Knowing some Indians here in my own town and some Russian/Ukraine programmers as online friends who were left with no work or unpaid and working with a promise of pay ($100usd/mo. at the time), here's how they explained to me what happens (often).

From the Indian side--and this is from Indians--not my opinion--the issue is simply corruption in government, the armed forces and business.  If someone offers a bribe, someone somewhere will accept it.

On the Russian side it's similar but has a more organized crime aspect to it.  If you were a credentialed, skilled programmer and no longer have viable work, "A friend" will share about the "job" he has.  If you take it, you will be added to a group of other programmers who have been given a task such as "back-engineer this specific part of the Windows operating system" or "decrypt this part of this security program".  Most such jobs involve only working on a small part of the overall project and normally the new hire is not told anything else about all the other jobs that are going on or even who they are for.  It's a task that when complete gets you a year of more of tax free pay and a spot in the queue for future jobs.

Many former state/military programmers refuse such work and drive cabs or whatever--others take it.  The attitude in Russia overall is, "Nichevo"..."No Biggie".  No one will judge you for taking what's offered and it is simply a personal choice based on how you feel.

Put together that in the regions where India and Russia operate, a lot of this sort of corrupt dealing is common and both have mutual interests and private/government/military business deals--well, there you go.

On the Russian side, millions of dollars are spent cracking global software and OS's.  A few years back, Russian criminals were estimated to have paid pout a total of $5 billion usd just to crack parts of the Windows OS.

It isn't necessarily so much "state action" by these countries (though I am sure that is happening too).  It's just greed.  No different to the South American peasant farmer who illegally lumbers in the rain forest to gather precious woods for sale.  He isn't trying to destroy the ecology--he just can't say "no" to the money growing out of the ground in front of him.

I believe that to be correct, Sinperium.

I'm interested in the irony of it, though. Here MS states how secure it is (Apple too), and they (as well as other companies) drop trou in the most insecure places on earth.

On the other hand, when asked here in the U.S. to reveal their code they say no. How these two stands are reconciled eludes me.

Two weeks ago Norton Internet Security was advertised by Fry's Electronics at a net cost of $0 - a bit more than it's worth, but quite the bargain, wouldn't you say?

Wait--they aren't going to pay me to use it?  No deal.

FYI--up until a couple of years ago I did home computer repair and I routinely would suggest AVG free as a non-paid solution.  I stopped recommending it when it started to get "acclaim" in reviews as it immediately got targeted by hackers.  Afterwards it was quite normal to see a shell progam running that looked like a functioning AVG install but was in fact nothing but the appearance--AVG would be shut down and just occupying the systray with an icon.

After some searching, I ended up suggesting Avast! Free Edition and overall have found it to be far superior.  I have yet to have Avast disabled externally and have found it gets compromised only with help from the most egregious stupidity possible.  The fact that they regularly update the build and core features is a big part of that.

Just a tip for those wondering, "What can I do?".  Be sure to add other programs along with it...Malwarebytes remains an excellent choice after several years still. 

Norton continues to live off it's reputation gained more than a decade ago and has done little to earn retaining any sort of reputation in the past few years.  It also remains a big target of organized and sophisticated hacking efforts because of it's high profile and continued use amongst corporate clients.

+1

I've/we've stuck with MS Security Essentials for awhile, but I've been considering going back to Avast.  MSSE let a nasty piece of malware into one of our networked PC's at the office not long ago which required a drive wipe/format/reinstall of everything.  Fortunately, didn't propagate to other network workstations or the server (that we know of).

I'm not trying to overplay Avast--nothing is perfect.  But in the free category I don't know of anything else I'd rely on.

AVG for example just recently broke compatibility with previous versions--after  a looong while.  I'm sure this was to address new security issues and prevent vulnerabilities. 

It''s not uncommon to see Avast do this a couple of times in a week--seamlessly with no issues.

I have a couple of corporate IT friends who tell me that prevention is no longer the ultimate goal with security software--containment and restoration is the priority...i.e., "It's a given it will get in--we just need to keep it from spreading and be able to restore quickly from backups."

A lot of the big name security companies have adopted this as policy.

Daiwa, there's a pretty comprehensive review of Avast! here: http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

No software is perfect in detection and prevention, unfortunately. I'd also recommend finding out how it got onto your system.

Thx, Doc.  Our IT guy wasn't sure of the source. 

The single best practice to ensure a user keeps their system and the programs on their system protected from malware is to NEVER run/use the computer system with an account that has ADMIN credentials.  Malware uses (with the execption of targeted and focused cyber-attacks) the SAME credentials the currently logged-on user has.  If those are ADMIN credentials then yes you should be worried for your system and its programs.

People need to really learn and embrace the concept of LEAST-PRIVILEDGE and teach yourself how to use/understand the "local security policy" of your system then AV programs being "un-installed" or corrupted or your browser being hiijacked etc. will forever be things of the past.

the Monk

EDIT:

I routinely demonstrate the powers of "least priviledge thinking" to client groups by using systems which have been "properly secured" (using least priviledge and NOT relying on some bloated third-party AV or other antimalware) by then visiting known high-threat websites and purposely connecting infected media to these systems etc. with zero ill effects.  The key is to properly secure your system so that any AV or other anti-malware software simply becomes an afterthought and is no longer the rather weak first and often only line of defense.

Correct. People generally then ask "How can I run sfc /scannow" or the like. Simple: log off as least privileged and log on as Administrator...Start Menu, cmd, right click, yada, yada. 

It really is a simple and not taught concept from the first time the mouse is touched through the "restores".

I'd love to give folks an online source for "How to secure your computer" that doesn't talk about antivirals but that uses proper procedures. 

the_Monk, do you know of any such site or source (besides yourself - not asking for a 'give away')?

Two articles I found by googling (albeit somewhat older) that may be helpful:

http://technet.microsoft.com/en-us/library/bb456992.aspx

http://www.windowsecurity.com/articles/Implementing-Principle-Least-Privilege.html

I may find the time to write up a simplified "secure your computer system properly and without the need for third-party software" guide someday, seeing as creating comprehensive security and network configurations is what I do for a living but it is a matter of making/finding the time to do so.  I do agree that these principles should be taught everyone at the earliest convenience and that "computer stores" as far as I'm concerned are NOT doing their part.

The viral epidemic we are witness to these days would simply put not exist if everyone had this sort of education.  I'm not worried about my knowledgel being a "free give away" I look at it as something I can do for the greater good.  I have always intended to create said simplified guide and it is just a matter of making the time for it.  Someday I will......hopefully sooner than later as I do know guides like it are sorely missed.