Summary: With Stuxnet running rampant and security issues at Microsoft reaching an all-time high, employees of the company attempt to distract from the fact that Windows -- not "sick" PCs -- is the cause
ACCORDING TO
this report, "EU calls Stuxnet 'paradigm shift'" and there is need for change.
While official U.S. response has been comparatively mild, the European Union's cybersecurity agency says Stuxnet represents a "paradigm shift" in critical infrastructure threats and that current defense philosophies need to be reconsidered.
In a statement released yesterday, Udo Helmbrecht, the executive director of ENISA (European Network and Information Security Agency), said that as a "new class and dimension of malware," Stuxnet represents a "paradigm shift."
"The attackers have invested a substantial amount of time and money to build such a complex attack tool," he said. "The fact that perpetrators activated such an attack tool can be considered as the 'first strike,' i.e. one of the first organized, well prepared attacks against major industrial resources. This has tremendous effect on how to protect national" infrastructure in the future.
CNET's Elinor Mills
no longer 'forgets' to mention Windows and "let's hope the[y] draw the right conclusion about Windows" was Glyn Moody's response to the above.
Stuxnet has become somewhat of a blessing to GNU/Linux because it helps more and more people see the serious ramifications of Windows use. Stuxnet is very much alive and there is no solution to it yet. We wrote about the subject in:
- Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
- Windows Viruses Can be Politically Motivated Sometimes
- Who Needs Windows Back Doors When It's So Insecure?
- Windows Insecurity Becomes a Political Issue
- Windows, Stuxnet, and Public Stoning
- Stuxnet Grows Beyond Siemens-Windows Infections
- Has BP Already Abandoned Windows?
- Reports: Apple to Charge for (Security) Updates
- Windows Viruses Can be Politically Motivated Sometimes
- New Flaw in Windows Facilitates More DDOS Attacks
- Siemens is Bad for Industry, Partly Due to Microsoft
- Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
- Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
- Microsoft Software: a Darwin Test for Incompetence
- Bad September for Microsoft Security, Symantec Buyout Rumours
- Microsoft Claims Credit for Failing in Security
- Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
- Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
"Stuxnet Used in Black Hat SEO Campaigns"
says Ziff Davis which also has this
new slideshow-type article about Stuxnet.
That link that you click on for information about the Stuxnet worm might be leading you to a malicious site.
It's the dark side of search engine optimization; attackers boosting the search engine rankings of malicious sites so they can lure visitors with the promise of interesting news. In this case, it's the Stuxnet worm that is being used as bait.
Stuxnet has been a regular presence in security articles since it was discovered this summer. The worm was designed to target industrial control systems, and its complexity has made it a source of interest for security researchers and IT admins alike.
As expected, Microsoft is trying to distract from Windows as the source of this problem. In fact, it tries to take advantage of this fiasco and portray itself as a rescuer. As we showed
some days ago, Microsoft steps up as the so-called 'solution' to the problem which Microsoft itself helped create and the old nonsense from Charney (he started this in [
1,
2,
3,
4,
5,
6,
7,
8,
9]) has washed the Web, leading to responses like Marco's
"Computer health certificates for surfing the Internet? Are you serious?"
First of all, he has managed to turn a problem that today, in large part, is caused by defects in his company's products in something that any freedom-loving government would really love to fix for you. This is genius at work. Because presenting (1) virus-ridden computers as "sick PCs", that is as a "public health" issue that should be fixed by "legal frameworks" that define and enforce "trusted computers systems" is just a way to mutilate computers so they can't do anymore what you want, but only what somebody else likes. In other words, this proposal could give governments a reason to fix Microsoft problems with their (as in "yours") money because it also does something else they want. Not to mention that movie and music corporations would surely insist to add "no copy" mechanisms to the "health" checklist.
Secondly, Mr Charney comes and proposes this... just seven months after an equally absurd and offending solution to the same problem, that is taxing ALL citizens to fix Microsoft's security problems. I am speechless, really.
John Gilmore
says: "I'd recommend merely ignoring his ideas til they sink like a stone. But it looks like Intel and Microsoft are actively sneaking up on the free Internet and the free 10% of the computer market by building in these techniques and seeking partnerships with governments, ISPs, telcos, oligopolists, etc to force their use. So some sort of active opposition seems appropriate."
Here is
what SJVN wrote about it:
My friend Richi Jennings is fond of the idea that users with malware-infected PCs should be cut off from the Internet. To this, I say not just “Yes,” but “Hell yes.” And, as he pointed out, other people are getting behind this idea of helping to clean up the litter of spam, malware, and distributed denial-of-service (DDoS) attacks that junks up the Internet highway.
Comcast, as Jennings pointed out, will be letting malware-infected users know that they’ve got garbage on their hard disk, but not keeping them off the net. Darn it.
If this was implemented,
up to about half of the world's computer users would get disconnected. It's really that serious. Despite Microsoft's many promises for the best part of a decade, things are not improving. Microsoft does not reveal just how many holes exist in its software (
there is silent patching which Microsoft keeps hidden), but this month it claims to be breaking the record:
i.
Microsoft Plans Biggest Patch Tuesday Security Update Ever
Microsoft is poised to break its record for the most Patch Tuesday security bulletins ever for the second time in 2010.
On Oct. 12, the company is set to release 16 security bulletins to cover a total of 49 vulnerabilities in Windows, Internet Explorer, Microsoft Office and the .NET framework. In August, the company set a new record with 14 bulletins. That update fixed 34 security holes across a number of products.
ii.
MS planning Patch Tuesday whopper: 16 bulletins, 49 vulnerabilities
This month’s batch of security patches from Microsoft will be a record-breaking one: 16 bulletins addressing a whopping 49 security vulnerabilities.
Windows XP may
no longer be sold, but this Swiss cheese of an operating system is here to cause trouble for several more years:
Although Windows XP will no longer be for sale this doesn't mean that existing users will be left high and dry. Microsoft has said that it will provide support for Windows XP until April 2014. Windows Vista support will also end in April 2014.
Notice what Microsoft is doing with Vista. Support gets cut on the same date, despite the releases being almost 6 years apart. What does that tell people who were foolish enough to fall for Microsoft's hype and bet on Vista? It's also a potential lesson about
Vista 7. A reasonable upgrade route is to GNU/Linux and Ubuntu 10.10 will be released very shortly.
⬆