02.15.11
When Windows Kills
Summary: Australian emergency services had their own emergency (a downtime of over a day) due to Windows viruses; a lot more evidence from the news shows the uniqueness of Windows as far as insecurity goes
OVER the years we have gathered examples where Microsoft’s shoddy security cost lives, e.g. [1, 2, 3]. At one point we called it “Death by Microsoft Windows” and it appears to be happening again in Australia, whose government has shared a bed with Microsoft for many years (the OOXML fiasco is an example of that, but it is a month old by now [1, 2, 3, 4, 5]). According to IDG:
Computers which co-ordinate NSW’s ambulances are back online in three of the state’s regions after a major virus forced staff to shut them down for more than 24 hours.
The virus crept into the Ambulance Service of NSW’s dispatch system at 1pm (AEDT) on Saturday, prompting staff to co-ordinate paramedics by telephone and handwritten notes.
“Major virus,” eh? What do they mean by “major”? Viruses in this context are not physical beings. Surely a better term would be “Windows virus,” not “major virus,” right? “Windows, presumably,” writes Glyn Moody, “is this so wise when lives depend on it?”
The EFF points out that, based on Bruce Schneier’s analysis, the Microsoft updates are a potential flaw and there is a mention of “SCADA” too (covered in [1, 2, 3, 4, 5]).
We know the market pressure approach can work. Once Microsoft saw that the market would (at least threaten to) make purchasing decisions on the basis of security, we suddenly got the Secure Windows Initiative and Trustworthy Computing. A key security technique is keeping the heat on vendors.
There is also an operational problem. To get a handle on the state of security of important infrastructure, try a Google search for [ scada security ]. It turns up alarming reports of basic security problems in some of our nation’s most important systems. (“SCADA” stands for “supervisory control and data acquisition”, and is used generally to refer to industrial control systems for things like water purification, electricity, manufacturing, and so on.)
Somewhat related to this is the shocking news that the very notorious HBGary created Windows rootkits like “MAGENTA”, based on some new leaks:
In the new emails released by Anonymous we discover that HBGary Inc. may have been working on the development of a new type of Windows rootkit that was undetectable and almost impossible to remove.
There is also more about Stuxnet, which we last mentioned last night.
The Stuxnet worm repeatedly attacked five industrial plants inside Iran over a 10-month period, according to new data collected by researchers from antivirus firm Symantec.
Three of the undisclosed organizations were targeted once, one was hit twice and one was targeted three times, members of Symantec’s Security Response Team wrote in the report (PDF), which updates findings first released in September. The attacks took place in 12,000 separate infections in 2009 and 2010 and weren’t discovered until July.
Also in the news right now:
A report issued today warns IT professionals that cybercriminals are changing their tactics and, as a result, predicts there will be fresh banking trojans arriving in the wild.
The bi-annual report from M86 Security says that IT managers need to redouble their efforts to patch their IT systems, as next-generation malware is now on the way.
These new types of malware, says the company behind the report, are likely to include application code that takes advantage of social networking service users.
Notice the avoidance of words like “Microsoft” and “Windows”. It suits them well, it does not inform the readers though. Microsoft is one of the major causes of SPAM, owing to the number of botnets that get created by capitalising on Microsoft flaws. Nonetheless, the culprit from Redmond does some new marketing around E-mail ‘surveys’ that are probably intended to exploit Valentine’s Day. Business as usual, right? █
Content is available under CC-BY-SA