EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.07.08

Eye on Security: ‘Fun’ with Zombies, Press Ignorance, and Bizarre Solutions

Posted in Microsoft, Security, Windows at 8:54 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Microsoft software is not exactly renowned for being secure, despite attempts to manipulate journalists. The software is notorious for being deficient or defective. To Microsoft, security and networking were an afterthought, not a design consideration, as shown here. Granted, trouble should be anticipated.

Zombies Conundrum

Stories about Windows zombies are a dime a dozen, just like zombie nodes. It is estimated that about 320 million Windows PCs are zombies. Here is the latest story on this never-ending (and very costly) battle.

Researchers at Trend reported that 500,000 unique hosts have been infected across the globe. Macalintal said that because of the behavior of the worm, he expected to see the botnet grow bigger and produce more variants.

That’s small potatoes compared to the whole, but it just happens to be a new example. Not so long ago we witnessed hospitals and army bases becoming botnets, as well. It’s a hugely serious subject that results in many untold deaths.

Insecure by Design

As prior links demonstrate (we strive to avoid repetition), it is agreed even by Microsoft’s biggest of fans that Windows fails at security because it’s just bad at it. It’s nothing to do with market share and those lies are running thin. In the following new article, Microsoft’s security model comes under fire.

When Microsoft released an emergency patch last month for a critical vulnerability in the server service in Windows, administrators and security teams in enterprises around the world scrambled to test the fix, schedule downtime and get the patch distributed as quickly as possible. If ever there was an occasion to use all due haste in deploying a patch, this was it. Not only was the vulnerability present in every supported version of Windows, but Microsoft officials had warned that it was a prime candidate for a worm.

Here is another one from the news.

Security Manager’s Journal: When is a patch not really a patch?

[...]

If you don’t reboot a Windows server after a patch is applied, the patch doesn’t take effect, but SMS doesn’t notice that failure to reboot. This insistence on rebooting is one of the things I dislike about Windows. In the Unix world, all that’s usually required is that a particular process be restarted.

There has been lots of chatter about a flaw in Mozilla Firefox, but like many previous ones, this new vulnerability only applies to Windows, where Firefox inherits some risky behaviour which it sometimes attempts to mimic due to necessity. Why isn’t the press covering this properly?

Bad, wicked Firefox, bad wicked open source…except that this trojan *only* works on Windows…which means it’s bad wicked Windows, yet again. But the article never mentions this, of course.

[...]

And yes, you guessed it, it only works on Windows. So that bit about “[t]he most remarkable feature of the episode may not be the breach of security, but the cost of dealing with it” is really about the cost of using Windows – well, it’s The Economist, what do you expect, accuracy? When will they ever learn?

As Glyn Moody shows, there are rare exceptions among the reporters.

The Web Vector

Adding to a mountain of reasons for infection:

1. Facebook hit by virus

“Koobface” that uses the social network’s messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.

2. Most recent Windows infections result from the same simple trick

BitDefender’s Top 10 E-Threats Report identifies just one type of attack as being responsible for more than a third of Windows infections in the past month: fake anti-virus scans, also known as scareware.

Attacking the Outcome, Not the Cause

Here is a good and short article titled “Punishment vs. Prevention.”

Finally, I feel compelled to issue the warning, “Be careful what you wish for, because you might just get it.” If the government takes over Internet security, there is sure to be a large amount of new regulation imposed. And this could mean security companies like F-Secure would have to devote a lot of resources towards compliance. I think it would be much better for us to take responsibility for finding solutions ourselves.

This is a hot topic at the moment because concerned authorities ponder tackling the zombies issues by making punishment for those caught a lot more severe. But it’s totally the wrong way of addressing the issue. As Carla argues very rightly: ““Instead of Throwing Everyone In Jail, Fix Your Lousy Products”

Have any of them– has one single vendor, whether it’s Symantec or Trend or McAfee or F-Secure or anyone– ever said “Quit throwing your money down a rathole– stop using Windows, or at least don’t put it on the Internet”? Wouldn’t that little tidbit of honesty be refreshing? But no, they’ll never do that. If the same conditions existed in, say, the small home appliances industry people would be getting electrocuted by their toasters and hair dryers every day, and the manufacturers would advise them to learn correct handling of live wires, and a thriving industry of insulated safety garments would prey on the survivors. If they made safety gear for swimmers it would be so bulky and uncomfortable they either wouldn’t use it, or they would drown under the weight of it.

Following current trends, anyone who criticized them would be persecuted under the DMCA.

Instead of pointing a finger at those who produce and sell shoddy software, those who suffer are blamed for negligence and stricter rules are devised as means of punishment (false cure), not prevention. It won’t work. The systems need to be changed, as opposed to just their side-effects.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 12/11/2019: Sparky 2019.11 Special Editions and Twisted 19.10.0 Released

    Links for the day



  2. Microsoft's Abduction of the Voice of Its Opposition Highlights the Urgency of the Movement/Campaign to Delete GitHub

    Microsoft understands that by entrapping FOSS and GNU/Linux inside proprietary software platforms like GitHub and Azure it can utilise the false perception that it somehow speaks on behalf of both (whilst attacking both)



  3. IRC Proceedings: Sunday, November 10, 2019

    IRC logs for Sunday, November 10, 2019



  4. SUEPO Protests Against Management of the European Patent Office Brought Back Discussions About Corruption

    The atmosphere at the second-largest institution in Europe has long been toxic; now it is becoming a lot more visible again and comments highlight the reasons for the cover-up (gross misuse of billions of euros)



  5. Links 11/11/2019: Linux 5.4 RC7, HandBrake 1.3.0 and Analysis of XFCE

    Links for the day



  6. Links 10/11/2019: digiKam 6.4.0, OpenMandriva Lx 4.1 Alpha and OpenZFS Plans

    Links for the day



  7. Video: Dutch Media on EPO Protest

    The new video added by SUEPO on Saturday in order to show Dutch media coverage of last week's protest in The Hague



  8. Politics in the Workplace Are Not Paradoxical and Outside the Workplace They Are Free Speech

    The safest space is one in which no other human (or creature) exists, but in reality we must make compromises and accept that not everyone will agree with us 100% of the time (so we must learn to live with that)



  9. IRC Proceedings: Saturday, November 09, 2019

    IRC logs for Saturday, November 09, 2019



  10. Thick Skin Makes Strong Communities

    Learning to coexist with people who don't agree on everything is a strength and successful societies encourage that (the alternative is blind conformity on all matters)



  11. Training (Proprietary Software) Versus Teaching (Free Software)

    Education necessitates software freedom — a fact that companies like Adobe, Apple and Microsoft try hard to distract from



  12. The Linux Foundation Brought as Keynote Speakers People Vastly Worse Than Those Whom It Now 'Cancels' for Purely Political Reasons

    A lot of people are very upset about the Linux Foundation's alleged 'witch-hunt' and even press coverage has caught up with the outrage; but our position is that it distracts from vastly bigger Linux Foundation scandals



  13. An Open Letter to Richard Stallman

    "It's past the time for the official cornerstones of the Free software movement to return to their full operational capacity, and to take the gear out of neutral."



  14. Links 9/11/2019: Linux Journal Goes Dark (Offline), KStars 3.3.7, OpenSUSE Name Change Aborted

    Links for the day



  15. Think Tanks, Bristows, 'Simmons' and 'Birds' Can Only Ever Lie to Us About the Dead Unified Patent Court (UPC)

    The UPC is a dead bird, but lobbyists of the litigation giants would have us believe otherwise, in “In-depth Analysis” which is anything but (it's just propaganda with the veneer of officialism)



  16. The EPO's Management is Trying Really Hard to Distract the Media From EPO Unrest (and It Has Been Partly Successful)

    We take a look at the profoundly bad situation at the EPO (examiners unable to do their job properly because of rogue leadership); we also reexamine how media covered — or rather refused to cover — this urgent issue



  17. Microsoft's 'Safe Spaces'

    The 'new' and 'ethical' Microsoft that offers us all a 'safe space'



  18. 'Artificial Intelligence' (AI) Will Only Doom Patent Offices If It's Used to Stamp Millions of Invalid Patents (IPs)

    The Artificial Intelligence (AI) craze is being used as an excuse or as a pretext for granting loads of patents on mathematics and statistics (maths and stats aren't permissible or eligible for patent coverage); by calling just about everything "Artificial Intelligence" (or AI, or "hey hi!") they hope to mislead examiners, who are also being presented with new guidelines full of these buzzwords



  19. Need More Questions

    Pedophilia-centric scandals associated with Bill Gates or people working for Bill Gates don't interest the media anymore; people shy away from the possibility of 'embarrassing' the so-called 'philanthropist', celebrated by the media he is sponsoring



  20. IRC Proceedings: Thursday, November 07, 2019

    IRC logs for Thursday, November 07, 2019



  21. Helps to Have Connections and Operate at a Loss Just to Drive the Competition Out of the Market

    Microsoft still uses the same anticompetitive tactics and outright illegal tactics such as bribery, but we're supposed to think Microsoft is run like a charity



  22. Startpage Shows Sheer Hypocrisy After Selling Out and Betraying Privacy (Corrected)

    After more than half a decade of using and advocating Startpage I've come to realise it's a spying operation and Startpage hopes nobody will notice



  23. Former Mayor of Munich Explains How Microsoft Hates Linux

    Christian Ude speaks in a new interview about what Microsoft did in Munich and elsewhere in Europe in order to undermine GNU/Linux and impose Microsoft Windows on everybody, together with all the spyware Microsoft provides for it (likely violation of privacy laws)



  24. Linux Journal is Offline, But the Articles Will Come Back

    Linux Journal may be offline (since just before the weekend), but the articles will come back one way or another



  25. Links 8/11/2019: Ubuntu MATE 19.10 Reviewed, FreeBSD Migrating to OpenZFS

    Links for the day



  26. Nobody Should Believe Bill Gates and the Media He 'Sponsors' (Bribes) Anymore

    No matter how hard Bill Gates and his legion of lawyers/PR people try to divert the media's attention away from his Epstein scandal, it keeps coming back



  27. IRC Proceedings: Thursday, November 07, 2019

    IRC logs for Thursday, November 07, 2019



  28. System1 (Company Behind Startpage, Dogpile, WebCrawler, MetaCrawler and More) Calls Surveillance “Privacy”

    Surveillance seems to have become so fashionable that its purveyors and intermediaries (sending one's data to Microsoft, Google and so on) have a sense of humour strong enough or sufficient to call that "privacy"



  29. Links 8/11/2019: Rust 1.39.0 and KDE Applications 19.08.3

    Links for the day



  30. MIT Suggestions

    Sometimes things are too ugly to talk oneself out of; so a distraction is urgently needed


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts