Evil Cyber Empire only possible because of Microsoft

Barry tweeted a Newsweek article titled The Evil (Cyber) Empire – Inside the world of Russian hackers. What the article doesn’t mention (possibly because Microsoft is a Newsweek advertiser) is that what holds the ‘Russian Business Network’ together is a vast botnet consisting of millions of compromised computers running the Microsoft Windows Operating System.

That’s right. Windows. Not OSX. Not Linux. Only Windows.

The problem is that Windows was originally designed as a single user system. When network capabilities were grafted on in Windows 3.11 in an anti-competitive move against Novell, then the premier network software provider, security wasn’t considered. When Microsoft belatedly recognized the Internet, and grafted TCP/IP networking onto Windows 95 and Windows NT 4.0, again, security wasn’t considered.

Microsoft has never to this day taken security seriously in my opinion. Features such as the infamous ActiveX, which Microsoft eventually had to cripple, are an example of this. Another example is Internet Exploder, the disastrous web browser that Microsoft includes with Windows.

No other operating system has the security issues that Windows has. And quite frankly no other operating system ever will. Even Microsoft has admitted that

No other operating system is susceptible to so many attacks. Even Microsoft has admitted publicly that their products aren’t engineered for security.

Advertisements

33 thoughts on “Evil Cyber Empire only possible because of Microsoft

  1. and now the so aptly named STD called mono will drag gnu-linux down into this venereal pit of virus and malware where windows writhes in its own feculence… and in fact ubuntu recently delivered some malware from code delivered from its own OFFICIAL REPOSITORY, a first for any linux distro.

  2. I have been a KDE stalwart since about redhat version 6 or so… the late 90's.Mandriva or Fedora, Kubuntu is unusable.

  3. "…in fact ubuntu recently delivered some malware from code delivered from its own OFFICIAL REPOSITORY, a first for any linux distro."Except that this isn't at all the case. The malware in question was packed into a supposed screensaver from the site gnome-look.org, which is not Ubuntu's "own OFFICIAL REPOSITORY". Nor did the malware have the slightest thing to do with Mono.See this thread on Ubuntu Forums for details. No substitute for actually knowing the facts.Hey, Wayne, have you seen? "Sandy" is "Umberto" now… =D

  4. Lefty,Thanks for the link. That was a really interesting read. FYI, I've been really busy, and hadn't actually read any of the posts on this article other than to make sure that they weren't link spam, or I would have investigated what he posted.However I always read everything that you post :)Happy New Year.

  5. At which point I have to ask – what the heck is Don Reba talking about?And as to KDE – never liked it that much. XFCE and Enlightenment are more to my taste.And as to calling Mono an STD, that's not accurate. Mono is an attempt to replicate a third rate technology. The so called advantages that Mono gives youhttp://tirania.org/blog/archive/2009/Dec-15.htmlIn IPhone development you get from Apple's tools anyway, and Apple's tools are free. It's the same with Linux development. I mean, why would anyone want to imitate Microsoft, the company famous for security breaches you could drive an Leopard 2 MBT through?The only answer that I can come up with is that like all Autism suffers (myself included) Miguel focuses on one thing at a time, and right now he's focused on Microsoft.Next year he might be focused on Scaled Composites. Now there's a scary thought…

  6. And according to Slashdot, it was only posted on gnome-look.org for 24 hours before someone discovered the malicious code and had it removed.With the popularity of Ubuntu, it was a matter of time before we saw trojans appear. As everyone knows, there is no way an OS can stop an ignorant user with a root password, although I think Linux (and OS X) does a better job at this than Windows since users typically know that a root password prompt deserves special attention. Moreover, most *nix users know that screen savers will NEVER need a root password. On Windows, most apps need admin access because of the "run as admin" paradigm that has been prevalent for 2 decades. Most developers still code their apps for admin access, so with Windows, you either have to scan the app with often ineffective AV software or go on word of mouth as to the veracity of the app. With Linux you know if an app like a screensaver is asking for root, something is amiss.The thing that concerns me, though, is a lot of people making the switch from Windows will bring their bad Windows habits with them — that is, they will want to know how to run as root, will look for software outside of the repos since repos are an alien idea to them, and they will want to install AV software to "protect" their machine, which is a big mistake. I see all 3 problems already on the Ubuntu forums.

  7. mono is most certainly an std, miguel got it from oral sex with Microsoft representatives, and now he wants to give it to everyone he can… and he always has stonemirror to defend mono in every way possible, with every lie possible…

  8. "and he always has stonemirror to defend mono in every way possible, with every lie possible…"Perhaps you can point to a specific and concrete example of me "defending" Mono; I'm particularly interesting in cases where I've demonstrably "lied" in order to "defend" it.I've said several times that my only associations with Mono are that I know several folks who work on it, and I use F-Spot and Tomboy. Since GUADEC, I've fooled around with some of the new Banshee stuff as well.I don't program in C# or use Mono in any other fashion, and if reasonable, non-Mono-based, alternatives to the programs I do use came along, that'd be fine with me. I see no reason to switch to gNote, since it's (as Hub admits) chasing Tomboy's taillights, and gThumb is most certainly not a credible replacement for F-Stop.I don't believe in restricting people's choices as the the free software they can work on or use based on some otherwise-uninvolved third-party's feelings about the origins of that software.

  9. "I tend to believe you.."- CONYOU harass and stalk people, the links above lead only to YOU, and in your own words. There is no 'stonemirror' except YOU.

  10. "In IPhone development you get from Apple's tools anyway, and Apple's tools are free."By the way, this isn't accurate: you get XCode "for free" with your ($129) copy of OS X; getting the iPhone Developer SDK requires signing up as an iPhone developer, for an additional $99 (annually).

  11. and I'll take RMS over your crazy partisans like the idiots on dysamoria.com ANY DAY. RMS encouraged a complaint to the Gnome Foundation based on this DOCUMENTED evidence of your misdeeds, and he is extremely careful of the data he examines. Bruce Perens as well, who need we remind you called you out, Lefty, called you both a crybaby and a LIAR.

  12. RMS encouraged a complaint to the Gnome Foundation based on this DOCUMENTED evidence of your misdeeds, and he is extremely careful of the data he examines.So you claim, "Sandy", but where's the actual evidence?Bruce Perens as well, who need we remind you called you out, Lefty, called you both a crybaby and a LIAR.Would that be the same Bruce Perens who's offering unilateral (and thus meaningless) "waivers"—at his "usual consulting rate"!—on code to which he has a very sketchy copyright claim to GPL violators who've been named as defendants in an ongoing suit by the SFLC…?

  13. "In IPhone development you get from Apple's tools anyway, and Apple's tools are free."By the way, this isn't accurate: you get XCode "for free" with your ($129) copy of OS X; getting the iPhone Developer SDK requires signing up as an iPhone developer, for an additional $99 (annually).Incorrect. The $99.00 amount is right, however you only have to pay that if you want to publish an app. You can develop all you want for free.Now if you try MonoDevelop, my understanding is that you pay Novell about $800.00 for the dev kit, and then you have to pay Apple $99.00 to be able to publish.It's cheaper to use Apple's kit, and since Mono is an imitation of .Net, which is an imitation of Cocoa (devs I know say that .NET is an inferior imitation of Cocoa. I haven't worked with either of them, so I don't know).

  14. > At which point I have to ask – what the heck is Don Reba talking about?It's a quote about conspiracy theorists that seems to fit. Everyone uses this terribly insecure Windows, including US DoD and NASA — they must all be lemmings. Although, you are wrong on the facts here.> The problem is that Windows was originally designed as a single user system. When network capabilities were grafted on in Windows 3.11 in an anti-competitive move against Novell, then the premier network software provider, security wasn't considered.The NT kernel, which lies at the core of Windows XP and later, is unrelated to Windows 3.11. NT was designed as a secure multiuser system from the outset.> Features such as the infamous ActiveX, which Microsoft eventually had to cripple, are an example of this.Seeing that Silverlight, Flash, and Java Applets are ActiveX controls, how "crippled" is it, really?> Another example is Internet Exploder, the disastrous web browser that Microsoft includes with Windows.As Firefox became more used, the rate at which vulnerabilities are discovered in it exceeded IE's by far: "Mozilla browsers were affected by 99 new vulnerabilities in 2008, more than any other browser; there were 47 new vulnerabilities identified in Internet Explorer, 40 in Apple Safari, 35 in Opera™, and 11 in Google® Chrome." (Symantec)Additionally, IE8's phishing protection is the most effective of all browsers. (NSS Labs)

  15. stop confusing “conspiracy theory” with institutional analysis. stop it. stop it right now! bad dog!Institutional analysis is that part of the social sciences which studies how institutions—i.e., structures and mechanisms of social order and cooperation governing the behavior of two or more individuals—behave and function according to both empirical rules (informal rules-in-use and norms) and also theoretical rules (formal rules and law). This field deals with how individuals and groups construct institutions, how institutions function in practice, and the effects of institutions on society.[1]Since institutional analysis is focused on the systematic study of people’s collective behaviour in institutions, its ability to explain major political, social, or historical events is sometimes contrasted with the use of conspiracy theory to explain such events, since the latter focuses on explaining such events by a secret, and often deceptive, plot by a covert coalition of small numbers of powerful or influential individuals rather than by the systematic, regular, publicly documented behaviour of the institutions.[2][3]http://en.wikipedia.org/wiki/Institutional_analysisit’s like showing a dog a card trick….

  16. Don,Windows NT 3.1 was barely capable of telling that a network was there:http://en.wikipedia.org/wiki/Windows_NT_3.1I know. I used it. Netware and Lantastic were better. Second, Active X is a Java knock off, the browser implementation was designed to attempt to attract developers away from Java. IE 6 incompatible with anything else, because it was the version of IE most reliant on Active X. Many corporate intranets still rely on Active X, which is why IE 6 browser share remains high. IE 7 and later had Active X crippled by default.Third, Firefox vulnerabilities don't tie into the core of the operating system, IE vulnerabilities do.

  17. I am not going to defend MS any more than is necessary to argue that it is naive to blame Windows for existence of botnets. Were any other system dominant to the same extent, then it would have been used by the hackers. Any security system is only as strong as its weakest link, and in the real world it is not the OS, but applications and their users. Case in point: "The Year's Most-Hacked Software".> Third, Firefox vulnerabilities don't tie into the core of the operating system, IE vulnerabilities do.How so? Like any other browser, IE operates entirely in user mode. Using it in the shell does not compromise security. Any browser is only responsible for the security boundary between remote and local access.

  18. Don,There's a difference in the bugs though, Windows bugs often allow 'Privilege Escalation' where as Adobe bugs are limited to the local user. All of which makes Windows bugs more dangerous.And yes, the only machines in botnets are Windows machines, because no other operating system can be compromised as easily. It's not numbers that matter so much, as a near total lack of security. Oh, Vista and Seven are better than XP, but that's not saying much.And IE isn't like any other browser. Ask Microsoft. They testified in court that IE could not be removed, that it was an integrated part of the operating system. Are you trying to say that the company's Chairman, Bill Gates, lied under oath?

  19. In order to allow privilege escalation, IE would have to be exposed from a process with elevated privileges, such as the kernel or a service. This is not the case. The part of Windows in which IE is integrated is the shell, which runs with the user's credentials.Linux is not inherently more secure than Windows — OpenBSD might be. Even if you were right and Windows was comparatively "lacking security," it would still not be the reason for its use by botnets. Simply, if I were a malware writer, rewriting all of my tools to support Linux would be near the end of the list of things to do to make my attacks 1% more effective. Therefore, no one does it.

  20. Incorrect. The $99.00 amount is right, however you only have to pay that if you want to publish an app. You can develop all you want for free.You're correct as far as that goes: you can "develop all you want for free", in the sense of being able to get the development tools, including the iPhone emulator, and use them.What you can't do for free (either as in speech or beer) is download the app you've developed to an actual device. For that you need the crypto keys for the device and a provisioning profile, and that'll run you $99.The description in this column is still accurate as far as I know.

  21. Whereas with Novell's Mono Tools for Visual Studio you get a 30 day Trial, and then have to pay $99.00. So it's less expensive to use the Apple tools, unless you can do your dev work inside of a month. And after that, well you have to pay Novell, and then you have to pay Apple anyway.So why would you buy the Novell solution?

  22. Don,My apologies. I've been meaning to write a full length post to address your comments, however the Copyright issue has been taking up all my time (you can see the newest articles at madhatter.ca).So it's going to happen. Just not right now. I'm afraid that Copyright has made Windows totally unimportant.

  23. So why would you buy the Novell solution?I wouldn't, and I haven't: as I've said several time, I don't program in C#. I'm sadly limited to C, C++, Objective-C, Javascript, PHP, several forms of assembler, and a small variety of "novelty" languages. I think the price of the Mono tools for the iPhone is unrealistically high, for what it's worth.I was merely trying to point out that iPhone development, in any meaningful sense, wasn't "free", not unless you didn't care about actually running the programs you'd developed on the devices you'd developed them for.There's a story about Winston Churchill, I think, asking a woman whether she'd sleep with him for a million pounds. "I suppose I would," she says. "Would you do it for ten, then?" asks Churchill. "Mr, Churchill, do you think I'm a prostitute?" she demands. "We've established that already, Madam," says Churchill, "We are merely haggling over the price."

  24. > I'm afraid that Copyright has made Windows totally unimportant.Music to my ears. More great posts about copyright and less tech zealotry, please.

  25. Gotta love Winny.Woman: Sir Winston, you're drunk.Winston: Yes Madam, but in the morning I'll be sober and you'll still be ugly.I have the collected quotes of Winston Churchill here in a book, that I reread on a regular basis. The man not only had a way with words, he could see through to the important point, which many of his associates could not. A final Winny.When I was a child, my parents adjudged it to much for my senses, and banned me from seeing the boneless man. As a consequence I've had to wait forty years, and enter parliament to see on, sitting on the treasury bench.A great man, even when he messed up totally.

  26. An extremely quotable guy. Another of my favorites is the exchange between Churchill and Lady Astor, wherein she advised him, "Mr. Churchill, if you were my husband, I'd put arsenic in your tea!", to which Churchill replied, "Ma'am, if you were my wife, I'd drink it."

  27. Yes, he and Lady Astor used to be 'at odds' a lot. Winston didn't think that women should have to put up with the rigors of a career in the Commons, and when they got in over his objections, he wasn't sure what to do with them. I loved some of his exchanges with Lady Astor – she gave as good as she got. She must have ruffled the old bastards feathers quite often. As much as I like Winston for his style, and accomplishments, he really was a terrible old dinosaur in his attitudes, and I'm glad that a woman with a strong personality was there to put him in his place.

  28. Perhaps you can point to a specific and concrete example of me "defending" Mono; I'm particularly interesting in cases where I've demonstrably "lied" in order to "defend" it.Seems like no one, suddenly, has much to say on this in the past nine days. Can we safely conclude that people are simply blowing smoke out their posteriors with this claim…?

  29. No, it means that people have been in major pain, and haven't been all that active… I'm feeling a bit better now, having had a nerve block procedure. You can see a video of it at http://madhatter.caBack to Mono – I was under the impression based on your posts at http://boycott-boycottnovell.com/ that you were in favor of Mono. Now it's always possible I've misunderstood your position, feel free to correct me if I did.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s