Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Microsoft Crime Security The Internet

Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting 113

Posted by Soulskill
from the every-batman-needs-a-robin dept.
chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.
This discussion has been archived. No new comments can be posted.

Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting

Comments Filter:
  • by fnj (64210) on Tuesday July 08, 2014 @04:46PM (#47410639)

    Few companies can claim to have done as much fighting - or feeding - cybercrime.

    There, fixed that for you.

  • by Anonymous Coward on Tuesday July 08, 2014 @04:49PM (#47410665)

    This is the company that brought you Active-X, autorun, and the ability to invoke programs from spreadsheets and documents.

    This can't be emphasised enough. Before Outlook, there was a scam/joke which claimed that there were emails spreading viruses. Nobody could be stupid enough to execute the contents of an email. Microsoft realised that, at the cost of the security of their users, they could make something easier. They looked at a choice that everybody else had knowingly and clearly made the other way for the good of their own users and were the only company unethical enough to make the choice in the other direction.

    The same thing continues today with their security notifications. Why not just stop dangerous actions? Allow the users to trigger them explicitly? Why throw up a dialog "you are about to install a virus; proceed yes/no"? Because, somewhere there is a user who will find it easier and the security of the thousands who will suffer later is less important than market share today.

  • No-ip isn't shady (Score:5, Insightful)

    by sobachatina (635055) on Tuesday July 08, 2014 @05:07PM (#47410755)

    I've used No-ip for non-mission-critical dynamic IP services and for domain registration for over 10 years. There's nothing "shady" about them.

    They offer a free service that is sometimes exploited by criminals and are very responsive to reports of abuse.

    Microsoft not only didn't report these criminals to no-ip- they actually sealed the court order so they could seize the domains before no-ip found out about it.

    It boggles my mind that a vigilante corporation can get a court order to simply seize another companies assets.

  • Bad programming (Score:5, Insightful)

    by jgotts (2785) <jgotts&gmail,com> on Tuesday July 08, 2014 @05:38PM (#47410981)

    Microsoft has been writing poor quality software for my entire life.

    The best programmers do not go to work for Microsoft. Maybe that was the case in the early 90's but it hasn't been true for decades.

    To make matters worse, Microsoft does a lot of its programming in India. We all know that Indian programming is of poor quality, and the reason is not because Indian programmers are much less competent. It has more to do with the fact that in programming if two parties can't communicate completely unambiguously in one language then they have no hope of writing good software. Programmers have to be more than fluent in the language they speak with each other, they have to be scientifically precise.

    People go to work for Microsoft because it's safe. There's no risk of the company going under. Risk minimizers don't write good software, because they're not very creative. They tend to keep patching up the same old crap rather than writing something new that works better.

    At mature software companies hundreds of non-programmers are telling the programmers what to do, and it only gums up the works. You wind up not working efficiently, because you need too much sign off to get anything done. And once you get signoff, the hundreds of non-programmers are dictating your schedule, not quality of the code or whether it is completed to your satisfaction.

    There is no one to clean up Microsoft's mess but themselves. Probably the best solution would be for the company to split up. The people who make the Xbox are probably weighed down by the rest of the company's ineptitude. I'd like to see those guys go their own way.

  • Re:Bad programming (Score:3, Insightful)

    by DaHat (247651) on Tuesday July 08, 2014 @05:54PM (#47411075) Homepage

    Microsoft does a lot of its programming in India.

    How much is 'a lot'? What %?

    We all know that Indian programming is of poor quality, and the reason is not because Indian programmers are much less competent. It has more to do with the fact that in programming if two parties can't communicate completely unambiguously in one language then they have no hope of writing good software.

    So that's a problem only with Indians? Not Chinese? Australians? Romanians? Turks? Russians? Nigerians?

    If you hire those who can communicate well, where they came from is unimportant.

  • by Anonymous Coward on Tuesday July 08, 2014 @06:16PM (#47411219)

    So in both things you link they state they rely on people informing them. So instead of informing them microsoft got a court order, without even talking to no-ip. And no-ip is supposed to look bad, how? It's obvious you are a shill for microsoft, you didn't have to actually admit it in the post.

  • by ThatsMyNick (2004126) on Tuesday July 08, 2014 @06:19PM (#47411231)

    hotmail has been known to send a lot of spam. I hope someone takes control of hotmail domain, since microsoft is unable to police it. (Note that it has recently been brought down, by someone should have taken control of their domain when it was a serious problem).

    The point is a free service being abused is expected. It is not as if noip encouraged abuse and were paid by abusers.

  • In other news (Score:5, Insightful)

    by whoever57 (658626) on Tuesday July 08, 2014 @06:49PM (#47411409) Journal

    April 2013: the OpenDNS blog reported that no-ip was the second most popular dynamic-DNS site for malicious software.

    In other news, Google is the most popular site for finding <your choice of illegal material here>.

    See what I did there? And how the reports of NO-IP's use for malicious software are meaningless?

  • by lippydude (3635849) on Tuesday July 08, 2014 @07:35PM (#47411677)
    "When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft"

    Despite how much effort Microsoft retrospectively put into trying to change the historical facts. When it comes to causing cybercrime, few companies can claim to have done as much damage as Redmond, Washington-based Microsoft.

    "Windows NT and its successors .. were not initially designed with Internet security" ref [wikipedia.org]
  • by Anonymous Coward on Tuesday July 08, 2014 @09:29PM (#47412295)

    what about the NSA? How much of this "cyber crime" is related to government monitoring. I like how the focus shifts to Russia and China at a time when the US is being criticized/ignored for leading an international spying ring! How much malware has hit the internet lead by governments working together, until its caught in the wild then they all blame each other or some group as the cause?

    That's the real problem anymore, no one knows who is responsible for half the shit going on. Even better you can set-up fake groups in enemy countries to redirect any attention away from your objective. And MS seems to be behind a lot of bullshit lately after being targeted for allowing possible backdoors in its software.

  • Re:Bad programming (Score:1, Insightful)

    by symbolset (646467) * on Tuesday July 08, 2014 @09:42PM (#47412343) Journal
    90's? Nope. Their software has always been utter crap.

An authority is a person who can tell you more about something than you really care to know.

Working...