01.05.10

Gemini version available ♊︎

Boycott Novell DDOS; Perhaps Time for Authorities to Ban Microsoft Windows

Posted in Microsoft, Security, Windows at 9:32 pm by Dr. Roy Schestowitz

Summary: Another long batch of denial of service attacks on the site gives room for thought

FOR over a week now, on and off we are being hit by rogue bots that hammer on the server with junk requests to the point where it is unable to serve genuine visitors. It even happened around Christmas.

“Zombie PCs come from all over the place, always sharing one thing in common: they run Windows.”This would not be the first time that we suffer from non-stop or occasional DDOS and downtime. Zombie PCs come from all over the place, always sharing one thing in common: they run Windows.

Australia wants to take such PCs off the Internet, but that would hardly solve the problem at a global scale. As up to about one in two Windows PCs is a zombie PC, the reasonable solution sometimes seems like a worldwide Windows quarantine. Microsoft is only giving people more reasons for resentment, especially people who understand where the problems originate from.

Here at Boycott Novell alone we have been spending many hours in recent weeks merely fighting against these disruptions, also spending hours offline as a result. Who will pay for the damage? Microsoft? Microsoft is only profiteering from its zombies and taxpayers take the bill. Astounding.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

12 Comments

  1. Yuhong Bao said,

    January 5, 2010 at 9:47 pm

    Gravatar

    Well, I wouldn’t go so far to ban Windows entirely (espcially considering that it is only partly MS’s fault), but banning zombie PCs in general is a good idea.

    Roy Schestowitz Reply:

    How would you go about implementing this?

    your_friend Reply:

    True, there’s no reason to ban Windows operation, just ban their connection to any public network.

    One way to do this is to make people accountable for the poor security of their computers. A class action lawsuit should be launched against Microsoft for every business that has suffered downtime due to DDoS. Companies with large numbers of participating machines can be named as co-defendants. That would clean things up pretty quickly and I can’t believe no one has thought of it …

    perhpas they have. Looks like the legal groundwork was all worked out ten years ago, but no one has done anything. Ten years after articles like this put the blame on greedy companies, we now have free systems that take less money and staff but have no security problems. My bet is that the right lawyers simply have not caught up to the problem and potential solutions. The existence of obvious low cost alternatives, combined with a decade of tremendous costs should combine to make some very juicy lawsuits. It’s time to lay the costs of non free software at the feet of it’s owners.

    Yuhong Bao Reply:

    “A class action lawsuit should be launched against Microsoft for every business that has suffered downtime due to DDoS.”
    I don’t think so. As I said, it is only partly MS’s fault, and when did it made sense to consider a class-action lawsuit just because a security vulnerability has been found in their software.

    Yuhong Bao Reply:

    “True, there’s no reason to ban Windows operation, just ban their connection to any public network. ”
    Banning Windows operation on any PC, zombie or not, would likely be impossible anyway.

    your_friend Reply:

    No, it’s not. Microsoft does what it can to exclude free software users from hardware and networks all the time. Ports are blocked by ISPs and Universities are blocking systems that are not “up to date”. It would be simpler and more effective to block all Windows computers, Zombie or not, than to try to achieve the impossible and secure them.

    Yuhong Bao Reply:

    I was thinking of banning *local* Windows operation. But I agree that client-side detection and quarantine, like MS’s NAP, is a bad idea. No need to detect Windows specifically, just detect botnet and worm network traffic on the network side and ban PCs that are sending them.

    Roy Schestowitz Reply:

    It would not cure those PCs. They would just move on to other targets that are more sensitive.

    your_friend Reply:

    Botnets are a Global problem but the correction is always local. They should be removed at the local nexus of power that Microsoft usually exploits to discriminate against free software users: ISPs and local government.

    The expedient solution is to block access at the ISP level to all Windows computers and this is already necessary. ISPs have periodically disconnected compromised Windows computers but never had a reason to block other kinds. It would be cheaper and more effective to block all versions of Windows. People die when hospital networks are clogged with malware traffic. The economic harm is also high. Individuals caught in Microsoft’s monopoly trap are moving too slowly, so society must use other measures to protect itself.

    Tort law can be used as a slow solution by suing Microsoft companies that use Windows and ISPs that don’t take effective measures. Microsoft is directly responsible in a way that only a non free software owner can be. Companies with large Windows deployments are guilty of gross negligence because everyone knows that a high proportion of Windows clients are always compromised. ISPs, such as Comcast, are also grossly negligent. The economic harm from botnets is easier to measure than MAFIAA cases that now clog courts against individuals with the nerve to share. Some smart, brave and honest lawyers stand to make a fortune from companies that are usually guilty of monopoly tactics.

    The harm Windows does should be stopped as soon as possible and Microsoft should pay for it. We’ve had more than a decade of excuses but nothing has changed. The slowest solution of all is the one that is ongoing, people realize that free software is a better deal. This would be more effective if society was better at protecting itself from Microsoft’s anti-trust crimes. The sooner all of these crimes and problems are addressed, the better.

    Yuhong Bao Reply:

    It would not cure these botnet PCs, but it would stop them from connecting to the network, so the attempt by those PCs to send/receive botnet traffic will have no effect.

    Roy Schestowitz Reply:

    Yes, at the ISP level. Australia considers doing this already.

  2. uberVU - social comments said,

    January 6, 2010 at 4:13 am

    Social comments and analytics for this post…

    This post was mentioned on Identica by schestowitz: Perhaps Time for Authorities to Ban #Microsoft #Windows http://boycottnovell.com/2010/01/05/denial-of-service-again/

DecorWhat Else is New


  1. Links 25/10/2021: pg_statement_rollback 1.3 and Lots of Patent Catchup

    Links for the day



  2. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud

    Today we tread slowly and take another step ahead, revealing the nature of only some among many problems that GitHub and Microsoft are hiding from the general public (to the point of spiking media reports)



  3. [Meme] [Teaser] Oligarchs-Controlled Patent Offices With Media Connections That Cover Up Corruption

    As we shall see later today, the ‘underworld’ in Bulgaria played a role or pulled the strings of politically-appointed administrators who guarded Benoît Battistelli‘s liberticidal regime at the EPO



  4. IRC Proceedings: Sunday, October 24, 2021

    IRC logs for Sunday, October 24, 2021



  5. Links 25/10/2021: EasyOS 3.1 and Bareflank 3.0

    Links for the day



  6. The Demolition of the EPO Was Made Possible With Assistance From Countries That Barely Have European Patents

    The legal basis of today's EPO has been crushed; a lot of this was made possible by countries with barely any stakes in the outcome



  7. The EPO’s Overseer/Overseen Collusion — Part XXII: The Balkan League - North Macedonia and Albania

    We continue to look at Benoît Battistelli‘s enablers at the EPO



  8. Links 24/10/2021: GPS Daemon (GPSD) Bug and Lots of Openwashing

    Links for the day



  9. Links 24/10/2021: XWayland 21.1.3 and Ubuntu Linux 22.04 LTS Daily Build

    Links for the day



  10. IRC Proceedings: Saturday, October 23, 2021

    IRC logs for Saturday, October 23, 2021



  11. Links 24/10/2021: Ceph Boss Sage Weil Resigns and Many GPL Enforcement Stories

    Links for the day



  12. GAFAM-Funded NPR Reports That Facebook Let Millions of People Like Trump Flout the So-called Rules. Not Just “a Few”.

    Guest post by Ryan, reprinted with permission



  13. Some Memes About What Croatia Means to the European Patent Office

    Before we proceed to other countries in the region, let’s not forget or let’s immortalise the role played by Croatia in the EPO (memes are memorable)



  14. Gangster Culture in the EPO

    The EPO‘s Administrative Council was gamed by a gangster from Croatia; today we start the segment of the series which deals with the Balkan region



  15. The EPO’s Overseer/Overseen Collusion — Part XXI: The Balkan League – The Doyen and His “Protégée”

    The EPO‘s circle of corruption in the Balkan region will be the focus of today’s (and upcoming) coverage, showing some of the controversial enablers of Benoît Battistelli and António Campinos, two deeply corrupt French officials who rapidly drive the Office into the ground for personal gain (at Europe’s expense!)



  16. Links 23/10/2021: FreeBSD 12.3 Beta, Wine 6.20, and NuTyX 21.10.0

    Links for the day



  17. IRC Proceedings: Friday, October 22, 2021

    IRC logs for Friday, October 22, 2021



  18. [Meme] [Teaser] Crime Express

    The series about Battistelli's "Strike Regulations" (20 parts thus far) culminates as the next station is the Balkan region



  19. Links 23/10/2021: Star Labs/StarLite, Ventoy 1.0.56

    Links for the day



  20. Gemini on Sourcehut and Further Expansion of Gemini Space

    Gemini protocol is becoming a widely adopted de facto standard for many who want to de-clutter the Internet by moving away from the World Wide Web and HTML (nowadays plagued by JavaScript, CSS, and many bloated frameworks that spy)



  21. Unlawful Regimes Even Hungary and Poland Would Envy

    There’s plenty of news reports about Polish and Hungarian heads of states violating human rights, but never can one find criticism of the EPO’s management doing the same (the mainstream avoids this subject altogether); today we examine how that area of Europe voted on the illegal "Strike Regulations" of Benoît Battistelli



  22. The EPO’s Overseer/Overseen Collusion — Part XX: The Visegrád Group

    The EPO‘s unlawful “Strike Regulations” (which helped Benoît Battistelli and António Campinos illegally crush or repress EPO staff) were supported by only one among 4 Visegrád delegates



  23. [Meme] IBM Has Paid ZDNet to Troll the Community

    Over the past few weeks ZDNet has constantly published courses with the word "master" in their headlines (we caught several examples; a few are shown above); years ago this was common, also in relation to IBM itself; clearly IBM thinks that the word is racially sensitive and offensive only when it's not IBM using the word and nowadays IBM pays ZDNet — sometimes proxying through the Linux Foundation — to relay this self-contradictory message whose objective is to shame programmers, Free software communities etc. (through guilt they can leverage more power and resort to projection tactics, sometimes outright slander which distracts)



  24. [Meme] ILO Designed to Fail: EPO Presidents Cannot be Held Accountable If ILOAT Takes Almost a Decade to Issue a Simple Ruling

    The recent ILOAT ruling (a trivial no-brainer) inadvertently reminds one of the severe weaknesses of ILOAT; what good is a system of accountability that issues rulings on decisions that are barely relevant anymore (or too late to correct)?



  25. Links 22/10/2021: Trump's AGPL Violations and Chrome 95 Released

    Links for the day



  26. [Meme] How Corporate Monopolies Demonise Critics of Their Technically and Legally Problematic 'Products'

    When the technical substance of some criticism stands (defensible based upon evidence), and is increasingly difficult to refute based on facts, make up some fictional issue — a straw man argument — and then respond to that phony issue based on no facts at all



  27. Links 22/10/2021: Global Encryption Day

    Links for the day



  28. [Meme] Speaking the Same Language

    Language inside the EPO is misleading. Francophones Benoît Battistelli and António Campinos casually misuse the word “social”.



  29. António Campinos Thinks Salary Reductions Months Before He Leaves is “Exceptional Social Gesture”

    Just as Benoît Battistelli had a profound misunderstanding of the concept of “social democracy” his mate seems to completely misunderstand what a “social gesture” is (should have asked his father)



  30. IRC Proceedings: Thursday, October 21, 2021

    IRC logs for Thursday, October 21, 2021


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts