04.23.10
McAfee and Microsoft Cause Immeasurable Financial Damage
Summary: Enormous scale of problems is seen following McAfee’s error that deleted parts of Windows, which was not secure to begin with (and thus required McAfee’s poisonous placebo)
2010 has so far been a terrible year for Internet Explorer (IE) security [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. A few days ago we showed that IE8's XSS filter is broken, so use of recent versions is no guarantee when it comes to security. Microsoft has not addressed this security problem just yet, but The Register says that Microsoft is working on it.
Microsoft will release an update intended to rid Internet Explorer 8 of a vulnerability that can enable serious security attacks against websites that are otherwise safe.
The Register also has this new article about the McAfee cockup which we mentioned earlier [1, 2].
Enterprise customers of a widely used McAfee anti-virus product were in a world of hurt on Wednesday after an update caused large swaths of their machines to become completely inoperable.
“McAfee false positive bricks enterprise PCs worldwide,” says the headline and victims are so furious that a “McFail” campaign seems to have been spawned in Facebook. We have no sympathy for McAfee because this company has a Free software-hostile history which may include GPL violations and fraud. Besides that, McAfee is causing some huge damage to Windows users and to Microsoft as a whole. It is estimated that over a trillion dollars were spent/wasted due to damages caused by Microsoft's shoddy products. “Yet again,” writes a reader to us, “no one mentions it’s only Microsoft and no one mentions the dollar value lost to companies in fraud and revenue diverted into crap AV ‘solutions’.” We intend to press on with the "call out Windows" campaign which will certainly expand over time.
We’ve had our reader quote a new comment from Slashdot which says: “Is there a statistical breakdown as to Operating System platform the vast majority of this ‘aggressive malware’ runs on. Do the designers of such systems bare any responsibility for the current malware infestation. What is the dollar value lost to the economy in fraud, and revenue diverted into security solutions?”
More thought should be given to these important issues. Here is what Pogson had to say:
When I read reports of thousands of PCs disabled by anti-virus foul-ups, I rejoice that FLOSS is replacing XP around here. It is true that the user of XP or other versions of that other OS is helpless. He cannot run the PC without anti-virus software for the threats are too real and he cannot run the PC with anti-virus software because it is just malware in another form. The A-V we use around here is very intrusive and I will be glad to be done with it. It firewalls, filters and blocks applications not on approved list.
It is very counter productive and it costs a lot in terms of real progress. How did the world come to this and how can it get out of this hole? █
“I have a nice perspective on what it means to be in charge of the most important project in the history of mankind.”
–Microsoft project manager Brian Valentine
“Our products just aren’t engineered for security.”
–Brian Valentine (now doing damage inside Amazon)
Content is available under CC-BY-SA