//
you're reading...
News

Windows under attack on two fronts? Even more problems ahead?

How many fronts is the battle for a safe Window experience on? As we see in this article, its not just the writers of Malware than can bring down your system.

Readers to this site may remember that recently we covered the issue of Bitdefender identifying Window system critical file as being malicious code.  Personally I thought the original diagnosis was correct and the software identifying Windows as a virus was a testament to the “intelligence” of its coding.

I am sure that McAfee also had a few words to say to their coders when the same thing happened to them, with reports today stating that McAfee antivirus software is identifying and “fixing” what it believes to be malicious.

The serious issue here is that with the latest .dat update (5958) is being reported to cause SP3 of XP to go into endless reboot.  Whats more worrying though is whilst the issue allegedly is predominantly XP SP3, McAfee have said:

We have individual reports of other versions of Windows being affected as well

So we have another incident here where Windows is crippled not by malicious code, but by the very software designed to protect it.  Of course Microsoft will be quick to point out that the fault wasn’t theirs and a third party – which of course is correct, however you could also argue that if Windows was better secured in the first place there would not need to be so many updates of virus software in order to protect it.  Maybe if Microsoft had better taken the “baton” in the first place, people would not have to look to third parties for a sense of security.

It gets worse?

So thats the end of the story? – Well no.  As if Windows users didn’t have enough problems with the code created to protect them rebooting their systems, the criminal element is also at it.  Taking advantage of unfortunates by playing on their desperation to get Windows working again Grahame Cluley said in his blog today:

By using blackhat SEO techniques, cybercriminals have managed to get poisoned webpages high in the search rankings if you hunt for information on the McAfee false positive. If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into install malicious code onto your computer.

Poor Windows users, falling foul of both cyber-criminals and also the software designed to protect them.  How many more issues will users put up with? Regardless of who is to blame, is it of any consequence to the user who merely wants their computer to function and have a safe experience?

These are answers only a Windows user can give, I left it years ago and have never looked back.

Goblin – bytes4free@googlemail.com

If you are new to this blog (or have not yet read it) please take time to view the Openbytes statement, here.

About these ads

About openbytes

Online tech writer, novelist/author of sci-fi literature and co-host of the TechBytes Show! I believe in multi-culturalism & diversity. Luton Town FC supporter.

Discussion

32 thoughts on “Windows under attack on two fronts? Even more problems ahead?

  1. Can it get worse?, you bet..

    http://blogs.wsj.com/marketbeat/2010/04/22/apple-edges-out-microsoft-as-2-in-sp-500/

    The tears of the Windows fanboyen are sweet like nectar. Oh, how I love to drink them! Lo, this week has left me well-sated.

    Posted by chew | April 22, 2010, 9:16 pm
  2. The joy of Windows :]

    Posted by The Mad Hatter | April 22, 2010, 9:52 pm
  3. Interesting, you are generalizing the entire Windows population based on a version of Windows (XP) released more than 8 years ago. Not to mention, you are blaming Microsoft who is in no way responsible for what happened and a lot of people are agreeing this is a McAfee blooper. There is a lot of bias in your report here, because you don’t see call out when Apple’s Mac OS 10.6 deleted users personal files in the guest account or when a just released Mac OS 10.5 deleted user files moved between partitions or the recent vulnerabilities discovered in Safari.

    The reality is, Windows is the most widely used platform, which makes it the biggest target. Windows is developed by fellow humans which means just like Linux, Mac OS X, Unix is imperfect by nature. I am sure if Ubuntu or Mac OS 10.6 was on 1 billion PC’s, it would be in the same situation.

    Posted by Lucy Buntu | April 23, 2010, 2:54 am
  4. Lucy,

    And I’m sure if you had a clue, you’d know why you are wrong. But since you don’t have a clue about how operating system design impacts security, and because I’m feeling nasty, I won’t bother explaining. You probably wouldn’t understand anyway.

    Posted by The Mad Hatter | April 23, 2010, 5:16 am
    • Mad Hatter,

      I happen to understand quite a bit about the internal workings of operating systems. Perhaps you would condescend to explain to me just how “operating system design” will magically save a user from malfunctioning security software that the user chose to install? Then we can forward the conversation to Theo de Raadt, and he can get off his lazy bottom and make a proper secure operating system according to your principles.

      Thanks.

      Posted by Richard | April 23, 2010, 12:32 pm
      • Gee Richard, there’s this little thing where a correctly designed operating system doesn’t need malfunctioning security software – or didn’t you think of that?

        Posted by The Mad Hatter | April 24, 2010, 8:45 am
      • Dearest Hatter,

        There is? I’s been edumacated today, I can see that. Tell you what, go off to the OpenBSD developers mailing list, or any security-oriented mailing list (for bigger laughs, I recommend bugtraq) and make the same claim: “a correctly designed operating system doesn’t need security software”. (Oooh, and if you’re extra-sure, include claims like “Linux is virus-free”, and “I don’t need an IDS/IPS”, and so on.) You can post the link to your mail here, so that we can all see the glorious reception that your wisdom will receive.

        Posted by Richard | April 25, 2010, 7:32 am
  5. Yeeeeesssss, YEEEEEESSSSSS! Your weeping creates a delicious river of sustenance!

    Posted by chew | April 23, 2010, 12:05 pm
  6. [QUOTE]There is? I’s been edumacated today, I can see that. Tell you what, go off to the OpenBSD developers mailing list, or any security-oriented mailing list (for bigger laughs, I recommend bugtraq) and make the same claim: “a correctly designed operating system doesn’t need security software”. (Oooh, and if you’re extra-sure, include claims like “Linux is virus-free”, and “I don’t need an IDS/IPS”, and so on.) You can post the link to your mail here, so that we can all see the glorious reception that your wisdom will receive.{UNQUOTE]
    Richard, how many virii are available which attack FreeBSD, OpenBSD, NetBSD, DragonflyBSD, Open Solaris, Solaris, GNU/Linux, Aix, HP-UX, Tru64, etc?

    Posted by The Mad Hatter | April 25, 2010, 8:22 am
    • Mad Hatter, I don’t know. We’ve already established that your knowledge of “correctly designed” operating systems is so much better than my own; why do you keep reminding me of my obvious ignorance? All I ask is that you share this brilliance with like-minded security folk, who would undoubtedly welcome your input. As for me, I’m going to consider removing Snort, Tripwire, and my router firewall: I hardly need them, since I’m running an operating system that has been “correctly designed”. And to think that I was considering the use of SELinux! How crazy! It’s good to know the errors of my ways.

      Let’s see that post, Hatter. I’m waiting with eager anticipation :).

      Posted by Richard | April 25, 2010, 10:15 am
      • Richard, why do you only pop up in threads that highlight shortcomings of Windows?

        Oh I know you drop BSD and Linux into your comments (can’t have people thinking you use Windows) you have to pretend to be a linux user afterall, but really is there any point? My articles are read on average 1000 times by unique IP’s every day…please check my stats. I have incoming links from both Windows forums and Linux forums…….why is it that out of all those people, there are only a handful which try to defend that which cannot be? This article in particular, wheres the united front by Windows advocates? I’d suggest its absent because the only Windows advocate are those with a financial interest in it, a couple of people from the Linsux forum, whose intentions are a dubious as their maturity, Andre and his female alter-ego and you…..oh sorry and I forgot, Robotron who came here with great delight and implication that he was some sort of great counter, only for him to slither away and not return after only a few lines of text….yes Robotron, I was very impressed. ;)

        Even Microsoft employee’s that have commented here have failed to counter in my opinion, merely post press releases and then vanish again. I think the last of which was Mr Rose.

        The whole point of the article was that Windows isn’t secure and even when you put your faith in a 3rd party app (since Microsoft can’t do it) your system still comes down. The whole point of the article was not to point out the obvious, that one of the reasons why Windows users suffer is because its such a big target, but to highlight that in todays growing diverse OS deployment, perhaps a more equal balance of desktop choice would be better for the end user since it dilutes the impact any one exploit could have and presents those with dubious intentions more than one target?

        Maybe you could answer me Richard, if for one minute we pretend Windows and Linux are on a par in terms of security, would you think that a more equal share of the desktop would make the environment safer for the end user?

        Posted by openbytes | April 25, 2010, 10:39 am
      • Notice how Richard avoids answering my questions – instead he/she/it keeps on raving.

        Posted by The Mad Hatter | April 26, 2010, 3:55 pm
      • Goblin,

        Mostly, I pop up in threads that deal with your ridiculous obsession with Mono, and I’m rather surprised that you haven’t noticed this. In fact, I’m rather surprised that you’ve managed an entire comment without accusing me of working for some nefarious organization, or using multiple personas (by the way, Hatter, I’m pretty sure that I’m not Andre da Costa — but thanks for playing the Paranoia Game!), or being hell-bent on destroying the Intarnets with swearwords. But it seems that I’ve fallen in your estimation, and that some poster named “Robotron” is supposed to be providing you with your trollish entertainment.

        Robotron,

        If you’re out there, please do post something. I fear that our Goblinesque troll might be starving under his bridge, and you wouldn’t want to be responsible for the starvation of such a strapping young troll, would you? Have a heart.

        Hatter,

        I’m very disappointed by your reluctance to share your security insights with the world. I’m sure that this can’t be because you realise just what an ass you’d make of yourself in front of any impartial security expert, and it must be because the World is Not Ready to accept brilliance like yours. But, O Security Master, please continue to shower us with the same condescension that you displayed towards “Lucy” (hi Andre!). It’s our job to shoulder on as best we can, discovering our errors only through your chastisement.

        Posted by Richard | April 26, 2010, 6:13 pm
  7. @Richard

    Firstly lets not start with lies again. I don’t want to have to tell you off like a naughty child when you can’t stick to the truth.

    In respect of your comment of Mono obsession, all I’d say to readers is count how many times I actually write articles on it, what Richard comments on and how he comments on it. Richard you are bringing up Mono here and I haven’t mentioned it….Please stay on topic. Its not an obsession, I have an opinion, if you don’t agree thats fine, give your reasons…..you don’t do that do you though Richard.

    Quote “ou’ve managed an entire comment without accusing me of working for some nefarious organization”

    When have I done this in the past? please quote me. As we proceed down your text its looking more likely that you need the “naughty boy” disclaimer again.

    In respect of Mad Hatter questioning the Richard handle, I think that is quite reasonable since we have already seen Andre changing gender in order to post here. Of course your IP is different, I havent mentioned it.

    Quote “But it seems that I’ve fallen in your estimation,”

    Thats not possible Richard, I assure you.

    Quote “s supposed to be providing you with your trollish entertainment.”

    Right, so you come to my blog, you comment and its my trollish entertainment…..ok…Richard, have a day off.

    Funnily enough Richard, whilst you were complaining Mad Hatter didn’t answer your questions, why have you not answered mine? Let me repeat it for you:

    if for one minute we pretend Windows and Linux are on a par in terms of security, would you think that a more equal share of the desktop would make the environment safer for the end user?

    Best regards Richard and if you do see Robotron, send him my best.

    Posted by openbytes | April 26, 2010, 10:01 pm
  8. Oh, and Richard here’s something you should, but won’t read.

    Posted by The Mad Hatter | April 27, 2010, 7:12 pm
    • But Mad Hatter………he’s just a “Microsoft hater” ;) Don’t you know that everyone who suggests that there is an alternative to Microsoft products “hates” Microsoft? Its on the same wavelength as their “obsession” argument, write more than one article offering your honest held belief and they will label you “obsessed”…….still we shouldn’t moan, its better than one of their vulgar rants.

      Richard won’t be back for a while now. He will wait until he thinks people forget and then will pop up with a new set of dishonest allegations.

      Posted by openbytes | April 27, 2010, 7:27 pm
    • Hatter,

      Cool story, bro. User gets hacked, he doesn’t have any clue about what the vector was (or whether his local machine was compromised at all), and decides spontaneously that It Must Be Windows? I loved it.

      Posted by Richard | April 28, 2010, 5:16 am
      • Wheres my answer Richard? Let me repeat it for the 3rd time, maybe you will answer:

        if for one minute we pretend Windows and Linux are on a par in terms of security, would you think that a more equal share of the desktop would make the environment safer for the end user?

        Posted by openbytes | April 28, 2010, 9:13 am
      • Goblin,

        If we pretend that the two are on par in terms of security, then it would make absolutely no security difference to the end-user to have one instead of the other. If it did, then the two were obviously not on par in terms of security, were they?

        Silly Goblin!

        Posted by Richard | April 28, 2010, 3:55 pm
      • Ah, you didn’t read it. This is more accurate:

        User familiar with multiple operating systems suffers from computer problems for years. Does the math and realizes that the only operating system that has been giving him trouble is Windows. User takes actions to minimize his exposure to Windows.

        Posted by The Mad Hatter | April 28, 2010, 4:32 pm
  9. @Richard.

    LOL, I think its Silly Richard…. You either intentionally didn’t grasp what I was suggesting or Ive grossly overestimated your level of understanding.

    What I was asking (as if you didn’t know) was that lets put aside the issues of security for a minute and let me ask you, if you have a more diverse deployment of OS’s, then surely having not a single one big target (as you suggest Windows is) would be a good idea, surely it would give those with criminal intentions multiple targets to choose from (thus lessening the chances)….I asked the question would this not be better for the end-user in terms of avoiding becoming a victim.

    I hope thats clearer for you now. Maybe you can answer properly…..

    Posted by openbytes | April 28, 2010, 8:53 pm
    • Goblin,

      Now that you phrase it that way, I’m shocked and surprised that you would regard such a question as being useful. Have you not been paying attention? As I’ve recently learned, a correctly designed operating system has no security problems, and thus has no need for security solutions. So what is better for the end user is not a more diverse deployment of OSes, but rather a correctly designed operating system. It doesn’t matter how big a target such an operating system is, because it will suffer from no security issues, since it is correctly designed. Unfortunately, we won’t have such a thing until Hatter provides us with technical details from his vast store of security knowledge. A shame, tsk-tsk, a decided shame.

      Posted by Richard | April 29, 2010, 5:32 am
  10. Quote ” I’m shocked and surprised that you would regard such a question as being useful”

    That comment coming from you comes as no surprise to me.

    Quote “Have you not been paying attention? As I’ve recently learned, a correctly designed operating system has no security problems, and thus has no need for security solutions.”

    Don’t be so silly (or stop wasting my time) we both know that there is no 100% secure system, nor will there ever be.

    Quote “So what is better for the end user is not a more diverse deployment of OSes, but rather a correctly designed operating system. It doesn’t matter how big a target such an operating system is, because it will suffer from no security issues, since it is correctly designed. ”

    I know what you are trying to do and its Hatter who can reply himself to the points you bring up (which I must remind you I am not talking about) Let me say again I am not Hatter. Do I ask you to justify Andre? Of course not, so please don’t avoid my question by fudging around with a discourse between yourself and Hatter.

    I would ask the question again, but you won’t answer me and I knew you wouldn’t. As I said before you emerge to defend Windows and there would be no way you would condone an opinion of an equal share of OS’s deployed in order to “make several smaller targets” instead of one big one.

    Its why I asked the question of you. You are not interested in discussing, nor are you interested in a proper debate, you merely act as a Windows defender. Do I think you are from Microsoft? No and please check my Twitter where I have discussed you, if you think otherwise. Personally I am of the opinion you are either here because you want to cause trouble, or merely bored.

    You are more than welcome here if you are prepared to act like an adult. Name calling or lame attempts at sarcasm to avoid questions are not.

    I’ll leave you to think about it.

    Posted by openbytes | April 29, 2010, 8:27 am
    • Goblin, Goblin, Goblin.

      You wound me, oh, so you do.

      “there would be no way you would condone an opinion of an equal share of OS’s deployed in order to “make several smaller targets” instead of one big one.”

      Of course I wouldn’t condone such a thing. Switching between operating systems in the hope that the exploit you’re targeted with won’t happen to target the OS you’re using now is stupid. If you want to switch for usability, or performance, or price, or flexibility, or some other reason: go ahead. If you want to switch because of some mistaken belief that your choice of operating system will protect you from a bug in Flash or some well-crafted XSS or even a trojan horse … then you’re an idiot, pure and simple. Or maybe you’re a genius, and I’m incapable of understanding your brilliance — and if that’s the case, please go off and post your wonderful “switch OSes frequently ‘cos it’s safer!” idea to a security-focused list, and let us all enjoy the giggling that will ensue.

      On a side-note, no, I’m not particularly interested in engaging you in discussion. You seem to lack even the basic courtesy required to disagree with someone without personally attacking them. You’ve shown this time and again, and seem to regard it as an admirable trait when people avoid coming back to engage you (hint: it’s because they’ve realised it’s like discussing eschatology with a poo-flinging monkey, and not because they’ve suddenly decided that you’re 100% correct). So, why would I bother to discuss anything of substance with you? It’s much more amusing (and probably more socially-appropriate) to publicly ridicule you for your lack of research and numerous fallacious arguments.

      (Tell you what: you grow up first, and then I’ll treat you as an adult. I don’t have much hope of that happening anytime soon, though!)

      Posted by Richard | April 29, 2010, 11:08 am
  11. Hi Richard,

    Quote “You wound me, oh, so you do.”

    We’ll come to that in a minute…

    Quote “Of course I wouldn’t condone such a thing. Switching between operating systems in the hope that the exploit you’re targeted with won’t happen to target the OS you’re using now is stupid.”

    That wasn’t the question, I was asking if you thought that a more diverse deployement of OS would benefit the end enduser in that there were more targets. Stop playing the fool, I mentioned nothing of “switching.”

    Quote “use of some mistaken belief that your choice of operating system will protect you from a bug in Flash or some well-crafted XSS or even a trojan horse … then you’re an idiot, pure and simple.”

    We can argue about permutations of exploits and code all day, but present the criminally minded with a few different desktops instead of one and it rather makes their life more difficult does it not? Talking of idiots lets move onto you and your behaviour, but first let us quote some of your “classics”

    ” poo-flinging monkey”

    I bring that up only because at the end of your “rant” you dared to say to “grow up”….Richard….Richard……shall I post here your previous behaviour and let the readers decide who needs to grow up? How many times have I said to behave yourself, Ive even told you that you shouldn’t feel the need to post here if you don’t want to, which is why I am confused when you say:

    “So, why would I bother to discuss anything of substance with you? It’s much more amusing (and probably more socially-appropriate) to publicly ridicule you for your lack of research and numerous fallacious arguments.”

    Well you haven’t done that. Without looking at how much of a child you have been in previous threads, lets just look at this one for now. Infact why don’t readers go back themselves and decide. Why are you the only one who ever creates a fuss (or tries to) I have many interesting conversations with people with opposing views. Winobs (Microsoft MVP) on Twitter is one such person why are you always the one who is different Richard? Mr Rose, again a MS employee, came here and we had a pleasant discussion despite having completely different views.

    Richard, as I say before, should we make an article on what it actually is you have been doing here and let others decide? How about we hold it to a vote?….In the meantime Richards previous comments on articles here are for all to judge.

    Quote “Tell you what: you grow up first, and then I’ll treat you as an adult. I don’t have much hope of that happening anytime soon, though!”

    Im not sure who you are trying to convince. Do you think readers wont go back and check? All I asked you to do was answer a question, all I got from you was a fudged answer and then a few attempts at insults when you were backed into a corner.

    Im sure you will be back Richard (and your always welcome) I don’t suppose asking a fourth time for you to answer the question properly is worth it.

    Ive been writing this blog for nearly two years Richard. You are the only argumentative regular here. My readerbase increases weekly and Im linked on some rather large sites…..You tell me Richard
    who’s being “publicly ridiculed” here.

    I suppose at least with no unique web ID or presence, your “Richard” handle can slither off any time it wishes , so I don’t suppose you have anything to lose.

    Posted by openbytes | April 29, 2010, 10:26 pm

Trackbacks/Pingbacks

  1. Pingback: Microsoft Losses Online Increase, Business Software Group Down | Techrights - April 23, 2010

  2. Pingback: Microsoft Windows – Disaster Movie At Eleven! « Through the Looking Glass - April 23, 2010

  3. Pingback: Microsoft MVP Andre Da Costa – “Oops he/she’s done it again” ? « OpenBytes - April 23, 2010

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

about.me

Tim Wilson

Tim Wilson

Writer/Novelist of many facets both in the world of technology and fantasy/sci-fi. Co-host of the TechBytes audiocast and writer for both OpenBytes and Goblin's Domain. Supporter of free and open source software.

Stats

  • 527,044 readers

Follow Tim on Twitter

Follow

Get every new post delivered to your Inbox.

Join 11,282 other followers