Symantec estimates that 1/3 of all SPAM was stopped when Microsoft (with the assistance of the U.S. Marshals and a court order) took steps to shut down the Rustock botnet. Other botnets (Bagle, Festi, Cutwail, Lethic, Grum, Xarvester and others) are stepping into the void left by Rustock. Whether Rustock will remain ‘dead’, is unclear as the Rustock programmers and Rustock ringleaders are still unidentified and still at large.
This isn’t the first time Microsoft has taken down a botnet and Rustock is not the only botnet.
We have known for years that personal and business desktop computers infected with viruses and bots were the primary source of the majority of SPAM on the Internet. Lack of computer literacy, knowing how to use and protect your computer, is the primary enabler of computer infection. Having anti-virus isn’t enough, you have to know how to protect your computer and how to surf the web and handle e-mail and files safely.
MICROSOFT
SYMANTEC
NEW YORK TIMES
Apple released ProtectMac AntiVirus this month. <sarcasm> Curious, I thought Macintosh computers were immune to malware?</sarcasm>
Apple has been running ads with a guy in a suit representing the PC and another actor in jeans and a t-shirt as a Macintosh. Various commercials show the PC character being paranoid about viruses, Apple even goes so far as to dress the PC actor in a white clean room suit (it’s supposed to look like a biohazard suit). This is supposed to imply that a Macintosh computer is immune to security threats like viruses and malicious websites. It’s not.
In the dawn of Macintosh Time, the original Macintosh computers used Motorola and later IBM processors, neither of which was compatible with Intel processors. Thus, viruses that ran on a PC with an Intel processor would not run on a Macintosh which used the Motorola or IBM processor. Modern Macintosh computers now use Intel processors, (yes, you can still buy a Macintosh with a non Intel chip) so that myth bit the dust five years ago when Macintosh made the switch to Intel. Further complicating things is Java, which is a virtual environment that renders the actual processor used as meaningless. Java code runs anywhere there is a java engine to run it, which is all current Macintosh computers and PC’s.
Which brings us to the latest Java vulnerability in the Macintosh browser that lets sites hijack the Macintosh and run any command on it they wish, remotely. A security professional, frustrated by Apple not patching this bug even after knowing about it for six months and knowing there was code in the wild to exploit this Macintosh Java vulnerability, released a proof-of-concept piece of Java software to prove the Macintosh could be hacked via Apple’s Java engine. See Computerworld’s article: Angered by Apple delay, hacker posts Mac Java attack code.
CIO magazine’s Ira Winkler felt the hacker releasing the code was a ineffective at best and argued that it’s time for the FTC to investigate Mac Security.
My personal opinion?
I don’t have as big a problem with companies making insecure products, consumers just shouldn’t buy them if they know they are insecure and have a choice. I have a problem with companies misrepresenting products as being secure when they’re not, knowing full well that their consumers are not educated enough to know the difference.
Recent Comments