Summary: A quick summary of Windows security news

TOMORROW, being April 1^st, Conficker is expected to cause damage using Windows installations which have thus far been idle on the network. In order to prevent problems that are shared accross the Internet, migration of PCs to GNU/Linux is advised. As SJVN put it yesterday:

Brace Yourself: DDoS Attacks Ahead

In 2009, the crème de la crème of Web sites are still vulnerable to DDoS (distributed denial of service) attacks. Indeed, entire countries, such as Estonia, have had their Internet capabilities crippled by DDoS attacks. Chances are decent we’ll all get to see a massive DDoS sometime on, or after, April 1st, when the hundreds of thousands of Conficker-infected zombied Windows PCs are put to work.

SJVN suggests a solution, too.

The sad truth is no matter what you do with Windows, whether you're running XP, Vista, or the Windows 7 beta, you're not safe. Now, however there's a patch that will stop Conficker, and almost all other malware programs, in their tracks. It's called Linux.

There is other new Conficker coverage, such as:

i. "60 Minutes" freaks out over Conficker. Where's John Hodgman when you need him?

FirefoxScreenSnapz031I love "60 Minutes," but sometimes it just makes you scratch your head. Isn't anyone working there who has any sophistication when it comes to technology? Lesley Stahl just finished a 15-minute freakout on the dangers of the Conficker virus, dangers which many information experts say have been blown way out of proportion ... especially by reports like the one that just aired on "60 Minutes." The segment producer would have done well to read the much less hysterical Conficker FAQ from CNet ... that's now appearing on the "60 Minutes" Conficker's story page. (CBS owns CNet.)

ii. Busted! Conficker's tell-tale heart uncovered

Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners.

In separate news, the rise of Windows ransomware is being noticed.

From scareware to ransomware

FireEye, a malware specialist, reports that Vundo, which makes fake antivirus programs (scareware), has now started a new scam. Vundo is no longer merely alarming users with bogus warnings that their PCs have been infected to con them into buying largely useless scanning software. Their latest attacks (ransomware) encrypt all of the files (.pdf, .doc, .jpg and others) on a user's PC and then report garbled data.

Tomorrow will be an interesting day, but when will people learn that no version of Windows ever be secure? It is designed insecurely from the bottom up. As Microsoft's Brian Valentine put it, "our products just aren't engineered for security." ⬆

More on Conficker

• Microsoft's Blame-Shifting Strategy Precedes More Trouble
• Leave Microsoft Alone
• Never Blame Microsoft, Blame Users and Exploits
• Botnets and Bounties Versus Real Security
• Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
• Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal Courts
• Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities
• Microsoft Adopts Malware Techniques to Advance .NET
• Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware
• One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies
• Death by Microsoft Windows
• UNIX/Linux Offer More Security Than Windows: Evidence
• US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)
• Eye on Microsoft: Another Messy Week for Security
• Microsoft Buys Market Share, But Still Loses Due to Technical Problems
• Eye on Microsoft: Advertising, Vista 7, and Conficker
• The BBC and Self Censorship (Regarding Windows)
• Entire Nation of Estonia Was Downed by Microsoft Windows Zombies
• Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)
• Eye on Microsoft: Miscellaneous Links
• New Casualties of Microsoft Windows?
• Conficker is Alive, Windows Vista is Critically Vulnerable and Microsoft Office Likewise
• Why Conficker is a Blessing to GNU/Linux
• Microsoft's Latest Web and Security Setbacks: A Summary
• Eye on Microsoft: Windows and Security News
• GNU/Linux Really Can Save Us from Conficker