… to help pay for correcting its sieve-like OS and application coding. Now I’m not saying Microsoft is the only reason malware, phishing, botnets and other cybercrime goes on out there, but its shoddy and ubiquitous products are to blame for a very large majority. And that statement comes from a Microsoft user and supporter.
This internet usage tax idea from MS’s “trustworthy computing” veep is the height of stupidly ballsy statements. Maybe Microsoft should remunerate every computer user whose identity has been stolen, data compromised or computer files corrupted or lost due to yet another security fix that came a little too late.
Taxing internet usage to fix a problem largely caused by a single entity? Not a good idea. Try again, Scott Charney.
From the link:
How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft’s (MSFT) security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.Today most hacked PCs run Microsoft’s Windows operating system, and the company has invested millions in trying to fight the problem.
Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more “social solutions.”
Update 3/8/10 — Looks like I’m not alone in condemning this crazy idea.
Just the thing for the technically challenged wanna-be cybercriminal. It’s bad enough having to deal with nefarious coders, but these tools (and various “virus making for dummies” tools have been around forever) allow bored kids and garden variety criminals in on the lucrative world of botnets.
From the link:
In 2005, a Russian hacker group known as UpLevel developed Zeus, a point-and-click program for creating and controlling a network of compromised computer systems, also known as a botnet. Five years of development later, the latest version of this software, which can be downloaded for free and requires very little technical skill to operate, is one of the most popular botnet platforms for spammers, fraudsters, and people who deal in stolen personal information.
Last week, the security firm NetWitness, based in Herndon, VA, released a report highlighting the kind of havoc the software can wreak. It documents a Zeus botnet that controlled nearly 75,000 computers in more than 2,400 organizations, including the drug producer Merck, the network equipment maker Juniper Networks, and the Hollywood studio Paramount Pictures. Over four weeks, the software was used to steal more than 68,000 log-in credentials, including thousands of Facebook log-ins and Yahoo e-mail log-ins.
“They had compromised systems inside both companies and government agencies,” says Alex Cox, a principal analyst at NetWitness.
A survey conducted by another security firm–Atlanta-based Damballa–found Zeus-controlled programs to be the second most common inside corporate networks in 2009. Damballa tracked more than 200 Zeus-based botnets in enterprise networks. The largest single botnet controlled using the Zeus platform consisted of 600,000 compromised computers.
You have to admit it’s an interesting theory and more than a bit cybercloak-and-daggerish.
From the link:
Randy Abrams, director of technical education at ESET, an IT security company based in Bratislava, Slovakia, said his best guess is that a major botnet herderwas offering a demonstration of the power of his botnet to a potential client with a major target in mind.
“They could have been saying, ‘Look what I can do to Twitter. I think my botnet can handle whatever you want it to do,'” said Abrams. “I’d put my money on this being a demonstration, a show of force, by someone looking to hire out their botnet.”
Update — Or maybe not.