Microsoft’s quick response to network worms….

This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob

Their main page has a big add for a free trial of Office, another big add encouraging you to upgrade your server, an even bigger add highlighting different music players and a thin line at the bottom in relatively small print and plain text (smaller by far than the ads) titled What You Need to Know About the Zotob.A Worm. As of this writing it is rated as a low threat (although it allows for remote control of a pc?) and they have only listed variants A-C while most virus vendors are already talking about .D .E and .F (and now .G)

Their malicous software removal tool has not seen an update in over a week and a half, so they offer no automated removal tool. (August 9 was the update along with their security fixes for the month.) They do give manual instructions for the A-C variatns in their malicious software database. The fact is though that they are lagging behind the antivirus vendors in providing solutions.

A little over a year ago, Microsoft bought an antivirus company (a GOOD antivirus company.) I used one of their products on a linux mail server I administer. They promptly killed off the linux server flavors and when the subscription for updates expired so did my use of the product. Given that they are the single most dominant software company in the world isn’t it funny that they can’t seem to get a removal tool out the door quicker than x y and z antivirus company?

Beyond that it boggles my mind WHY plug and play which is focused on LOCAL hardware detection had to have a network capable call.

Now this current worm isn’t as widespread as it might seem. (When the media is affected that magnifies the seeming impact.) But, about half of business workstations run Windows 2000 still. I’m just wondering if and when Microsoft really will get serious about security.

Now, I know they’ve said they have refocused on security but I’ll ask a few things. How is it that vulnerabilities can be held and released one Tuesday a month. My perspective is, if you know about a bug that could let someone remotely exploit a system you get the announcement and fix out as soon as possible. One of these days a virus is going to beat Microsoft to the punch and the consequences are going to be pretty rough. Now in all fairness Windows 2000 was probably in design stages in 1997 so there are some fundamental architecture issues that perhaps cannot be significantly solved. Microsoft at some point should bite the bullet on compatibility and venture to redesign/rethink the system from a security standpoint. Their incremental changes are maintaining compatibility, but at the expense of a spaghetti of vulnerabilities hidden in absurd thoughts (pnp receiving data from the network.)

The fact that a security patch on one thing can affect several other pieces of software is a fact of life. Microsoft needs to approach the concept of patches differently. Maybe design a patch so that it can be easily rolled back, or that a vulnerable unpatched service can be run “in a sandbox” that can’t escape to the rest of the system.

Over at the security fix, Brian talks about the recent worm event and points out among other things that we’ll have this one with us a while. (We still have many of the old worms still active online.) Among other things he reminds us it was 5 months after the blaster worm that Microsoft offered a removal tool. (There’s snappy service for you….) He also points out that there have been times that Microsoft has put some of it’s cash to use and offered rewards for the arrest of Virus writers. This is something that they should seriously revisit as it seemed to pay off. The only problem is they only stepped up with money when a virus was an extreme embarrasment.

I think this last point is a sign that they’re still not serious about dealing with the security problem that they’ve brought us to. They need to PROMINENTLY display information about vulnerabilities on their main corporate page and use their power to accomplish something significant in the war against worms and viruses.

Until then I don’t foresee leaving linux as a desktop platform because it puts more of the security of it in my hands and not up to the whims of the manufacturer… I run as a user not as an administrator, this mitigates a lot of threats. If there is a server that’s particularly exploitable it can be run in a chroot’ed environment. I have more control over what services run and what services do not. In Windows there are sometimes peculiar connections between various services.

There is an age old debate about “if Linux had 90% market share it would have just as many worms…” I don’t think that if 90% of the market were running Linux (or a combination of Linux and Mac which is really a BSD based cousin), that we would see these kinds of outbreaks. The main reason is because there are so many different varieties of linux, there is an entirely different security model. (Componentized) Additionaly there are many different implementations of various software that could be vulnerable.

This article gives a good overview of where the writer stands in that age old debate. Among other things he points out that more linux machines make up the backbone of the internet than windows machines which would seem to counter the “if there were as many linux machines” claim. I would think network backbone machines would make a more interesting target than Mom’s desktop PC. It’s an interesting read and worthwhile if you’re thinking about a switch (even if you’re not).

Related Posts

Blog Traffic Exchange Related Posts
  • Microsofts Linux Lab manager answers questions on slashdot A few days back I mentioned that slashdot was posing questions to Bill Hilf, the manager of Microsoft's Linux lab. Today his responses are being posted. Among the more interesting points, in general his role is helping Microsoft have a better understanding of Open Source software. They do report bugs......
  • Antivirus Removal Tool List Update Just a quick note that I've updated the Antivirus Removal Tool list to include VIRUS removal tools. (I originally intended the list to be those utilities to clean up a system so that it could deal with a fresh install of an antivirus product. (Can't count how many times I've......
  • Viral turf war I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a......
Blog Traffic Exchange Related Websites
  • CA Security Comprehensive Internet Security & Data Protection CA Internet Security Suite Plus, an all-in-one security suite, gives you maximum protection against viruses, spyware, and other internet threats that can compromise your privacy and harm your PC. CA Internet Security Suite Plus Comprehensive Virus and Spyware Protection CA AntiVirus Plus keeps......
  • Combating Computer Espionage Combating Computer EspionageCombating Computer Espionage In some cases, spies as well as covert operations are found in war grounds or politically tense regions. Now in spite of everything, you can find spies in addition to covert operations running undetected within your personal computer system as you use your computer along......
  • Free Financial Management Software When it comes to your getting out of debt, having the right software can actually make a real world of difference. Some people tend to manage their efforts at debt reduction with something that is as simple and as straight forward as a computer spreadsheet while other people tend toward......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

One Response to “Microsoft’s quick response to network worms….”

  1. Avery J. Parker - Web site hosting and computer service Says:

    [...] In an earlier post today, I talked about the places that they have dropped the ball in responding to this. Yes, they patched it, very good, but there are still some fundamental problems with Microsoft’s approach to security. I looked at the Microsoft blogs, the most precient entry I could find was a “look inside the situation room” which basically started out along the lines that “when there is a situation affecting customers we bring the right people into the room” (paraphrased…). It’s disappointing to see better coverage of a worm affecting Microsoft Windows coming from sources OUTSIDE Microsoft. After all, Microsoft knows their code better than anyone (hopefully) and should be in the best position to analyze what’s happening and INFORM in an attempt to keep their customers armed with the information they need. [...]

Switch to our mobile site