Survey: Microsoft bears some blame for worms

One-third of business users blame Microsoft for the recent worm outbreak, despite the company's security efforts, according to a poll.

Thirty-five percent of respondents to an informal Web survey of customers by security company Sophos said the software maker was ultimately at fault for the recent rash of worms spawned by variants of Zotob. In the poll results, released on Thursday, 45 percent placed the blame squarely on the virus writers, while 20 percent laid blame on their systems administrators for not patching systems fast enough.

"The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected business," Graham Cluley, Sophos senior technology consultant, said in a statement. "But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place."

Microsoft is not alone. Companies are increasingly calling on software developers to improve their security battle-testing of products before release.

"No software is 100 percent secure, and this is collectively being felt by the industry," a Microsoft representative said Thursday. "Over the last year, Microsoft has made improvements with security."

The software giant, for example, has launched its Security Development Lifecycle, the representative said. The move modified Microsoft's software development process to improve the way it integrates security best practices from the get-go.

Microsoft has also seen security improvements with its Windows XP operating system and the Service Pack 2 update, analysts said.

In the most recent worm outbreak, malicious attackers began circulating variants of Zotob and other viruses that exploit a plug-and-play feature in some Windows versions. The onslaught came shortly after Microsoft's regular monthly patch release, which included a fix for the problem. The flaw allows remote attack in Windows 2000 and not Windows XP SP2, according to Microsoft.

"Microsoft is stuck between a rock and a hard place when it comes to vulnerabilities," Cluley said. "When it goes public about its security holes, a virus can be written to exploit them and many businesses may not have rolled out the patch. If it kept quiet...everyone would ask why Microsoft hadn't warned anyone of the vulnerability."

[R. U. Sirius]

Hey, where are the PC Boyz?

Man, I come to this story looking to read all the fun comments first from Apple fans bashing Windows, followed by rejoiners from the PC Boyz, and what do I find? nothing. Total quiet.

[catchall]

We are tired, man

Busy week so far. MS has problems with Zotob, Apple with 44 fixes, some for security flaws, Adobe fixing things...
It is just too much typing!

[GeekRex]

What about Apple?

Apple just released a massive patch for OS X with 44 critical flaws and nothing is said about it--what gives?

[R. U. Sirius]

Hey, where are the PC Boyz?

Man, I come to this story looking to read all the fun comments first from Apple fans bashing Windows, followed by rejoiners from the PC Boyz, and what do I find? nothing. Total quiet.

[catchall]

We are tired, man

Busy week so far. MS has problems with Zotob, Apple with 44 fixes, some for security flaws, Adobe fixing things...
It is just too much typing!

[GeekRex]

What about Apple?

Apple just released a massive patch for OS X with 44 critical flaws and nothing is said about it--what gives?

[CNerd2025]

M$ has improved

"Over the last year, Microsoft has made improvements with security."
Ah, so this point last year, there were 600 security holes for which XP was vulnerable...now we are down to 599!

[CNerd2025]

M$ has improved

"Over the last year, Microsoft has made improvements with security."
Ah, so this point last year, there were 600 security holes for which XP was vulnerable...now we are down to 599!

[Mister Winky]

Not really newsworthy

Summary of this pointless article:

Some people blame the virus author, some blame the vendor and some blame sysadmins. ZZZzzzz. Who else would they blame? Their mommies? The great computer in the sky?

How is this newsworthy? The headline tries to make it sound more exciting than it is. Who is at fault? All of the above. As with any issue this complex (like a multicar pile up on a freeway), fault is always shared.

MS' security response is much better these days, but until they get 95% of Windows users to migrate to Windows XP (especially SP2+) and Windows 2003 (especially SP1+), they're going to feel the hurt for years of overlooking security issues.

Mister Winky

YOU LIE

YOU LIE YOU LIE YOU LIE!
THERE IS NO GREAT COMPUTER IN THE SKY!

:)

[Mister Winky]

Not really newsworthy

Summary of this pointless article:

Some people blame the virus author, some blame the vendor and some blame sysadmins. ZZZzzzz. Who else would they blame? Their mommies? The great computer in the sky?

How is this newsworthy? The headline tries to make it sound more exciting than it is. Who is at fault? All of the above. As with any issue this complex (like a multicar pile up on a freeway), fault is always shared.

MS' security response is much better these days, but until they get 95% of Windows users to migrate to Windows XP (especially SP2+) and Windows 2003 (especially SP1+), they're going to feel the hurt for years of overlooking security issues.

Mister Winky

YOU LIE

YOU LIE YOU LIE YOU LIE!
THERE IS NO GREAT COMPUTER IN THE SKY!

:)

[dam7ri]

Felix was right!!!

Does anyone remember the episode of "The Odd Couple", when Oscar underwent hypnosis to stop being sloppy? The trigger that Felix used was "Our fault lies not in our stars, but in ourselves."

The point is that blame ultimately lies with the user. No matter how safe Volvo makes a car, the person driving it still has to know how to drive, and the same holds true for computers.

I've done all the griping I can about Microsux, virus-writers, and software vendors. Now, I try to teach people how to use computers responsibly, by explaining what anti-virus, anti-spyware, and firewalls do and their importance. Knowledge is the key, not blaming others because of your ignorance.

[Mendz]

I agree...

Makes sense to me... Action does more than talk. It's a fact: Microsoft products fail in security. But still there are Microsoft customers to serve. That's what we have. Either you complain or do something about it. If the users won't switch, you really have no choice. I think it is important that everyone tries to do their best. Including the users themselves...

education is needed

you are right education is needed

do not click on ads
do not download unknown dangerous software
do not use p2p
do not visit unknown dangerous websites
do not give out any information
do not install software you will not use antivirus antispyware etc
do not open unknown email
do not open email attachments

do update system frequently
do use a hardware firewall
do download known software only from developers website
do use dodgeit for fake email addresses


There are probably many more...

[R. U. Sirius]

Why are folkz so accomodating to product providers?

If you bought a car that broke down every week, you'd be livid (I hope). If that car had a security system that was poorly designed, and your car got jacked, you'd be livid (I hope).

But when it comes to software providers, many just shrug and defend the less than stellar QA these providers provide (and I don't just mean the big bad boyz from Redmond).

Why are people so soft on sloppy products when said products come from tech companies?

[dam7ri]

Felix was right!!!

Does anyone remember the episode of "The Odd Couple", when Oscar underwent hypnosis to stop being sloppy? The trigger that Felix used was "Our fault lies not in our stars, but in ourselves."

The point is that blame ultimately lies with the user. No matter how safe Volvo makes a car, the person driving it still has to know how to drive, and the same holds true for computers.

I've done all the griping I can about Microsux, virus-writers, and software vendors. Now, I try to teach people how to use computers responsibly, by explaining what anti-virus, anti-spyware, and firewalls do and their importance. Knowledge is the key, not blaming others because of your ignorance.

[Mendz]

I agree...

Makes sense to me... Action does more than talk. It's a fact: Microsoft products fail in security. But still there are Microsoft customers to serve. That's what we have. Either you complain or do something about it. If the users won't switch, you really have no choice. I think it is important that everyone tries to do their best. Including the users themselves...

education is needed

you are right education is needed

do not click on ads
do not download unknown dangerous software
do not use p2p
do not visit unknown dangerous websites
do not give out any information
do not install software you will not use antivirus antispyware etc
do not open unknown email
do not open email attachments

do update system frequently
do use a hardware firewall
do download known software only from developers website
do use dodgeit for fake email addresses


There are probably many more...

[R. U. Sirius]

Why are folkz so accomodating to product providers?

If you bought a car that broke down every week, you'd be livid (I hope). If that car had a security system that was poorly designed, and your car got jacked, you'd be livid (I hope).

But when it comes to software providers, many just shrug and defend the less than stellar QA these providers provide (and I don't just mean the big bad boyz from Redmond).

Why are people so soft on sloppy products when said products come from tech companies?

[caktus]

Kind of like blaming the weather man for the rain.

The weather man can only try his best. The weather, like bad guys and careless guys, is going to do what it wants. We can't manage the weather. All we can do is learn to manage the bad and the careless.

[nmcphers]

Poor analogy

The weatherman doesn't make the cloud. I better analogy would be blaming Toyota for your car accident.

[caktus]

Kind of like blaming the weather man for the rain.

The weather man can only try his best. The weather, like bad guys and careless guys, is going to do what it wants. We can't manage the weather. All we can do is learn to manage the bad and the careless.

[nmcphers]

Poor analogy

The weatherman doesn't make the cloud. I better analogy would be blaming Toyota for your car accident.

[BR-549]

Two-thirds of business users do not blame Microsoft

The headline for this news item could just as easily have read, "Two-thirds of business users do not blame Microsoft for the recent worm outbreak, according to a poll. But that would not have been news, would it?

Evidently, most of these other business users know how to take care of their business, or if something does goes wrong, they know how to correct it, instead of blaming someone else.

[aabcdefghij987654321]

Spoken like a typical Windoze Drone

The problem isn't Microsoft's security hole laden OS'es. The problem isn't Microsoft's lip service to secure computing. The problem isn't Microsoft's impertinent attitude regarding admitting flaws and releasing patches (Security experts aren't supposed to mention flaws until Microsoft has a patch ready, but often MS sits on flaws for months and won't admit to or attempt to fix a flaw until after an announcement or exploit is released.). The problem isn't Microsoft releasing corrupt updaters. The problem isn't Microsoft stopping their regular patches because they realized how inept it made them look.

The problem is 100% the network admin folks that haven't been able to keep up with all the patches and replace their otherwise perfectly capable hardware that simply can't run the latest Microsoft OS because it's bloated to the point where it requires the latest CPU's just to run fast enough for somebody to check e-mail and type a document.

Sheesh

[R. U. Sirius]

Okay, so?

C'mon man, the PC Boyz lines and Apple Fanz rejoinders are:

http://www.drowning.com/images/boring.gif

[BR-549]

Two-thirds of business users do not blame Microsoft

The headline for this news item could just as easily have read, "Two-thirds of business users do not blame Microsoft for the recent worm outbreak, according to a poll. But that would not have been news, would it?

Evidently, most of these other business users know how to take care of their business, or if something does goes wrong, they know how to correct it, instead of blaming someone else.

[aabcdefghij987654321]

Spoken like a typical Windoze Drone

The problem isn't Microsoft's security hole laden OS'es. The problem isn't Microsoft's lip service to secure computing. The problem isn't Microsoft's impertinent attitude regarding admitting flaws and releasing patches (Security experts aren't supposed to mention flaws until Microsoft has a patch ready, but often MS sits on flaws for months and won't admit to or attempt to fix a flaw until after an announcement or exploit is released.). The problem isn't Microsoft releasing corrupt updaters. The problem isn't Microsoft stopping their regular patches because they realized how inept it made them look.

The problem is 100% the network admin folks that haven't been able to keep up with all the patches and replace their otherwise perfectly capable hardware that simply can't run the latest Microsoft OS because it's bloated to the point where it requires the latest CPU's just to run fast enough for somebody to check e-mail and type a document.

Sheesh

[R. U. Sirius]

Okay, so?

C'mon man, the PC Boyz lines and Apple Fanz rejoinders are:

http://www.drowning.com/images/boring.gif

[orphu]

Your suggestion is wrong

The suggestion not to use MS products is wrong.

1) First of all, most computer users use MS products because of standards set by their company (not by personal choice) or in the case of home users, options available to them

2) Keeping servers, clients, and software protected, and educating users, keeps most companies up & running (the company I've been with for the past 2.5 years has had less than a day of downtime becuase of our diligence)

3) Basic precautions will protect even the most daft home users. I put extremely little effort in protecting my home machine and have NEVER been hit in over 10 years of being connected to the 'Net because I run a software firewall (free), don't click everything in sight, don't believe everything I read in e-mail, etc.

I'm not saying MS doesn't have security issues; however, a little precaution and common sense go a long way and I (and apparently a lot of others in the computing world) are willing to jump through hoops to secure systems to take advantage of the products MS offers. It can be a crapshoot but if one and one's systems are prepared, the risk is mitigated.

[R. U. Sirius]

T.O. - the Philadelphia Eagles want you in camp

Hey TO, you're a great football player and dubious tech analyst. Aren't you supposed to be in training camp?

[orphu]

Your suggestion is wrong

The suggestion not to use MS products is wrong.

1) First of all, most computer users use MS products because of standards set by their company (not by personal choice) or in the case of home users, options available to them

2) Keeping servers, clients, and software protected, and educating users, keeps most companies up & running (the company I've been with for the past 2.5 years has had less than a day of downtime becuase of our diligence)

3) Basic precautions will protect even the most daft home users. I put extremely little effort in protecting my home machine and have NEVER been hit in over 10 years of being connected to the 'Net because I run a software firewall (free), don't click everything in sight, don't believe everything I read in e-mail, etc.

I'm not saying MS doesn't have security issues; however, a little precaution and common sense go a long way and I (and apparently a lot of others in the computing world) are willing to jump through hoops to secure systems to take advantage of the products MS offers. It can be a crapshoot but if one and one's systems are prepared, the risk is mitigated.

[R. U. Sirius]

T.O. - the Philadelphia Eagles want you in camp

Hey TO, you're a great football player and dubious tech analyst. Aren't you supposed to be in training camp?

[orphu]

Posted to wrong thread

This should have been posted in response to:

'P.S. Carl Johnson'

[orphu]

Posted to wrong thread

This should have been posted in response to:

'P.S. Carl Johnson'

Only 1/3 !!!

Shows how ignorant the average user is. If only they knew that its lack of proper architecture and planning that provides all the holes in the OS.

I've been waiting a long time for a news article that talks about the real issue, the fault in the product, but every time it's always the same old story: just focus on the "hackers" and "virus" - probably a lot more attractive for the ignorant.

So comes down to marketing: Until everyone points the finger at Microsoft for the holes they leave wide open, they are only getting complaints from 1/3 of the more informed users... no incentive for them is it now?

[Scott W]

i agree, but consumers should take responsibility

since i switched to linux i have had an improved software experience, no malware, and a faster computer. yes, crackers are to blame for viruses, just like car thieves are to blame for car theft, but that doesn't meant that car makers should make it easy for them. the same goes for the owners. it has to be a united front and MS should lead by example, instead of trying to hide behind the defence that others shouldn't be doing it. crackers shouldn't crack computers or spread malware but they do, and we have to live with it. they are not a new thing either, and windows has flaws that have been patched in UNIX systems 20 years ago!

Only 1/3 !!!

Shows how ignorant the average user is. If only they knew that its lack of proper architecture and planning that provides all the holes in the OS.

I've been waiting a long time for a news article that talks about the real issue, the fault in the product, but every time it's always the same old story: just focus on the "hackers" and "virus" - probably a lot more attractive for the ignorant.

So comes down to marketing: Until everyone points the finger at Microsoft for the holes they leave wide open, they are only getting complaints from 1/3 of the more informed users... no incentive for them is it now?

[Scott W]

i agree, but consumers should take responsibility

since i switched to linux i have had an improved software experience, no malware, and a faster computer. yes, crackers are to blame for viruses, just like car thieves are to blame for car theft, but that doesn't meant that car makers should make it easy for them. the same goes for the owners. it has to be a united front and MS should lead by example, instead of trying to hide behind the defence that others shouldn't be doing it. crackers shouldn't crack computers or spread malware but they do, and we have to live with it. they are not a new thing either, and windows has flaws that have been patched in UNIX systems 20 years ago!

[QuietStormX]

Give me a break!

It's just laziness. Just update your OS software! Those people want someone to hold their hand and do the work for them. It's just like when lazy Americans who don't read the owners manual or can't program a VCR... Microsoft has automatic updates, use it and shut up please..... Update your firewall and virus software.

People got burned because of their own fault!

Thats all I have to SAY!

[QuietStormX]

Give me a break!

It's just laziness. Just update your OS software! Those people want someone to hold their hand and do the work for them. It's just like when lazy Americans who don't read the owners manual or can't program a VCR... Microsoft has automatic updates, use it and shut up please..... Update your firewall and virus software.

People got burned because of their own fault!

Thats all I have to SAY!