10.11.10
Microsoft Thinks That Tax and Arrests Will Make Up for Security Flaws in Windows
Summary: Scott Charney from Microsoft wants some money because of security crises and others jail the exploiters rather than actually fix the issue they exploit
LET’S give some credit to Microsoft. It’s a very comical company. One of its satirists, Mr. Charney, has been making many good people laugh when he started preaching about help to Microsoft through taxpayers’ money. It began several months ago [1, 2, 3, 4, 5, 6, 7, 8, 9] and earlier this month he took the stage again [1, 2], telling a sob story and then appealing for donations. His employer created a monster with a back door and it cannot seem to get this monster under control anymore (it only keeps getting worse).
Over the weekend we presented yet another rebuttal and assorted reactions. Here are some more that caught our eye:
i. The day that Microsoft wore a tinfoil hat and shouted la, la, la
Let me run that past you again: if your computer (or network) gets infected by some malware and ends up being part of a botnet, quite possibly courtesy of some zero-day exploit taking advantage of a Windows vulnerability, then that computer (or network) should be forcibly disconnected and put into some kind of cyber-quarantine using an adapted public health model.
Charney clearly hasn’t thought this through. In his speech at the International Security Solutions Europe (ISSE) Conference in Berlin, and also in the accompanying Microsoft white paper “Collective Defense: Applying Public Health Models to the Internet” he pushes the whole public health model approach as a solution to the online security threat. Charney likens an infected computer to an infected individual who puts others at risk by not getting vaccinated, and argues that a public health model which tracks and controls the spread of infection, quarantining folk to reduce the spread, is the answer in the IT world.
ii. Microsoft Proposes Government Licencing of Internet Access
iii. The Sheer Hypocrisy of Redmond’s Stab at Internet Health
One of the benefits of being an 800-pound gorilla in this world is that you can use your strength and influence to help others.
So, apparently, seems to be the altruistic thinking at Microsoft (Nasdaq: MSFT) these days. Not content to rule the world — or at least try to — with its Windows desktop dominance, the software behemoth has now apparently paused to propose a way to tackle the Internet’s malware problems too.
The fundamental issue here is that Microsoft wants the public to cover up the costs of its own disaster. What does it think it is? BP?
Anyway, for Microsoft to think that an Internet tax can bring about a solution is to totally ignore the fact that this money will do nothing to actually fix the root of the issue, namely Windows. And why should the public ever take the burden? Microsoft hardly pays any tax and according to Associated Press, it wants to pay even less.
In a statement released Wednesday, executives for the Boeing Co. and Microsoft Corp. say I-1098 would harm businesses by raising costs for suppliers and making it harder to attract talent.
They already reject local talent and offer no benefits because it’s cheaper. That’s just more baseless lobbying and an increasing number of citizens of Seattle/Washington comprehend this over time.
Let’s go back to the original subject. Under similar posts from the weekend [1, 2] — ones about the Zeus plague [1, 2, 3, 4, 5] and the arrests it led to — that’s again an example where rather than addressing the security issues in Windows, the side-effects get handled. “Zeus Arrests Won’t End Fraud” is the headline of this new article which challenges the approach:
U.S. officials have charged 92 suspects believed to have been involved in cyber attacks that stole $70 million from bank accounts over the last four years. Meanwhile, authorities in London arrested 19 people who allegedly stole more than $9 million in just over three months using the same malware. Police in the Ukraine arrested five suspects on September 30.
But will 116 arrests make a dent into the international banking fraud being perpetrated via Zeus? Don’t get your hopes up, say industry experts.
Microsoft has been trying to get attention off Windows insecurity and it’s working quite well because the media no longer deals with Windows as an issue. The next post will be dedicated to Stuxnet, which is an excellent new example of the severe damages sometimes caused by Windows. █
kozmcrae said,
October 12, 2010 at 7:18 am
“Charney likens an infected computer to an infected individual who puts others at risk by not getting vaccinated…”
Our immune systems have the benefit of millions of years of adaptation. We are under attack, literally, every second. If our immune systems were as faulty as Microsoft’s operating systems, one third the population of the Earth would be on their death beds.
Dr. Roy Schestowitz Reply:
October 12th, 2010 at 7:33 am
If our development process had no adaptation, we would acquire no immunisation either and thus be sensitive to attack, and moreover mass extermination (which lack of variability leads to).
The Irish suffered massive famine because they once believed in one form of agri-monoculture with potatoes.