Summary: "National Cyber Security Awareness Month" is being exploited by a programme that receives the support of Howard Schmidt from Microsoft (now Cyber Security Czar); In it, children aged 11-14 would be taught cyber 'security' rather than insecure parts of the systems simply removed

"The estimated cost of unsolicited emails to businesses in 2007 was $100 billion," wrote lnxwalt earlier today, pointing to this page. The overall cost of Windows botnets that dispatch spam and cause other harm may be measurable on the scale of trillions.

Microsoft is currently alerting customers that ASP.NET is a security problem. We covered this in earlier stages of the problem [1, 2]. It affects a lot of Windows-powered Web sites and last night there was a discussion in IRC about the serious Twitter flaw and whether it affects just Internet Explorer, Windows, and Office users. One newly-published article says:

[T]he worms of yore were so devastating because they could exploit a global monoculture: Microsoft Internet Explorer or Microsoft Word running on Microsoft Windows just about everywhere. This made it far simpler to exploit weaknesses in distant PCs, because the actual architecture was known with a high degree of probability.

With the mouseover mess, we were saved by the wonderfully diverse ecosystem of Twitter clients operating through the Twitter API. This meant that assumptions that were correct for code running on the twitter.com site were not valid elsewhere.

This hammers home once more the importance of avoiding monocultures, and encouraging rich and diverse ecosystems (multicultures?) One of the easiest ways of doing that is to adopt free software alternatives to all the Microsoft warhorses. The open source world being what it is, it is far more varied, not least in terms of versions and applications (critics might even call it fragmented). That makes mass attacks hard, and therefore unlikely, since ne-er-do-wells don't even bother trying when they can just code for Windows.

Open source is certainly not immune to attacks - for example, I fell victim to the mouseover exploit despite using a completely free software stack (thanks, Twitter.com) - but it reduces the risk overall. That means if you are not using it for business, you are increasing that risk - which would be a pretty irresponsible thing to do, no?

On the client side, having Windows cannot help.

Microsoft's former employee Howard Schmidt of now the Cyber Security Czar in the United State (after a recent appointment which we mentioned in [1, 2, 3, 4, 5, 6, 7]) and rather than calling out Windows and making platform recommendations, he does the usual thing by endorsing/giving people unnecessary 'education' about Windows et al. He can't take Windows off schools' agenda where Gates (his former boss) is increasingly taking control, can he? Some PR puppets sent us the following E-mails a short while ago, helping to show how Schmidt and his subordinates try to tackle this problem. Below we put the message, without appending an accompanying press release that we omit.

A free program that brings top cyber security experts into schools to teach kids how to avoid online dangers has received the support of White House Cyber Security Coordinator Howard Schmidt.

The (ISC)2 Safe and Secure Online Program, administered by the world’s largest body of information security professionals, brings experts into schools to teach children ages 11-14 how to protect themselves in a cyber-connected world. Issues addressed include cyber bullying, social networking, online predators, identity theft, online reputation, and more.

Launched in the U.S. in the fall of last year, the program has reached more than 30,000 kids. Just in time for National Cyber Security Awareness Month, the U.S. program now has more than 1,000 cyber expert volunteers signed on to conduct presentations this fall.

Please see full details below. If you would like to know if any schools presentations are taking place near you, or if you would like additional information on the program, please contact me. Thank you.

Juliette Mutzke Maples Communications, Inc.

Schools should not be used to indoctrinate children with presentations on how to use Microsoft software and other products securely (it is often not possible). It is neither effective nor a decent use of school time/budget. ⬆

“[W]hen nobody is using Windows, there will be no botnets”

--Professor Eben Moglen, 2010