5957887
story
Comments: 205 +- Your Rights Online: Microsoft Files Suits Against "Malvertisers" on Friday September 18, @12:49PM
Posted
by
kdawson
on Friday September 18, @12:49PM
from the prefix-of-the-hour dept.
from the prefix-of-the-hour dept.
background: url(//a.fsdn.com/sd/topics/topicms.gif); width:75px; height:55px;
microsoft
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicdoj.gif); width:50px; height:79px;
court
eldavojohn writes "Reuters is bringing us news of five civil lawsuits filed by Microsoft against 'Soft Solutions,' 'Direct Ad,' 'qiweroqw.com,' 'ITmeter Inc,' and 'ote2008.info' that allege they 'used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.' Microsoft's Tim Cranton outlined the suits and provided links to all the filings for download. 'Cranton added that names of specific individuals behind these activities were not known and the lawsuits were being filed to help uncover the people responsible.'"
It doesn't much signify whom one marries, for one is sure to find out
next morning it was someone else.
-- Will Rogers
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Brain... locking... up... (Score:3, Funny)
Shatnerian... levels... of... confusion...
Who... to... root... for... or... against...
Microsoft... or... the... malware... people...
Re: (Score:2, Funny)
The enemy of my enemy?
Nah!
I wish them joy of each other!
Re:Brain... locking... up... (Score:5, Funny)
wish them joy of each other!
Anger is an aphrodesiac. The Malware companies have been seducing Microsoft for all this time, and now Microsoft has finally broken the ice. It's tsundere approach only quickens the heartbeat of the malware companies. Once Microsoft has them in court, the judge is throwing the book at them, the Malware companies will look up to Microsoft and say "You have me where you want me, now what do you want to do with me?"
At which point, Microsoft will smile, the fade of anger will reveal the flush of lust behind it. From the conjoining of these two, sweaty bodies of software production will emerge the glow of new life -- Microsoft Windows Lovechild.
The spawn of Microsoft and Malware will install itself upon any computer it comes in contact with. Lovechild (or MWL for short) will ask the user "You really want this installed on your system don't you?" If you type "N" it changes the background color to an alluring pink and says "Sometimes, when a user is scared, when they say 'no' they mean 'yes'" and then it proceeds to install itself upon your system.
Parent
Re:Brain... locking... up... (Score:4, Funny)
Parent
Re: (Score:3)
I don't think I will ever truly be clean again.
Re: (Score:2)
Re: (Score:2, Interesting)
It's a no brainer for two reasons.
1. There are two evils fighting.
One of them has some legal business, the other is purely illegal and harmful.
Choose the lesser evil.
2. The malware people don't work to eradicate M$. So, if they 'win', it means both evils stay around.
M$ doesn't have much chance, but if they 'win', it means, one (or more) evil stops bothering us.
Choose the meaningful choice.
Re: (Score:2, Insightful)
Must be hard casting everything as absolute good or evil.
Enjoy your cognitive dissonance. You may, in time, grow to have an intellectually mature point of view.
Re: (Score:2, Flamebait)
since microsoft can not (or will not) build secure operating systems and the operating systems they do produce has a long standing reputation of vulnerabilities they are going to sue the people that take advantage of the stupider customers of their products, so in the long run microsoft is just protecting the stupider customers proving microsoft likes stupid customers that do not tend to learn from their mistakes (whom are most likely the biggest part of their custo
Re: (Score:2)
Your sig line is ironic in relation to your post.
The users aren't stupid if they are confused by what looks like a legitimate warning telling them to update their virus-scanner.
Re:Brain... locking... up... (Score:5, Insightful)
You can blame "insecurity" of Windows all you want, but do you actually have an answer to how to make it better then? Before all the usual arguments come:
- These malware work just aswell on user account, you do not need admin/root access.
- Locking up the whole OS so that user is in 100% controlled environment is a no go, as seeing here on slashdot about iphone and other systems that do it.
- Malware goes where the user is. If linux had ~95% marketshare on desktops, majority of malware would be there because thats where the users are.
- Theres nothing on Linux that does anything to prevent this kind of malware - you only get more security because there's not many users. If you suggest everyone moving to it, what happens?
- Conficker excluded, theres not really exploits in the Windows itself now a days. They're mostly from third party software like Flash and PDF reader.
This isn't about OS security, its about user stupidity to install random crap. That wouldn't change even if the OS marketshare would be different.
Parent
Re:Brain... locking... up... (Score:4, Insightful)
Actually the Conficker hole was patched nearly a year ago. Microsoft has gotten their shit together with security so much recently that you can legitimately argue that it may be comparable to your average Linux distro...I'm not saying that is the case, I REALLY do not want to go down that path, my overall point is that 5 years ago, anyone who made the statement I just did would have been ridiculed as a moron, and rightly so.
But you hit very good points...no matter how secure an OS is, it has to listen to its dumbfuck user. The only way to protect against stupid users is to limit rights to oblivion, but then you limit the usefulness of the system. In most cases, the OS cannot determine what is desired behavior of a program or not.
Parent
Re:Brain... locking... up... (Score:4, Informative)
Except that IIS has fewer. Let's see:
IIS7 [secunia.com], first released in a server OS (Win2K8 - it was actually present in Vista before that, but no-one would run a server using it, so we don't consider that period) in January 2008, has 2 vulnerabilities in its entire lifetime, and only one of those is remote. That makes it 1 vulnerability per 10 months, or 1 remote vulnerability (which is usually what you care about for servers exposed on the Net) per 20 months.
Apache 2.2 [secunia.com], first released in December 2005, has 16 vulnerabilities in its entire lifetime, 15 out of which are remote. That's roughly 1 remote vulnerability every 3 months.
"Oh, but no-one uses Win2K8 and IIS7", I hear people saying. Very well, let's look at the generation before that - IIS6 [secunia.com] vs Apache 2.0 [secunia.com]. IIS6 was released with Win2K3 in April 2003; Apache 2.0 was released in April 2002, a year before that. Lets see:
IIS6 - 8 vulnerabilities to date
Apache 2.0 - 38 vulnerabilities to date
In the interests of fairness it should be noted that a larger percentage - twice as many - of IIS6 vulnerabilities would give the attacker system access (i.e. provide an infection vector), compared to Apache. Even so, in absolute numbers, it's 3 system access vulnerabilities for IIS6 vs 7 such vulnerabilities for Apache. So, even accounting for that extra year, Apache still has worse security record overall for the last two major releases (or the last 6 years).
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
This is precisely what Vista and Win7 do [case.edu]. If you download an executable, it will have a flag set in file meta-information that basically indicates that the source was network... when you run it, the OS will warn you and ask to confirm.
The problem is that this is not fool-proof. Consider this: how is the OS supposed to know that file comes from the network? From OS point of view, files don't "come" from anywhere - it's just that some application opens a file and starts writing data into it. The fact that said data was received from an open socket to a remove server a few milliseconds ago is not something an OS can reasonably detect. Thus, it really is all up to application to set the flag correctly. IE does that, and so does Firefox; other browsers might, or they might not.
Meanwhile, no other desktop OS that I know of does anything similar, and it's certainly quite possible for a Linux browser to download an executable file and chmod+x it - the OS won't stop it, because how could it possibly know that it's a bad thing, or even distinguish such a syscall from another one originating from user explicitly running chmod in the shell?
Parent
Re: (Score:3, Insightful)
A secure OS would make sure that all code downloaded from the net is identified to the user as code downloaded from the net and its source/publisher, and a secure OS does not allow the downloaded code to execute until after the user has acknowledged that it is a downloaded program and given explicit permission.
Pointless. The user will give permission regardless of how many times you ask them if they're sure.
Re:Brain... locking... up... (Score:4, Insightful)
The most secure OS in the world, not even Linux nor OSX, isn't going to be able to protect you when you decide to authorize and run an .exe file you downloaded.
Parent
Re: (Score:3, Informative)
Really [lwn.net]?
Re: (Score:3, Informative)
I don't believe you can run an .exe file on Linux or MacOSX. You can only do that in Windows.
MacOSX tells me whenever I ask it to run a file downloaded from the net for the first time. The OS needs to get in the user's face a little, because downloaded executables carry risks that executables installed from local media do not.
Re: (Score:3, Informative)
MacOSX tells me whenever I ask it to run a file downloaded from the net for the first time.
So does Vista [case.edu] - in fact, if you have antivirus installed (and it properly integrates with OS by using the corresponding APIs), it will even make it scan the file before starting it for the first time.
Re:Brain... locking... up... (Score:4, Insightful)
You know, I think you need more perspective on this.
It's not the insecurity of Windows, it's the Insecurity of all these third party plugins (JAVASCRIPT, FLASH, I'M LOOKING AT YOU) that cause these problems to start with, plus DRM rootkits on music discs and movies that open up more holes in our system.
New technology, new vulnerabilities and exploits. Flash and JavaScript are the two most commonly used points of infection.
Really, the fault isn't entirely on Microsoft. Start blaming Adobe, Sun Systems, and the Music/Movie industry, as the biggest part of this lies squarely upon their shoulders.
Parent
Re: (Score:3, Funny)
"since microsoft can not (or will not) build secure operating systems"
MS could build a more secure OS than Windows but nobody would buy it because they want to run Windows apps.
Re: (Score:2)
I'm often modded down for trashing Microsoft, most of whose whose products and business practices I don't like, but in this case I'm cheering them on.
'scuse me, the phone's ringing...
It was Satan, she invited me to go skiing with her in her back yard. IN HELL.
Re: (Score:2, Insightful)
Re: (Score:2)
Yes, you may get modded down on /. for trash talking MS. It's happened to me multiple times. It depends on the topic -- in some topics, one can trash talk MS with impunity, in others the MS supporters will use their mod points against you.
Re:Brain... locking... up... (Score:5, Insightful)
If you can't choose a side in this, you're being disingenuous. Just stop it, and for once make sense.
Your only real complaint should be that the Department of Justice, multiple state Attorneys General, or motiviated citizens haven't already pursued these civil actions. And the DoJ etc. should be considering crminal actions, but are no doubt distracted by any number of safer, simpler, and easier to prosecute villains.
There is simply no excuse for going after the worst of these weasels, and expanding the fight overseas when they flee to supposed safe havens. I wish Microsoft good hunting on this one. Let's get after them to patch XP's TCP stack also, but at least DO SOMETHING, someone, please?
Me? I'm no good at suits.
Parent
Re: (Score:2)
The action here is simple. The enemy of my enemy is temporarily my friend. M$ go get them or better yet fix your damn security. The last few days have spun some heads, that's for sure.
Re: (Score:3, Funny)
One of them has some legal business, the other is purely illegal and harmful.
Choose the lesser evil.
Yeah, but I still have a hard time supporting the malware vendors.
Re: (Score:2)
Steve, is that you?
Re:Brain... locking... up... (Score:4, Insightful)
I don't entirely understand the fight though. Is MS suing these folks for damage done only to their company directly? Or possibly for some kind of defamation by making Windows appear insecure? Or are they suing on behalf of everyone affected by these ass-hats? Like a class-action thing on behalf of everyone with a computer?
Parent
Re: (Score:2)
"superfluous bullshit"
Yes, because if they eliminated malware it would make Windows' vulnerabilities irrelevant and give users one less reason to switch to another OS. It's not really as if anyone cares about the users as long as they use the politically correct OS.
Re:Brain... locking... up... (Score:4, Funny)
if MS stopped working on superfluous bullshit
Bullshit is not superfluous to MS.
Parent
Re: (Score:3, Insightful)
Microsoft Up to Something Good? (Score:3, Insightful)
Greg
Re:Microsoft Up to Something Good? (Score:5, Funny)
I suspect the main hurdle here will be the court clerk reading "qiweroqw.com" aloud.
Parent
Kee-weh-roh-koo dot com (Score:2)
I suspect the main hurdle here will be the court clerk reading "qiweroqw.com" aloud.
Kee-weh-roh-koo dot com, until corrected by a reputable witness. Perhaps some people who are linguistic Americans[1] might have trouble, but anyone exposed to other languages will try sounding out a word in all known languages at once, plus IPA notation.
[1] In the sense of the old joke: The word for understanding three languages is trilingual, two languages is bilingual, one language is American.
Re: (Score:3, Insightful)
That would explain all the immigrants in the US that can't speak or learn English. They must have been kicked out of their own countries for not being bilingual. It's okay though, cause we provide them with translators (who must be imported from some other country).
This is a great idea! (Score:5, Insightful)
If you don't give the Godfather his cut... (Score:2, Funny)
About time (Score:2)
As a Mac user, I say go Microsoft go! (Score:3, Funny)
Less malware = less infected Windows boxes = less useless traffic on the internet.
Linux users should applaud this too.
Of course BSD users can't applaud, because Netcraft confirmed they're dying.
Re: (Score:2, Funny)
BSD users can't applaud because the linux app hasn't been ported yet.
Standing? (Score:2)
Aside from customers perhaps decided to jump ship to a more secure OS, was Microsoft actually wronged in any direct sense here? Wouldn't they have to organize a class action for this to go anywhere?
Re: (Score:2)
Why do you need anything aside customers jumping ship from MS's OS? Seems to me that's grounds enough for a suit right there.
Re: (Score:3, Interesting)
Wouldn't they have to organize a class action for this to go anywhere?
Probably not. This sounds like tortious interference to me. The theory is that Microsoft's interests are damaged by a third party interfering in its relationship with its customers. When it comes to calculating damages there are all sorts of theories you could use. As you say, any would probably start with lost customers, but you can also look at higher support costs, reduced sale of upgrades (moving to a non-MS OS is not necessary for MS to lose profits), stymied growth in market share, etc.
Of course, if w
why they are doing this (Score:3, Insightful)
Other stories have demonstrated that someone at Microsoft has finally recognized the threat of cloud computing. The apps which most people use today don't require Windows; they just require a browser. Since browsers are available on Linux and Apple systems, and these systems aren't plagued by the horrible malware situation of Windows, Microsoft has no choice but to attempt to clean up the malware situation. The alternative is a situation in which everyone who can get what they need from the cloud will have a strong incentive to move to MacOS or Linux.
Re: (Score:2)
Are you trolling for an "Insightful?"
Re: (Score:3, Interesting)
I don't know if you're trolling or not, but I think you're almost certainly correct (and, btw, that your -1 Troll mod probably isn't fair). Though bear in mind that MS has always had an incentive to clean up the malware situation proportional to the risk of its customers defecting to another OS. The threat of cloud computing to them just cranks up the risk, and thus the incentive. Whether or not it definitively tipped the scales in this case is hard to know - maybe they would have gone ahead with this 5 yea
Still scanning (Score:2, Funny)
Malicious Advertising? (Score:2)
My definition of malicious advertising is, perhaps, different from most. To me, nearly all advertising these days are a nuisance, a bother and do not show adequate respect for my eyes or my attention. I recall the earliest days of advertising on the internet and how angry it made people back then. It wasn't nearly as bad as it is now and look at how passive people have become toward it. (I guess it is rather like taxation... the tax rates and practices that lead to the U.S. Revolutionary War were nothin
I hope MS wins. (Score:3, Funny)
Re: (Score:3, Informative)
While my feelings towards the parent post may be colored by the Pavlovian hatred I feel every time someone uses "lol" as a word in a sentence, how are they in any way similar?
Let's compare the two:
a) Committing fraud to compromise people's computers, violating their privacy and potentially exposing them to such risks as identity theft or credit card theft.
b) Selling gold in an online RPG, causing no direc