Guest post by InfoWorld’s Woody Leonhard takes a look at the past 20 years of innovative Windows malware — an evolution that provides insights into the kinds of attacks to come. From macro viruses, to interstitial infections, to spray attacks, to industrial espionage, “there’s been a clear succession, with the means, methods, and goals changing definitively over time,” Leonhard writes, outlining the rise of Windows malware as a succession of ingenious breakthroughs to nefarious ends.
Here’s to another 20 years of Windows viruses!
Too bad I won’t get to experience them, since I don’t run Microsoft OSes any more… and even then, infections on my own machines were rare (had much worse luck with spyware and adware in the WinXP era).
But seriously… an article… looking back at the history of Windows viruses… as if it’s something special and worthy to commemorate. I’m lost as to why something like this even exists in the first place.
Those who don’t learn from the past are doomed to repeat it? Seems like a good enough reason to me. I lived and worked through most of those events, and I hope i never have to go through any thing like blaster or ILOVEYOU again.
The price of freedom is vigilance, or some such.
I see history repeating all the time.
I still see Windows on almost every computer, often screwed up royally with malware infections of every kind. Yes, even Vista and 7. The market share of the mainstream OSes isn’t a whole lot different than the mid to late 90s… Windows still dominates, Mac still has a distant second-place position. Flash usage has gone through the roof; not a surprise, because back then it was quickly gaining popularity, and sites like YouTube only made it worse.
Either history *IS* repeating… or people aren’t changing. And if people aren’t changing, doing the same things and making the same mistakes they’ve done countless times before, you could say that in effect history is repeating.
The majority of people don’t know anything, or give a damn, about computer security. That’s only getting worse over time, as even more idiots who don’t even know what a text file is are getting computers these days.
Although I did gave a positive vote on your comment, I must object to one bad thing in it.
More and more new people are being introduced to computers and it’s natural they they don’t know anything about it. But that doesn’t justify calling them “idiots”. If you’d became a freshly certified pilot of an Airbus A380, how would you feel if your senior colleagues would call you “idiot” during the flight?
As for those who are dumb or ignorant about their own security, I’d still rather call them “unaware” or “not knowing” instead of “idiots”. Beware of easy attaching bad names to other people, especially those you are not familiar with.
Otherwise, I agree with your comment.
There are far too many that don’t listen, don’t comprehend simple consequences or listen nod then don’t do…
As a fulltime no-user of “Windows” (never been, never will) I may not have the right to raise my voice about such a topic, but allow me to add a short comment:
The keyword is “don’t care“. It is that simple. One might say this qualifies the subjects to be called idiots, but carelessness is worth than plain stupididy…
Also keep in mind that malware (as a general term describing a certain kind of software) is not just ye olde viruses. It’s all kinds of software that spies on users, steals data, or makes careless users hand in their data to the attacker for free. It’s also software that acts in the background and provides fertile ground for evildoers to grow whole “subnets” of infected PCs carrying out their orders.
You probably know that, if I remember correctly, more than 90% of toda’s transferred e-mail messages is spam. Intected “Windows” PCs, owned by careless users – no matter if we consider typical Joe Q. Sixpack’s home PC or the accounting office network of Verybig Corp. – are the reason for that. There are also more and more problems for normal Internet users to do normal everyday things because ISP’s don’t know other means to fight against attacks coming from compromized “subnets” than filtering (or closing) ports or denial of regular services. Lately tried to send a mail from your system’s sendmail from behind an IP in a dynamic address range?
PCs aren’t easy. They’ve never been. They won’t be, at least not in MICROS~1 land. And those who drive the innovation of malware are aware of this fact – unlike those who actually use “Windows”…
I should clarify what I meant. I was referring to those people who specifically don’t know or care to know anything about computers and the way they work. You know… those people that want everything to “just work” and get pissed when it doesn’t, and refuse to take advice and listen for tips on how to *not* have the problem again. People who have owned a PC for years, who if they had that level of experience with a car and the laws on the road, would be unable to get their license.
I have absolutely no problem with people who are willing to at least learn. Everyone has to start somewhere. My mom, for example, doesn’t know a ton about computers, but she rarely needs help with her computer because she listens and learns. On the other hand, there are some people who repeatedly ask me to “fix” their machines for the same reasons every time, seemingly having learned absolutely nothing the previous time(s), and everything I said must have went in one ear and out the other.
It’s these people who refuse to learn anything and always have the same problems that I am talking about… and they seem to exist is quite large numbers.
Sorry, I refuse to dumb down my terminology in order to be politically correct and less offensive to those people. They would most likely not get offended anyway–hell, they probably don’t even visit a tech/OS site like this one, let alone even know OSAlert.com exists.
But really, those kinds of people drive me nuts and “idiots” was quite mild compared to what I could have said.
People might not be changing, but Windows is much more secure than it ever has been before. There is no Blaster or SQL Slammer taking down whole networks, making life a living hell.
It’s an entirely different situation then 10 years ago. The user may not have changed, but Windows has. To claim otherwise is either denial, or falsehood.
Nope, today they only empty your bank account. Oddjob, Zeus, come to my mind
Yeah, maybe but at work, I may have a single infection a month to deal with, and in my case, where my users are not administrators, it’s a fast and easy fix.
Compare that with 2001-2004, where whole organizations would drop offline, and it’s a 1000% better.
To know if similar exploits could have worked on other OSes of the time? I know that the macro exploits worked cross platform, and of course phishing and spam tend to work equally well on idiots using any os.
Were other companies more savvy or did they all learn from Microsoft’s mistakes?