Jump to content

Which Is Worse– Microsoft, Or Their Viruses? :d

Recommended Posts

Not sure where this goes, but....


I recently had to write a paper for one of my university classes... I thought this might be of interest to some. (Or not... LOL) Feel free to disagree with me of course! This is likely something that only the technoweenie will even want to look at, but I figured I'd throw it out there for anyone to take a peek at. (Its important to note, for you geeks out there, that the audience for this paper was *not* IT folks)


Which is Worse– Microsoft, or Their Viruses?


If asked who is to blame for the seemingly endless stream of computer viruses that threaten our Inboxes, many people conjure up images of pale, pimple-faced hackers malevolently hunched over computer terminals, quivering with the anticipation of wreaking havoc on innocent Internet users everywhere. While there are certainly a significant number of computer hackers with some degree of epidermal issues, there is a much larger and vastly more ominous force at work. Unlike the unseen computer hackers that invade our lives, millions of people across the world not only invite this ominous force into their homes and places of business, they actually pay for it. The entity I am referring to is Microsoft Corporation. Windows has silently spread like a cancer, promising businesses across the globe the ability to lower costs with a secure, user-friendly operating system to manage their workstations, servers, and web-applications, while what they actually deliver is an insecure, inferior product that is the very reason why every computer user with an e-mail account has quickly become so familiar with viruses.


If asked, most people would guess that viruses have been around for five or ten years, however the evolution of the computer virus actually goes back over fifty years, with the development of the first theories for self-replicating computer programs in 1949 (Computer Virus Timeline, 2004). Although viruses remained purely theoretical until the early 1980s, they have clearly made up for lost time over the last decade, and much of that is due to the introduction of Microsoft Windows.


Every year, thousands of computer systems and web servers are brought to their knees by various virus threats. These viruses are specifically written to exploit computers running Windows software, and they do a fine job at it. Windows is always the target because it is human nature to see an easy opportunity and take it. Many of the hackers who write these viruses are teenagers, and many of them would not bother if they didn’t feel that they had a good chance at succeeding. In fact, over the last few years, programs have actually been created to allow hackers who are less sophisticated the ability to create viruses with little or no effort. “Some virus writers do no more than follow the directions in a point-and-click virus-writing toolkit” (Goldsborough, 2003).


Microsoft’s blame is two-fold: inferior product coupled with superior marketing. In 1995 – almost a decade ago – the first macro viruses appeared. A macro virus not only replicates itself like other viruses, but it also had an embedded macro which allows it to execute other commands as well. As an example, if a macro virus was written specifically for Microsoft Word, once a Word document became infected, the virus would replicate itself and execute the embedded macro commands to any other Word document opened or created (Kee, 2002). These macro viruses have been around for almost ten years, and yet Microsoft has failed to implement even the most basic changes to their software. For example, the out-of-the-box e-mail clients that are built into Windows software (Outlook and Outlook Express) have for years been heavily criticized for their security issues. The basic problem is that Outlook and Outlook Express contained – and in fact still contain – an inherent flaw in their design which makes them especially susceptible to these types of viruses: they allow HTML, JavaScript, and VB Script to be executed when a user attempts to read the infected email. This problem has gotten much worse over recent years, as the worms have become more sophisticated with their infiltration, scouring address books and even sent and received emails, looking for e-mail addresses to propagate themselves to. One of the easiest ways this situation could be avoided is by simply providing the option for users to choose to read e-mail in text-only, as opposed to HTML/rich-text. This would simply print the malicious code out within the email, rather than actually executing it, effectively rendering it harmless. This would be such a minor adjustment for Microsoft to make, and yet year after year, they do nothing. Unfortunately, Microsoft’s problems do not end there.


One issue that Microsoft has never been able to fix is a programming problem called "buffer overflows." A buffer is a part of memory, a temporary storage area where data can be held. When the amount of data sent to a buffer is too big to fit, some of the data overflows into another buffer. A smart hacker can deliberately use a buffer overflow to get malicious instructions into the machine.

I'm told that buffer overflows are a common programming error, but Microsoft seems unusually susceptible to them. Issuing a security patch can plug the hole, but the number of such patches issued by Microsoft is appalling. Surely this is one area where Microsoft's security has failed over the years. If a hacker can find these holes, why can't Microsoft get to them first? (Gilster, 2003).

As if inferior programming was not quite enough, Microsoft exacerbates their culpability by doing such a wonderful job marketing their product. They unquestionably dominate the market for both home and business computing. Although some might call this good business, I call it gross exploitation of the technologically challenged. Microsoft’s primary selling point is its ease of use, which ironically is exactly what causes the problem in the first place. A large percentage of their market consists of individuals who are not very tech-savvy. Rather than secure the system to have stricter settings turned on by default, their software is set up to be susceptible to malicious code the very moment it’s installed. Considering the gaping security holes that are inherent in the MS-DOS/Microsoft software, this equates to handing a loaded gun to a child. As one Information Technology professional put it, “Windows is like leaving a car in a run down area of town with the doors open and the keys in it and a post-it stuck to the screen saying 'please don't steal me'” (Jake, 2003).


Unfortunately, the virus problem that Microsoft perpetuates does not only affect those individuals who have selected Windows as their operating system of choice. Hundreds of thousands of non-Windows web servers suffer every year because of the security issues in Windows software. When a worm infects a Windows-based computer, which will replicate and email itself out to thousands of additional e-mail addresses, it does not discriminate who to send emails to by web server operating system. The end result is that the tremendous increase in e-mail traffic (sometimes as much as several hundred-thousand per hour) may result in a Denial of Servicer attack, also known as a DoS attack. Simply put, a DoS attack is when a computer or network becomes so flooded with traffic that it crashes and can not function. This means that users and systems administrators who have specifically chosen not to partake in the insecurities of the Windows world are forced to bear the burden of Microsoft’s flaws.


To be fair, there are other factors that have contributed to the significant increase in computer viruses over the last ten years. The simple fact that so many people with varying levels of computer experience are on-line now is itself a large contributor to the virus problem, but perhaps viruses would not be as prevalent if the average user was not working with software that left them so exposed to virus threats. In looking at the way Microsoft has handled itself over the past ten years, one might suggest that Microsoft itself behaves much like a virus- although an anonymous IT professional was quoted as saying “Windows isn’t a virus. A virus actually does something.”



(2003, November 10) Computer viruses now 20 years old. BBC News World Edition. Retrieved February 7, 2004 from http://news.bbc.co.uk/2/hi/technology/3257165.stm


Computer Virus Timeline. Infoplease.com. Retrieved February 4, 2004 from http://www.infoplease.com/ipa/A0872842.html


Forno, Richard (2002, June 24). MS to Micro-Manage Your Computer. The Register. Retrieved February 6, 2004 from http://www.theregister.co.uk/content/4/25843.html


Gilster, Paul. (2003, October 15). Hackers enter via Windows. The News & Observer. Retrieved February 1, 2004 from http://www.newsobserver.com/gilster/story/...p-2706278c.html


Jake. (2003, November 5). It is Microsoft’s Fault. The Mac Observer. Retrieved February 3, 2003 from http://www.macobserver.com/comments/commen....shtml?id=36338


Kee, Rich. (2002, November 16). Evolution of the Computer Virus. SANS Institute.


Goldsborough, Reid. (2003, November). Arming Yourself in the Virus War. Consumers' Research Magazine, 86 (11), 31.


Sha Sha Chu et al. (n.d.) The Social Impact of Viruses. Virus: A Retrospective. Retrieved February 7, 2004 from http://cse.stanford.edu/class/cs201/projec...ses/social.html

Link to post
Share on other sites

Vary interesting!

With cheap computers and fast connections,

more and more neophytes are connecting to the great world wide web.

With no previous experience, and being trusting, they set them-selfs up for trouble.


Yes its is the fault of the operating system, but any one with a little initiative can educate them-selfs enough to protect not only their computer, but the rest of us as well.


Of course we know this will not happen. The people connecting to the web today are greatly different than the ones from years ago.


Maybe a license to connect, like a license to drive is needed :)





moving to a better forum.

Edited by TCH-Don
Link to post
Share on other sites

Very nicely written. Generally I have no moral problem laying the blame for anything that goes wrong in this world on Microsoft. :) :D However, it still comes down to people making a conscious choice to write and distribute viruses. Microsoft is simply an ignorant, uncaring, greedy facilitator. People have free choice and must take personal responsibility for what they do. If a department store has expensive shoes sitting right by an entrance and someone shoplifts a couple of pairs, is the store to blame for that person making the choice to steal? They may be stupid, but they are not the cause of the theft - a dishonest person is.


And that is my rant about there being no accountability for one's own actions anymore. Mad!!!



Link to post
Share on other sites

bellringr - I hear ya. Obviously, its the virus writers who are ultimately to blame, but MS and the way they target their market is almost as much to blame, imho.

Link to post
Share on other sites

I blame all the companies who sell alcohol for the deaths caused by drunk drivers.


I blame all the companies who sell guns for the deaths of kids killed in the crossfire.


I blame all the companies who sell tobaco for the deaths caused by cancer.


I blame all the companies who sell cars for the deaths caused by car accidents.


Yep, its never an individuals fault for making the wrong choice...


Why of course its MS's fault those darn kids write those nasty viruses, MS made them do it!

Link to post
Share on other sites
And that is my rant about there being no accountability for one's own actions anymore. Mad!!!

Bellringr, you have hit on the #1 societal evil IMO that there is.


Anyway, before I get on my soapbox about that I wanted to comment on the paper. First, it is well written, makes a point, seems well researched and is overall a good job.


My points about the topic are these (and most are rhetorical):


1. How much of the blasting Microsoft is getting is because they are the only game in town for so many folks? If there were as many Mac or Linux users as Win users would the tables be turned? I suspect that they would be, at least to a large degree.


2. Buffer overruns: There is no excuse for this. A 2nd year programming student should have the tools (knowledge) to prevent these types of errors. Basically I say I want a stream of data that is 100 bytes and if you send me 105 then my program crashes and burns. I've been programming since '77 and some pretty serious packages that my previous employers sold to the likes of British Telecom, AT&T and even Microsoft and can say it's inexcusable.


3. The biggest problem I see are users that refuse to learn anything and want to be spoon fed. Instead of learning how to save an attachment to the hard drive, virus check it and then execute it if it's from a known source, they all want their sissy "I don't wanna learn anything because I'm a Merican!" point and click ease of use. (I am American and proud of it but we have become a lazy group of wimps that want everything given to us on a silver platter and when we have to work for it we are offended. I won't even get into the welfare mentality that "the world owes me" which prevades all socioeconomic groups.) Anyway, when the users demand to see that cute movie that Aunt Sally sent by only opening her email then companies like MS can only do one of two things. Refuse and lose customers or comply and make it easy for viruses and other nasties to come in.


Microsoft is not without blame but I think there is much more to it than there appears on the surface and if we could look into the crystal ball and see alternate realities I think we would see similar problems with others. Ultimately it is the jerks trying to delete my files that I blame.

Link to post
Share on other sites

Sorry HC, I'm a reformed arminian, not a calvinist. ;) :D


Snipe, I do agree that there is no excuse for how sloppy Microsoft has been. I also think there is no excuse for how incredibly ignorant many computer users are. I don't expect people to be able to program or take a computer apart (I can't), but you should have to demonstrate a basic level of common sense before being allowed to buy one. :)


We have had a ton of "education" and warnings about viruses at work, but not two days after we received several e-mails about a new virus, one of my coworkers opened an attachment and ended up infecting at least a half dozen other idiots on the floor. She had to swap out computers because hers completely crashed. She claimed she thought it was a screensaver a friend had sent although she admitted not really recognizing the sender's address. :)

Link to post
Share on other sites

I'm of the school of thought that says those who exploit the system are to blame.


We've become a society of passing the blame onto others. Look at the previous, shot-down suits against McDonald's. "They made me fat." No they didn't. It was your free will to eat there.


People need to just fess up. Sure, Microsoft does have some (Not all) accountability for this. They should strive hard to make sure that nobody can break their program. But they are not to blame if someone does. That person that breaks it is the one who broke it.


If Microsoft was putting problems into its programs on purpose, then I would blame them. Otherwise, unless they're blatantly being lazy (And they're not blatant), then no.

Link to post
Share on other sites

LOL guy guys - I *know* that the ultimate people responsible are the people trying to hack into systems and writing the viruses. Naturally, I assumed that *that* would be kind of a given!


I can't really blame the end-users tho. Yes, I know we tell them over and over, and yes there *should* be some accountability on their part - but on the other hand, having been in website/web software design for so many years, I am too used to the concept that if the user gets lost or can't figure something out, the fault lies on the programmer/designer for not doing their job.


The programmers KNOW they're dealing with people who won't follow direction and won't understand (or even read) instructions, therefore I can't help but feel that the onus lies on them (or in my case, "us"). It would be different if programmers worked under the (mis)conception that users are brilliant and will easily adapt and learn new things - but thats certainly not the case. Anyone who has done any programming has had hour-long kvetch-fests over how dumb users can be. We *know* the playing field here.


I WANT to able to blame the end users - but I just can't.


It seems like the programs that have invested the most time into user-friendliness are the ones that are the most insecure. (And yes, I realize that is a blanket statement that is absolutely not true in many cases) And conversely, some of the best programming has a lousy interface. Look at most freeware open source scripts (perl, asp, php, whatever). Many times, the most powerful programs are the ones with the worst interfaces imaginable. Thankfully, I'm starting to see that change, albeit slowly. The interfaces and usability issues are slowly being addressed along with the code to result in a better product.


Feh, I'm just talking of course. :)


Mind you, I wrote that paper on a weekend when we were getting slammed with about 600 virus emails an hour - so it was a little more bitter than it might have been if I had written it at another point in time. :)

Link to post
Share on other sites

hehe :)


Like I said, I enjoyed the paper, and I am always up for some Microsoft bashing. :) I don't like how they do business. Unfortunately I still use their products because, well, they're easier for me and my games work on Windows. It's like Wal Mart. As some stock analyst said on Fox the other day, they're mean and they treat their employees like crap - but I still shop there because I'm not made out of money and they're far cheaper than the other grocery stores in town.

Link to post
Share on other sites

I think this is an interesting topic where you can have few sides to it.


However, software developers (me included) seem to enjoy a certain priviledge that other industry counterparts don't.


Imagine if someone built a car where if you put too much gas in the tank it would cause the brakes to fail in certain circumstances. But the manufacture realized it later and posted signs around town telling you about the defect, and that placing a piece of duct tape over the brake line would fix the problem.


Even more, the manufacture still sold the same car after knowing about the defect, and expected that all of their car owners wold apply the same piece of duct tape, and additional ones as the manufacture found issues that affected the brake system.


To me, it all goes back to how accountable do we want to make sotware developers. This is a scarey topic for me. I develop e-commerce stores. So far, no problems. But there could be. I have a liability clause in all of my contracts to protect me because I know how complicated software can get.


I think Microsoft IS accountable for these issues as much as car manufacture would be as described above, because the issues are constant and were preventable given the resources available to them.


But applying that same standard to me scares me a little ... and I'm being honest.


Does anyone else share that viewpoint? :Nerd:


(Bellringer ... am curious your take on Romans chapeter 9 ... all in good discussion of course :heart )

Link to post
Share on other sites
Look at the previous, shot-down suits against McDonald's. "They made me fat." No they didn't. It was your free will to eat there.

While I agree with you, Robert, I'm not sure society at large does.


Example, a lady spills coffee on herself and sues McDonalds... and wins.


A guy drinks himself stupid and gets in a car and kills someone and the family sues the bar owner... and wins.


I guess we should be the first to launch a lawsuit against Microsoft for hackers attacking them! Know any good lawyers?

Oops, too late - they beat us to it news.bbc.co.uk/1/hi/business/3161752.stm


Maybe it's not free will or predistination - maybe it's Karma coming back to Bill Gates for being such a slug with his business dealings early on and we are just the innocent victims of his punishment? :goof:

Link to post
Share on other sites

OK, I've been reading this thread and I am a programmer of accounting software and bombarded with inept users that don't follow instruction or read documentation every day. Does that mean I am to blame for writing the software, or they are just to dumb to use it.


I think it's time people start taking responsibility for what they do. If you opened an email attachment and got infected with a virus it's YOUR fault.


Everyday we are warned of virus threats running rampant on the net in the media (print, tv, radio, etc...). I know people that have purchased computers that came with virus software preloaded. They were told to keep the software definitions updated, they were taught how to keep the software updated. Yet they still get infected. Why is the fault of M$ or anyone else but themselves?


I WANT to able to blame the end users - but I just can't.


Well, sorry to disagree on this one, I WANT to blame the end users - and I DO! :goof:

Link to post
Share on other sites
Well, sorry to disagree on this one, I WANT to blame the end users - and I DO


I have to agree with this a bit. I have spent many years doing technical support for internet customers. ne thing I have noticed is that many just go through the motions in working to solve their issues. Walk them through the steps to fix their issues only to have them call back in a few days for the same issue, that they caused no less.


You try and "teach" them the solution so they don't have to call back but in the end you know it is a moot point. Why should they listen when you are only a phone call away.


There are three camps at fault here.


First is MS for the code.


Second is the writer of the exploit


Third is the end user.


HC, as word got around people would not purchase more of those cars, consumers drive the sales of the product. Get another car if this one has so many problems, no one is forced to buy the car.


The issue is that this car is easier to drive than the others and I can assure you that if another operating system had the reach that MS does you would see many exploits for those as well.


The virus writer/script kiddie cares not about the OS but the exposure. Why write something that effects only MAC users? Who cares if I bring down 10 machines? 10 thousand, 100 thousand? Now there's exposure.

Link to post
Share on other sites

Great text, snipe! Really good! :)


I agree with you on everything you said! I also agree with some points other people said and disagree with others.

1. How much of the blasting Microsoft is getting is because they are the only game in town for so many folks? If there were as many Mac or Linux users as Win users would the tables be turned? I suspect that they would be, at least to a large degree.

Jim, you're absolutely right. But, IMHO, the big point here is not how many virus/exploits there is for an operating system but how long does the operating system maker takes to fix them.


This is one of the reasons that made me dump Microsoft completely. Using Free/OpenSource Software I know that as soon as a vulnerability is discovered, there will be a fix for it. This is not the case with Windows, as Microsoft sometimes takes several months to release a patch to an already known bug.


I'm not saying that because of this MS is the one to blame if a Windows system gets infected with a virus but they should be more responsible when it comes to theis customers security.



The other big problem I see are indeed the end users. No one wants to be held accountable for their own actions, like Jim said but even worst, no one wants that because that way they don't need to read manuals, take the time to make sure they're doing the correct thing, learn how to use their e-mail client or operating system...


My friends used to call me all the time to help them fix a problem on their computer. Until I started to realise they were starting to ask me questions that were so stupid and could be answered as easily as clicking the Help button and reading a couple of paragraphs... I decided that I should not give them the fish but instead I should give them a fishing rod and teach them how to go fishing :)


And I strongly believe that everyone should be forced to learn how to use those damn machines. And I don't mean learning how to press the mouse buttons or inserting a CD-ROM, anyone can do that just by looking to the equipment. I mean learning what a filesystem is (not the technical details but how it is organized, what's a folder, etc), what an IP address is, why they shouldn't open an e-mail attachment from someone they don't know, why they shouldn't send e-mail messages to multiple recipients and leave the recipients' addresses visible, why they shouldn't stick to the web browser and e-mail client that comes with windows.... they should be forced to know what they are buying, the power they are about to be able to have. Yes, computer users have a very powerfull tool in their hands and, just like with everything in life, a powerfull tool can be used for both good and evil.


With power comes responsability but most "home" users don't want the responsability.

And, IMHO, that's the biggest problem. Because if they wanted to be responsible, they would force Microsoft to fix their programs or refuse to pay the licenses if they didn't. They wouldn't open suspicious e-mail attachments. They would know all the things they should know and probably more. They would control the power they have at their fingertips, instead of having it uncontrolled at their desk, connected to the internet, spreading chaos throughout the world.


But being lazy is part of human nature, so we won't see these problems disappear any time soon. I guess we'll just have to keep teaching our friends/employees/bosses how to go fishing instead of just handing them a delicious "home-cooked" microwave meal... ;)

Edited by TCH-Raul
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...