 |
Search |
|
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
Windows Viruses - Who's to Blame? |
|
 I love how Windows users, at the first sign of a major virus, want to round up the posse, hunt down the perpetrator, and string him or her up. Most of them don't look at the creators of the Operating System that allow these sorts of viruses to happen, but that's exactly where they should be pointing the finger.
It's Microsoft's ignorance for over a decade, and their obsession with the almighty dollar (instead of making something that was just plain good) that has gotten Windows where it is right now. Why blame the virus writer? Sure, he took the time to write a few lines of code, it might've been a half hour to tweak out a previous virus. And yeah, that virus got disseminated around the 'Net, infecting millions of computers. But should we blame that guy? I mean, he didn't really physically "do" anything, and he didn't hurt anyone. Lots of time was lost by Windows users being productive (if you could have called it that in the first place), but if it wasn't him it would've been someone else, right?
Plus how do you hunt down all these people? It's like going after all the small-time drug dealers: there's just too many of them! We'd have to devote a whole Internet Cop Task Force to hunting down Windows virus writers, and I know I don't want to pay the tax for that! Not to mention all the court costs and, if convicted, prison costs for these virus writers. Who's footing the bill? Not Microsoft. They're laughing all the way to Bank. Or perhaps to Bill's swimming pool of gold dubloons that he dives into ala Scrooge McDuck.
At some point, Microsoft has to be held responsible. It's their fault, either through buggy code, lazyness, a rush to get a product to market, or just to make more money (for instance, Internet Explorer being so tightly built into Windows was to increase/keep marketshare - and that alone is the cause of many viruses).
Windows proponents are quick to bring up the "security through obscurity" argument. That goes something like "If Apple or Linux was on top like Microsoft is right now, they'd have the same problems". This is the single biggest misconception that Windows users have these days, and nothing is further form the truth.
First of all, if there was any viruses, worms or spyware for OS X and/or Linux, they would have a VERY hard time not only installing themselves on a user's machine, they would also have a hard time propagating. All of the UNIX-based OS'es ask for some type of admin or root password before messing with things at the system level.
Let's suppose someone wrote a virus for OS X (which in all honesty probably wouldn't be that hard). They might pass it off through email, and let's say it lands in the inbox of a novice Mac user. They look at the email and there's an attachment. It looks intriguing, even though the user doesn't recognize the sender's address, so the user double-clicks on it. Realizing it's a program (or perhaps an AppleScript that touches sensitive permissions) OS X will prompt the user to enter the Administrative username and password. Not knowing what this program is, the user would have to be very foolish the do so.
This is security at the very simplest. It's not that hard folks! Microsoft just seems to have too many things going on, too many eggs in one basket, too much focus on money rather than keeping things simple, any one of a thousand other reasons to not make things simple and secure.
Certainly, if Apple or Linux were in a better position marketshare-wise, they'd have more security issues - but DEFINITELY, not nearly as many as Microsoft is dealing with now.
That's why I find it amusing at times, downright sickening at others, when people want to throw virus writers in jail to serve terms longer than murderers, while Microsoft gets off scott-free!
So tell me, am I wrong here? Should virus writers be targeted and tossed in jail? Are they that much of a threat to society? Where are my pants? Should Steve Ballmer be required by law to be in a plastic bubble for any public appearances that way no one gets doused with sweat? All these questions need to be answered, because enquiring minds want to know!
----
Also, for more exciting reading on the "security through obscurity" myth, check out these links:
Quick, Stick Your Finger in the Dike!
Readers contend Mac's OS X is much tougher to crack than Windows
Columnist tries the 'security through obscurity' myth to defend Windows vs. Macs on virus front
If You're Getting Tired Of Fighting Viruses, Consider a New Mac
Microsoft Windows: Insecure by Design
How Susceptible Is Your Operating System to Viruses?
Hackers enter via Window
|
|
May 6 2004, 10:44 AM EDT, by
 |
Comments:
|
| sweetjimmyhugs |
5/6/04, 11:47 AM EDT |
I don't feel that M$ should be thrown in jail, but a nice beating would be good for the entire world.
|
| cAtraXx |
5/6/04, 8:11 PM EDT |
Amen sweetjimmyhugs :)
Great article, Jonahan. I definately enjoyed reading it. It's just a little sad that one has to find sites like this one to be able to discuss things like this, because on every other forum where you'll meet the masses of Windows users, you'll plainly be flamed to death and/or banned for your comments.
And then there's always their standart phrases: "If windows is sooo bad, why are so many people using it ?" - It's simple, really. People take what you give them. People followed Hitler. It's always the same, as long as it works for you, even if only just, you'll most likely accept it. Plus the fact that Microsoft is spreading their horror news of opensource being unsecure (omfg >.<) all over the world. They have endless resources, Apple does not. The Linux community also has very limited ways to advertise themselves. In the end it very much comes down to the fact that even this is only a reflection of our general live, because what we see during the big Os wars is exactly the same that happens all over the world in any other business, in any other government.
My only hope is that at some point people will start realising whats happening around them. For the moment computers aren't very important to most people, unlike for example their car or their job, so they don't really care what Os they run. If they'd realize that they could save a *bunch* of time just by changing the system (Like they would change their car when it eats to much gas or has to be repaired every two weeks) they'd probably really do it.
|
| rlhamon |
5/6/04, 10:30 PM EDT |
The same congressperson that pushes for harsher punishment on viruses writers are also the same ones that became a million dollars richer from Microsoft congressional lobbyist also mr bush didn't do to shabby with a Microsoft payday
|
|
5/6/04, 11:15 PM EDT |
M$ is off to Jail...just because I hate them lol
|
| nhmacusr |
5/7/04, 10:16 AM EDT |
I am not sure I completely agree here. I think that both parties are equal in blame. It is really a matter of which way you look at the problem. Say for example, a guy runs a red light in a car because he wasn't fast enough on hte brake. Was it the car companies fault that he didn't stop - possibly. But the driver has responsability too because he is in charge of the machine. The same holds true for computers. Like it or not, microsoft owns the computing world in terms of numbers. We won't get into a business practice debate here because that is another topic (and believe me I am not on their side). Most of those users do not have a choice. The operating system is forced on them (they use it at work or school or whatever). So writing a virus and unleashing it in hte wild is the equivelant of cutting the brake line in our little car crash example. Is it the car companies fault, possibly, maybe they should have had better indicaters, is it the persons fault - maybe they should have kept up with maintenance better or knew what to look for, is it the cutter's fault - well he knew he was doing something damaging. The fact is there are people out there who do damage for no other reason than they can. In reality no system will ever be completely safe. It is really up to you and me to ensure our computing safety. OSs and computers are tools. The general public needs to be taught that they are tools and how to handle them. This is a really valid argument when you look at the security of linux and Mac OS X. Are these OSs any easier to keep secure (a little but not much) the fact is that the people using them know, for the most part, what they are doing and care about the tool.
Part of the root of this topic is how the original designers of the computing age looked at the machines and the software that ran them. Even Unix, yes our beloved Unix, was full of holes - and in many ways still is we just haven't found them yet:) - check out the book the Cuckoo's Egg - The original designers were mainly acedemics who envisioned only the good side of computing. Why would anyone want to take over a machine? For what purpose? As computers crept further into our society, the holes in this way of thinking cropt up. We are simply seeing another hole in the thinking. I think a lot of computer users think the way the acedemics did. They just aren't aware what damage they are doing.
Well, that whole ramble got a bit off topic sorry:) My main point here is that viruses are not a simple he said she said problem and they are not a specific problem to Microsoft. They are all our problem and to some extent there is plenty of blaim to go around to everyone.
|
| nhmacusr |
5/7/04, 10:21 AM EDT |
Just to ruffle the covers a bit, here is the security alerts page from O'Reilly. They list Linux, Unix, Mac OS X exploits and vulnerabilities. And these are by no means all of them.
http://www.oreillynet.com/pub/ct/20
This is an excellent site for all types of operating systems. Remember, at home, we are our own computer security person.
http://www.securityfocus.org/
|
| Jonahan |
5/7/04, 12:25 PM EDT |
nhmacusr, good comments =)
Yes, there needs to be a lot more thought about this and more education of it. True, MS shouldn't be the only one at blame, but I think they should at least have -some- responsibility. As it is now, they really have no reason to clean up their code, other than if their sales REALLY start dropping off.
I've heard the car analogy before and I think it's flawed - mainly because the Internet is more complex than a car and no one 'owns' the car. Like you said, there are more grey areas when you start talking about stuff like this.
The next decade should be interesting as the Internet gets more legislation. The world is connected now, but we still have all these countries that have to keep things straight .. viruses are just one thing that we all have to think about more.
One other thought (see I ramble just as much as the next guy, nhmacusr) is that maybe the Internet will help us reach some type of world government, or at least a REAL United Nations. As we face more problems that are universal (viruses, legal issues that cross country boundaries thanks to the Internet, etc.) we'll pretty much need to have a world government enitity.
Hehe... Listening to Al Franken's 'Lies' has got me thinking wayyyy to much into politics ;)
|
| nhmacusr |
5/7/04, 12:27 PM EDT |
Ahh, but there is an owner of the car - the computer - the internet is the road.
|
| nhmacusr |
5/7/04, 12:29 PM EDT |
Should have read the rest of your post. The last comment is pretty interesting. It will be interesting to see how this all plays out, especially because it will effect the world economy in general. It will be interesting to see how the United Nations adapts to this.
|
| cAtraXx |
5/7/04, 5:37 PM EDT |
nhmacusr is right. I did not say that the internet should be like a car (and it sure would be one big car ;)), but the computers should be treated like cars.
If people knew more about their computers they'd hopefully stop calling the police whenever they have a virus :P
I guess your idea of a world government is far to optimistic. In the internet, where everything seems to be a little easier to say. The problem is that also hate campains and racism would be much easier spread. If you would forbid these people to say what they want to say, you'd take away their free speech and in the end it would be nothing but the same we have now.
|
| cAtraXx |
5/7/04, 5:56 PM EDT |
Oh and i still think M$ should be blame, and you know why ?
Of course every piece of software has exploit, that's the nature of software, but lets take a look at what happens if they find some kind of exploit in a *nix product: At first they'll of course release a hotfix so that the current exploit can't be used anymore. Then they'll most likely discuss the whole matter and try to find a way to ensure that similiar exploits can be prevented in the future.
Now what does M$ do ? They pay their developers a *bunch* of money to make the hotfix as fast as possible and then ... they go back and work on DirectX to ensure that the next expensive gafics has many many fancy new features that will make their customers drool. That's how they work and they won't put much more thought into such a serious matter. That is why they continue to /produce/ exploits like that with every new patch of their system. Exploits that simply seem surreal when you're using windows or Unix.
|
| nhmacusr |
5/7/04, 6:40 PM EDT |
Some of your comments are true, but contrary to popular belief, Microsoft developers do care about their products. You should read the post about Open Source Development vs Closed Source Development. Microsoft has developers working on Windows security FULL time. That is all they do. The problems occur because of the huge code base. They also have to ensure backwards compatability witha all of their products. That happens with Apple too, although not so much. Not true with Linux and Unix. If something needs fixing in Unix or Linux, it really doesn't matter what other projects get broken. You just suck it up and recompile to fix it. It doesn't work that way in the commercial model. Try upgrading just a kernel when a major release comes out and see what software gets broken. The difference is the Open Source Development process is focused on security, flexability and Speed first, backwards compatability second. With Microsoft, they have customers paying good dollars for the product, so they have to look at Compatability first and the other considerations second. In addition, the customer doesn't have the luxury to recompile a lot of windows software unless it was homebrewed. Another thing that hampers Microsoft is the amount of eyes looking at the code. It isn't that they don't know what to look for or that they aren't good engineers, they just don't have as many eyes. The Open Source community has the whole world. Whoever wants to look can have a peek. In this respect bugs are found faster and fixed quicker.
It is true that they are working on maxing out the technology so that the users have to upgrade hardware with each new release. That is the nature of the business. Everyone does it this way to some extent, even Apple, but the difference is that most companies aren't so flagrant about doing it and they don't do it to the extent that Microsoft does. Even you admit in your post that they are customer driven (making their customers drool). As a public company, that is their job. To make their stock holders money.
Don't get me wrong, I think for what Microsoft charges for their products, they should be better designed, but I am not sure they are completely responsable because some dumbass clicked on an exe file without knowing what it was without disabling the administrator account because it was 'inconvinient'. Don't be lulled, the user is his worst enemy. It is no different than all of the Unix/Linux boxes out there on the web with a root password of root. Yes, they do exist and they get exploited.
|
| cAtraXx |
5/7/04, 7:22 PM EDT |
Backwards compatability first ? Oh yeah, i had a nice chat with a friend of mine who works for a large Web Hosting/Designing company here in germany. They wanted to upgrade their Microsoft servers, so they ordered the upgrade, installed it with the hellp of some Microsoft supporters and then well ... they were looking for like ... software for their newly upgraded servers. And guess what, the new upgrade neither had any compatability to older software, nor was there any useable software yet released, so what happened was that they had to reinstall all of their servers with the old server software in order to make sure they would still be able to serve something in the next week.
And i myself haven't had such great experience with M$'s praised backwards compatability either, since many products i used on W 98 refused to work on w2k and i'm not even talking about XP. Longhorn will be the next step where you can either buy expansive software upgrades in order to ensure your workflow, or just wipe the idea of upgrading to the new OS at all.
When i switched from 10.1 to panther everybody was like "Yeah it's cool and all, but you have to upgrade or your software will go bye bye." And nothing happened, i didn't upgrade a single Program on my Mac. All worked just as fine as before, only faster and more stable. The only problem i had was some opensource games, that i had to upgrade.
Sure Microsoft cares for their customers in some way, but from my point of view they focus on the wrong directions. I mean look at what they say: "Windows is secure, stable and fast." Not true, not true, not true. But i guess that ok, because it's just advertisement and yet all their attempts to better windows were more or less futile. W98 to W2k was great, because for the first i really didn't see many blue screens. But then i saw new worms, programs crashing over and over and one big mess in the services that are installed and /activated/ by default. That means they've fixed something and added a mass of new problems, that don't only annoy me, no they keep me from working fluently. I haven't seen that in Os X so far.
|
| cAtraXx |
5/7/04, 7:30 PM EDT |
Please excuse all my typos, i'm rather tired.As always :/
|
| nhmacusr |
5/7/04, 7:50 PM EDT |
I see your points and to some extent we are talking about the same things. However, knowing what to secure in a Windows system is no different than knowing what to secure in a Mac OS X system. That is all I am talking about. There is no one person to blame with this whole virus thing. There is plenty of blame to go around. I too am tired of teh MicroFUD, or I wouldn't be here :) . Unix and it's varients are more secure by design and have had 30 + years to work things out.
I bet your friends were dealing with Windows server 2004 weren't they. That is exactly what I meant about shoving down your throat. You are going to see native app support disappearing in Mac OS X too. It will just be a long slow process. And believe it or not the biggest push for the backwards compatability in Mac OS X was a commercial one. The graphics people are the number one group of Mac buyers and Quark Express did not have a native Panther version for Mac OS X when it came out. Thus the push for being able to run older programs. In fact, many people still did not switch until the native OS X version came out. Now that it is here, you will see the support vanish slowly. Although, we are dealing with Apple Open Source here, so I bet there will be emulaters galore out there for free. Ain't open source grand!
So we are really making mostly the same points. I just think there is plenty of virus blame to go around.
|
| nhmacusr |
5/7/04, 8:06 PM EDT |
It just occured to me that another thing that makes the virus blame game pointless is that the writer's go where the holes are. It doesn't matter where they are. When Unix was king and there was nothing but big main frames around that is where all of the subversive stuff was happening. Yes, there were worms and trojans back then. Some of them did far nastier things than reboot your machine. Right now Windows is the top of the heap. It is everywhere. Therefore a hole becomes a gaping crater that is irresistable to whoever puts the virus out there.
|
| cAtraXx |
5/7/04, 8:11 PM EDT |
I think it was the 2003 server, since it was a while ago, but i can ask him about that.
I didn't know about Quark Express, since i don't use it. All i use is Photoshop, Illustrator, Golive, Livemotion and Flash MX.
However, this has been a good little discussion, i hope we can do it again on some other topic :) Hell, i'm glad i found this site.
|
| Jonahan |
5/11/04, 2:49 PM EDT |
I agree, this is (was?) a great discussion. I learned a thing or two for sure. Everyone made some valid points and every post was useful, amusing or both.
I can't tell you how good that is when the topic gets vaguely Microsoft ... usually the trolls come out of the woodwork. So thanks guys =)
There were so many good points, I can't address them all, but talking about fault ... yes the user is at fault for some stuff, like opening an email attachment from someone they don't know. But for something like Sasser that comes in through the browser, you can't say it's the user's fault (at least not your average computer user). MS is finally enabling the built-in firewall by default in XP's service pack 2 which should stop a lot of stuff, but I can't totally let MS off the hook here.
Another thought just occurred to me...if people can sue Apple for OS X running slowly on G3 Macs, why couldn't people sue Microsoft for an insecure operating system? ;-)
Yeah, anyone can sue anyone for anything, and in this case MS would just throw a few hundred million at the problem and it'd go away, but still fun to think about.
|
| nhmacusr |
5/11/04, 5:47 PM EDT |
Like I said before, I am as tired of the MicroFUD as the next guy. The guys over at Security Focus say that the patch was out a full month before the worm showed up. The patch on my system is dated 03-23. The Symantec report is dated 1 May. Again, there is plenty of blame to go around, but people have to patch their systems.
I haven't read the EULA, but I bet there is something in there that would let them off the hook. Good thinking though:)
|
| cAtraXx |
5/11/04, 11:48 PM EDT |
In fact i think they say something about that in the license agreement, but chances are high that i don't remember this one correctly ... it's been a while since i installed windows the last time ;) (And of course i normally don't look through that agreement)
And i guess that M$ is so used to get sued, that they already have enough standart tactics to scare people away from the idea ;)
|
| macz in the hood |
5/12/04, 6:59 AM EDT |
If for example DaimlerChrysler would sell a car without lockable doors they wouldn't sell one car. Would you buy a car which is only safe in your garage? The writer of Sasser did everyone who's working with Windoze a favor to point with the finger on the security holes (it's more like one fuc*ing big black hole sucking in all the [doodoo] floating through the web...).
PS: Watch for your pants in monkeyboys cave!
|
| nhmacusr |
5/12/04, 2:41 PM EDT |
While in the end it is a good thing for Microsoft and everyone else at large, by releasing it into the wild he caused a lot of people time when they could have been doing other things. In the corporate world time is money. To you and me it is just annoying. To my boss, it effects the bottom line.
|
| cAtraXx |
5/12/04, 11:05 PM EDT |
nhmacusr: If your boss wants you all to work fluently, maybe he shouldn't have bought windose in the first place ? ;)
However, i think the banks that have had troubles with Sasser can absolutely afford it and the rest ... well ... it took me 15 minutes to get rid of it on my friends computer and i had incomplete removal instructions, too.
|
| nhmacusr |
5/13/04, 8:45 AM EDT |
Actually our network was secure ;) . I have some friends though that had a hell of a time. The problem is that when you have thousands of employees, security is a much bigger problem. In my friends company a business traveler had the thing on his laptop and plugged it into the main network. Bad news for him that day. And like I said, it is annoying for you and me (just a few minutes to remove). It took my friends the better part of three days to contain and erradicate. It is difficult to get thousands of people to move together when you need them to.
|
| cAtraXx |
5/13/04, 9:15 AM EDT |
I totally agree with you on that one. Many of my friends work as IT techincians at bigger companies, i think the last days were one big mess for them aswell.
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
|
|
|
Site Links |
|
|
|
|
Deep Thoughts |
|
|
One of the worst things you can do as an actor, I think, is to forget your lines, and then get so flustered you start stabbing the other actors.
|
|
Around Da Web |
|
| iProng: |
iPhone steals show at CTIA Wireless 2007
|
DLO offers dual cover fashion case for iPod
|
AT&T received 1M inquiries on iPhone
|
| MacDailyNews: |
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
|
Inside Apple?s Mac OS X 10.5 Leopard Server OS
|
The chips inside Apple TV
|
| Think Secret: |
Adobe Creative Suite 3 pricing revealed
|
|
|
We Like: |
|
|
|
|
Side Projects |
|
Jonahan
- JediPoker.net
- Jonahan.com
- iProng
- MacProng
iKen
Jedbeck
J.P.
|
|
