The chief security advisor for Microsoft UK, Former FBI agent Ed Gibson, on Wednesday said enterprises must take steps to toughen their security environment to foil cybercriminals.
"You have to harden your environment. When I grew up on a farm in Michigan, we took worms and fished with them — but now there's a different kind of worms and phishing," said Gibson. "Criminals are trying to steal proprietary data that is key to your success."
Businesses could not rely on international policing or law alone to protect their intellectual property, Gibson told the MIS WebSec Conference in London on Wednesday..
"We read every day about proprietary data being stolen. We look to law enforcement to ferret out criminals, but law enforcement is jurisdictionally bound. So you look to government, maybe, for harsher laws, but is that the answer?" asked Gibson.
He admitted older Windows operating systems did not have the level of security necessary to counter cybercriminals.
"People ask what's wrong with Microsoft products that means they need updating every second Tuesday of the month. Well Windows 95 and 98 are workhorses, but they weren't built for the demands of today, with organised crime and botnets," said Gibson. "How do you deter these people who want to do everything they can to get into your knickers? You have to harden the environment," Gibson added.
Microsoft has been heavily criticised in the past for poor levels of security in its products, particularly the Windows operating system. Gibson said he would "like to displace some misperceptions about Microsoft's security role".
"Security is a top priority for Microsoft, because it's a top priority for our customers," Gibson said. "When I buy a Microsoft product I want it to do exactly what it says on the box. Now, you get what you ask for.
"Security is an industry problem for all of us. Microsoft is collaborating with you and law enforcement to bring you products that do what they say on the box," said Gibson.
Gibson said that businesses and industry professionals had recognised that other operating systems could be compromised.
"People have recognised [security] is never solely a Microsoft issue. There are other companies who have experienced what Microsoft experienced for a long time. Microsoft being the market leader on most desktops, if there is activity against companies they will probably be using Microsoft products.
"Microsoft platforms are attacked because they are ubiquitous. Now we have more security so hackers are looking elsewhere and attacking companies that didn't experience problems before," continued Gibson.
A recent flaw found in Apple Mac OS X, was deemed "extremely critical" by security company Secunia, and a further 20 holes were later discovered.
"Software is now facing more challenges than ever before — it's like living on a major thoroughfare, you're going to [need to] ensure more protection," said Gibson. "I'm willing to put my personal reputation on the line, and I'm convinced Microsoft continues to take steps to help ensure a safer computing environment."
Gibson was hopeful about the future of e-commerce, despite his concerns about security: "The outlook for e-commerce on the net is very very bright. Let's not get bogged down in problems. The outlook is so good, I would even use your credit card to do a banking transaction online," Gibson told ZDNet UK.
Talkback
Product recall? Class action suit?
Use of Explorer, Outlook, and even Windows cause these problems due to unaddressed fundamental design flaws in the products.
A while back, Microsoft made claims that security is a high priority. All this time we've waited for evidence that they are doing something about it. All the while Microsoft products, unlike their competitors', have been unable to operate safely in a networked environment.
Now, Microsoft is saying here flat out that they are not going to be fixing these problems. If businesses and end users need a stronger hint than that, then they should sell their computers and give up now.
Now, as before, the onus is on the end user to replace them with corresponding software based on more sound design. Businesses and users need to get past their ideology and choose from the many closed and open source products that actually do work and get that MS monkey off their back.
The way Windows OS is designed is the root cause of
security breeches. It is too easy to break in to your computer. Hacker gets into IE and your entire hard drive is open for business. If you buy Win XP and then have to turn around and buy more software to try and secure the windows environment, you are wasting your time and money. Tell it like it is and quit trying to give M$ a break for making flawed software. Until they do a complete re-design of windows, then WINDOWS SECURITY is a contrdiction of terms.
"He admitted older Windows operating systems did not have the level of security necessary to counter cybercriminals."
The problem is that Microsoft keep pushing the release date of a newer Windows into the future...
I've been a Windows user since 1987, but I finally gave up using it as a daily desktop over a year ago, and today my Windows PC rarely gets switched on.
A life without Windows is a life without viruses, without spyware, I can just get on with doing my work.
I do hope Microsoft can pull a trim rabbit with a good chastity belt out of the hat when Vista finally arrives, but I'm not holding my breath...
While I agree partly with what is said in this article - it IS the responsibility of the end user to satisfy themselves as to the security of their own systems - I believe that Microsoft have consistently failed consumers with the security of their products and continue to do so.
There will always be a way of "forcing" entry into a system, there will always be hackers, and Microsoft OSs will always be a target simply because they are the most prevalent. This is acceptable common sense.
What is not acceptable is the amount of flaws, bugs and holes in the OSs and applications that Microsoft has been bringing to market. Furthermore, the rationale of "Patch Tuesday" to deal with issues strikes me as farcical. If there's a serious flaw on my system I want to fix it NOW - not according to my calendar. Microsoft's failure to release a patch to deal with the recently exposed IE weakness is horrendous.
In short - Microsoft needs to pull its' socks up - stop realising products according to shareholder demand, and improve the quality of released product. Will it increase product development costs? yes - but personally, I think Good ol' Bill can afford it - don't you?
Bull. The problem is with Microsoft and not with the fact that WIndows is out their in great numbers.
Well funded criminal organizations are out there trying to get a hold on your environment one way or another. Why do they focus on Windows?
DNS, SNMP, SMTP, Linux, Apache, Cisco IOS. It's all out there in huge numbers. Much of it directly connected to the Internet. Plenty of it outdated and certainly not configured accoording to the latest security advisories. Open to attack 24/7. Yet... nothing happens.
Why is it that these well funded criminal organizations we're all warned about simply ignore such juicy targets for years on end now?
The only logical answer can be that they've found much easier prey out there. Easier prey that also gives much better results. For years on end.
So now we know why they've concentrated on Microsoft products in the past, the present and in the future. Arrogance kills. Stupidity rules. Ignorance is bless.
Tailor made rootkit anyone? Even your next year anti-whatever solution won't notice that one. Why? Because it evolves faster then what you're being spoon fed.