02.15.11

Gemini version available ♊︎

When Windows Kills

Posted in Australia, Microsoft, Security, Windows at 12:51 pm by Dr. Roy Schestowitz

Ambulance

Summary: Australian emergency services had their own emergency (a downtime of over a day) due to Windows viruses; a lot more evidence from the news shows the uniqueness of Windows as far as insecurity goes

OVER the years we have gathered examples where Microsoft’s shoddy security cost lives, e.g. [1, 2, 3]. At one point we called it “Death by Microsoft Windows” and it appears to be happening again in Australia, whose government has shared a bed with Microsoft for many years (the OOXML fiasco is an example of that, but it is a month old by now [1, 2, 3, 4, 5]). According to IDG:

Computers which co-ordinate NSW’s ambulances are back online in three of the state’s regions after a major virus forced staff to shut them down for more than 24 hours.

The virus crept into the Ambulance Service of NSW’s dispatch system at 1pm (AEDT) on Saturday, prompting staff to co-ordinate paramedics by telephone and handwritten notes.

“Major virus,” eh? What do they mean by “major”? Viruses in this context are not physical beings. Surely a better term would be “Windows virus,” not “major virus,” right? “Windows, presumably,” writes Glyn Moody, “is this so wise when lives depend on it?”

The EFF points out that, based on Bruce Schneier’s analysis, the Microsoft updates are a potential flaw and there is a mention of “SCADA” too (covered in [1, 2, 3, 4, 5]).

We know the market pressure approach can work. Once Microsoft saw that the market would (at least threaten to) make purchasing decisions on the basis of security, we suddenly got the Secure Windows Initiative and Trustworthy Computing. A key security technique is keeping the heat on vendors.

There is also an operational problem. To get a handle on the state of security of important infrastructure, try a Google search for [ scada security ]. It turns up alarming reports of basic security problems in some of our nation’s most important systems. (“SCADA” stands for “supervisory control and data acquisition”, and is used generally to refer to industrial control systems for things like water purification, electricity, manufacturing, and so on.)

Somewhat related to this is the shocking news that the very notorious HBGary created Windows rootkits like “MAGENTA”, based on some new leaks:

In the new emails released by Anonymous we discover that HBGary Inc. may have been working on the development of a new type of Windows rootkit that was undetectable and almost impossible to remove.

There is also more about Stuxnet, which we last mentioned last night.

The Stuxnet worm repeatedly attacked five industrial plants inside Iran over a 10-month period, according to new data collected by researchers from antivirus firm Symantec.

Three of the undisclosed organizations were targeted once, one was hit twice and one was targeted three times, members of Symantec’s Security Response Team wrote in the report (PDF), which updates findings first released in September. The attacks took place in 12,000 separate infections in 2009 and 2010 and weren’t discovered until July.

Also in the news right now:

A report issued today warns IT professionals that cybercriminals are changing their tactics and, as a result, predicts there will be fresh banking trojans arriving in the wild.

The bi-annual report from M86 Security says that IT managers need to redouble their efforts to patch their IT systems, as next-generation malware is now on the way.

These new types of malware, says the company behind the report, are likely to include application code that takes advantage of social networking service users.

Notice the avoidance of words like “Microsoft” and “Windows”. It suits them well, it does not inform the readers though. Microsoft is one of the major causes of SPAM, owing to the number of botnets that get created by capitalising on Microsoft flaws. Nonetheless, the culprit from Redmond does some new marketing around E-mail ‘surveys’ that are probably intended to exploit Valentine’s Day. Business as usual, right?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 4/12/2021: Gedit Plans and More

    Links for the day



  2. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  3. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  4. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day



  5. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year



  6. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be



  7. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them



  8. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing



  9. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day



  10. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021



  11. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day



  12. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day



  13. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  14. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  15. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  16. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  17. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day



  18. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below



  19. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  20. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  21. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  22. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  23. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  24. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  25. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  26. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  27. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  28. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  29. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  30. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts