Slashdot Mirror
Microsoft Files Suits Against "Malvertisers"
eldavojohn writes "Reuters is bringing us news of five civil lawsuits filed by Microsoft against 'Soft Solutions,' 'Direct Ad,' 'qiweroqw.com,' 'ITmeter Inc,' and 'ote2008.info' that allege they 'used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.' Microsoft's Tim Cranton outlined the suits and provided links to all the filings for download. 'Cranton added that names of specific individuals behind these activities were not known and the lawsuits were being filed to help uncover the people responsible.'"
Shatnerian... levels... of... confusion...
Who... to... root... for... or... against...
Microsoft... or... the... malware... people...
I like you, Stuart. You're not like everyone else, here, at Slashdot.
I suspect the main hurdle here will be the court clerk reading "qiweroqw.com" aloud.
These activties hurt Microsoft's reputation as well as being a huge burden to users of their products. Microsoft has the money and power to put the hurt on the bad guys. This is win win.
One of them has some legal business, the other is purely illegal and harmful.
Choose the lesser evil.
Yeah, but I still have a hard time supporting the malware vendors.
Is it just my observation, or are there way too many stupid people in the world?
I don't entirely understand the fight though. Is MS suing these folks for damage done only to their company directly? Or possibly for some kind of defamation by making Windows appear insecure? Or are they suing on behalf of everyone affected by these ass-hats? Like a class-action thing on behalf of everyone with a computer?
He's getting rather old, but he's a good mouse.
wish them joy of each other!
Anger is an aphrodesiac. The Malware companies have been seducing Microsoft for all this time, and now Microsoft has finally broken the ice. It's tsundere approach only quickens the heartbeat of the malware companies. Once Microsoft has them in court, the judge is throwing the book at them, the Malware companies will look up to Microsoft and say "You have me where you want me, now what do you want to do with me?"
At which point, Microsoft will smile, the fade of anger will reveal the flush of lust behind it. From the conjoining of these two, sweaty bodies of software production will emerge the glow of new life -- Microsoft Windows Lovechild.
The spawn of Microsoft and Malware will install itself upon any computer it comes in contact with. Lovechild (or MWL for short) will ask the user "You really want this installed on your system don't you?" If you type "N" it changes the background color to an alluring pink and says "Sometimes, when a user is scared, when they say 'no' they mean 'yes'" and then it proceeds to install itself upon your system.
I am the richest astronaut ever to win the superbowl.
If you can't choose a side in this, you're being disingenuous. Just stop it, and for once make sense.
Your only real complaint should be that the Department of Justice, multiple state Attorneys General, or motiviated citizens haven't already pursued these civil actions. And the DoJ etc. should be considering crminal actions, but are no doubt distracted by any number of safer, simpler, and easier to prosecute villains.
There is simply no excuse for going after the worst of these weasels, and expanding the fight overseas when they flee to supposed safe havens. I wish Microsoft good hunting on this one. Let's get after them to patch XP's TCP stack also, but at least DO SOMETHING, someone, please?
Me? I'm no good at suits.
deleting the extra space after periods so i can stay relevant, yeah.
You can blame "insecurity" of Windows all you want, but do you actually have an answer to how to make it better then? Before all the usual arguments come:
- These malware work just aswell on user account, you do not need admin/root access.
- Locking up the whole OS so that user is in 100% controlled environment is a no go, as seeing here on slashdot about iphone and other systems that do it.
- Malware goes where the user is. If linux had ~95% marketshare on desktops, majority of malware would be there because thats where the users are.
- Theres nothing on Linux that does anything to prevent this kind of malware - you only get more security because there's not many users. If you suggest everyone moving to it, what happens?
- Conficker excluded, theres not really exploits in the Windows itself now a days. They're mostly from third party software like Flash and PDF reader.
This isn't about OS security, its about user stupidity to install random crap. That wouldn't change even if the OS marketshare would be different.
The most secure OS in the world, not even Linux nor OSX, isn't going to be able to protect you when you decide to authorize and run an .exe file you downloaded.
If you build it, nerds will come. Soylentnews.org
*backs away slowly*
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
You know, I think you need more perspective on this.
It's not the insecurity of Windows, it's the Insecurity of all these third party plugins (JAVASCRIPT, FLASH, I'M LOOKING AT YOU) that cause these problems to start with, plus DRM rootkits on music discs and movies that open up more holes in our system.
New technology, new vulnerabilities and exploits. Flash and JavaScript are the two most commonly used points of infection.
Really, the fault isn't entirely on Microsoft. Start blaming Adobe, Sun Systems, and the Music/Movie industry, as the biggest part of this lies squarely upon their shoulders.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Actually the Conficker hole was patched nearly a year ago. Microsoft has gotten their shit together with security so much recently that you can legitimately argue that it may be comparable to your average Linux distro...I'm not saying that is the case, I REALLY do not want to go down that path, my overall point is that 5 years ago, anyone who made the statement I just did would have been ridiculed as a moron, and rightly so.
But you hit very good points...no matter how secure an OS is, it has to listen to its dumbfuck user. The only way to protect against stupid users is to limit rights to oblivion, but then you limit the usefulness of the system. In most cases, the OS cannot determine what is desired behavior of a program or not.
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
if MS stopped working on superfluous bullshit
Bullshit is not superfluous to MS.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Except that IIS has fewer. Let's see:
IIS7, first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2, first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 vs Apache 2.0. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to date
In the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?