Nato warns of strike against cyber attackers

Barry Shein bzs at world.std.com
Wed Jun 9 20:44:38 UTC 2010


On June 8, 2010 at 21:05 fergdawgster at gmail.com (Paul Ferguson) wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 > 
 > On Tue, Jun 8, 2010 at 8:59 PM, JC Dill <jcdill.lists at gmail.com> wrote:
 > 
 > >
 > > I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
 > > creating an "attractive nuisance" - an operating system that is too
 > > easily hacked and used to attack innocent victims, and where others have
 > > to pay to clean up after Microsoft's mess.
 > >
 > 
 > Do you honestly believe that if 80% of the world's consumer computers were
 > *not* MS operating systems, that the majority of computers would still not
 > be targeted?

Ah, the disinformation reply...

MAYBE IF [please read thru before replying because I probably cover
most knee-jerk responses eventually]:


a) Microsoft hadn't ignored well-known techniques for dividing secure
vs insecure operations in their kernel thus allowing any email script
you're reading to do whatever it wants including, e.g., re-writing the
boot blocks.

b) Microsoft hadn't made the first and usually only newly created user
"root" on a new system so it'd be easier to install applications they
bought and administer the system and save them understanding that they
sometimes have to type in a separate adminstrator's password. But the
extra typing and forgetting that password of course would detract from
the "user experience".

c) Microsoft hadn't distributed, for decades, systems with graphics
libraries which relied on injecting raw machine code into the kernel
to speed up operations like scrolling a window (which used to be very
slow without this, as one example), and got their third-party vendors
so hooked on this technique that they screamed bloody murder every
time MS even hinted that they might remove it. It took generations of
OLE, X controls, .NET, etc to get rid of this, if it's even completely
gone now.

d) Microsoft hadn't ignored all these basic security practices in
operating systems which were completely well understood and
implemented in OS after OS back to at least 1970 if not before because
they saw more profit in, to use a metaphor, selling cars without
safety glass in the windshields etc, consequences be damned.

e) Microsoft hadn't made tens if not hundreds of billions off the
above willful negligence for decades (if you include the first warning
when viruses became rampant in the late 80s, plus a decade of infected
zombie bots starting in the late 90s) after they knew full well the
disasterous consequences, causes, and fixes.

f) The fact that Microsoft began putting exactly the fixes the above
implies with, generously, XP SP2, but not seriously until Vista
(general release: January 30, 2007) which is tantamount to an
admission of guilt. Such as separating Administrator from User and the
privileges thereof.

Then, and only then, MAYBE their mere market dominance would be
a plausible reason.

But for those of us who actually UNDERSTAND operating systems and how
their security works (or doesn't) and what the problems have been
specifically statistics and probabilities and hand waves just can't
trump KNOWING AND UNDERSTANDING THE FACTS AND HOW THESE THINGS WORK!

Blaming Microsoft OS's vulnerability to viruses and zombification on
their market dominance would be like blaming the running out of IPv4
addresses on cisco's market dominance. It has a certain appeal to the
ignorant, but anyone who knows anything about the actual causes and
history knows there's not one grain of truth to it.


-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*




More information about the NANOG mailing list