It's time to get rid of Windows?

Galen

Cruel to be kind?

http://blogs.computerworld.com/14510/its_time_to_get_rid_of_windows

I thought that the massive DDoS (Distributed Denial of Service) attacks that knocked Twitter and other social networks out was because of Iran's government trying to shut down its protesters. I was wrong. Hundreds of millions of Internet users were annoyed because of Windows botnet-based DDoS aimed at one (1) person.
According to security company McAfee's director of security research Dave Marcus, "This was a very targeted attack, and what the research shows is that it was aimed at one particular person, and that person's accounts on Twitter, Facebook, YouTube and LiveJournal." The target is a pro-Georgian blogger, but he's still just one man.
Let me spell this out for you. Some people out there used no fewer than six Windows botnets to go after this one guy. And, in the process, they knocked out, for hours at a time, most of the major social networks.
How did this happen? It happened because Windows is an insecure piece of junk. Anyone who knows anything about security knows that this kind of disaster was only a matter of time. Windows botnets are responsible for DDoS attacks and most of e-mail spam.
You cannot secure Windows. Microsoft keeps saying that they will, and they always fail. Period. Windows has been insecure since day one and it's still going to be insecure when Windows 7 shows up.
Perhaps it's time to start blocking Windows PCs from the Internet. Sound crazy? Yes, I agree.
But, I'll tell you something else that's crazy. It's crazy that whole sections of the Internet can be shut down by a few people controlling huge Windows botnets for petty, personal reasons.
We have the technology to start locking Windows out of the Internet. You can tell when a Windows PC is trying to connect to a Web site.
OK, so we can't block them all, but perhaps we can start checking Windows PCs for up-to-date patches and minimum security settings before allowing them Internet access.
After all, some Web designers are already presenting Internet Explorer 6 users with a notice encouraging them to dump their out-of-date browser. We can use the same approach to encourage people to switch from Windows to Linux or Mac OS. Or, perhaps more to the point, shove Windows security uploads down their throats or refuse to let them connect.
We depend on the Internet. We play on it, we work on it, we live on it. If attacks like this become commonplace, and, after this foul-up I don't see any reason why they won't, we'll need to pro-actively protect it from Windows' botnets. And, if that means blocking out out-of-date Windows PCs with inadequate security settings before they can be used in an attack, then so be it.

Martyr

And replace windows with what exactly?
Steven didn't seem to give any solutions.

This was a very targeted attack, and what the research shows is that it was aimed at one particular person, and that person's accounts on Twitter, Facebook, YouTube and LiveJournal." The target is a pro-Georgian blogger, but he's still just one man

This is all speculation, they don't know who carried out the DoS attack.

If I make a negative comment about Britain here, and tomorrow boards.ie suffers a DoS attack, are we gonna say "british hackers attack boards.ie" ??

Of course not, but that's exactly the story being spread around the web..it's just speculation and nothing else.

The whole story is ridiculous..

Galen

Personaly, I suggest that anyone tech savvy replace with linux unless you're a gamer.

An Fear Aniar

Martyr wrote: »

And replace windows with what exactly?
Steven didn't seem to give any solutions.

He suggested that people use Linux or Mac OS. He's right, Windows is not secure enough to be allowed on the internet.

.

Caoltan

An Fear Aniar wrote: »

He suggested that people use Linux or Mac OS. He's right, Windows is not secure enough to be allowed on the internet.

.

Purely for compatability and direct x, Windows > all otherwise, probably not, but those are the 2 most important things in computing. Security is way down the list.

nesf

The main point of his article seems to be a bit naive. Windows is the biggest target of viruses etc specifically because it's got the biggest population of less tech savvy users. Linux etc are under nowhere close to the same kind of focussed attack. Moving the herd to a different OS will just change the point of attack and almost any home PC OS can be compromised if the person using it doesn't know what they are doing.

Overheal

He had an Account on Gawker too apparently: they were also hit with a massive DDoS earlier in the week:

http://news.cnet.com/8301-13577_3-10302636-36.html

I fully agree with nesf. Its like Firefox. Firefox is still much more secure than IE, but at the same time, now lauds nearly a 1/3 share of the Browser Wars, making it a powerhouse. Hackers are going to pick up on this fact, and begin focusing more attacks at Mozilla's software. Eventually, it will be just as insecure as IE.

Theres probably a solution somewhere to DDoS attacks, but its not jumping ship onto another ship.

Ginger

Galen wrote: »

Personaly, I suggest that anyone tech savvy replace with linux unless you're a gamer.

I am tech savvy and I wouldnt move to Linux. Simple reason it is not lucrative enough. I make good money developing on Windows, better than what I would on certain O/S

Looking at previous hack attempts on different browsers, Safari on the Mac tumbled before IE on Win 7

http://www.pcpro.co.uk/news/249768/safari-falls-in-10-seconds-at-hacking-content.html

But this is a rare stat in a history of Windows based attacks.. but if you look at why this happens. Its more effective to make money on attacking Windows because of volume and general user base. If you (as another poster pointed out) move the masses to another OS and that become the market share leader, that will become the obvious target . Its a case of effort vs reward..

Moriarty

"I've got an infallible way to create a paradise on earth: just make everyone stop doing bad things!"

Back in the real world..

As long as you have software being released in it's current form you'll have security holes. As long as there are security holes in software, there'll be exploits for them. Result: botnets. The only way to counter this from the software perspective is to force automatic updates of all software for all security patches, which is completely unworkable.

Result: botnets are - and will be for the forseeable future - unfortunately a fact of life on the internet. As mentioned above ^, it's a pretty os-neutral issue. Whatever the current flavour of the month is will always receive the highest attention from shady characters.

There's a handful of ways that botnets could be brought under control in the medium term, but none of them are cheap. Not much will be done about them until they come to the attention of decision makers. When that time comes, service providers and software vendors will be clenched tighter than a duck's ass if any meaningful impact is to be found.

Spudzz

nesf wrote: »

The main point of his article seems to be a bit naive. Windows is the biggest target of viruses etc specifically because it's got the biggest population of less tech savvy users. Linux etc are under nowhere close to the same kind of focussed attack. Moving the herd to a different OS will just change the point of attack and almost any home PC OS can be compromised if the person using it doesn't know what they are doing.

Very good point.

Tim M-U

still not stoping me from using windows!

everything runs on it, the sims, expression web ect..

i think windows is good.. i think its safe! theres laws about hackin into computers and viruss...

Carsinian Thau

Tim M-U wrote: »

still not stoping me from using windows!

everything runs on it, the sims, expression web ect..

i think windows is good.. i think its safe! theres laws about hackin into computers and viruss...

Good point. I wouldn't stop either.

But just because there are laws against that sort of thing, that doesn't mean it won't happen.

FruitLover

An Fear Aniar wrote: »

Windows is not secure enough to be allowed on the internet.

Windows is just fine if it's used correctly. I.e. not running as an administrative user and having some common sense when online.

A Primal Nut

I don't believe for a second that Windows is any more unsecure than Mac OS or Linux. It is targeted because the vast majority of people use Windows. The same with IE vs Firefox. I use Windows and occasionally use IE; and I don't have problems with botnets/viruses as long as I stay away from warez/illegal sites. If you are tech-savvy its unlikely you have a problem regardless of what OS you use. Microsoft have whole security departments working on fixing security holes. Linux is open source and I doubt security is their biggest priority. I fail to see how Linux is more secure.

Of course there are also benefits to having a more popular operating system: compatibility with software. You can't have the best of both worlds.

People are just trying to find any excuse to hate Microsoft. Its like a hobbie for some people to constantly go on about how crap Microsoft is.

Capt'n Midnight

Ginger wrote: »

Its a case of effort vs reward..

Even though there are 75 million Mac users with OSX ( 10% of home PC's in the US ?) and most of them aren't as security concious as windows users , there are also fewerable knowledgeable crackers than for windows and besides it really is a more secure OS because it doesn't have to do daft stuff like provide binary support for stuff written in 1983.

Moving to a more secure OS won't solve everything, as some java exploits have shown, it won't stop people trying to install software to look at the video link sent in an email but it will make things harder for the script kiddies.