Feeds

Virus writers are industrial terrorists – MS

Bunker mentality seizes Redmond

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Virus writing is comparable industrial terrorism, according to senior .Net developer evangelist Michael Lane Thomas.

Writing about Microsoft's Strategic Technology Protection Program, Michael Lane Thomas said that if people seek alternatives to Microsoft's IIS because of security concerns (as Gartner advocates) this "would only accomplish what the industrial terrorists want".

"As long as the spirit of innovation is preserved and destructive viruses are recognised as industrial terrorism, Microsoft will continue to provide revolutionary ideas," Lane Thomas writes in the Point/Counterpoint column on devx.com.

Warming to his theme, Lane Thomas compares the terrorists who hijacked aeroplanes on September 11 with "industrial terrorists [who] analyzed IIS Web server security until they found a weakness".

To formulate his argument, Lane Thomas compares the developers of Nimda or Code Red with Mohammed Atta and his cronies.

Chamber's Dictionary defines terrorism as "an organised system of violence and intimidation, especially for political ends". Virus writing falls a bit short of this. Microsoft's own Encarta records "bombing, kidnapping, and assassination, carried out for political purposes" as aspects of terrorism, but not virus writing.

Lane Thomas' article, counterpointed by a more persuasive (we think) discourse by security consultant Brian Martin, seems to be soapbox oratory on behalf of Microsoft.

Included is the assertion, earlier made by Microsoft's Scott Culp (manager of the Microsoft Security Response Center), that worms are inevitable when you have complex software and the belief that user procrastination about applying patches is a major cause of the problem.

There's little acknowledgement that Microsoft, which will always be a target for hackers, needs to improve the base security of its products. But there is evidence that the company is improving in this regard. The Strategic Technology Protection Program, which aims to simplify and speed up the delivery of software patches, and Microsoft's closer relationship with security firms both point this way.

Lane Thomas' article displays the kind of bunker mentality associated with people under heavy fire. It also exhibits a classy mixed metaphor.

"Did the Code Red worm exploit a flaw in the underlying technology or the flaw in human nature commonly known as procrastination? You can lead a horse to water but you can't make him drink, and shooting the rider because his horse allowed itself to get dehydrated is not the proper response," Lane Thomas writes.

No, we don't understand what that means either. ®

Update

Lane Thomas' article has been removed from the devx.com Web site and the content can't be accessed through the Google cache. Perhaps someone realised his comments struck the wrong note.

Related Story

MS issues bum security patch, contradicts self
MS says stop discussing hack exploits
Can IIS flourish post-Gartner?
Microsoft (finally) tries to make IIS secure
Web server attacks doubled over the last year
DoS attacks getting scary, CERT warns

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.