When is a security update not a security update? – When you’re a Windows user!

on
Just like the water system, it seems quite easy to "pollute" Windows with "foul" software. Are people really happy with an OS that has you questioning every system alert and download? - You decide.

Users who run Windows are well accustomed to malware/spyware et al that can make running a Windows machine a constant battle to prevent, an ulcer inducing experience when installing downloaded software and a headache when this aforementioned “ware” takes hold.  These people will no doubt be keen to get as many security updates as possible and for me I would liken the experience as being very similar to the story of Sisyphus from Greek mythology.  For every one you remove, the whole process repeats itself shortly after.

Without going into an argument of “Well Windows is the most popular platform, its bound to be targeted more” – which I would suggest is of little comfort to any victims of malware et al, lets look at the latest attack which although has had a warning issued, you just know there will be some who will still fall victim.

Its being reported on the Windows blog that there is an exploit/trojan that users need to be aware of:

This imposter is known in the technical world of antimalware combat as “Win32/FakePAV”. FakePAV is a rogue that displays messages that imitate Microsoft Security Essentials threat reports in order to entice the user into downloading and paying for a rogue security scanner.

Source: Windows Blog

Whilst I would not want any Windows user to fall foul of the latest malware scam, it does serve as a reminder about how lucky Linux users are.  I can’t remember anytime when I’ve been bugged by a pop-up, had packages close on me as a result of a malicious download or in fact had any worries about security.  Now that doesn’t mean a Linux user can be flippant in the face of possible attack but what I suggest is that locking down my system does not invade my thoughts to the point that it did when I ran Windows at home.  Is Linux inherently more secure than Windows regardless of popularity? I would say it is, that’s my opinion, but I would respond to any suggestion that Linux is less likely to come under attack because of the market penetration by saying that I doubt any victim of malware on a Windows system would take comfort from that when they find themselves a victim.

Windows Blog makes another points which I think need addressing:

This malware can potentially cause consumers and small business owners harm.

Can potentially? It’s yet another piece of “ware” that Windows users need to look out for, yet another thought of suspicion when a legitimate security update is offered, it’s yet another concern for people to keep in mind when they are using their PC and trying to be productive.  I’d say regardless of if a user gets it or not, this WILL cause harm, even if it’s just more paranoia and distrust that a Windows user has when being online.

As I Linux user as I say I don’t have concerns such as this, so let me quote users from the Windows Blog who have taken the time to make comment:

….mine has been infected by this couple of times, have to remove it manually.. so far, seems it is spread via Live Messenger, can you confirm this?

or

Have to say that I was a victim of this – it royally screws up the system, not allowing any program to launch.

which is kindly answered with

Live Messenger can certainly be used to spread it if you’re not careful with clicking on links and downloading files – just like other trojans and malware.  It’s just another way into your system.

So after a release of this security alert on October 25, you already have users reporting that they’ve already been a victim and in one case allegedly a repeat victim.  I’m sure they are still happy though, it’s because Windows is used by more people, that’s why they suffer. In a statement which I find rather depressing, another comment states “It’s just another way into your system” a rather sad indictment of the state of Windows security?

You can read all the comments on the Windows Blog and I’d suggest if you are a Windows users, you read the warning and take notice.

Goblin – bytes4free@googlemail.com / TwitterIdenti.ca

You can also contact me on Skype: tim.openbytes

If you are new to this blog (or have not yet read it) please take time to view the OpenBytes statement, here.

One Comment Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s