Nobody said MS was paying criminals to pay hackers to write these paid attacks.What was said was that criminals ARE PAYING hackers to write attacks.
The "who pays the criminals to pay the hackers" was left as an open question.
Cops would say "Follow the money" and they would be right in that approach.
http://www.opswat.com/about/media/reports/antivirus-august-2013This is the current year's report on who could benefit financially from the writing of paid hacker viruses.
Be sure to make the distinction between those who always get paid by customers and those who provides the fixes for free.
Security Essentials may be big, but MS provides it for free ....
Consider the SHEER SIZE of the anti-virus industry. It is huge.
"According to Gartner, the security software market grew from $7.5 billion in 2005 to an estimated $16.4 billion in 2010".There is a lot of coin to be made from MS's poor programming habits that IS their stinking OS system. So much money that somebody figured out they could prime the pump occasionally to keep the milk flowing.
"Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially."MS does have a very large corporate business serving whatever needs the corporation has, and that includes fixing attacks and damages done to the customer's systems. They do get paid BIG BUCKS to do so.
However, for people's personal computers, MS gives Security Essentials away for free. It doesn't stop much, so when you need your machine flushed you still have to go to a pay-me company to get the real fixes.
Point made on several articles was that when XP dies then the AV people are going to have a license to print money off of it.
And all the criminal hackers are saving up their best new nasties so as to get top dollar for them when MS's support ends and you are have to pay out the nose to stay running.
===========================
Contrast Linux please,
Exploits are hard to find because the code is tight and very well written. Once exposed, a vulnerability is patched in a day or so and the source code in the kernel gets fixed and released with the next scheduled release.
MS patched XP for 13 years and it is still septic with bugs and exploits.Linux is so well written that the actual viruses can be easily counted (and a record kept) of every exploit that has ever been found.
And here is the entire Linux list of malwares ....http://www.unixmen.com/meet-linux-viruses/http://en.wikipedia.org/wiki/Linux_malware#VirusesNote: many of these malwares were written to attack Windows machines but can be carried by any computer system -- so they are by default also listed as Linux viruses. Since the net runs on Linux these sorts of "carrier only" viruses are a legitimate concern for the Linux folks.