Many news reports last month warned of a new type of ransomware called CryptoLocker. In a nutshell, CryptoLocker uses sophisticated encryption techniques to scramble an infected user’s data and then holds the data for ransom. Only if the user pays $300 will the data be decrypted and become usable again. If the user does not pay $300 within about 3 or 4 days of getting infected, CryptoLocker automatically destroys the decryption key required to unlock the data and the user will never be able to recover the data in any other way. If this sounds nasty, you’re damn right it is.
Of course, as with nearly all malicious software, this malware can only infect Windows-based systems. At this time, CryptoLocker can not infect Macintosh computers, iOS devices (iPhone, iPad, iPod Touch), or Android-based devices. While it is within the realm of reality that criminals could create a Mac version, the underlying secure UNIX-based design of the Mac makes this very unlikely (the virtual non-existence of malware for the Mac OS X platform after 12 years should be proof enough). I’ll keep it simple and say there’s zero chance of this happening on iOS platforms. And while this particular incarnation of CryptoLocker probably wouldn’t be effective on an Android device, there are already examples of ransomware popping up on Android devices.
In other news, another malware called Dexter has resurfaced in South Africa after infecting systems in the US, UK and dozens of other countries towards the end of last year. This particular malware attacks Windows-based point-of-sale systems and skims credit card information from customers shopping at infected stores. But what’s tens of millions dollars between friends, eh?
While scams can happen on any platform, and some cross-platform development environments (Java, Adobe Flash) can create malware on any platform that supports them, the bottom line is that Windows is the center of the malware universe. Windows is so full of holes it makes Swiss Cheese jealous. For all the anti-virus software out there, their effectiveness has steadily declined over the years, detecting only 70 to 90 percent of malware according to a report from a few years ago. The situation hasn’t improved over the years, as malware is increasingly prevalent and more sophisticated in its methods of attack and evasion.
Windows is a war zone. If you choose to participate in this environment, you must take increasingly intricate actions to stay protected. And that protection is dubious in nature. Where simple anti-virus software and firewalls used to be enough for most people, it is becoming increasingly clear that additional layers of protection are necessary to actually be “protected”. Most of these steps are far beyond the average computer user’s comprehension or feasibility of implementation and even then it is a constant battle to stay updated and aware.
When will enough be enough? Untold numbers of individuals and businesses lose millions upon millions of dollars a year combating a problem that Microsoft’s operating system fosters. Sure it isn’t Microsoft’s fault that malware authors feast on their operating system, but the reality is that Microsoft created the environment for malware to flourish. Something MUST change in the technology industry because this simply can NOT continue. Technology is supposed to make our lives easier, not harder.
It is time to face the stark reality that Windows is no longer (not that it has ever truly been) a platform that we can consider a viable foundation to run our lives or businesses. For all the hype about Windows 8 (not that anyone is listening) the reality is that Windows users are one infection away from losing their valuable data. That data could be irreplaceable photos of their children. Or it could be information that their livelihood depends on. Or it could be other people’s confidential information that they have been entrusted with. I for one am sick of dealing with this problem. It does not need to be this way.
Other operating systems, namely the Mac and iOS, are virtually immune to malware. Nothing is perfect, but Mac OS X is a paradise compared to the Windows war zone. And iOS is virtually impregnable with Apple strictly controlling that environment and how software can be installed on it.
Technology professionals, it is time for a “come to Jesus” moment. If you continue to advocate the deployment of technologies founded on Windows – and if you advocate for the deployment of other malware-susceptible platforms such as Android – you are doing your customers, clients, or employers a disservice. More than that I suggest you are now sabotaging those who pay your salaries. Take a look in the mirror and ask yourselves if you can live with the potential disaster that lurks around the corner. The next CryptoLocker or Dexter attack may hit your systems and you’ll have no one to blame but yourselves. It is time to take a stand and start informing those who look to you for technology expertise that the only real solution to malware is to move away from the platforms that are their breeding grounds. Yes, it will be tough to swim against the current, but the tide is already changing. Will you help lead the charge or simply follow along?