"Thanks to Windows’ built-in insecurity, its easy to create huge Windows botnets," wrote the honourable SJVN a few days ago. It is widely recognised that Microsoft is largely responsible for many of Windows' security failings, but Microsoft pressures journalists not to call out Windows using techniques that we covered here before.
It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.
Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.
Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:"We broke Windows. It's your problem now."At least, that's how I interpret his comments. Charney wants to have users pass a kind of "health test" for their computer before they can use web services.
"Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats," he said.
Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank - or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.
Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one's own security stuff-ups.
The good folk at Redmond possess this quality in spades.
Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders' shares and Allen should only get 36 percent.
Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft's culture has always been defined by Gates.
Scott Charney's comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.
The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.
Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.
"Will Virgin do the same thing as LSE following this daunting incident?"Yes, journalists too recognise that this is Microsoft's fault, as stated at the beginning. The gullible, weak ones just bend to Microsoft PR agents and deceive the public about it. These are the sorts of people who do the scaremongering regarding "cyber war" so that companies like Microsoft and suppressive regimes can find good excuses for taking more control over people's computers, spying on PCs of Windows users for example.
There is another timely example of the failed design of Microsoft software. It's a major .NET failure just like the ones in LSE (a former Microsoft poster child). Not so long ago it turned out that a plane crash had been caused by Windows malware (with Microsoft boosters blaming IBM in vain [1, 2]) and amid other plane crashes and downtimes in airports [1, 2] it became evident that Microsoft belongs nowhere near aviation. Virgin made the mistake of going with Microsoft and watch what happens:
This latest computer crash, which looks to be as serious as the 2010 fiasco, will place more question marks around the integrity and robustness of the .NET based Navitaire New Skies system which claims to be able to handle load spikes and scale easily as passenger volumes increase.
The crash also raises questions about the level of redundancy built into Navitaire, which is supposed to provide back-up systems in the event of failure.
Comments
twitter
2011-02-17 23:18:44
As usual, the crooks go for the softest target and that is people's home computers running Windows. One of the reasons Barr targeted family members of his targets was to gain access to company and organizational networks. In one of the images he's quoted as saying, "An example. Richard probably has a home network. Richard and [his wife] probably share the same network, maybe even the same home computer. Either way. [sic] If I can exploit her account through one of her social connections I can exploit the home network/system." The nasty things he does with such information and control are well documented, harass, demoralize, fracture, discredit and destroy the targeted groups and people.
The best way for governments, companies and progressives alike to avoid this kind of screw over is for them to all start using free software which is miles ahead of non free software in all ways related to security, privacy and attribution. People using free software can easily sign or encrypt their communications and documents to assure privacy and authorship. That eliminates many of the social attacks Microsoft boosters will try to highlight in order to deflect attention from Microsoft flaws, the old "all software is crap, blame the user" misdirection. The number of free software exploits is vanishingly small because of inherently better design, continuous, rapid improvement and diversity based on architecture and distribution. Non free software was designed to exploit the user with unjust demands, so it is no surprise that backdoors and other treachery are more common than things users want.
twitter
2011-02-18 06:00:39
Dr. Roy Schestowitz
2011-02-18 06:29:19
twitter
2011-02-18 06:52:41
Call the author right away because he "provides custom security solutions that focus exclusively on the special needs of C-level and other senior executives."
News about the hack is ranked high in Google search results for "NASDAQ Directors Desk" but none of the articles in the first two pages call out Windows. This one (USA Today) thinks a poison pdf might have been planted but fails to mention the target would be Adobe Reader on Windows or that the attack was against a crappy Windows server. Instead the author calls Director's desk a, "no-nonsense social network for very privileged users. Nasdaq describes it as a "complete turnkey, fully hosted online board technology solution". Right. The author then details how a poison pdf would have been slipped it from a board member's "PC" that got p0wnt by someone who had done a little HBGary style research, as Windows PCs often are. No mention is made of Windws, however. That Windows is insecure on desktops or servers is simply too easy a solution, a non story that won't sell any fancy insecurity products. Network World fails to call out Windows, but comments do. There's no mention of Windows here or in the New York Times or The Wall Street Journal.
By not calling out Windows, all of these big publishers create panic without a reasonable solution, and set people up for great harm. Readers are invited to panic as they realize that criminals have penetrated all sorts of networks, private and government. They would not be so scared if they simply ditched Microsoft. Instead, I'm afraid Microsoft is going to use their failures to gain yet more power. People, ignorant of the cause of their problems, will be fleeced by snake oil vendors and Microsoft's "public health" proposals will be used to discriminate against people who don't use Windows and don't have the problems. The snake oil solutions are a never ending story that Microsoft has pushed since the early days of MSDOS.
Dr. Roy Schestowitz
2011-02-18 07:03:21