Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting

chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.

It's Microsoft's fault

[Animats]

If Microsoft hadn't built such insecure operating systems, the problem wouldn't be so big. This is the company that brought you Active-X, autorun, and the ability to invoke programs from spreadsheets and documents.

Re:No-ip isn't shady

[ljw1004]

I think No-ip sound very shady...

April 2013: the OpenDNS blog reported that no-ip was the second most popular dynamic-DNS site for malicious software. http://labs.opendns.com/2013/0... -- No-IP responded that they have a very strict abuse "policy", and they want other people to help by reporting violations of the TOS to them. They also scan daily and filter by keyword. http://labs.opendns.com/2013/0...

February 2014, the Cisco blog reported that no-ip had risen to be the worst offender: http://blogs.cisco.com/securit... -- No-ip again responded that they have a strict abuse policy, and they want other people to report violations of the TOS to them, and they scan daily and filter by keyword. http://www.noip.com/blog/2014/...

Were no-ip doing a good enough job at policing themselves? It doesn't sound like it to me, not at all. It sounds like they have a decent "policy" but don't go out of their way to enforce it, their daily manual scans aren't up to what's needed, their keyword filters are easily bypassed. They can sound hurt all they want that OpenDNS and Cisco and Microsoft wrote public blogs or took action rather than reporting the individual offenders to No-IP first. But the fact that No-IP does so badly, and got worse, shows they weren't taking adequate action themselves.

You say they're "very responsive" to reports of abuse. But honestly, if their strategy for combating abuse rests SO HEAVILY upon volunteers to report abuse, and their strategy hasn't been working so far, then they have a bad business model.

Disclaimer: I work at Microsoft, but in an entirely unrelated division (I'm on the VB/C# compiler team).

Re:No-ip isn't shady

[symbolset]

You might as well call DNS itself shady. 98% of malware networks use it to hide their tracks an keep their networks up.