Slashdot Mirror
Vista Zero-Day Exploit For Sale
Snakepit Bit writes "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit, which has not been independently verified, was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the anti-virus vendor. Prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range. Bots and Trojan downloaders that typically hijack Windows machines for use in botnets were being sold for about $5,000." From the article: "According to [Trend Micro CTO Raimund] Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."
There is also an off-button. You can disconnect from the internet. You can install OSX, *BSD, GNU/Linux,... Plenty of alternatives.
I'll bite back:
1. Windows IIS has 77% non-Windows. Windows is rapidly becoming irrelevant in business and web serving arenas (mostly outside the USA).
2. It doesn't matter how "computer literate" any Windows "administrator" is: unless that computer is physically disconnected from the outside world, ANYONE can gain access with the highest level of priveledge and have entirely unrestrained access to the entire contents of the machine.
3. The "unmonitored" Windows desktops just worsen the situation: open access to ANY Windows-based machine is trivial as long as it's connected to the outside world. You don't even need to pay for expensive expploits, though they'll help!
ANY company that uses Windows (of ANY variety) doesn't value their data, is incompetent and should therefore be avoided. Windows has NEVER been suitable for business, and now that there are truly viable alternatives, there's no reason to pay Gates anything.