Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting

chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.

Partners in crime fighting

[rossdee]

dinner, dinner, dinner, dinner, dinner, dinner, dinner, dinner,
Batman

Summary should say ...

[fnj]

Few companies can claim to have done as much fighting - or feeding - cybercrime.

There, fixed that for you.

Re:It's Microsoft's fault

[ShanghaiBill]

If the operating system is secure, criminals exploit the users instead.

Nonsense. There is not a fixed quota of crime in the world. Criminals exploit profitable opportunities, and more opportunities mean more crime, while fewer opportunities mean less crime. A secure operating system does not "push" people into phishing. Writing a virus and social engineering don't even use the same skill sets.

No-ip isn't shady

[sobachatina]

I've used No-ip for non-mission-critical dynamic IP services and for domain registration for over 10 years. There's nothing "shady" about them.

They offer a free service that is sometimes exploited by criminals and are very responsive to reports of abuse.

Microsoft not only didn't report these criminals to no-ip- they actually sealed the court order so they could seize the domains before no-ip found out about it.

It boggles my mind that a vigilante corporation can get a court order to simply seize another companies assets.

Re:No-ip isn't shady

So in both things you link they state they rely on people informing them. So instead of informing them microsoft got a court order, without even talking to no-ip. And no-ip is supposed to look bad, how? It's obvious you are a shill for microsoft, you didn't have to actually admit it in the post.

Re:No-ip isn't shady

[ThatsMyNick]

hotmail has been known to send a lot of spam. I hope someone takes control of hotmail domain, since microsoft is unable to police it. (Note that it has recently been brought down, by someone should have taken control of their domain when it was a serious problem).

The point is a free service being abused is expected. It is not as if noip encouraged abuse and were paid by abusers.

Re:"fighting" crime?

[JabrTheHut]

You give them too much credit - it's more like bringing an egg whisk to a gunfight.

So they're gonna crack down

[future+assassin]

all the holes in Windows and commercial software that allow so many criminals to profit from the security holes?

Bad programming

[jgotts]

Microsoft has been writing poor quality software for my entire life.

The best programmers do not go to work for Microsoft. Maybe that was the case in the early 90's but it hasn't been true for decades.

To make matters worse, Microsoft does a lot of its programming in India. We all know that Indian programming is of poor quality, and the reason is not because Indian programmers are much less competent. It has more to do with the fact that in programming if two parties can't communicate completely unambiguously in one language then they have no hope of writing good software. Programmers have to be more than fluent in the language they speak with each other, they have to be scientifically precise.

People go to work for Microsoft because it's safe. There's no risk of the company going under. Risk minimizers don't write good software, because they're not very creative. They tend to keep patching up the same old crap rather than writing something new that works better.

At mature software companies hundreds of non-programmers are telling the programmers what to do, and it only gums up the works. You wind up not working efficiently, because you need too much sign off to get anything done. And once you get signoff, the hundreds of non-programmers are dictating your schedule, not quality of the code or whether it is completed to your satisfaction.

There is no one to clean up Microsoft's mess but themselves. Probably the best solution would be for the company to split up. The people who make the Xbox are probably weighed down by the rest of the company's ineptitude. I'd like to see those guys go their own way.

Re:Bad programming

[DaHat]

Microsoft does a lot of its programming in India.

How much is 'a lot'? What %?

We all know that Indian programming is of poor quality, and the reason is not because Indian programmers are much less competent. It has more to do with the fact that in programming if two parties can't communicate completely unambiguously in one language then they have no hope of writing good software.

So that's a problem only with Indians? Not Chinese? Australians? Romanians? Turks? Russians? Nigerians?

If you hire those who can communicate well, where they came from is unimportant.

In other news

[whoever57]

April 2013: the OpenDNS blog reported that no-ip was the second most popular dynamic-DNS site for malicious software.

In other news, Google is the most popular site for finding <your choice of illegal material here>.

See what I did there? And how the reports of NO-IP's use for malicious software are meaningless?

When it comes to fighting cybercrime ..

[lippydude]

"When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft"

Despite how much effort Microsoft retrospectively put into trying to change the historical facts. When it comes to causing cybercrime, few companies can claim to have done as much damage as Redmond, Washington-based Microsoft.

"Windows NT and its successors .. were not initially designed with Internet security" ref

Re:need to crack down on the russian government an

what about the NSA? How much of this "cyber crime" is related to government monitoring. I like how the focus shifts to Russia and China at a time when the US is being criticized/ignored for leading an international spying ring! How much malware has hit the internet lead by governments working together, until its caught in the wild then they all blame each other or some group as the cause?

That's the real problem anymore, no one knows who is responsible for half the shit going on. Even better you can set-up fake groups in enemy countries to redirect any attention away from your objective. And MS seems to be behind a lot of bullshit lately after being targeted for allowing possible backdoors in its software.

Re:no-ip is shady?

[Enfixed]

In all the years I've used NO-IP for personal and business DNS management, NOT ONCE have they done anything I'd even remotely consider shady. Their service was rock solid until Micro$oft came in with a hostile takeover, hell they didn't even bother to so much as talk with NO-IP beforehand.