
	`About \| Buy Stuff \| News \| Products \| Rants \| Search \| Security`

Home » Resources » Rants

Microsoft: Fix Your Security

Microsoft users: switch or get off the net.

Get It

Try It

Probably the best security journalist for the end user and the enterprise is Brian Krebs. He keeps it going all the time and covers the gamut of it all. And as it's Windows Windows and Windows out there he concentrates on Windows even though he's also an MBP owner and an OS X user. And looking at a week's output makes one wonder what the F Microsoft are up to. The MonaRonaDona Extortion Scam http://blog.washingtonpost.com/securityfix/2008/03/the_411_on_the_monaronadona_ex.html This is a great one. This one affects all Windows systems - yes even their V*STA. Now ask yourself: if V*STA is supposed to be so secure how can it then fall prey to such an attack? Here's what MonaRonaDona does.

It disables programs. How can a secure system allow that?
It changes the title of IE windows. How can a process get into another address space on a secure system?

Here's a link to an article describing how MonaDonaRona came about. MonaRonaDona - We might be in the AV industry, but at least we aren't STUPID! http://prevx.com/blog/82/MonaRonaDona--We-might-be-in-the-AV-industry-but-at-least-we-arent-STUPID.html Criminality is one thing; making it so bloody easy to commit crime is another thing - and according to some a crime in and of itself. As for these people not being stupid - you decide. Now for a computer intrusion report from the US FDIC. Start adding up how much Windows is costing you. The FDIC Computer Intrusion Report http://blog.washingtonpost.com/securityfix/2008/03/the_fdic_computer_intrusion_re.html This is a scary narrative. It's available through Brian's page and also here in a more compact HTML format provided by OS X's TextEdit. Be sure to read the case studies. The security blokes on Wall Street are reporting the same thing. Wall Street Report Increase In PC Intrusions In '07 http://blog.washingtonpost.com/securityfix/2008/02/wall_street_reports_higher_pc_1.html There's been a steep increase in the amount of funds banks, businesses, and consumers lost last year to computer hacking and malware attacks. The article references this link. Banks: Losses From Computer Intrusions Up in 2007 http://blog.washingtonpost.com/securityfix/2008/02/banks_losses_from_computer_int.html And what would a US election be without malware? No system but Windows lets shite through like this. Fake Prez Campaign Video Spreads Malware http://blog.washingtonpost.com/securityfix/2008/02/fake_prez_campaign_video_sprea.html Spammers are taking advantage of public awareness about the US presidential race to trick people into installing malware. A recent blast of spam purports to contain links to a video of Hillary Clinton on the campaign trail but in fact downloads malware that recruits the Windows PCs to spam spewing botnets. There's a link to a Symantec report here. You Know it's Election Year When... http://www.symantec.com/enterprise/security_response/weblog/2008/02/you_know_its_election_year_whe.html And again you have to ask yourself how anything could be allowed to take over a machine in this fashion if the resident operating system is in fact secure. And this is just 'another week's work' for Brian. Next week it'll be the same thing again. The hits just keep on coming. And if anyone thinks these attacks affect all systems they need to go back to school. What's really remarkable is that these idiots on Windows put up with this crap day after day, week after week, year after year. They compare notes, surf to a lot of security sites, download fixes, drink lots of caffeinated beverages because they have to be so bloody paranoid all the time - but do they once stop in their tracks and ask themselves what the F they're doing? If this is the way it has to be? The way it's always been? The way it will always be? Not on your life. The reason the world of computer security is so screwed up is there are so many idiots purchasing and using the wrong products. Meanwhile Symantec have their monthly spam report ready. Symantec State of Spam Report for March http://www.symantec.com/enterprise/security_response/weblog/2008/03/symantec_state_of_spam_report.html And where does all the spam come from? Not open relays anymore. It's from PCs running Microsoft Windows. Current estimates are it's all of six botnets controlling all the spam spewing Windows boxes out there. Is someone going to prosecute Windows users for spewing spam? For without Windows on the Internet there won't be any spam to speak of. So - is anyone going to send Windows users to prison? Please let it happen. Internet mail is so screwed up today and it's only because people are running Windows. Networks are refusing mail from each other because of the spam - is this a solution? How about putting Bill Bloody Gates in jail? How about outlawing Windows because it sucks and causes all this crime? That's definitely a constructive idea.