Networking Notes: The Problem With Windows (or Any Other OS)

By Michael Hall | Posted January 19, 2007

There's a popular game among online journalists that bears a mild resemblance to batting at a piñata: It's called "Keeping Up with The New York Times' Technology Page." It's fun for some because the writers at the Times, trying to write for a general audience, are largely helpless against charges that they're behind the times.

This week, for instance, the Times' John Markoff decided to ease everyone into Sunday with a bit of advice. This comment set off a round of either snickering and jeering from Linux, Mac and anything-but-Microsoft devotees — or eye-rolling and finger-wagging from Windows users:

Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows ubiquity makes it fertile ground for network-based attacks.

Using a non-Windows-based PC may be one defense against these programs, known as malware ...

Markoff shows a deft touch for eliciting the sort of snarling, spitting, back-arching discomfiture at which people who do not consider computers a lifestyle choice are frequently taken aback.

For the Linux and Mac people, mention of "Windows' ubiquity" is a two-fold sin. First, it lets Microsoft off the hook for its security problems. Second, it reminds them that the only time you see the words "Mac" or "Linux" next to the word "ubiquitous," they come with additional words like "design departments" or "Cheeto-smelling dorm rooms at technical colleges."

For Windows people, the whole "nonWindows-based PC" business is a scurrilous, shady nostrum that will be no better for customers, some ill-defined concept of "innovation," or "invested enterprise stakeholders" than Marxism was for East Germany, and about as fun.

It's a classic case of everybody being a little-bit-to-mostly-right combined, frankly, with an abundance of human obnoxiousness — a substance we've been unable to use to solve the world's pressing energy needs except when it comes to powering the Internet. Let's break it down.

The Problem with Windows
Terrible things happen to people who use Windows. I don't need to spend much time on this. Just go visit your favorite anti-virus vendor or a Web site that carries security news and the case makes itself.

The only places more terrible things happen to more victims (one might argue) is at the end of the long chute at a cattle yard. And Markoff's right: Windows is ubiquitous, so it provides more bang for the tiny amount of bucks it takes to turn a worm loose, so its numerous and unfortunate holes are frequently and zealously exploited by bad people.

Windows machines make swell zombies, they excel at hammering networks with worms, and the industry that provides security software for them has worked so hard to insert itself into people's consciousness that machines already sagging under the weight of vendor add-ons like "help centers" and "media monitors" and assorted branding gewgaws become even more slow and miserable to use. Why did it take four seconds between the "d" and the "a" in "dammit this machine is slow?" Because your anti-virus software needed to pop up to remind you it's on the job, or needs an update, or is going to sleep now, or is concerned that you've had so few viruses it may be a sign that you've got a really bad virus.

Making this situation worse is the decidedly un-dramatic way in which malware is behaving these days. It doesn't wipe out your hard drive or delete all your files or change your screensaver to a shocking and pornographic display that's illegal in 49 states. It tends to make itself one background task among many, either hanging around and doing nothing or just churning out spam until someone traces it down and makes it stop. People don't have their noses rubbed in their computer's infected state with a lot of drama and flashing lights and lost files, so ... .

The Problem with Not-Windows
I'm not going to spend a lot of time on this either, I guess. People use Windows for all sorts of reasons, and most of them have an investment in it. Maybe that investment is training, maybe it's in software, or maybe it's even in hardware that won't work very well or not at all with Linux or a Mac. Telling these people "run something besides Windows" isn't very helpful. They'll continue to suffer because of that investment.

There's really nothing wrong with Linux or Macs from an "all things are equal" point of view, which they never are. And as many Linux people are fond of pointing out, how much of the stuff my colleague over at Linux Today refers to as "greeting card software" do you really need when the Web is becoming the real platform?

The Problem with the Future
Besides the fact that none of us is ever going to get a flying car or a free quad-core Mac Pro with the purchase of Cheerios, the big problem with "the future," where "the future" is "that period of time when we aren't running Microsoft Office in favor of some Web-thingy from Google," is the way security threats are going to change. In fact, they're already changing.

Consider a story recently posted on MSNBC's site about Dave DeSmidt, a worker planning to retire in a few years. According to the article, DeSmidt's 401(k) retirement account was raided and all $179,000 transferred with an online transaction. Before finally caving with some media attention and giving DeSmidt his money back, the brokerage firm reportedly had this to say:

"J.P. Morgan concludes there was no external or internal breach of controls with the J.P. Morgan environment...Access and authentication controls established within J.P. Morgan worked appropriately."

In other words, it wasn't some stealthy hacker sliding through the corporate firewall. Rather, it was someone who scored DeSmidt's username and password and put them to work. How that information was obtained is anybody's guess, but if any security breach has been gaining in the past few years, it's been phishing attacks, and the accomplices in some of those attacks are the Web browsers themselves, which have fallen victim to a number of cross-site scripting attacks (define) as well as more obscure vulnerabilities involving URL character encoding and more.

In some ways, we've come full circle in terms of computer security: The Kevin Mitnicks of the '80s and '90s prospered by learning to get the humans running the computers to cough up useful information. Phishing attacks just automate the process of getting unwary people to give out a password or account number.

But since this is supposed to be an upbeat and cheery column, designed to fill you with hope for the coming year, I'll throw out something you can look at right now if you're concerned about phishing and want to get a head start on the future:

PhishTank is a clearing house for phishing information. It provides a public database and API API designed to help protect people from phishing attacks. There are Phishtank-powered tools built in to the Opera browser, as well as tools for securing Outlook and Outlook Express. Prefer Firefox? There's an extension for that, too.

I'll soon look at other ways to use PhishTank and other technologies. In the mean time, try out those extensions and plugins, and maybe even Opera. And quit picking on the guy from the Times.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date