Can We Now Please Get Serious About Viruses?

system-failureMany news reports last month warned of a new type of ransomware called CryptoLocker. In a nutshell, CryptoLocker uses sophisticated encryption techniques to scramble an infected user’s data and then holds the data for ransom. Only if the user pays $300 will the data be decrypted and become usable again. If the user does not pay $300 within about 3 or 4 days of getting infected, CryptoLocker automatically destroys the decryption key required to unlock the data and the user will never be able to recover the data in any other way. If this sounds nasty, you’re damn right it is.

Of course, as with nearly all malicious software, this malware can only infect Windows-based systems. At this time, CryptoLocker can not infect Macintosh computers, iOS devices (iPhone, iPad, iPod Touch), or Android-based devices. While it is within the realm of reality that criminals could create a Mac version, the underlying secure UNIX-based design of the Mac makes this very unlikely (the virtual non-existence of malware for the Mac OS X platform after 12 years should be proof enough). I’ll keep it simple and say there’s zero chance of this happening on iOS platforms. And while this particular incarnation of CryptoLocker probably wouldn’t be effective on an Android device, there are already examples of ransomware popping up on Android devices.

In other news, another malware called Dexter has resurfaced in South Africa after infecting systems in the US, UK and dozens of other countries towards the end of last year. This particular malware attacks Windows-based point-of-sale systems and skims credit card information from customers shopping at infected stores. But what’s tens of millions dollars between friends, eh?

While scams can happen on any platform, and some cross-platform development environments (Java, Adobe Flash) can create malware on any platform that supports them, the bottom line is that Windows is the center of the malware universe. Windows is so full of holes it makes Swiss Cheese jealous. For all the anti-virus software out there, their effectiveness has steadily declined over the years, detecting only 70 to 90 percent of malware according to a report from a few years ago. The situation hasn’t improved over the years, as malware is increasingly prevalent and more sophisticated in its methods of attack and evasion.

Windows is a war zone. If you choose to participate in this environment, you must take increasingly intricate actions to stay protected. And that protection is dubious in nature. Where simple anti-virus software and firewalls used to be enough for most people, it is becoming increasingly clear that additional layers of protection are necessary to actually be “protected”. Most of these steps are far beyond the average computer user’s comprehension or feasibility of implementation and even then it is a constant battle to stay updated and aware.

When will enough be enough? Untold numbers of individuals and businesses lose millions upon millions of dollars a year combating a problem that Microsoft’s operating system fosters. Sure it isn’t Microsoft’s fault that malware authors feast on their operating system, but the reality is that Microsoft created the environment for malware to flourish. Something MUST change in the technology industry because this simply can NOT continue. Technology is supposed to make our lives easier, not harder.

It is time to face the stark reality that Windows is no longer (not that it has ever truly been) a platform that we can consider a viable foundation to run our lives or businesses. For all the hype about Windows 8 (not that anyone is listening) the reality is that Windows users are one infection away from losing their valuable data. That data could be irreplaceable photos of their children. Or it could be information that their livelihood depends on. Or it could be other people’s confidential information that they have been entrusted with. I for one am sick of dealing with this problem. It does not need to be this way.

Other operating systems, namely the Mac and iOS, are virtually immune to malware. Nothing is perfect, but Mac OS X is a paradise compared to the Windows war zone. And iOS is virtually impregnable with Apple strictly controlling that environment and how software can be installed on it.

Technology professionals, it is time for a “come to Jesus” moment. If you continue to advocate the deployment of technologies founded on Windows – and if you advocate for the deployment of other malware-susceptible platforms such as Android – you are doing your customers, clients, or employers a disservice. More than that I suggest you are now sabotaging those who pay your salaries. Take a look in the mirror and ask yourselves if you can live with the potential disaster that lurks around the corner. The next CryptoLocker or Dexter attack may hit your systems and you’ll have no one to blame but yourselves. It is time to take a stand and start informing those who look to you for technology expertise that the only real solution to malware is to move away from the platforms that are their breeding grounds. Yes, it will be tough to swim against the current, but the tide is already changing. Will you help lead the charge or simply follow along?

  • Damian

    Although I agree, that Windows platform is number one target for 99% of malicious software, but this article sounds like a paid glorification of apple’s OS. Mac OS isn’t completely bulletproof, see in or elsewhere.

    • Marcel Brown

      I wish someone was paying me for this blog! Certainly this may sound like a glorification of Apple’s products – but guess what – they deserve it! As a technology professional with nearly 20 years of experience, I have plenty of experience cleaning up malware. As I mention in my article, it is probably technically feasible to create a malware like this for Mac OS X. But the technical design of the operating system makes it extremely difficult. After 12 years of virtually no real malware, this should be proof enough. The piddly little things that have caused issues with Mac OS X were of such minor consequence that they are hardly worth mentioning compared to the daily battle that users must fight to keep their Windows machines clean.

      And please don’t trot out the tired old argument that the Mac’s marketshare has anything to do with malware authors not attacking it. In the days before Mac OS X, the classic Mac OS had many viruses. This was when they had even tinier marketshare in a much smaller overall market. You would think that as Apple is such a visible company, especially when they were flouting the whole Mac vs PC campaign a few years back, that some malware author would have attacked the Mac for no other reason than spite. But nothing. The only real vulnerabilities that we’ve seen in the past couple of years have been Java and Adobe Flash related. So yes, pardon me if I glorify Apple, but they are the example to be aspired to.

      • Don Lenze

        I think though, that any kudos or accolades that are given to Mac and their OSX, need to be underlined with more information about better available (And less expensive) options.

        This article outlines the potential impact to consumer data with respect to CryptoLocker, but the hard truth is that for businesses everywhere, changing over their infrastructure from Windows to Mac would not be a simple process. For the home user however, Linux is becoming a more and more viable option for a permanent switch from the Windows Desktop environment, and it’s no longer as difficult to configure/operate as its reputation would have the average consumer believe it to be. Linux Mint, or Kubuntu for example, are both straightforward enough in their interface that I was able to convert my father to a complete Linux user simply by setting up the OS for him and noting all the shortcuts he’d need for his essential functions. Sure, every once in a while he’d jump for joy and come get me when he was sure he’d found something “Linux can’t do”, but every time, there was either a known and easily located application, or in one case, a workaround (he had a sound card hiccup, minor issue).

        Since OS X is built on the same code as Linux, it stands to reason it’s just as secure (honestly, moreso in some ways). In addition, there’s no real barrier to entry because the OS is free and there’s no associated hardware (as in having to buy an expensive Mac).

        • Marcel Brown

          Expense is about more than just money. For many people, especially small business owners, time is just as valuable, if not more so. You can make more money, but you can’t make more time. Low cost means little if you are losing time to problems and difficulties.

          Changing from Windows to Mac may not be a simple process, but the risk and productivity loss from Windows can no longer be ignored. Besides, the reality is that more people are moving to mobile devices like the iPad, so the Mac vs Windows argument is moot. As more things go cloud and platform-independent, the idea of a Windows infrastructure (or any platform-based infrastructure) is going the way of horse and buggy.

          For the home user, Linux is still too complicated. Your example only proves this. You had to do the conversion for your father and he still had to come to you for several issues. These are minor for you and me to resolve, but to an average user these can be complete roadblocks. That is a real barrier to entry. For an average user, the choice for a personal computer is still Mac or Windows (assuming they want a traditional personal computer and not a mobile device).

          Technically, while OS X and Linux are both UNIX derivatives, they are not built on the same code. Regardless, Linux is more secure than Windows, I won’t belabor that point.

  • Bitter Clinger

    The virus war caused me to migrate to Mac OS seven years ago. It’s been absolutely peaceful since

    • Marcel Brown

      You’re not alone!

  • Dan

    I agree with you, and that’s why I’ve done all of my computing on Macs since about 1986. About 15 or 20 years ago, Microsoft deliberately left open a backdoor security hole in Explorer and Windows so that whenever the host browser customizes the interface for international character sets, a virus can get in and steal addresses from contact lists. This security hole was evidently left open for the benefit of NSA, and this flaw was complicit with the likes of McAfee and Norton anti-virus products. They knew it was there, but deliberately left it open. The result was, spammers learned to use this security hole to send buckets of spam from user email accounts every time infected email was opened by some hapless Windows user.

    If Windows users/managers are too stupid to demand better/more secure software, they’ll never get it, from Microsoft or anyone else.

    Not only do they not seem to “get it” that Microsoft is not interested in keeping their computers, privacy or security online safe from scammers, spammers and online criminals, but it carries over to support of social media like Facebook and Twitter. None of it is good, but that doesn’t alter the fact that there is a helluva lot more than one of them born every damn minute now.

    • Marcel Brown

      Do you have any information on this backdoor? I’d love to research it.

      My view is that Microsoft was more sloppy than anything else. UNIX was developed as a multi-user, networked operating system. Security was essential from the beginning. UNIX-derived operating systems (such as Mac OS X and iOS) benefit from this heritage. MS-DOS and then Windows was developed for a personal computer. PCs were single-user machines so Microsoft never considered security in the design. Even when PCs began to be networked, they were still relatively safely isolated within company LANs. Security still wasn’t a concern. All of a sudden the Internet exploded on to the scene and all the holes were exposed. Microsoft has been playing catch up ever since, but the reality is they will never “fix” Windows because it is rotten to the core.