Security expert Bruce Schneier today wrote about the “Storm Worm” again. Go and read it and become very afraid if you are running the Windows operating system. Become even more afraid if you are responsible for a bunch of them, like in a company. And then get a clue and morph them all into something better, like installing any of the Linux/Unix/BSD variants.
The so-called “Storm Worm” is spreading since this year, and Bruce admits that in fact nobody knows exactly what’s going on, and what to do against or about it. Estimates of infected machines range from 1 to 50 million computers worldwide. Bruce has very good links in his article, so if you’re the responsible IT guy in your company, be sure to follow and read them all.
You just have tocome to the same conclusion like I did: stop running Windows - as fast as you possibly can. And then go and warn others to do the same. Windows is defeated - its days are over. It carries the worm inside. So whatever will happen next: RIP, Windows.
Update: a good follow-up article, and an even better discussion of the readers, is available over at Bruce Perens’ Technocrat.
Don’t open attachments from unknown sources.
That’s all.
Cheers
sparta, immune to hysteria
That’s ok if you see only your own machine, and I know you are intelligent enough to not click on any unknown things.
But it is so that the spammers and other “bad boys” are constantly getting better. They send mails which really seem to be interesting, so you do have to do a lot of research before even opening them (in Outlook, a preview can be enough to become infected).
For me, I saw no reason anymore to protect the use of a not-so-secure system against reasons other than “but I’m used to it”. I made the switch years ago, and tho it was a bit weird for Mitchie at the beginning, she now also doesn’t look back.
If you see “the bigger picture”, and not only your own 2-3 PCs, then things become more complicated. As Bruce says in his article, people *do* click on everything; you simply cannot prevent that. And with that system from Redmond, and from a sysadmin’s point of view, this is simply a nightmare.
Only solution if you *have to* use that system further: virtualize it - at least you get backups of your complete systems within a reasonable time. Or run it remotely on a Xen or VMware ESX machine. That works pretty well from my own experience.
Well, thanks anyway for the “bigger picture”-allegation *gg*
I do well see it, having enough experience in the own family and having worked with Windows PCs in some companies.
In business terms as a sysadmin you have completely different means: May the people want to click on everything, when “everything” is not there, you cannot click on it…
The problem is not Windows, the market-share of Windows is the “problem”. Hackers and criminals go well for the big picture and are not interested in Linux or Mac systems, since they would not gain recognition from doing harm to a (in worldwide terms) just a few machines…
I fully understand the enthusiasm of Linux or Mac users, however, it is a bit pathetic to claim ‘the end of Windows’, while this system enjoys a comfortable market share and will stay with us for a damn long time, whether we like it or not…
Cheers
sparta
No, it’s *not* the market share. I heat that argument over and over again, but in this case it’s really a question of bad design.
Plus the “enthusiasm of Linux and Mac users” is not enough to solve it - people need to get the idea that one day they might be *responsible* for what they do or don’t. I just put another link to the article above, which has some good arguments from readers about if/how we need full-blown computers anyway, or if something like this, together with rented online storage, wouldn’t be much better for most of us.
Please don’t repeat that old “market share song” - it’s simply not true.
> No, it’s *not* the market share. I heat that argument over and over
> again, but in this case it’s really a question of bad design.
Any discussion is at an end when statements like ‘is is as I say’ replace arguments. It becomes a dogmatic slanging match, when ‘the truth’ is invoked.
I rest my case.
Sigh… I’m sick and tired of explaining it again and again, and way too lazy sometimes.
Look at the server market for instance, where Microsoft doesn’t even have 35 or so percent. If all these other systems were designed as weak as that M$ crap, then we would have a hell of a scary place already - or a heaven for haxxors.
Of course a clueless person could turn his or her Linux box into something which could be attacked. Possible, yes.
But remember when my sysadmin colleague and I put two boxes onto the internet without a firewall and such? We actually created a honeypot, because we were monitoring what’s going on, and: The Windows box was 0wned within less than 2 minutes. I guess now it would take seconds to become infected.
That is what I call “bad by design”. Take that and the first user comment on that Technocrat posting, which shows that Bill is washing his hands in innocence with an EULA like: “Whatever you do, we are not responsible if our systems break”, and there are reasons why I say that Windows is inferior compared to other systems, if not dangerous.
A couple more opinions? How about one from Bill himself? He is quoted by Alexander Stohr.
Or read what two years ago Microsoft said about their implementation of TCP/IP, answering to nmap’s author Fyodor. As always, read the readers’ comments as well.
There are so many places that I really cannot count and cite them all here. Just search the internet for topics like “bad by design” and such - that could be an eye-opener.
Oh, and that server market I mentioned above is far more attractice to hackers than your home-based Windoze machine - these servers have lots more bandwidth than you, right?