Tuesday, January 20, 2009

New Windows virus infects millions of computers

Some years ago, headlines describing global virus infections were commonplace. Does anyone remember the ILOVEYOU virus, the Melissa worm, and Code Red? Lately, while virus and worm threats have not diminished, their reporting has become less prominent. Have you heard about Nyxem, XSS and Sotrm? Neither had I.

The less prominent reportage may have several causes. Viruses and worms have become so widespread as to lose their newsworthiness, the first shell in a war makes headlines, but the 1,000th does not. Similarly, the big spectacular infections are no longer possible; with more and more people protected by firewalls and anti-virus, infections tend to be spread over time rather than one spectacular burst of activity. The other reason of course is that nowadays worms and viruses tend to be less destructive and more pervasive. Probably there is a higher number of infected machines than in earlier years of the Internet, but modern worms tend to have mostly two functions: serve spam and enslave a machine for future use.

These trends have been broken by Conficker, the latest worm spectacular affecting 9 million computers around the world.This worm affects mostly a Windows Server 2003 vulnerability that was first discovered back in October, which "could allow remote code execution if an affected system received a specially crafted RPC request". Although the bug was fixed and an update made available, millions of computers have not installed it, making it a prime target for clever worm coders. The virulence of the worm has taken experts by surprise, the infection is still going on, particularly hitting machines in emerging economies quite badly.

I will once again apply my better nature and I will refrain from gloating about Mac vs PC security, but there are several interesting issues unearthed by this latest attack. Firstly, computer security has become one of the most important Cyberlaw issues in recent years because most of us rely heavily on computers for our daily tasks. There is a direct proportional correlation between vulnerability and the number of users online; as more people become wired and the digital divide diminishes, more systems are available to hackers. Moreover, I strongly feel that there are some practices at Microsoft that enhance vulnerability for everyone.

Allow me to illustrate the point with an anecdote. My MacBook Pro has dual boot because I still have need Windows for various tasks, particularly when I am remotely editing SCRIPTed. For that purpose I purchased and installed a valid yet cheap OEM copy of Windows XP on my Mac. Back in December I logged into the Windows portion of the hard drive, and because I had not logged in for a while it downloaded a large number of updates, amongst them the much maligned Windows Genuine Advantage (WGA). This wretched upgrade turns your machine into a snitch, and it somehow did not like that I was running an OEM copy of Windows on a Mac, so it turned on several nagging notices, as well as changing the Windows background and logging splash screens with annoying messages. While getting rid of WGA is relatively easy for someone who knows what they're doing, this got me thinking that WGA acts as a potent disincentive for people without valid copies of Windows to download updates in fear that their computer will stop working properly. It should be no coincidence that large number of computers in India, Brazil, China and Russia. It is my contention that the reason for such prevalence in emerging economies is not the lack of expertise, but actually the lack of updates because people have stopped trusting them due to WGA.

Internet security is as good as its weakest systems, and as things stand, there are millions of vulnerable PCs. While Windows Vista came with some robust protection preinstalled, many of its features were removed by the user as soon as possible. Computer security must be both non-intrusive and easily scalable. At the moment, Microsoft does not have either.

No comments: