Spoutin' Off: Windows is wide open to security breaches

By Michael Rau

April 14, 2009

I'm not much for conspiracy theories. I often worried about being accused of spreading such during the many instances over the past several years in which I wrote about the lack of attention to cybersecurity within our online infrastructure.

I actually feel like something of a failure in that all my warnings are proving to have been not strong enough.

In the past couple of weeks, several separate stories have emerged about online security breaches that should make the hair on the back of anyone's neck stand straight up.

The first was about a particularly insidious worm called “Conficker”, which experts say has infected as many as 20 million computers worldwide. What they can't tell us is exactly what Conficker is programmed to do.

They were able to figure out that it was programmed to “phone home” and download new instructions on April Fools Day, but never figured out what those instructions were. Just a few days ago, they detected activity by the worm, but couldn't figure out what it was trying to do.

The good news is that cyber security experts don't think Conficker is programmed to cause damage to the systems it infects.

The bad news is that they're fairly sure it's designed to, at some point, engage in a massive systemic theft of financial information from individuals and institutions, thus enabling the worm's controllers to steal who knows how much money.

Conficker is particularly pernicious because it evolves, and can thus mask itself from anti-virus and anti-spyware applications.

In a recent 60 Minutes segment, it was reported that a tremendous amount of this cybercrime is being committed by Russian teenagers, who instead of being treated like criminals, are hailed at home as heroes anytime they successfully steal money or data from any American individual or institution.

Scared yet? If not, try this: The Wall Street Journal has reported that both the Russian and Chinese governments have successfully infiltrated the computer network that controls our nation's power grid.

According to the report, security experts detected the breach after the fact and have since determined that the hackers left behind programs designed to disrupt the power grid on command.

They say this was likely not an attempt to actually cause damage, but rather to provide both of these superpowers with the ability to crash the grid in time of war.

Both of these countries have embraced cyber warfare as part of their national military policies, but then, so have we. I'm not sure what Russia and China do to try and block our efforts, but it was reported recently that the Pentagon spent more than $100 million in the last six months responding to damage from cyber attacks and other computer network problems.

Russia, at least, has already demonstrated its ability to engage in effective cyber warfare. In 2007, Russian hackers, likely working for the government, successfully crippled one country's entire computer network for three weeks before it was restored to a semblance of usability.

Now granted, that county was Estonia – not exactly a country considered to be on the cutting edge of technological sophistication. But still, you have to admit it was a heck of a trial run.

As I've read all of these accounts, I can't help but be struck by the lack of mention of the 900 pound gorilla in the room.

All of these security holes exist because of one thing: Microsoft Windows

The proprietary code flaws in Windows that create these security holes have been known for at least a decade, but still, almost every business, every government agency, every branch of the military, and the vast majority of individual Americans, continue to use this phenomenally inferior operating system for their day-to-day work.

Malware can be spread through any operating system, but with few exceptions it only functions in Windows. Don't believe me? Go to the Norton Security Center and tell me how many viruses, worms, or other types of malware function on other operating systems.

So why isn't coming up with a solution as simple as identifying the problem? Why would anyone, in this day and age, use Windows as their primary operating system. The U.S. Navy uses Windows to run systems on Nuclear carriers and subs, for crying out loud!

Regular readers know I'm a Mac guy, and while Apple often chafes me the wrong way, OS X remains the best, most secure operating system on the planet. And in the past few years, the interoperability issues that have kept large operations and institutions from using OS X have largely vanished.

Linux still lags in terms of ease of use, but it's getting better, and while it has a long way to go, is now a viable alternative to Windows.

And now, Google is talking about developing a full-blown version of its Android operating system for computers.

Windows is the problem and solutions exist. What has to happen before we just accept that Microsoft will never feel motivated to create a safe operating system and take the steps necessary to ensure the security of our online infrastructure.

Michael Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, go to http://dailypress.asoundidea.com.

Copyright © 2009, Daily Press