misinterpreting the numbers). 

illrigger

Ugh. What a load of clickbait BS. How many attack vectors are coming into any given platform doesn't matter nearly as much as how effective those vectors are, and the most successful ones are hitting every platform all at once.

I do information security for a living, and I will tell you one very important thing: all it takes is one successful vector, and you are hosed. It doesn't matter how much more the other guys are getting attacked than you are, you still need to act as if you are constantly being attacked - because you really are. That means:

• Get everything that talks to the Internet (hardware and software) up to date as quickly as you can as updates are released. That includes your router!
• Replace that router that you "got a great deal on" back on Black Friday in 201x with a modern one that is well reviewed by a site that primarily/only reviews network stuff. If you are unsure, just get something from Asus that has at least 3.5 stars on Newegg.
• Limit exposure from the outside as much as possible and turn off uPnP on your router.
• Practice network isolation: keep equipment that doesn't need to be on the same network as your personal date on its own subnet, especially IoT stuff like lighting hubs and smart home gear that doesn't get updated often. 
• If something you have connected to the Internet hasn't gotten an update in a year, consider replacing it entirely (once again, that includes your router!), and don't buy no-name stuff from Amazon, Wish, AliExpress, etc., and put it on your network with the your PCs. Getting "Linarsefft" smart bulbs because they are so cheap is a BAD idea - they will never get updated and will almost certainly have some sort of security flaw in them eventually.
• Stop going to that site you know you shouldn't be going to. You know which one I am talking about - it's the one that you immediately thought of when you read that. Stop going to the rest of the ones you know are risky as well. Or, at the very least, build a VM, put it on its own network, and use that to go there instead.
  

As a reader, you should be finding articles like this offensive to you. They play to your ego to make you feel superior so they can make a bit of money from your clicks, but they are actually giving you a false sense of security. You ARE being attacked constantly and relentlessly - your network is getting pinged hundreds of times a day from countries far and wide (and by that I mean mostly Russia), looking for their way in. Don't listen to anyone who tells you you aren't, and act accordingly to minimize the risk of them actually getting in.

edited April 2022

tht

illrigger said:

As a reader, you should be finding articles like this offensive to you. They play to your ego to make you feel superior so they can make a bit of money from your clicks, but they are actually giving you a false sense of security. You ARE being attacked constantly and relentlessly - your network is getting pinged hundreds of times a day from countries far and wide, looking for their way in. Don't listen to anyone who tells you you aren't, and act accordingly to minimize the risk of them actually getting in.

Yes, and that’s why people like a walled garden. 

They are paying someone else to be vigilant for them. Your list of things to do is not something the mass market is going to do. The people who have the means will pay someone else to do it. 

iPhones and iPads have no way to install apps outside of the App Store, iCloud Relay is free for iCloud+ users, apps on the App Store are checked and can be pulled if need be, there is only one browser engine to manage, system software is updated automatically, payment systems are funneled through one system, subscriptions can easily be cancelled, developers are kept on a leash, so on and so forth. 

Doesn’t protect against everything, but for the vast majority of buyers, definitely good enough. There are people who are in niches where they are definitely attacked with nation-state resources, and they definitely should have practices above and beyond a normal person. Like erasing and resetting their devices on a monthly basis. Changing devices fairly often. Securing their Internet traffic. Who knows what else. 

It’s not a coincidence that Apple is successful with its premium prices. All these security features are things we want. I, like 99.9% of the other people in market, don’t have the time to go through a list of security practices. Can’t imagine people messing around with routers. The vast majority just use the combo modem-router they are forced to use from their Internet provider, and they are lucky to have it not broadcast a publicly available WiFi network for other people to use. 

illrigger

tht said:

I, like 99.9% of the other people in market, don’t have the time to go through a list of security practices. 

That's what everyone says until they spend months of their lives dealing with the consequences of identity theft (or worse), friend. "An ounce of prevention is worth a pound of cure", blah, blah, etc.

lkrupp

illrigger said:

tht said:

I, like 99.9% of the other people in market, don’t have the time to go through a list of security practices. 

That's what everyone says until they spend months of their lives dealing with the consequences of identity theft (or worse), friend. "An ounce of prevention is worth a pound of cure", blah, blah, etc.

All I can say is I’ve been ‘online’ since 1982 (Apple II+ with Hayes 300 modem) and have yet to be compromised by using common sense, purchasing decent hardware and software (mainly Apple gear), and using unique and complicated passwords for every online account. Common sense and skepticism have served me well so far. As we all know these days the primary attack ‘vector’ resides between the ears of the victim. Identity theft rarely if ever occurs by someone breaking into your network. It occurs when you voluntarily give out your credentials to phishing scams. Greed often plays a large part in getting compromised.

edited April 2022

tht

illrigger said:

tht said:

I, like 99.9% of the other people in market, don’t have the time to go through a list of security practices. 

That's what everyone says until they spend months of their lives dealing with the consequences of identity theft (or worse), friend. "An ounce of prevention is worth a pound of cure", blah, blah, etc.

What you listed is not an ounce of prevention. That’s expecting the mass market to be proficient at something they have no interest or time to be proficient at. They won’t do it. 

It’s one of the reasons people are willing to pay for Apple’s premiums. Apple provides enough protection to warrant these malware and attack vector statistics. They have minority unit share, but it’s a well monied share. Definitely a rich target for attackers. So, Apple is doing something right. 

freeassociate2

illrigger said:

Ugh. What a load of clickbait BS. How many attack vectors are coming into any given platform doesn't matter nearly as much as how effective those vectors are, and the most successful ones are hitting every platform all at once.

I do information security for a living, and I will tell you one very important thing: all it takes is one successful vector, and you are hosed. It doesn't matter how much more the other guys are getting attacked than you are, you still need to act as if you are constantly being attacked - because you really are. That means:

• Get everything that talks to the Internet (hardware and software) up to date as quickly as you can as updates are released. That includes your router!
• Replace that router that you "got a great deal on" back on Black Friday in 201x with a modern one that is well reviewed by a site that primarily/only reviews network stuff. If you are unsure, just get something from Asus that has at least 3.5 stars on Newegg.
• Limit exposure from the outside as much as possible and turn off uPnP on your router.
• Practice network isolation: keep equipment that doesn't need to be on the same network as your personal date on its own subnet, especially IoT stuff like lighting hubs and smart home gear that doesn't get updated often. 
• If something you have connected to the Internet hasn't gotten an update in a year, consider replacing it entirely (once again, that includes your router!), and don't buy no-name stuff from Amazon, Wish, AliExpress, etc., and put it on your network with the your PCs. Getting "Linarsefft" smart bulbs because they are so cheap is a BAD idea - they will never get updated and will almost certainly have some sort of security flaw in them eventually.
• Stop going to that site you know you shouldn't be going to. You know which one I am talking about - it's the one that you immediately thought of when you read that. Stop going to the rest of the ones you know are risky as well. Or, at the very least, build a VM, put it on its own network, and use that to go there instead.
  

As a reader, you should be finding articles like this offensive to you. They play to your ego to make you feel superior so they can make a bit of money from your clicks, but they are actually giving you a false sense of security. You ARE being attacked constantly and relentlessly - your network is getting pinged hundreds of times a day from countries far and wide (and by that I mean mostly Russia), looking for their way in. Don't listen to anyone who tells you you aren't, and act accordingly to minimize the risk of them actually getting in.

This is so reductive it’s comical.

- Completely ignores the legacy IT dilemma and all it’s  trade-offs. How do we choose between security and operations?
- Doesn’t even mention an adopting an adversary disruption strategy. Treating threats as an inevitable force of nature against which victims are powerless,  or that they need to hunker down and endure, is a passive (and lazy) model. Adversaries routinely capitalize on unevenly defended networks and known vulnerabilities of common applications and operating systems. You can proactively get in their way.
-  Relying on patch management is a failing and expensive strategy when you consider scope. Knowing how an exploit works—what series of actions and in what sequence that an attacker needs to use—will help you identify what systems are vulnerable and how to protect them until an upgrade is possible. And not for nothing, it’s easier to do that when you’ve got 2,000 combinations to address versus millions.
- The number of available attack vectors, not just the efficacy, absolutely matters as it gives you more opportunities to work around an unevenly defended system.
- Never mentions social hacking: Pretexting, Diversion, Baiting, Asserting Authority, Exploiting Kindness, Exploiting Associations — it’s difficult to patch human behavior..
- Never mentions authentication models or their enforcement.
- No, most people are not being subjected to blind ping floods on a massive scale in the way you suggest. (Hard facepalm on this one)

I wish I had more time to address all the shortcomings and fallacies in this little diatribe, because I think they’re mostly fall into the “false sense of security” category or are overly alarmist. You could dedicate an entire white paper to why anyone’s favored Brand X router, new or old, open-source or closed-source, is security swiss-cheese. Quite frankly most of it is so unprofessional — it sounds like the kind of IT advice my dad regurgitates after binging on PCMag and conspiracy sites all week.

As for the clickbait argument … methinks thou dost protest too much. Real security specialists take these kinds of metrics seriously — and in context.