Microsoft’s quick response to network worms….

This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob

Their main page has a big add for a free trial of Office, another big add encouraging you to upgrade your server, an even bigger add highlighting different music players and a thin line at the bottom in relatively small print and plain text (smaller by far than the ads) titled What You Need to Know About the Zotob.A Worm. As of this writing it is rated as a low threat (although it allows for remote control of a pc?) and they have only listed variants A-C while most virus vendors are already talking about .D .E and .F (and now .G)

Their malicous software removal tool has not seen an update in over a week and a half, so they offer no automated removal tool. (August 9 was the update along with their security fixes for the month.) They do give manual instructions for the A-C variatns in their malicious software database. The fact is though that they are lagging behind the antivirus vendors in providing solutions.

A little over a year ago, Microsoft bought an antivirus company (a GOOD antivirus company.) I used one of their products on a linux mail server I administer. They promptly killed off the linux server flavors and when the subscription for updates expired so did my use of the product. Given that they are the single most dominant software company in the world isn’t it funny that they can’t seem to get a removal tool out the door quicker than x y and z antivirus company?

Beyond that it boggles my mind WHY plug and play which is focused on LOCAL hardware detection had to have a network capable call.

Now this current worm isn’t as widespread as it might seem. (When the media is affected that magnifies the seeming impact.) But, about half of business workstations run Windows 2000 still. I’m just wondering if and when Microsoft really will get serious about security.

Now, I know they’ve said they have refocused on security but I’ll ask a few things. How is it that vulnerabilities can be held and released one Tuesday a month. My perspective is, if you know about a bug that could let someone remotely exploit a system you get the announcement and fix out as soon as possible. One of these days a virus is going to beat Microsoft to the punch and the consequences are going to be pretty rough. Now in all fairness Windows 2000 was probably in design stages in 1997 so there are some fundamental architecture issues that perhaps cannot be significantly solved. Microsoft at some point should bite the bullet on compatibility and venture to redesign/rethink the system from a security standpoint. Their incremental changes are maintaining compatibility, but at the expense of a spaghetti of vulnerabilities hidden in absurd thoughts (pnp receiving data from the network.)

The fact that a security patch on one thing can affect several other pieces of software is a fact of life. Microsoft needs to approach the concept of patches differently. Maybe design a patch so that it can be easily rolled back, or that a vulnerable unpatched service can be run “in a sandbox” that can’t escape to the rest of the system.

Over at the security fix, Brian talks about the recent worm event and points out among other things that we’ll have this one with us a while. (We still have many of the old worms still active online.) Among other things he reminds us it was 5 months after the blaster worm that Microsoft offered a removal tool. (There’s snappy service for you….) He also points out that there have been times that Microsoft has put some of it’s cash to use and offered rewards for the arrest of Virus writers. This is something that they should seriously revisit as it seemed to pay off. The only problem is they only stepped up with money when a virus was an extreme embarrasment.

I think this last point is a sign that they’re still not serious about dealing with the security problem that they’ve brought us to. They need to PROMINENTLY display information about vulnerabilities on their main corporate page and use their power to accomplish something significant in the war against worms and viruses.

Until then I don’t foresee leaving linux as a desktop platform because it puts more of the security of it in my hands and not up to the whims of the manufacturer… I run as a user not as an administrator, this mitigates a lot of threats. If there is a server that’s particularly exploitable it can be run in a chroot’ed environment. I have more control over what services run and what services do not. In Windows there are sometimes peculiar connections between various services.

There is an age old debate about “if Linux had 90% market share it would have just as many worms…” I don’t think that if 90% of the market were running Linux (or a combination of Linux and Mac which is really a BSD based cousin), that we would see these kinds of outbreaks. The main reason is because there are so many different varieties of linux, there is an entirely different security model. (Componentized) Additionaly there are many different implementations of various software that could be vulnerable.

This article gives a good overview of where the writer stands in that age old debate. Among other things he points out that more linux machines make up the backbone of the internet than windows machines which would seem to counter the “if there were as many linux machines” claim. I would think network backbone machines would make a more interesting target than Mom’s desktop PC. It’s an interesting read and worthwhile if you’re thinking about a switch (even if you’re not).

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Win Security 360 | Win Security 360 Removal Guide Win Security 360 is a rogue antivirus application that is promoted through the use of trojans and other malware as well as sites that claim to do malware scans of your computer. Among the things that it will do is schedule itself to run when the system boots and it......
  • Microsofts Linux Lab manager answers questions on slashdot A few days back I mentioned that slashdot was posing questions to Bill Hilf, the manager of Microsoft's Linux lab. Today his responses are being posted. Among the more interesting points, in general his role is helping Microsoft have a better understanding of Open Source software. They do report bugs......
  • Vista UAP (User Account Protection) - too much? First let me tell you I have not seen first hand Microsoft's Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and "run as" functionality. George......
Blog Traffic Exchange Related Websites
  • Combating Computer Espionage Combating Computer EspionageCombating Computer Espionage In some cases, spies as well as covert operations are found in war grounds or politically tense regions. Now in spite of everything, you can find spies in addition to covert operations running undetected within your personal computer system as you use your computer along......
  • How To Remove Vista Internet Security 2011 Virus You may be the latest victim of Vista Internet Security 2011. This name-changing virus has the different version, but no matter what version you have, the issues are the equivalent. The cyberpunks who formulated this virus were quite professional to make the program dynamically change its name according to windows......
  • Why You Need a Good Home Security System There are many unexpected things which can happen these days. The world can seem pretty cruel at times. This is when you want to be able to come home and feel safe. After all, your home is a place where you want to be able to feel your best......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

One Response to “Microsoft’s quick response to network worms….”

  1. Avery J. Parker - Web site hosting and computer service Says:

    [...] In an earlier post today, I talked about the places that they have dropped the ball in responding to this. Yes, they patched it, very good, but there are still some fundamental problems with Microsoft’s approach to security. I looked at the Microsoft blogs, the most precient entry I could find was a “look inside the situation room” which basically started out along the lines that “when there is a situation affecting customers we bring the right people into the room” (paraphrased…). It’s disappointing to see better coverage of a worm affecting Microsoft Windows coming from sources OUTSIDE Microsoft. After all, Microsoft knows their code better than anyone (hopefully) and should be in the best position to analyze what’s happening and INFORM in an attempt to keep their customers armed with the information they need. [...]

Switch to our mobile site