Slashdot Mirror


Microsoft Says Recovery From Malware Becoming Impossible

An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

39 of 631 comments (clear)

  1. It's time.... by BWJones · · Score: 5, Interesting

    'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

    Ummmmm, how about switching? :-)

    Seriously though, NeXTstep certainly has a long history in certain TLA government agencies and OS X is beginning to make significant inroads there as well. In addition the timing is right for many businesses as the infrastructure costs to maintaining Windows are simply becoming too high.

    And calling these recent instances is a joke. I was having to perform complete system wipes and reconstructions due to malware years ago which is why we have essentially completed a migration to OS X. We do have some windows systems still around, but they are hidden behind OS X machines and are run headless and without connection to the Internet. In fact, it's been interesting that those companies that deliver microscopes (electron, confocal and light) and such that are currently driven by Windows are asking their customers to simply not plug them into networks or the Internet, severely limiting their use. They of course have been suggesting sneakernet to move files and data around, but my solution is to network them all with a dedicated backbone behind a Mac mini that is now shipping with Gigabit Ethernet on board.

    --
    Visit Jonesblog and say hello.
    1. Re:It's time.... by trolleymusic · · Score: 5, Insightful

      I'm a Mac user, and although I love OS X with all of my bits, I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

      I'm sure it's much harder to get malware running on OS X, but if it becomes the platform most of your potential audience are using then malware developers will just try harder to make nasties for Mac.

      So, in this respect, sometimes I'm glad for Windows + IE - simply because I don't have to use it :D

      --
      "damnit, trolley I want in your signature." - Elburrito
    2. Re:It's time.... by superid · · Score: 4, Informative

      Speaking unofficially from an "unnamed branch of the U.S. Government", we can't switch as much as we'd like to. We are locked into Windows XP and we can only use the applications on the "gold disk". At least it's cheap, it only costs us $4,200 per year per low end laptop.

    3. Re:It's time.... by networkBoy · · Score: 3, Insightful

      Really, they had no way to wipe and restore on an automated process? Have they never heard of Ghost-EE? Multicasting?
      I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then:
      Restore latest clean system build image to machine,
      Install target application, ensure functionality,
      Create new latest clean system build image.
      I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds).
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    4. Re:It's time.... by myxiplx · · Score: 4, Insightful

      Yeah, because it's so easy to replace the 20+ programs that form the core of our business, and data migration's so easy a baby could do it. Please, try responding to the point that's actually raised here instead of going on and on about migrating to alternative systems. Many companies are simply not in a position to migrate their entire network.

      Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.

      We've found that preventing web based scripts from running has kept us virus free for nearly two years now, but even then we're expecting to be hit by something sooner or later. If you're running a Microsoft network, it's worth putting a few weeks aside to get RIS / Ghost working well. Right now we're looking to take things a step further by running all our clients off a set of blade servers running virtual machines. There are cost savings to be had with the ease of maintenance and disaster recovery suddenly becomes a whole lot simpler.

    5. Re:It's time.... by da · · Score: 3, Interesting

      [Speaking from no direct experience of the U.S. military, but...], it's probably staffed by (some) very competant people, it'll be managed by complete morons...

      --
      I reserve the right to be wrong.
    6. Re:It's time.... by kimvette · · Score: 3, Interesting

      Aside from idiots who chmod -R 777 /, OS X would remain relatively easy to recover from malware were it to become widespread. YOu might have to delete $home in some cases but being basically a Unix variant, the system itself should be relatively immune from a system-wide infection.

      This presumes of course you don't log into OS X as admin or root on a regular basis, but only for *gasp* administrative tasks.

      I know of one company which continually gets rooted, but they INSIST on running as admin all the time, AND chmod -R 777 / -- why? because they don't LIKE security. They dislike the inconvenience of not sharing out / and having to drop files only in certain folders. *knock knock* McFly, anyone home? THey don't want their machines rooted, they're tired of seeing the mouse cursors move and applications being used if they happen to be there off-hours, and yet they refuse to take most basic precautions and take advantage of OS X's security architecture - instead they work to defeat it, intentionally so, and then blame IT folks because they can't solve the problem. They've gotten to the point where no mac-savvy people will do work for them, and if I know them well, it'd take a reformat/reinstall of EVERY box at this point to get their network cleaned up again.

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    7. Re:It's time.... by Mister+Whirly · · Score: 3, Insightful

      I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

      "FYI, That statement has been proven to be FUD for quite some time now."

      Um, how exactly? The only way it could be proven is if Apple had a significant share of the market. Which they don't, and won't. Nothing against Apple or Macs, it's just the numbers.

      --
      "But this one goes to 11!"
    8. Re:It's time.... by heinousjay · · Score: 3, Insightful

      That statement has been proven to be FUD for quite some time now.

      Actually, it hasn't been proven at all. It's not possible to prove it, as a matter of fact, without OS X being the dominant operating system on the market. The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS.

      --
      Slashdot - where whining about luck is the new way to make the world you want.
    9. Re:It's time.... by bk_veggie · · Score: 3, Informative

      Um, there is a STIG on securing MacOSX you know. As someone entrenched within that community, the Gold Disk and SRR are just tools, not the final requirement.

    10. Re:It's time.... by Kadin2048 · · Score: 3, Insightful

      I'm not sure that I buy into this completely. Although there are certainly people out there who write malware for the sake of writing malware, I think that if everyone was running a system that was less inherently vunerable/insecure, that you would see criminals turning towards other ways of making money. The large-scale malware problems we're seeing today (e.g. botnetting) occur because it's profitable to write the malware, gather together a large net of bots, and then sell/lease/rent them out to someone for some malicious purpose. At some point, you can make it difficult or expensive enough to write the malware that it's no longer profitable to do that. It doesn't mean that the problem will disappear, but it might change -- criminals might put more effort into phishing and social engineering, rather than straight botnet+DDoS attacks.

      That's kind of like arguing against putting a better lock on your door, because criminals are always going to figure out a way to break it. It's true, but really you don't need a lock that's strong enough to keep every criminal out, you just need to make it more secure than your neighbor's house. In OS terms, eventually you're just going to make it secure enough that it's easier to go after the user than break the system itself.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    11. Re:It's time.... by 0racle · · Score: 4, Insightful

      The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS

      Well if one of the best analogies is dismissed as not relevant because they aren't the same as OS's, wouldn't the idea that OS X would have the same problems as Windows also be dismissed because OS X is not the same as Windows? There is either a relation between poor security and popularity or their isn't.

      --
      "I use a Mac because I'm just better than you are."
    12. Re:It's time.... by nial-in-a-box · · Score: 4, Informative
      Rootkits.

      Not removable. I don't care if you can remove them, what I do care about is time. If you have to fix a bunch of people every day, clawing around at the core system trying to find a hidden rootkit and remove all traces of it while not breaking anything worse than it already is will most likely take you far more time than backing up some data and doing a full reinstall.

      Basically, if you're using Internet Explorer and have not got a rootkit yet, you are either using good browsing practices or you do have one and won't admit it. I support 10,000+ students at a university, and we're doing at least one reinstall a day due to rootkit infection. These are mainly young women who are just using the internet like all their peers do; i.e., not looking at porn or searching for warez or cracks.

      --
      I am feeling fat and sassy
    13. Re:It's time.... by 10101001+10101001 · · Score: 3, Insightful

      I didn't realize it was analogy. I could have sworn it was a hypothesis with predictions. The prediction was that higher use results in a higher rate of being attacked and hence a higher rate of being exploited. To simple dismiss the Apache vs IIS argument without any basis places everyone else in the position to do the same with Windows vs Linux or Windows vs Mac OS X.

      The simple face is, Apache vs IIS does prove the simple argument that the ratio of users to exploits is higher relative to other competitors doesn't work. Whether or not there is in fact another model that fits is certainly an interesting question. But good luck not making a completely esoteric model that works but only applies to a very small subset of the industry.

      --
      Eurohacker European paranoia, gun rights, and h
  2. Unrecoverable? by ccady · · Score: 4, Funny

    Unrecoverable? What's wrong with FDISK?

    --
    J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
    1. Re:Unrecoverable? by RetroGeek · · Score: 3, Interesting

      In the days before multi-sync monitors, you had to carefully match the refresh frequency of the video card to the refresh frequency of the monitor.

      There was a virus that did change the refresh frequency and that caused the monitor to fail, sometimes with smoke.

      --

      - - - - - - - - - - -
      I am a programmer. I am paid to produce syntax not grammar. Deal with it.
  3. Sony by From+A+Far+Away+Land · · Score: 5, Insightful

    Companies like Sony pushing rootkits onto unsuspecting customers is part of the trend toward stealth and aggressive rooting of machines. Once a serious worm that can spread quickly and hide deeply gets around, people will realize how serious an issue rootkits are.

  4. no disaster recovery plan? by jacksonai · · Score: 3, Insightful

    Ok, so why was there no diasaster recovery plan in the first place? Surely the thought of an uber virus wrecking Windows had to have been brought up at some kind of meeting? Those who fail to plan plan to fail. Plain & Simple

    --Taladon

    --
    Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
  5. This is news? by pcgamez · · Score: 4, Insightful

    I think any of us that work on computer systems long ago figured out that the rebuilding of a system is far easier than trying to remove each piece of malware. Now, in cases where there is critical data on the machine then it would be worth it to try. The fact is, but the time we hear about the issue, it isn't a matter of removing one or two pieces, it is usually closer to 20 or 30.

  6. Translation by metamatic · · Score: 5, Insightful

    "Everyone needs to buy a copy of Windows Vista, which will solve the malware problem."

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  7. Kernel hooks? by tedhiltonhead · · Score: 4, Interesting

    because they often use kernel hooks to avoid detection

    Um, how about making it possible to DISABLE ADDING KERNEL HOOKS? There should at least be a reliable way to get a list of all currently-running kernel hooks, if there's not already.

  8. Re:Format C: by jacksonai · · Score: 3, Informative

    Actually, no. MBR viruses and systems with multiple partitions sometimes cannot be guarenteed virus free without wiping all partition tables via fdisk or a low level format. Back in the day, I remember a virus named NYB that stuck around beyond fdisk on scsi drives. The only way to get rid of it was an actual low level format.

    --
    Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
  9. But you never could... by Anonymous+Brave+Guy · · Score: 4, Insightful

    You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.

    Any sort of virus removal or system clean-up after being cracked is just a calculated risk that the attack will have been completely removed, based on the fact that doing a complete rebuild of a system and restoring all the backed up data is expensive, and while not cleaning up 100% after an attack is potentially more expensive, the probability of this is low.

    And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives. I'd have told you this earlier and saved a dozen posts, but apparently it's been 4 minutes since I last successfully posted a comment, so I can't post another one yet... ;-)

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:But you never could... by 99BottlesOfBeerInMyF · · Score: 4, Informative

      You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.

      Actually, this not completely true. You just run your tools on another machine known to be uncompromised. Also, there are hardware level recovery systems that will restore to a known, clean state.

      And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives.

      Running OS X is somewhat beneficial since it is less susceptible to malware due to architectural choices and lesser attention from malware authors. Just not being Windows can be a great help, practically speaking. Also, all OS X machines can be put into Firewire target mode, facilitating easy recovery of data from compromised systems with greatly reduced risk of infection.

      Running Linux can make an even bigger difference. Since Linux supports virtualization technologies, mandatory access schemes, and the like you can not only reliably recover data, but be fairly confident that once a escalation vector is detected and patched, the data from that particular machine will not cause a new machine to be re-infected. This means you can say with reasonable certainty that there will be zero data loss as a result of wiping a machine and the process can be automated.

      This is, of course, on top of the greatly increased security that can be obtained by using certain, secure Linux distributions. Arguing that SELinux or OS X won't make a difference, even though both contain functionality designed to do just that, is simply incorrect. (Note, before someone gets uppity, I am not equating the level of security provided by SELinux with OS X.)

  10. Thin Clients by Citizen+of+Earth · · Score: 5, Insightful

    the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless.

    Whereas, if they had been using thin clients with no local storage, the only recovery action would have been on the server. And if they had been running non-Windows on the server, they wouldn't have had these infestations in the first place. A full-blown Windows PC on every desktop in an enterprise is just an expensive welfare program for MCSE types.

    1. Re:Thin Clients by DrVomact · · Score: 5, Informative
      I couldn't agree more. I look around my workplace (the software development group of a large healthcare firm), and see thousands of PCs, each subtly different from the other, that have to be individually maintained by our not-too-bright IT staff. They run an OS that was never designed for collaborative use, has never had true "multi-user" capability, and barely manages to do something remotely like multitasking.

      I compare this to the environment I enjoyed in the early 90s: diskless Sun workstations connected to Unix servers (Convexen), and I long for the good old days. Heck, I had a PC at home--but it was for play; the real computers were at work, and I knew it. The OS had been designed from the ground up as a multi-user collaborative environment, with a simple, sensible and reasonably effective security scheme. Thanks to my .profile and my private cache of scripts and macros, I could personalize my X Windows and command line environment to my heart's content.

      Yes, there were some drawbacks. Sometimes, response was sluggish--who started that damn compile at three in the afternoon? And of course, if the server went down, everyone was SOL. I think the first concern could be addressed by the much faster processors of today (and some judicious load-balancing). Our networks have gotten much faster and more efficient, so I don't think response time would be much of a problem. As far as downtime, it has to be at least a wash--and when a large mob bearing torches and pitchforks descends on IT, they tend to get problems fixed with amazing alacrity.

      Balancing the two environments, today's seems to be the obvious loser. Why are companies throwing billions down the Wintel rathole each year when they could have efficient centralized servers running a real collaborative OS? How did this happen?

      I think I know part of the answer. The first signs of the Great Fall came when a few managers bought PCs so they could run MS Office applications--primarily spreadsheets at first, then--oh wonder of wonders--PowerPoint and Word. But now management found that they had been sundered from their underlings, who were working in a completely different environment from theirs. Incompatibility reared its head: You had to buy one set of apps for the PHBs, and another for the geeks. Worse, underlings could not read communications sent to them in Word format by their bosses, and they could not produce beautiful PowerPoint presentations on demand. They could--alas--only do their jobs. Management found this Wasteful and Inefficient, so they decreed that henceforth, everyone shall use computers just like theirs, running an operating system just as powerful and capable as theirs. And so now we live in compatibility Hell.

      --
      Great men are almost always bad men--Lord Acton's Corollary
  11. So they just lick their wounds and move on? by gcauthon · · Score: 5, Interesting

    Why is there never any retaliation against the companies that produce this software? If someone overseas comes up with a way to play a DVD on his own computer then he's pursued endlessly. If someone puts out a warning about how Adobe's encryption is not so secure then they're drug over to the US for trial. But if someone writes malware that destroys thousands of computers, including government property, then absolutely nothing is done. It just seems a little odd to me.

    1. Re:So they just lick their wounds and move on? by aussersterne · · Score: 3, Interesting

      Artifacts of modernity/capitalism. Institutions and corporations are more human than are their human constituents. Inter-institutional and inter-corporate grappling is seen in a darwinistic way -- nature dictates that they "survive" or "compete" on the open market and this is seen as ultimately most beneficial for society. Once the dogma begins to flow its banks, however, any contradiction or interference in the macro-ecosystem of political economics by individuals humans begins to be seen as parasitic, something "unnatural" to the process that interferes in the evolutionary process that governs institutions and corporations.

      Don't ever let yourself think that it isn't purely ideological because it is, it's the same philosophy that guides the IMF and Bush's conquest of the Middle East.

      One more result is the belief that malware from companies/organizations = marketplace should decide, and that's good, while malware from individuals = individual must be punished for causing (seen to be parasitic) difficulties for aforementioned companies/organizations.

      --
      STOP . AMERICA . NOW
    2. Re:So they just lick their wounds and move on? by jcr · · Score: 3, Insightful

      Why is there never any retaliation against the companies that produce this software?

      Probably because the license agreement guarantees NOTHING, in great big capital letters. They exclude all warranties, including the statutory implied warranty of fitness for a particular purpose.

      Software is sold on a "if it sucks, you lose" basis.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
  12. Wow. Really? by HaloZero · · Score: 3, Informative

    The EDS solution (while EDS isn't the best organization, this solution is highly effective in malware prone environments); GigE to the console, unified desktop system. You have three or four builds of different machines (Laptop, High-performance desktop, 'Information worker' desktop, kiosk) with an imaged pushed every night. Users data is stored nonlocally, in mapped network drives. Expensive to implement? Sure. Cost savings in the long run? You betcha! Plus, the helpdesk ends up with LEGITIMATE user issues, not 'Wah, I don't want to read the onscreen directions, you do it!'.

    --
    Informatus Technologicus
  13. MMSF (more Microsoft FUD)(TM) by zappepcs · · Score: 4, Interesting

    This is just one more attempt to soften up the consumer marketplace, tenderize it like a NY strip steak, so that joe average will be ready to buy a new PC, capable of running Vista so they don't have to worry about malware anymore, thanks to those really nice folks at Microsoft. The longer that MS has to soften the marketplace with FUD and 'smoke and mirrors' about how they are going to eliminate malware etc. with Vista, the more likely that people will 'wait for' Vista to ship rather than switch to before 2010, when Vista actually does ship SP2 so that it works. MS always makes more money by selling an OS license with new hardware then they ever did selling just the OS. We all know how that works.. so look forward to more of this MMSF in the coming months from the superheros in Redmond....

  14. PC vs. Windows by WindBourne · · Score: 4, Interesting

    I wish that the industry would say this proper. A PC is a personal computer. That includes apple and most linux boxes. OTH, the PCs that are having problems are Windows based PCs. Basically, the press should be saying that it impossible to remove malware from windows.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  15. Re:Format C: = The Matrix by From+A+Far+Away+Land · · Score: 4, Interesting

    Formating doesn't come close to elimination real malware though. The boot sector isn't overwritten first of all unless you specify /s
    Additionally, the malware could have virtualized your PC and whatever changes you make are to the virtual computer you are running on while the virus has real run of your hardware and resources. Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today, with some tweaks that bad people would only be too eager to implement.
    Talk about the mother of all rootkits eh? Your computer would be like The Matrix, a virtual world where you think you are in charge but are really running a pawn cause you're pwn3d.

  16. Will it get to the point? by mytec · · Score: 3, Insightful

    When a *nix box gets rooted, generally standard practice says that you rebuild the box. I'm unsure if this is the case with Windows rootings. That is just the way it is.

    Malware wants to be "sticky". I'm surprised it has taken this long to become truly difficult if not downright impossible to remove.

    What I wonder is if people will just tolerate the unremovable malware instead of the frustration and/or time of reinstalling the OS and applications and getting everything just right all over again. It's one thing for system administrators and geeks to reinstall. It another thing entirely for the average user to have full/incremental backups or cloned drives or some set of procedures for reinstallation.

    This is definitely an interesting situation.

  17. What does a home/home office do? by hoggoth · · Score: 3, Interesting

    How does the ordinary user do this?

    I didn't have the foresight to make a Ghost image of my system from the factory. It's a DELL and the restore-to-factory-from-secret-hidden-partition doesn't work once I added a new partition to the drive (with Partition Magic).
    So now it looks like I have to:
    1. Make sure I have up to date backups of my data (always a good idea)
    2. Purchase another copy of Windows even though I already paid for one
    3. Dig through my records collecting all the keys to all my applications
    4. Spend an entire day reinstalling Windows and all my applications. Anyone who says it only takes an hour to reinstall Windows must have a secret version I don't have access to. I have to babysit the install through ten reboots and many hours.

    Is this the best way?!

    What about after that? I can Ghost the Windows partition, but I'd still have to reinstall any applications installed after the Ghost was made. And it's no use putting the applications in another partition because the applications depend on cruft in the registry.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  18. Re:Fools... by xdroop · · Score: 3, Insightful
    I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
    Nothing is impossible.

    It's a gamble. Building the new system represents a cost (in time and labor if nothing else). Retraining staff is a cost. Finding new apps, or secure work-arounds for existing apps, represents another cost. Dealing with the transition (helpdesk, troubleshooting, whining users, fixing incompletely transitioned apps) represents yet another cost.

    On the balance side is the cost of a security breech which (insert your company's worst nightmare here). Or the cost of denying all your users all your computers for a period of time while things are all rebuilt. Of course it isn't guaranteed that either doomsday scenario is going to happen; simultaneously, it isn't guaranteed that either doomsday scenario is going to be limited to a single incident.

    It's called risk management.

    Put another way: is it worth taking a known, calculable, solid kick in the nuts to mitigate the risk that you might be repeatedly shot in the arm, chest, or head?

    What is your business worth?

    --
    you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
  19. Re:Fools... by Syberghost · · Score: 4, Interesting

    I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible.

    Wouldn't matter anyway. Best practices for recovering from UNIX intrusion have always been to wipe the disks, reinstall the OS, and recover the last known-good backup. Nothing has changed here but Microsoft's attitude; they're starting to grow up a little.

    (sniff). I remember when they were knee-high.

  20. Re:What Do You Expect? by shotfeel · · Score: 4, Funny

    Please tell what such an "alternative operating system" is?

    Vista, of course. It has Trusted Computing, so I know I'll never have to worry about security again.

  21. It's not common sense. It's wrong. by Futurepower(R) · · Score: 5, Insightful

    "A Mac-user with common sense!"

    It's not common sense. It's wrong.

    Microsoft is in a unique position. Because it has a virtual monopoly, Microsoft makes more money when its software has a lot of security vulnerabilities. For those who are ruled by money, morality has no force; "Maximizing Shareholder Value" is the way they live their lives.

    Microsoft makes more money if it pressures its programmers to work too fast, so that they are sloppy, and then releases buggy software. Many people are fascinated by computers, and easily accept the world that Microsoft has created for them.

    Here's a story about a Microsoft VP saying, "Oh, the next Windows operating system will be secure": "Safety and security is the overriding feature that most people will want to have Windows Vista for" .

    So, Microsoft is once again telling us "The next version of Windows will be the good one." Before, Microsoft said Windows XP was "Built to be Dependable".

    However, Vista will NOT include virus protection. Jim Allchin, co-president of Microsoft's platform products and services division told CRN, an industry magazine this:

    CRN: In terms of security, how do you compare security in Vista vs. security in Windows XP SP2?

    Allchin: SP2 was a very good system but compared to Vista, it's night and day.

    CRN: Is there going to be antivirus in Vista?

    Allchin: No, there is not.

    CRN: Why?

    Allchin: It's a complicated answer as to why not.

    CRN: Was the decision based on technical concerns?

    Allchin: It wasn't technical.

    CRN: Will Vista resolve security problems once and for all?

    Allchin: I'm not going to claim perfection or near perfection, but I think we're unrivaled in the work we've done. I believe security will be a huge problem for the industry for years and years and years but this will change the landscape in a fairly dramatic way.

    Once again, Microsoft is taking advantage of the fact that most of its customers have little technical knowledge. Mr. Allchin said that "security will be a huge problem for the industry for years and years and years".

    Microsoft charges for OneCare Live. That's another way to make money. Make sloppy software, and then sell protection against the sloppiness.

    Note the emphasis on "beta testing" in Mr. Allchin's statements in the CRN interview. Someone said that Microsoft's motto is "The whole world is our beta tester."

    --
    Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?