Is malware still relevant for the average user?

Yes, I'm serious. I don't work in customer support, so I honestly have no idea what the situation is like these days. All I can say is that I have not seen an infected end-user system (even an XP one) in a long time; just the usual combination of hardware failure, accumulated filesystem junk, missing DLL issues, and mysterious performance degradation that I'm not enough of a Windows geek to have any luck tracing.

To those of you who do help desk work, or such: how much malware do you typically see now? How much on XP vs. Vista and later?

 

I'm working in customer support and must say that infections are really rare. Few month ago we had few problems with Cryptlocker and every now and then we come across PUA infested system. We mostly support SMEs but I don't know what is situation with regular users. My friends and family haven't got infected for some time now also.

hqsec

 

While I don't have the definitve answer, I believe the threat is still there but it largely depends on the user, their pc security acumen, and their browsing habits. Speaking for myself, it has been well over a decade since I've had an infection. Even when I used, perhaps the most maligned antivirus app, AVG, who many said was sub-par. And said AVG was the most commonly found AV on infected systems but for (2) years I was never infected, even when I ventured into the darker recesses of the web.

So what that tells me is, you can have the preceived best AV but in the hands of a fool, or the reckless, end up getting infected. OTH you can have a perceived average AV in the hands of a savvy/careful user and be infection free.

 

Study: IT-Savvy Users Infected More Often Than Noobs

 

From pdf (direct link) hxxp://www.kindsight.net/sites/default/files/Kindsight-Q2-2013-Malware-Report.pdf :

 

PandaLabs report: http://www.techweekeurope.co.uk/news/uk-pc-infection-115388

 

Interesting, I didn't realize infection rates were that high... anywhere really.

I will note that the 50+ percent rate in China probably corresponds with the ubiquitous use of pirated copies of Windows XP there.

 

I really wonder how to interpret those Pandalabs numbers.
(Just like the numbers in the link to the Q1 2013 Pandalabs Quarterly Report PDF link).
With supposedly almost one in four infected in NL, and according to the report likely some 75% of those are trojan-infections, I'd expect a much higher number of banking fraud incidents, reported in Dutch media.
Are (harmless) remnants left behind on PC's perhaps also counted as infections?

 

According to http://www.microsoft.com/security/portal/mmpc/shared/protection.aspx, approximately 1 in 714 (0.14%) of "Microsoft real-time protection customers" reported 1 or more infections on the average day in January 2014.

 

the only malware i notice these days is the one coming through emails.
those are usually easy to spot, especially when you get airplane tickets in attachments when one does not fly.
Outlook usually does a good job of flagging those.

the thing i was afraid the most used to be drive-by malware but those seem to be a thing of the past.

 

I think if there is a decrease then it's from those average people switching to their smartphones/tablets over their desktops. On desktops I just see the usual crapware/bundleware that comes from not unchecking a check box. That, or the stuff that they got from clicking a false "Download now!" link.

Email attachment spam is still the biggest source of it.

 

At present there are very goodly amounts of malware that stay hidden from the users. How can anyone say a computer is not infected as of late unless that computer has been checked/audited by a security expert? Most casual users do not have the skills to determine their computer is malware-free.

Suppose one uses several good security scanners including resident and on-demand and no malware is found by them. This proves that those scanners did not find anything - NOT that there is no malware on their computer. If one takes a casual look at some of the posts on the malware help forums one would see the helpers go to extravagant lengths to determine if the computer upon which they are working is malware-free. Often the person seeking help is asked to run various programmes and every so often some infection is found but often near the end of the cleaning some non-usual less often used programmes are used that the typical security-minded Wilders Security Forum member does not use.

This is just to say that unless a computer is checked for malware by an expert then it cannot be said definitively that a computer is malware free. The malware may not cause any noticeable system degradation or slow-downs or may have no visible attributes but data may be being harvested and something may be phoning home with that information regularly.

Hopefully all those who think their computer is malware free are correct though.

Best regards

 

11.6 Percent of PCs with Security Solution Infected

 

if my money is still in my bank account and/or i'm not suffering from identity theft I know i'm not infected.
that's all I care about.

what's the point of worrying about malware if it does not affect me?

Victek sums it up quite nicely:

from here:
https://www.wilderssecurity.com/thre...ng-live-windows-xp.362766/page-2#post-2363339

 

Threat statistics by nation are available at http://www.securelist.com/en/statistics#/en/map/oas/month.

I'll guess that these are encounter rates, not infection rates.

 

Q Section I agree, but I also see quite a catch 22 going on. By far the majority of average people are NOT going to be able to keep their systems secure on their own. They are not going to be able to deploy quick fixes like restoring disk images, installing OS's or other things that the more technically inclined wouldn't bat an eye at doing, should disaster strike. A family member recently just took computer in to get some scumware removed. It wasnt cheap.

With the ever changing tactics of the scamsters they are much more cunning in hiding what they're up to. Id prefer to not adopt the "ambulance at the bottom of the cliff approach" and wait til disaster strikes then say I care about it, yet, to the degree that I lack knowledge to fix/secure things is the degree Im forced to do just that.