|Home » Learning Curve » Red Hat Diaries
The Road Ahead
The road is dark and dreary. Someone's blocking the light.
Bill Gates wrote a book in 1995. He purportedly sequestered himself two months in the summer of 1995 before the release of Windows 95 (24 August) to write his book. The book is called 'The Road Ahead'.
An aside: Windows 95 was originally supposed to be released in 1994 but Swedish IT journalist Magnus Wester had a bet with Microsoft's Swedish product manager that it would be a year late. The bet was for a case of wine. Wester got his case from Microsoft the day Windows 95 was released.
1995 was a rough year for Gates. The Internet was coming and he wasn't prepared any better than he'd been prepared for the advent of the graphical user interface. His MSN which was supposed to target and destroy CompuServe got shut down because of the ongoing DOJ investigation that few people knew about or took seriously. Gates reckoned his MSN - available earlier as a beta for developers - was going to make his company look even worse in the eyes of the 'feds' in Washington. He concentrated on his book instead.
Gates wrote that things were changing rapidly in the world of IT, that computers would become connnectors, and that he sincerely hoped his company Microsoft would still be relevant in the road ahead.
The Road Behind
Gates famously dropped out of Harvard and a life of goofing off with malt liquor, poker, and Playboy when he read about the MITS Altair. He supposedly rigged the Harvard computing centre so he, Paul Allen, and a third colleague could get an estimated $40,000 in computer time for free. They wrote a BASIC interpreter and then some of them traveled to Albuquerque to talk with the owner of MITS.
Considering 99% of all infected machines out there in userland are running some Microsoft product, Microsoft SHOULD be taxed for each and every one of them, It is fortunate we have such an industry leader as Microsoft, fessing up to their own damn foolishness and offering to make good.
Paul Allen was taken on as a programmer. Gates established an office upstairs from a whorehouse in a seedy part of town and raced his father's gift of a Porsche (and famously got arrested).
The MITS Altair was a tinkerbox. All 'personal computers' back then would be tinkerboxes. Just as the initial boxes created by Steve Wozniak. Wozniak wanted something to tinker with at home. You can't take big iron home in your lunchbox. No one was thinking about nontrivial computing - they just wanted things to tinker with.
Dan Brocklin's VisiCalc changed the landscape. Suddenly those small computers could do things beneficial. This wasn't the equivalent of mainframe data processing or IBM's IMS and DL/1 - it was mostly for fun. And occasionally the small machines actually did something useful.
IBM's PC was supposed to function as a 3270 gateway to System/370 monster computers. The Internet existed but it wasn't going to be used in that scenario.
The Road in 1995
Few people were aware of the Internet in 1995. But Windows 95 was to change that. Microsoft put Windows 'online' using reworked (and rather leaky) Berkeley sockets code. People still ran modems and they talked of baud rates. Net connections could be very expensive if local calls weren't free.
Thanks to Microsoft, the typical computer user believes that sporadic crashing is unavoidable, machines and programs must be restarted periodically if they are to maintain efficiency, and that the threat of viruses is the price paid for the convenience of email. It has come to the point that recently, when trying to explain that it was important for long-running (scientific number-crunching) code to be careful about memory management, the people I was talking to refused to believe it was possible that a program could run for over a week without slowing down.
Academia and business were seriously migrating to Windows NT at the time. This seemed to basically be a no-brainer: NT offered open database connectivity which cut down on the cost of maintaining Unix databases. NT consequently took a chunk out of the Unix/Sun market.
This 'fling' with Microsoft didn't last long. Programmers were shipped by the truckload to training institutes to learn the NT API. Corporations saw savings but they also saw other things. The love affair was over by the New Millennium.
Viruses had always been around in those pre-Internet years. They attached to unprotected Microsoft executables or wrote themselves into unprotected boot sectors and propagated on floppies. They weren't a widespread problem but they could be a pain if a shop got hit. Companies like Dr Solomon, McAfee, and Norton came along to help fight the bad guys. The bad guys were amateurs - they weren't organised crime.
Internet connectivity completely changed the name of the game. Melissa hit by the end of the last millennium. It wasn't organised crime either but it caused a lot of damage. Even the ILOVEYOU worm wasn't organised crime - it was propagated from an IT institute outside Manila in the Philippines. It was set up to steal Internet logon credentials so people who couldn't afford a connection could get online too.
The Road in 2000
ILOVEYOU caused a lot of damage. Melissa had been a MS Word attack; ILOVEYOU obliterated Windows computers through a seldom used (and very dangerous) scripting engine, the notorious Outlook mail client, and a somewhat flawed but eminently successful bit of social engineering.
Here's a better idea: rather than quarantine malware-infested computers, why not do the owners a favour and give them an operating system that isn't a steaming pile of fresh manure, such as...... well, anything other than Windows. That way, they get a better computing experience and the Internet becomes a better place.
Voices were immediately heard. People placed the blame for ILOVEYOU firmly at the feet of Bill Gates and Microsoft. The scripting engine was enabled by default. The effortless access to mail addresses and the total lack of system resistance to any type of attack were all cited.
Some people presumed network admins would get a clue and begin fleeing Windows. It didn't happen. Corporations incurred massive losses but just moved on as if nothing happened. Several spinoffs to ILOVEYOU appeared, some crafted with malintent, others crafted to try to get people to wake up. Nothing much improved.
Gradually the bad guys - the black hats - began to learn how one could combine spam with malware payloads. Spam was generated in a different way back in 1995: spam companies would employ huge machine parks to probe the Internet in the search for open mail servers where they could inject their traffic.
Today it's completely different. Most net admins have long since learned how to stop spurious SMTP traffic. Today the spammers use Windows PCs instead.
The Road Today
Spam of today is almost exclusively generated by computers running Microsoft Windows. Estimates from within the Windows antivirus cottage industry put the level of spam at somewhere between 92% and 97% of all SMTP (mail) traffic on the Internet. Spam is not a minor problem. Spam - thanks to Microsoft Windows - has become a problem of inordinate magnitude. Some would say it's bloody ridiculous.
This VP of MS is a MORON. Anyone who uses the Internet through their home is already paying taxes for the privilege. And yes, WINDOWS is the number ONE reason there are so many viruses, outages, disturbances, breaches, and any and every other form of crap happening to computers and the Internet, because the Windows OS is NOT a secure system. If he is so concerned, than HE should foot the bill to fix his damn OS, and leave the Public out of it.
But spam of today doesn't only try to sell Canadian penis pills: it also infects computers - Windows computers. These computers are then recruited into botnets - networks of compromised 'computer robots'. They're run from 'command and control' servers where the bad guys can issue their orders to millions of Windows computers directly from a web interface.
The attacks can do almost anything. They attack message forums. They can read and circumvent simpler precautions such as 'captchas'. They go anywhere and do anything - and they're all run from Windows computers under control of the 'bad guys'.
There are always a clueless few who try to reason it's safer to stay on Windows because other platforms are going to get hit sooner or later. Of course this doesn't change anything in the short run. And that 'long run' - it's a long time coming. The same fools have been repeating their argument for well over ten years and still nothing's happened.
There are those who believe Windows only gets hit because it's such a popular platform. But people with a clue know better. The simple fact of the matter is that Windows gets hit because it's like Mount Everest - it's out there and it can be corrupted. The fact Windows is so widespread only makes it more lucrative. The black hats are really lucky.
The Road Tomorrow
The 'genius' of the black hats isn't in finding ways to attack Windows. Windows is the proverbial sitting duck. Attacking Windows is the proverbial turkey shoot. The 'genius' lies in how they find ways to combine different methods of attack with different methods of propagation. Spam today is very much 'all in one': maybe you fall for one of their ruses; maybe you buy one of their phony antivirus products; most certainly you get 'tagged' and become part of the problem as your computer gets in on the spamming. And denial of service attacks. And all the rest of it.
Microsoft made deliberate choices all along the way (early Windows) to make it easier for businesses (Ford, Boeing, etc.) to roll out fixes via their internal networks. When employees internal to Microsoft pointed out the risks and suggested that they change the model (from full open to open by custom installation) they were shutdown, fired or otherwise removed from the projects. These decisions were made at very high levels for the ease of deployment for large customers, when hackers started exploiting these holes Microsoft tried to act like the victim.
Putting a rootkit on a Windows system isn't difficult either. Just ask the people at Sony. Insert a Sony CD and suddenly your entire computer is under their control.
Try asking the clueless why this is bad. They don't know. Most of the time you read comments like 'malware is bad because it slows my computer down'. No clue.
Even this latest spin stunt by Microsoft is a mere echo of something the world of Unix heard ten years ago. Linux/Unix/OS X users writing to ISPs and asking them to shut Windows down. Code Red creating havoc with no user intervention at all - put a Windows machine online and it gets hit and infected 'just like that'.
Radsoft did a peremptory test a few years back: use a packet sniffer to witness the intensity of it all. There were nineteen attacks in the space of 9.5 minutes. That the computer could even run was amazing, as it was using so much CPU just to cancel all the incoming malware traffic.
The Internet's a bloody mess and it's all thanks to Microsoft.
Fixing the Road
Bill Gates and Microsoft do not lack the wherewithal to fix all this. Of course not. But their analysis must irrefutably show that their doing the 'right thing' will effectively bring their market dominance to an end.
For MS to propose such measures is a bit beyond the pale. If their OS was not SO EASY to infect and subvert, we would not have these issues. If the world moved to Linux (or OS X, BSD, Haiku...) tomorrow, viruses, rootkits, trojans etc would not vanish, but they would become much, much harder to forge. The only losers would be Symantec et al.
- The BigYin
Unix can be attacked - make no mistake about it. But attacks on Unix generally have to be preceded by weeks and months of preparation - for a single target system. Doing work both online and off, reading the news, looking for corporate departments in relative disarray because of mergers or whatnot, using probing tools to find weak personal systems (most of which are going to be Windows anyway even today). Look at how the China attack on Google worked: Google run their own brand of Linux but on the individual desktops some of them were still found running Windows.
Find a human weakness in a Unix shop and exploit it: this takes time. It takes a flawed or incomplete configuration. And it takes a bit of luck. None of this can be used to propagate a worm outbreak. There are no generic system flaws in Unix.
The black hats working on attacking Windows systems don't have to worry about that. Their problem isn't finding a hole in Windows - their problem is choosing which of the countless holes available they want to use.
Organised Internet crime would effectively disappear tomorrow if everyone were running Unix today. The attack vectors wouldn't be there. Organised Internet crime depends on financing. Those with the money aren't going to finance a group of black hats sitting around in their underwear if it takes them weeks or months to find a single attack vector for a single target corporation. They'd go back to protection, gambling, extortion, prostitution, and gambling tomorrow if everyone started using Unix today. There's no money in attacking Unix. Not the way they've been used to.
And have they ever been spoiled: organised Internet crime nets at least $5 billion annually. This is $5 billion essentially stolen from Microsoft Windows computers.
None of this is alien to Microsoft. They're all very aware of what's going on. They've been following the Halloween Documents playbook since it came out. They know they're doomed. All they have is their market clout and their money. But they're running out of options. They've tried every dirty trick in the bag and none have worked. For Microsoft, the inevitable is truly inevitable.
The Very Last Rabbit™
Microsoft are looking down a dark and dreary road ahead today. They've basically had it and they know it. Bill Gates did not make it into the new era he wrote about back in 1995. They've not only been following the Halloween Documents for years in order to compete with open source kernels, they now have the brutal force of Zeus and his friends and the incredible cash leak that people are getting more and more tired of.
'A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to Internet users.' Really? Can of worms meet opener.
- Mark 65
Microsoft used to have an ally in the antivirus cottage industry. But today they're competing directly with their old friends (probably because revenues in general are way down) all the while more and more reports surface showing what everyone has already known - namely that antivirus can't protect Windows anyway, that there is no protection.
The Chinese Google attack, the Zeus attacks: Microsoft's image is up the creek. And there seems to be a growing 'murmur' of discontent about them - not only amongst the security 'professionals', most of who will prostitute themselves for anyone if the price is right, but especially amongst the punters who are more and more getting the picture.
Several governments have come out with decrees as official as you can ask for, telling people to not use certain (or all) Microsoft products.
Everyone knows what the score is. Microsoft could fix everything but would then lose their entire market. They've been desperate for a long time and what we're seeing now seems to indicate they're running out of hope.
XP is a security nightmare, Vista is a smoldering piece of shit, Se7en didn't really go over very big at all. IE6, IE7, and IE8 are all irreparably flawed. It's all over the place. And this after all the billion dollar class action suits and the EU fines. There's going to be a mob of vigilantes with torches and pitchforks marching on Redmond if things get any worse.
Blame the Victims
So it's really bad. And they all know it. You can smell the fear on them. And what does Gates do? He pulls out his Very Last Rabbit™ at the RSA conference in San Francisco - he blames his customers.
The company who nearly singlehandedly are the reason there's an antivirus industry want a tax to pay for malware removal? F#$% off. We should fine them $1000 for every infection on systems running their software. IE and Outlook exploits could probably pay off the US national debt in 10 years.
The Microsoft exec who gave the speech didn't get sacked. Everything he said had to be pre-approved just as always. He's still on the payroll. He said what they wanted him to say. There were late night meetings with Ballmer and Gates himself going over the precise wording in that speech.
There's no serious proposal on the table - it's an attempt to once again deflect the blame from where it belongs, this time to the customers themselves.
This isn't to say something that macabre couldn't become reality. Count on politicians being clueless. Most come from a legal background and there's no professional group more clueless. Count on them continually reminding everyone they have pockets where people can place notes of legal tender. Count on them being ready to put one over on their constituencies again.
None of them give a shit what happens to the world or the Internet. They're ambulatory alcoholics anyway - they're often outrageously drunk and they're always under the influence. They used to be able to push buttons and start nuclear wars in their inebriated condition. Now they're fellating Bill Gates. Same difference. They don't care. Period.
Never underestimate Microsoft or any enemy. So what if this isn't their intent? They'll stop at nothing and everybody knows it. But if it's true? Then how do the people get to the politicians to stop them? Can a Slashdot thread do it? Look what's happening with the data storage directives and ACTA. Recession, bad times, democratic governments dumping the very ideas of openness and democracy - and now the greatest weapon the people have is down for the count and the people themselves are going to get the blame?