Microsoft proves it has a sense of humor
You really have to hand it to Microsoft, apart from bad software and a lousy OS, they also produce their fair share of comical material like the Get The Facts campaigns.
But the guys in Redmond are rarely satisfied with any great piece of work, so their humor department produced this very funny article in Computer world.
Their Senior Chief Clown is suggesting to put a general tax on internet-connected computers to pay for the cleanup of botnet/virus/malware infected windows PC.
Very funny and probably not so unrealistic since it would be hugely cheaper to pay for the cleanup costs of botnets than fix an OS that is broken from the ground up, I'll give them that.
So, thanks again to MS for starting out my day on a comical note and pointing out to people once again why they should be running GNU/Linux or FreeBSD or even OS X. Though if everyone did that, Microsoft would probably run out of funds to keep their humor department... That's the one product of theirs actually worth any money.
Comments
13 comments postedGive Linux or OSX the same number of users and the same attention by malware creators and the end result is exactly the same.
The days of Windows becoming infected just by being connected to the Internet are over. The issue is the ignorant users who click "next", "ok", "I agree", etc without a second thought. They'll type in their password anytime it pops up and then you're sunk. It's time to wake up to this fact.
Linux IS better but not because it will save joe-user from malware.
Although I agree that this is the stupidest idea ever, I doubt running Linux or OS X will do any better. Most people with infected computers are just incredibly stupid. On an alternative OS they will still run all kinds of malicious executables, which is, as far as I know, the primary source of infected computers.
Sure there are some poor design decisions in Windows, but there only needs to be one security bug to compromise a machine. Incidentally Linux/BSD/OS X all have one or more bugs.
The simplest vector for getting malware into a machine is to trick the user. There is nothing in non-Windows systems to make this trickery less feasible. And on single user systems, tricking the user pretty much gives you the machine. You have access to all the important data (theirs) and can do anything the user can, which is almost anything. And if you want to elevate yourself legitimately would they ever notice in amongst the plethora of dialog boxes that the request is a trick too? (Test: how do you tell the difference between gksu dialog asking for password/permissions and a rogue program putting up one with identical content, pixel for pixel?)
So apparently it comes down to "if only we disciplined/educated/punished the users more". That won't work, has never worked and will continue to not work. (The adversary is another bad human.) And yes Ubuntu users get tricked too. See for example running "rm -rf /" because that is what a forum poster said to do.
The advantage the non-Windows systems have is their community, their freedom, their openness, and their completeness (they come with the software for almost anything and it is all updated together rather than you having to find them). Additionally there is the belief that it is your machine and the software reflects that, putting your interests first (Apple aside).
Your attitude is annoying. Stop the hatred.
1. I just think it's funny, do you have something against having a sense of humor?
2. I refuse to pay for the consequences of people choosing a bad OS, so I think the solution is to pass back the cost of cleaning up botnets to MS.
It's not funny that you are asocial by playing the "my OS isn't the reason" card. The argument that it doesn't matter whether it's Linux, MacOS X or Windows was made by Roger already. You decide to stick into la la land by insisting that it wouldn't happen with Linux if Linux was the most popular desktop OS. That doesn't mean that you are right. It just means that you are in la la land.
This desire to stick in la la land is a decease that happens far far too often with the "Linux is great" fanbase. It's even getting ridiculous.
As a GNOME Developer myself I know about a few very intriguingly interesting problems that will make any typical "Linux's security is awesome" fanboy fringe, cry and run in total panic like a chicken without a head. Very often the reason is at the level of integration with the distribution. Or you think it's normal that you can send keystrokes to a VTE that is running a root shell executing apt-get in Ubuntu's package upgrade desktop tool? Yes, you can even send CTRL+C. Try it. Debian has the exact same problem, by the way.
You think it's normal that you can easily trick the user into filling in a phony http proxy server for apt-get? I can setup such a http proxy to deliver packages with Trojan horses easily.
How much time you think an average script writer needs to exploit that kind of stuff from a Javascript?
We've seen quite a few horrific Firefox bugs, libjpeg bugs, libpng bugs too. We were affected by them too. Nobody bothered writing exploits for that because, let's be honest, the percentage of Desktop users that use Linux is negligible when your aim is building a botnet.
To be fair, I know the security system in Linux and the Unix-like systems is not perfect and maybe it's not even good.
That being said, Windows in comparison makes so many bad decisions on the security front and in dealing with vulnerabilities that it's astounding.
Their adherence to security through obscurity and suing people who find vulnerabilities instead of fixing flaws creates a mindset in which it's nearly impossible for any security to exist.
If you compare this to security in RedHat with SELinux and the speedy patches delivered by most Free Software projects, there's a world of difference that cannot be attributed to smaller install bases.
If you compare the security in Apache with that in IIS, where Apache has the larger install base, your argument falls flat on it's face.
BTW, putting a phony proxy before apt-get will not work on modern Debian and Ubuntu systems since packages are being digitally signed and would refuse to install if the signature does not match.
Again, not saying that any of this is perfect and we should stop evolving our security tools here, but in between signed packages from trusted repos, SELinux/Apparmor and other proactive mechanisms, we are doing a lot better than MS Windows is.
But I'm not comparing with a RedHat with SELinux, which isn't the typical desktop OS on Linux. Fedora, OpenSUSE and Ubuntu are.
But I'm not comparing IIS with Apache. I don't even know how those server products have *anything* to do with this. You're just dragging this into the debate.
And since a lot of people fill in alien package repos that aren't always equipped with a signature, a lot of people wont care about the messages. Note that those UI tools also wont warn you for each package. They'll warn you once per repository.
These proactive mechanisms simply haven't been put to the test. And to be honest, changing the user's .bashrc to have a $PATH that has a hidden local directory with Trojan horsed versions of ls, cp, mv or a few of the typical desktop applications like firefox doesn't require any such signed repository. In case you want a method to hijack a typical Linux desktop outside of the scope of anything we just discussed.
The main difference is, that Windows has so many backward compatibility fixes (for example the memory allocator runs in a different mode, if SimCity is running). Could you imagine Linus putting such code into the kernel? And there many more similar cases regarding drivers and Internet Explorer.
You're talking about Linux user infecting their home directory, I'm thinking about Windows user infecting the whole computer just by using Internet Explorer and visiting a news site containing an infected ad.
I don't argue about their statement (which is stupid obviously).
What I am complaining about though, is the way in which you talk about others (e.g. Microsoft) in almost every single blog posting of yours.
Example:
"apart from bad software and a lousy OS"
"fix an OS that is broken from the ground up"
"That's the one product of theirs actually worth any money."
You know, neither Linux in general or Ubuntu, (and not OSX, too) is the holy grail of operating systems. Not even close. There are numerous things that are terribly wrong with Ubuntu for example.
Sorry, but you remind me of one of those Apple Fanboys.
you are spot on
that Linux is perfect, or Ubuntu or RedHat, ... I actually like some technical aspects of Mac OS X and used to love OS/2 (which was technically superior in it's age).
But where I can just ignore Apple if I do not like them, I cannot do so with Microsoft and it's bad enough having to pay for a Windows license on my Ubuntu laptops that I don't want to add a tax to clean up the mess made by this insecure OS (and that is a technical opinion, not a moral one).
Sorry, guys, but we are talking about a convicted monopolist here, we are talking about the source of the FUD campaigns that calls Linux a Cancer and the GPL 'viral'....
Oh my could that comment and the blog post be any more fanboyish? Get a grip.