Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Affecting Microsoft's Bottom Line

Posted by CowboyNeal on from the choosy-admins-don't-choose-windows dept.

kidlinux writes "The Globe and Mail has an article discussing the impact of viruses and security flaws in Windows. Apparently Microsoft has bounties out on virus writers. 'The campaign reveals just how much of a threat to Microsoft's bottom line security flaws now represent.' The effects of various worms and security issues are becoming visible in financial terms - having to deal with the security issues keeps Microsoft from closing new deals, and governments and businesses are starting to look at the alternatives, such as Linux. 'For the first time, it seemed, flaws in Microsoft's software were translating into flaws in the company's business model.'"

5 of 416 comments (clear)

  1. Re:Maybe that's why they coneived .NET by JVert · · Score: 4, Informative

    Using .net doesn't eliminate your exploit capabilities, it places your vulnerabilities in their hands. Things like this can be patched but as they add more features they will add more flaws. Suddenly MS's ability to prove secure code is more important. If .net has an issue, all applications written with it will have an issue.

  2. Re:Maybe that's why they coneived .NET by leerpm · · Score: 4, Informative

    Well, managed code (both .Net and Java) protects against most of these errors. Array bounds and most types of naughty input crashing the application are protected against in .Net and Java. What it doesn't protect against, is stupid programmer errors like SQL Injection attacks.

  3. Re:They really are far overreacting about this. by IANAAC · · Score: 3, Informative
    Think of a PDA/Laptop combo. Thinking about tabletPC? What OS is on that?
    Not just MS products: http://www.lycoris.com/products/tablet/
    Think of a games console. Thinking Xbox? What OS is on that?
    Actually, I wasn't thinking of XBox at all. If PS2 and the Gamecube didn't exist, I may have, though.
  4. Re:It's the home users... by ericman31 · · Score: 5, Informative

    Please show me this "properly designed network", that allows an unpatched Active Directory domain and blocks traffic on RPC ports.

    I've been hearing this bit of FUD for a while now about how it's not Microsoft's fault. If only all of these incompetent network and system administrators would patch their systems and maintain their firewalls how there wouldn't be any problem.

    Well, I'm here to tell you that I work for an organization with about 1500 employees. We process over a hundred million transactions annually in our systems. Our average system administrator or network engineer has about 7.5 years of experience in the IT industry, our security staff (I'm the security director) has an average of 9 years of IT industry experience. Except for the Windows administrators (our office automation network is Windows based), everyone comes from either a Unix or mainframe or both background. We know what we are doing, have a very good network and well maintained servers and appropriate security levels.

    And every damn Windows virus/worm that comes along impacts us, even our mainframes and unix boxes. Why? Cause the stupid things propagate with attack vectors that are ridiculous. Root exploits in a web browser or via an email message and you don't even have to execute the damn thing? RPC worms with multiple attack vectors (browser, file shares, mail, RPC)? Local user exploits using html pages and scripts that can bypass web browser security settings and then execute arbitrary code!

    It doesn't matter how well built your network is, if you are not running it like an NSA network, with no connectivity to the outside world, no email, no web browsing, no nothing, these damn Windows attacks are going to get in and cost money. I've lost more than a thousand work hours this year to dealing with SQL Slammer, MS Blaster and SoBig. Even if I got rid of all the Windows systems in my network, I'd still have a problem because the attacks would continue, and continue to affect me, although only at the boundaries, which would be better. Except for all the crap the mail servers have to deal with.

    --
    In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
  5. The real cost of Microsoft software... by zerofoo · · Score: 3, Informative

    For every microsoft platform we deploy, we need to purchase centralized anti-virus software, proxy server filtering software, auditing software, intrusion detection software....and the list goes on and on.

    Granted, we have never had a hack related outage, because we keep up with patches and anti-virus updates, but the added cost of the security packages certainly does eat into our budgets.

    In a k-12 school, we run many 3rd party apps that don't run on Linux, so we really can't switch to that yet (think desktop...not server). We are, however, really considering migrating slowly to OS X to avoid the added "security software tax" that comes with the Microsoft products.

    -ted