This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob
Their main page has a big add for a free trial of Office, another big add encouraging you to upgrade your server, an even bigger add highlighting different music players and a thin line at the bottom in relatively small print and plain text (smaller by far than the ads) titled What You Need to Know About the Zotob.A Worm. As of this writing it is rated as a low threat (although it allows for remote control of a pc?) and they have only listed variants A-C while most virus vendors are already talking about .D .E and .F (and now .G)
Their malicous software removal tool has not seen an update in over a week and a half, so they offer no automated removal tool. (August 9 was the update along with their security fixes for the month.) They do give manual instructions for the A-C variatns in their malicious software database. The fact is though that they are lagging behind the antivirus vendors in providing solutions.
A little over a year ago, Microsoft bought an antivirus company (a GOOD antivirus company.) I used one of their products on a linux mail server I administer. They promptly killed off the linux server flavors and when the subscription for updates expired so did my use of the product. Given that they are the single most dominant software company in the world isn’t it funny that they can’t seem to get a removal tool out the door quicker than x y and z antivirus company?
Beyond that it boggles my mind WHY plug and play which is focused on LOCAL hardware detection had to have a network capable call.
Now this current worm isn’t as widespread as it might seem. (When the media is affected that magnifies the seeming impact.) But, about half of business workstations run Windows 2000 still. I’m just wondering if and when Microsoft really will get serious about security.
Now, I know they’ve said they have refocused on security but I’ll ask a few things. How is it that vulnerabilities can be held and released one Tuesday a month. My perspective is, if you know about a bug that could let someone remotely exploit a system you get the announcement and fix out as soon as possible. One of these days a virus is going to beat Microsoft to the punch and the consequences are going to be pretty rough. Now in all fairness Windows 2000 was probably in design stages in 1997 so there are some fundamental architecture issues that perhaps cannot be significantly solved. Microsoft at some point should bite the bullet on compatibility and venture to redesign/rethink the system from a security standpoint. Their incremental changes are maintaining compatibility, but at the expense of a spaghetti of vulnerabilities hidden in absurd thoughts (pnp receiving data from the network.)
The fact that a security patch on one thing can affect several other pieces of software is a fact of life. Microsoft needs to approach the concept of patches differently. Maybe design a patch so that it can be easily rolled back, or that a vulnerable unpatched service can be run “in a sandbox” that can’t escape to the rest of the system.
Over at the security fix, Brian talks about the recent worm event and points out among other things that we’ll have this one with us a while. (We still have many of the old worms still active online.) Among other things he reminds us it was 5 months after the blaster worm that Microsoft offered a removal tool. (There’s snappy service for you….) He also points out that there have been times that Microsoft has put some of it’s cash to use and offered rewards for the arrest of Virus writers. This is something that they should seriously revisit as it seemed to pay off. The only problem is they only stepped up with money when a virus was an extreme embarrasment.
I think this last point is a sign that they’re still not serious about dealing with the security problem that they’ve brought us to. They need to PROMINENTLY display information about vulnerabilities on their main corporate page and use their power to accomplish something significant in the war against worms and viruses.
Until then I don’t foresee leaving linux as a desktop platform because it puts more of the security of it in my hands and not up to the whims of the manufacturer… I run as a user not as an administrator, this mitigates a lot of threats. If there is a server that’s particularly exploitable it can be run in a chroot’ed environment. I have more control over what services run and what services do not. In Windows there are sometimes peculiar connections between various services.
There is an age old debate about “if Linux had 90% market share it would have just as many worms…” I don’t think that if 90% of the market were running Linux (or a combination of Linux and Mac which is really a BSD based cousin), that we would see these kinds of outbreaks. The main reason is because there are so many different varieties of linux, there is an entirely different security model. (Componentized) Additionaly there are many different implementations of various software that could be vulnerable.
This article gives a good overview of where the writer stands in that age old debate. Among other things he points out that more linux machines make up the backbone of the internet than windows machines which would seem to counter the “if there were as many linux machines” claim. I would think network backbone machines would make a more interesting target than Mom’s desktop PC. It’s an interesting read and worthwhile if you’re thinking about a switch (even if you’re not).
Related PostsRelated Posts
- Microsoft Updates Malicious software removal tool for zotob I just read that Microsoft has released an update to the Malicious software removal tool. The updated version is not yet available at Windows or Microsoft update, but from Microsoft's download center. It should be able to deal with the following new bugs... * Zotob.A * Zotob.B * Zotob.C *......
- Viral turf war I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a......
- Microsofts Linux Lab manager answers questions on slashdot A few days back I mentioned that slashdot was posing questions to Bill Hilf, the manager of Microsoft's Linux lab. Today his responses are being posted. Among the more interesting points, in general his role is helping Microsoft have a better understanding of Open Source software. They do report bugs......
- Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
- Combating Computer Espionage Combating Computer EspionageCombating Computer Espionage In some cases, spies as well as covert operations are found in war grounds or politically tense regions. Now in spite of everything, you can find spies in addition to covert operations running undetected within your personal computer system as you use your computer along......
- Protecting Yourself On The Internet Since its beginning in 1990 the online market place has revolutionised the way the world shares info. Unfortunately, it in addition has opened up a whole new world with bad people doing bad things. Illegal material hasn't been so easily available Big Dog Formula to tempt probably the most innocent......
- Microsoft August Updates
- Security Tool Virus Removal
- Linux network worm…
- Antivirus Removal Tools
- Zotob worm bites big media outlets