The Inquirer has a story that the next generation of Windows spyware and exploits are starting to make use of ‘kernel rootkits’. A paper at Microsoft Research has details on a prototype detection tool. Computerworld has more details, as well. From the article: ‘Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools…’
When are people going to wake up? The era of Windows as we know it is over. There is a race between the hackers and Microsoft, and Microsoft simply cannot keep up. So, I am going to buy a new computer. If I choose Windows, I have to also buy a virus scanner and a spyware scanner, and oh by the way, I might want to buy Office, and a backup program that works, and and and and…
From an administrators standpoint, it is suicide to install windows. You simply have to install SUS or WUS (the WUS beta currently out requires a connection to a Microsoft SQL server), and it’s a really good idea to install a centrally controlled workstation firewall, and virus scanner, and spyware scanner, and software inventory and control agent and and and…
And yet people still recoil from the Mac, Linux and BSD. Why? Because ‘they are not windows’. So, they spend and spend on all of the supporting infrastructure that running a somewhat secure Windows network requires.
Here is a road map to the future for all of you companies stuck in the windows quagmire.
1) Get all of you apps running on standards based web platforms (ie no ActiveX, VBScript etc). Use PHP, MySql and write to HTML specs.
2) The apps that you cannot port to a N-Tier based architecture, get them running using a cross-platform coding tool (Mono w/ GTK, QT, or what have you).
3) Swap out your applications with cross platform ones – ie use Firefox or Mozilla instead of IE. Use Open Office/Star Office instead of Microsoft Office. As your users become used to these tools, it will be trivial to swap out the underlying OS. Most might not even notice.
4) Start moving your people to some thing else. – Move the light users first – the ones that only use word, email, and a browser. Power Users can come later. Choose something that keeps your options open – and provides real security.
5) Sleep better at night knowing that you have a safer, more secure network.
If you need help, email me :)