Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Blog
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Marketplace Partners

internet.commerce
Be a Commerce Partner

The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

Linux Jobs

linuxtoday Newsletters
Subscribe News
Subscribe PR
Subscribe Security
Subscribe Jobs

internet.com / blogs

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
searchcats.jpg
search.jpg

February 2011
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28          

Security FUD In Action: Not Windows' Fault, Nope, Not at All

By Carla Schroder on April 20, 2010 1:48 PM | | Comments (6) | TrackBacks (0)
The game of giving Microsoft a free pass on security flaws continues, despite the rapid growth of the world wide botnet and more Windows exploits roaming the planet than ever.

100 potential attacks per second blocked in 2009 fails to mention Windows, though it names various individual malwares such as Conficker, Hydraq, Sality.AE virus, the Brisv Trojan and the SillyFDC worm. It doesn't even use their full names: W32.Sality.AE, W32.SillyFDC, W32.downadup (Conficker). W32 is "Windows 32-bit."

It fails to identify vulnerable "PDF viewers" as Adobe Reader, and does not differentiate browser exploits by platform. The #1 unanswered security question from users is do Firefox exploits affect non-Windows users? I have yet to get a good answer to this.

Virus Shuts Border Crossing blames "a computer virus crashed the electronic border control system."

BBC News continues its unbroken streak of referring to Windows PCs as PCs, and offering useless security advice such as:

"STAYING SAFE ONLINE

Use security software that can tackle viruses and spyware

Use a firewall

Apply operating system updates as soon as they become available

Be suspicious of unsolicited e-mails bearing attachments

Keep your browser up to date"

Is this some kind of cruel joke? You and I both know that #1 on any honest security advice list is "Don't connect Windows to any networks or exchange data by any method with other computers." Perhaps you fine readers recall some of the many articles on the numerous failures of both the Windows security software industry, and Microsoft, like this small sampling:

Another day, another Internet Explorer security hole(Mar 02, 2010)
32% of computers with AV protection are infected(Feb 11, 2010)
New Russian botnet tries to kill rival (Feb 10, 2010)
Most security products fail to perform(Nov 16, 2009)
Oops, e-mail security vendor McAfee spills 1400 private names(Jul 31, 2009)
Kaspersky confirms hack with fingers firmly in ears(Feb 09, 2009)
Kaspersky database exposed(Feb 09, 2009)
Windows worm numbers 'skyrocket'(Jan 19, 2009)
Trend Micro: Antivirus Industry Lied for 20 Years(Jul 16, 2008)

Patch Tuesday Joke

The biggest joke of all is Patch Tuesday. Why are Windows fans so gullible? Do they have a special deal to not be attacked the other days of the week? Though it is true that it doesn't make much difference, since there are always plenty of other available holes. Big deal locking the front door when the side doors and windows are open, and there is no roof at all.

Symantec released their annual report, and it has fueled many articles like Symantec's 2009 Security Report Shows a 71% Increase in Malware. It contains gems like

"According to the Symantec research 2009 saw a major increase of 71% in malware over 2008. This effectively means that 51% of all security issues ever tracked by the company appeared in this year alone.

"...One of the major players in this field last year was the Zeus malware program. This software is marketed and sold to cyber criminals and is often used to create malicious "botnets" or networks of PCs that are infected and then used for spam or data theft purposes."

But Vista was released in Jan. 2007, and Windows 7 was released October 2009, and they're supposed to be all more secure. Sure, there is still a huge legacy Windows base...but when you read malware definitions you quickly learn that the malware don't care, all Windows are equally tasty.

This type of reporting is little more than propaganda. The goal is to convey the same message over and over: Cybercrime is entirely the fault of cybercriminals and careless users. Malware targets all PCs, that's just the way it is and it's nobody's fault, except criminals and careless users. But this is pure baloney: The porous nature of Windows, and the entire Microsoft software stack, is the problem. Don't let anyone make you believe otherwise.

What would it be like if Linux, or any real multi-user networking operating system with a sane design, were the standard operating system? I bet money we would not have tens of millions of Linux PCs in botnets, even with a large population of unsophisticated users. No botnets pumping out phishes, spam, and malware, no drive-by infections from merely visiting infected Web sites, no getting cooties from simply having an infected email or document on your system without even opening it, no viruses or worms spreading to millions of other computers in an eyeblink. It takes special talent and OS architecture to make those things possible.

Categories:

0 TrackBacks

Listed below are links to blogs that reference this entry: Security FUD In Action: Not Windows' Fault, Nope, Not at All.

TrackBack URL for this entry: https://swarm.internet.com/mt-tb.cgi/9843

6 Comments

paul said:

I absolutely agree. It is absolutely unethical that MS gets off free from any responsibility for their crapware. I'd bet money that Gates sold the "too big to fail" idea to Goldman-Sachs after he convinced the gov't that MS is "too big to fail."

I hope that there continue to be coups like NYSE and the LSE to prove the viability of FOSS.

But unfortunately here in the US, it looks like MS and the boys are going to own the EMR market. The bozos in DC already rolled over for Bill.

My new sig...

"All your politician are belong to us." -- Anonymous

April 20, 2010 7:31 PM
Stan said:

If desktop Linux ever gets attacked in any major way all users have to do is go beyond the basics and turn on the SE extentions, App-Armor or even start running Firefox and Thunderbird in a chroot jail. Sure all of them would be a good idea today but the threat level is low enough that most folks don't bother.

April 20, 2010 10:19 PM
Seth Brown said:

I appreciate what you are saying, Carla. The media are playing a game with the truth. Basically, they are talking to an audience, real or imagined, with the critical thinking skills of a ten year old.

I'm not sure whether this is intentional or not. The news seems to have become entertainment recently. No real in-depth analysis of any subject. Why should something as esoteric as software be any different?

April 20, 2010 11:04 PM
Don il said:

One of the things customers pay me for, is to clean malware infected machines. And it is a task that I have to do twice (or more times) a year. Unfortunately for some of them, they cannot move to Linux, for they are accountants and they rely on some programs that run only in Windows. Worst of all, these programs are provided by the US equivalents of the SEC and Social Security, as the only way to report taxes and employees' fees and movements. Every time I get to visit them, I hear the same complaints about "computer viruses". It has been a hard work to convince them that there are no such things as computer viruses: they are Windows viruses, i.e, programs that take advantage of Windows defects. They are now beginning to get it, specially since I began installing Linux servers which do file and printer sharing, and also double as gateways, routers and mail filters. Things are getting better and incidents tend to be less frequent. But as long as Users still have to rely on Windows for their main work, I can't really see no cure for these problems.

April 21, 2010 2:40 AM
Bruce Ediger said:

Great article, and probably the truth. However...

"It is difficult to get a man to understand something when his salary depends upon his not understanding it."
--Upton Sinclair

The "Anti-Virus" people have made a 25-year history of not understanding what you speak of. In addition, they've got a 22-year history (Morris Worm, dontcha know) of failed predictions of a plague of Unix and now Linux "malware".

April 21, 2010 10:05 AM
twitter said:

Thank you for Calling out Windows. Please join the campaign to Call out Windows. Journalists and editors are afraid of or beholden to Microsoft and avoid talking about Windows problems as Windows problems. If we make enough noise, we can convince them and Microsoft that their lies have failed as badly as their software has. If we remain silent, people will think computer experts agree with Microsoft's lies about computer security.

It is obvious that no other software has Microsoft's problems. The clean list has little to do with market share or user negligence/ignorance and everything to do with careful design: OSX, Solaris, Wii, Playstation, GNU/Linux and Symbian phones, and every kind of GNU/Linux running embedded device that's hooked to a network. Many of these devices are dominant in their categories and their sum outnumbers Windows desktops by a large margin. Most computers are not desktops, so they don't run Windows and don't have problems.

April 21, 2010 8:13 PM

Leave a comment


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP