Security FUD In Action: Why Does Windows Get a Free Pass?

The game of giving Microsoft a free pass on security flaws continues, despite the rapid growth of the world wide botnet and more Windows exploits roaming the planet than ever.

100 potential attacks per second blocked in 2009 fails to mention Windows, though it names various individual malwares such as Conficker, Hydraq, Sality.AE virus, the Brisv Trojan and the SillyFDC worm. It doesn’t even use their full names: W32.Sality.AE, W32.SillyFDC, W32.downadup (Conficker). W32 is “Windows 32-bit.”

It fails to identify vulnerable “PDF viewers” as Adobe Reader, and does not differentiate browser exploits by platform. The #1 unanswered security question from users is do Firefox exploits affect non-Windows users? I have yet to get a good answer to this.

Virus Shuts Border Crossing blames “a computer virus crashed the electronic border control system.”

BBC News continues its unbroken streak of referring to Windows PCs as PCs, and offering useless security advice such as:


Use security software that can tackle viruses and spyware

Use a firewall

Apply operating system updates as soon as they become available

Be suspicious of unsolicited e-mails bearing attachments

Keep your browser up to date”

Is this some kind of cruel joke? You and I both know that #1 on any honest security advice list is “Don’t connect Windows to any networks or exchange data by any method with other computers.” Perhaps you fine readers recall some of the many articles on the numerous failures of both the Windows security software industry, and Microsoft, like this small sampling:

Another day, another Internet Explorer security hole(Mar 02, 2010)

32% of computers with AV protection are infected(Feb 11, 2010)

New Russian botnet tries to kill rival (Feb 10, 2010)

Most security products fail to perform(Nov 16, 2009)

Oops, e-mail security vendor McAfee spills 1400 private names(Jul 31, 2009)

Kaspersky confirms hack with fingers firmly in ears(Feb 09, 2009)

Kaspersky database exposed(Feb 09, 2009)

Windows worm numbers ‘skyrocket’(Jan 19, 2009)

Trend Micro: Antivirus Industry Lied for 20 Years(Jul 16, 2008)

Patch Tuesday Joke

The biggest joke of all is Patch Tuesday. Why are Windows fans so gullible? Do they have a special deal to not be attacked the other days of the week? Though it is true that it doesn’t make much difference, since there are always plenty of other available holes. Big deal locking the front door when the side doors and windows are open, and there is no roof at all.

Symantec released their annual report, and it has fueled many articles like Symantec’s 2009 Security Report Shows a 71% Increase in Malware. It contains gems like

“According to the Symantec research 2009 saw a major increase of 71% in malware over 2008. This effectively means that 51% of all security issues ever tracked by the company appeared in this year alone.

“…One of the major players in this field last year was the Zeus malware program. This software is marketed and sold to cyber criminals and is often used to create malicious “botnets” or networks of PCs that are infected and then used for spam or data theft purposes.”

But Vista was released in Jan. 2007, and Windows 7 was released October 2009, and they’re supposed to be all more secure. Sure, there is still a huge legacy Windows base…but when you read malware definitions you quickly learn that the malware don’t care, all Windows are equally tasty.

This type of reporting is little more than propaganda. The goal is to convey the same message over and over: Cybercrime is entirely the fault of cybercriminals and careless users. Malware targets all PCs, that’s just the way it is and it’s nobody’s fault, except criminals and careless users. But this is pure baloney: The porous nature of Windows, and the entire Microsoft software stack, is the problem. Don’t let anyone make you believe otherwise.

What would it be like if Linux, or any real multi-user networking operating system with a sane design, were the standard operating system? I bet money we would not have tens of millions of Linux PCs in botnets, even with a large population of unsophisticated users. No botnets pumping out phishes, spam, and malware, no drive-by infections from merely visiting infected Web sites, no getting cooties from simply having an infected email or document on your system without even opening it, no viruses or worms spreading to millions of other computers in an eyeblink. It takes special talent and OS architecture to make those things possible.