Microsoft software is full of security holes and there is clearly negligence [1, 2, 3] because Microsoft does not patch known holes until the attacks begin. We wrote a lot of posts about this in January [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] since a known Internet Explorer hole that Microsoft had ignored for 5 months caused enormous damage to many businesses, Google included. This is the type of situation that Microsoft should be made liable for. It's not about shoddy programming but about shoddy maintenance and damage that could easily be avoided. Yesterday we shared reports about Free software being more secure than proprietary software because it is patched more regularly, according to Veracode (more on that here).
Microsoft warned of a new hole on Monday that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.
According to the firm the problem relates to Windows 2000 and Windows XP by default, and to a lesser extent, Windows 2003 Server. It added that its internal investigations revealed that Windows 7, Windows Server 2008, and Windows Vista were not affected. Regardless of this, it appears that if there is a risk to systems it is users that cannot stop themselves from pressing a button.
How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.
Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.
Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."
The logistics of such a plan remain woefully unformed. While many say ISPs should monitor subscribers for infections, there's considerable disagreement about how with providers should carry out and pay for such a system.
Comments
Needs Sunlight
2010-03-03 18:35:01
Incompetence going on for as long as it has is not an accident, but malice.