Whitewashing Inherent Windows Flaws
- Dr. Roy Schestowitz
- 2011-02-14 19:33:18 UTC
- Modified: 2011-02-14 19:33:18 UTC
Summary: New examples of security reports that lack an important ingredient which is an explanation about them being applicable to just one platform
LONG-ESTABLISHED platforms like UNIX and Linux offer more security than Windows and the recent bad news for Microsoft is just yet more proof of that. Techrights keeps urging people to call out Windows because it is indeed part of the problem (ease of cracking) and despite Richard A. Clarke saying the truth (among other security folks whose opinion is similar, as our security category ought to show), there are persistent denials and gagging by Microsoft. Looking at the news over the weekend, there is an issue which was mentioned here before and is still being brought up, this time by The Register:
Many users remain infected with computer malware – despite the fact that the vast majority are running machines protected by anti-virus software.
A study by European Union statistics agency EUROSTAT found that one third of PC users (31 per cent) had the pox even though the vast majority (84 per cent) were running security software (anti-virus, anti-spam, firewall) on their PCs. Of the survey's respondents, 3 per cent reported financial loss as a result of farming or phishing attacks, while a further 4 per cent reported privacy violations involving data sent online.
This reports neglects to name Windows. It's embarrassing that Windows and Microsoft are conspicuously missing, which means that people may never learn. Also
from the news, there is a lot of talk about "malware" with no attribution to Windows and Microsoft.
McAfee has identified the tools, techniques, and network activities used in these attacks, which continue on to this day. These attacks have involved an elaborate mix of hacking techniques including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools (RATs).
Here is
another new example of someone reporting about Stuxnet and blaming those who take advantage of it, not those who left the holes.
Last night, a member of hacker group Anonymous – a devious 4chan-spawned Internet coalition known for increasingly serious web-based attacks – announced on Twitter that the group was in possession of the Stuxnet virus.
Stuxnet is a subject that we covered in the posts below. It is becoming very costly to many economies.
⬆
- Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
- Windows Viruses Can be Politically Motivated Sometimes
- Who Needs Windows Back Doors When It's So Insecure?
- Windows Insecurity Becomes a Political Issue
- Windows, Stuxnet, and Public Stoning
- Stuxnet Grows Beyond Siemens-Windows Infections
- Has BP Already Abandoned Windows?
- Reports: Apple to Charge for (Security) Updates
- Windows Viruses Can be Politically Motivated Sometimes
- New Flaw in Windows Facilitates More DDOS Attacks
- Siemens is Bad for Industry, Partly Due to Microsoft
- Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
- Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
- Microsoft Software: a Darwin Test for Incompetence
- Bad September for Microsoft Security, Symantec Buyout Rumours
- Microsoft Claims Credit for Failing in Security
- Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
- Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
- Security Propaganda From Microsoft: Villains Become Heroes
- Security Problems in iOS and Windows
- Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran's Nuclear Facilities
- Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild
- Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again
- Cablegate Reveals Government Requesting Access to Microsoft Data, Kill Switches
- Use Microsoft Windows, Get Assassinated
- Iran Shows the Downside of Using Proprietary Software
Comments
TemporalBeing
2011-02-14 21:26:08
Dr. Roy Schestowitz
2011-02-14 21:57:47
You can't prescribe one universal brand for a system that's not proprietary... and that's OK.
twitter
2011-02-15 01:49:16
So why don't reporters do this and what can be done about it? The first thing to do is to politely ask. Email when you can and find out. I've been told by one or two that they consider the OS to be tangential and unimportant. This is essentially the same thing as the second excuse, which is that they really don't think OS matter and are openly bigoted in Microsoft's favor. IDG people respond rudely, others do better. You would think that such a basic fact would be part of any article about Windows security problems but Microsoft has worked hard to influence prominent reporters. Give reporters a breath of fresh air, they like it.
Successful letters are posed as a question, contain careful research about the specific problem and the general issue, and point out that it's not fair to call Windows problems "computer problems". Ask them why they called the Windows X a "computer X". Tell them X is a Windows only problem with links to various security sites that mention W32, XP, Vista/Windows 7 and no others. Then tell them it's not fair to condemn the entire computer industry because Microsoft can't fix their stuff. You might also link to reliable estimates of Windows compromise and the costs. The unavoidable story is that only Microsoft has problems and that everyone using Windows is greatly inconvenienced, if not robbed.
Mikko
2011-02-14 22:28:33
Dr. Roy Schestowitz
2011-02-15 06:03:10
"It has been reported that cars had a defective braking system."