Security Affecting Microsoft's Bottom Line

kidlinux writes "The Globe and Mail has an article discussing the impact of viruses and security flaws in Windows. Apparently Microsoft has bounties out on virus writers. 'The campaign reveals just how much of a threat to Microsoft's bottom line security flaws now represent.' The effects of various worms and security issues are becoming visible in financial terms - having to deal with the security issues keeps Microsoft from closing new deals, and governments and businesses are starting to look at the alternatives, such as Linux. 'For the first time, it seemed, flaws in Microsoft's software were translating into flaws in the company's business model.'"

Re:It's the home users...

[ericman31]

Please show me this "properly designed network", that allows an unpatched Active Directory domain and blocks traffic on RPC ports.

I've been hearing this bit of FUD for a while now about how it's not Microsoft's fault. If only all of these incompetent network and system administrators would patch their systems and maintain their firewalls how there wouldn't be any problem.

Well, I'm here to tell you that I work for an organization with about 1500 employees. We process over a hundred million transactions annually in our systems. Our average system administrator or network engineer has about 7.5 years of experience in the IT industry, our security staff (I'm the security director) has an average of 9 years of IT industry experience. Except for the Windows administrators (our office automation network is Windows based), everyone comes from either a Unix or mainframe or both background. We know what we are doing, have a very good network and well maintained servers and appropriate security levels.

And every damn Windows virus/worm that comes along impacts us, even our mainframes and unix boxes. Why? Cause the stupid things propagate with attack vectors that are ridiculous. Root exploits in a web browser or via an email message and you don't even have to execute the damn thing? RPC worms with multiple attack vectors (browser, file shares, mail, RPC)? Local user exploits using html pages and scripts that can bypass web browser security settings and then execute arbitrary code!

It doesn't matter how well built your network is, if you are not running it like an NSA network, with no connectivity to the outside world, no email, no web browsing, no nothing, these damn Windows attacks are going to get in and cost money. I've lost more than a thousand work hours this year to dealing with SQL Slammer, MS Blaster and SoBig. Even if I got rid of all the Windows systems in my network, I'd still have a problem because the attacks would continue, and continue to affect me, although only at the boundaries, which would be better. Except for all the crap the mail servers have to deal with.