Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting 113
chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.
Summary should say ... (Score:3, Insightful)
Few companies can claim to have done as much fighting - or feeding - cybercrime.
There, fixed that for you.
Re:It's Microsoft's fault (Score:1, Insightful)
This is the company that brought you Active-X, autorun, and the ability to invoke programs from spreadsheets and documents.
This can't be emphasised enough. Before Outlook, there was a scam/joke which claimed that there were emails spreading viruses. Nobody could be stupid enough to execute the contents of an email. Microsoft realised that, at the cost of the security of their users, they could make something easier. They looked at a choice that everybody else had knowingly and clearly made the other way for the good of their own users and were the only company unethical enough to make the choice in the other direction.
The same thing continues today with their security notifications. Why not just stop dangerous actions? Allow the users to trigger them explicitly? Why throw up a dialog "you are about to install a virus; proceed yes/no"? Because, somewhere there is a user who will find it easier and the security of the thousands who will suffer later is less important than market share today.
No-ip isn't shady (Score:5, Insightful)
I've used No-ip for non-mission-critical dynamic IP services and for domain registration for over 10 years. There's nothing "shady" about them.
They offer a free service that is sometimes exploited by criminals and are very responsive to reports of abuse.
Microsoft not only didn't report these criminals to no-ip- they actually sealed the court order so they could seize the domains before no-ip found out about it.
It boggles my mind that a vigilante corporation can get a court order to simply seize another companies assets.
Bad programming (Score:5, Insightful)
Microsoft has been writing poor quality software for my entire life.
The best programmers do not go to work for Microsoft. Maybe that was the case in the early 90's but it hasn't been true for decades.
To make matters worse, Microsoft does a lot of its programming in India. We all know that Indian programming is of poor quality, and the reason is not because Indian programmers are much less competent. It has more to do with the fact that in programming if two parties can't communicate completely unambiguously in one language then they have no hope of writing good software. Programmers have to be more than fluent in the language they speak with each other, they have to be scientifically precise.
People go to work for Microsoft because it's safe. There's no risk of the company going under. Risk minimizers don't write good software, because they're not very creative. They tend to keep patching up the same old crap rather than writing something new that works better.
At mature software companies hundreds of non-programmers are telling the programmers what to do, and it only gums up the works. You wind up not working efficiently, because you need too much sign off to get anything done. And once you get signoff, the hundreds of non-programmers are dictating your schedule, not quality of the code or whether it is completed to your satisfaction.
There is no one to clean up Microsoft's mess but themselves. Probably the best solution would be for the company to split up. The people who make the Xbox are probably weighed down by the rest of the company's ineptitude. I'd like to see those guys go their own way.
Re:Bad programming (Score:3, Insightful)
How much is 'a lot'? What %?
So that's a problem only with Indians? Not Chinese? Australians? Romanians? Turks? Russians? Nigerians?
If you hire those who can communicate well, where they came from is unimportant.
Re:No-ip isn't shady (Score:2, Insightful)
So in both things you link they state they rely on people informing them. So instead of informing them microsoft got a court order, without even talking to no-ip. And no-ip is supposed to look bad, how? It's obvious you are a shill for microsoft, you didn't have to actually admit it in the post.
Re:No-ip isn't shady (Score:5, Insightful)
hotmail has been known to send a lot of spam. I hope someone takes control of hotmail domain, since microsoft is unable to police it. (Note that it has recently been brought down, by someone should have taken control of their domain when it was a serious problem).
The point is a free service being abused is expected. It is not as if noip encouraged abuse and were paid by abusers.
In other news (Score:5, Insightful)
In other news, Google is the most popular site for finding <your choice of illegal material here>.
See what I did there? And how the reports of NO-IP's use for malicious software are meaningless?
When it comes to fighting cybercrime .. (Score:3, Insightful)
Despite how much effort Microsoft retrospectively put into trying to change the historical facts. When it comes to causing cybercrime, few companies can claim to have done as much damage as Redmond, Washington-based Microsoft.
"Windows NT and its successors
Re:need to crack down on the russian government an (Score:2, Insightful)
what about the NSA? How much of this "cyber crime" is related to government monitoring. I like how the focus shifts to Russia and China at a time when the US is being criticized/ignored for leading an international spying ring! How much malware has hit the internet lead by governments working together, until its caught in the wild then they all blame each other or some group as the cause?
That's the real problem anymore, no one knows who is responsible for half the shit going on. Even better you can set-up fake groups in enemy countries to redirect any attention away from your objective. And MS seems to be behind a lot of bullshit lately after being targeted for allowing possible backdoors in its software.
Re:Bad programming (Score:1, Insightful)