[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] windows future

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] windows future
From: "lsi" <stuart@xxxxxxxxxxxxxx>
Date: Thu, 27 Aug 2009 13:45:01 +0100

[Some more extrapolations, this time taken from the fact that malware 
mutation rates are increasing exponentially. - Stu]

(actually, this wasn't written for an FD audience, please excuse the 
bit where it urges you to consider your migration strategy, I know 
you're all ultra-l33t and don't have a single M$ box on your LAN)

http://www.theregister.co.uk/2009/08/13/malware_arms_race/

If this trend continues, there will come a time when the amount of 
malware is so large, that anti-malware filters will need more power 
than the systems they are protecting are able to provide.

At this time, those systems will become essentially worthless, and 
unusable.

You can choose to leave now, or later.  But you cannot choose to 
stay...

(I mean, that the Windows platform seems destined to fill, 
completely, with malware, such that your computer will spend ALL its 
time on security matters, and will have no CPU, RAM etc left for 
actual work.  At the end of the day, the ability of malware to infect 
Windows machines is due to the fact that Windows is a monoculture, a 
monolith, built by a single company, with many interconnections and 
hidden alleyways.  It's hard to imagine a platform LESS vulnerable - 
compare with open-source efforts, which are diverse, homogenous and 
connect via open protocols.  Malware finds life hard in the sterile, 
purified world of RFCs, where one of many different programs may 
process your malicious payload, all of which have been peer-reviewed. 
 In Windows, malware knows that a specific Microsoft EXE will process 
its data, knows that the code has not been thoroughly checked, and 
can make use of undocumented mechanisms.

So basically Microsoft, by hoarding their source, by tightly 
integrating functionality, and by seeking to monopolise the various 
markets created by the platform (browser, media player, office 
software), have doomed Windows, and everything that runs on it.  The 
lack of diversity in the Windows ecosystem means that it is highly 
vulnerable to attack by predators.  The fact that malware mutation 
rates are accelerating is a clear indicator that the foxes are 
circling.  This is the beginning of a death spiral; the malware 
numbers we've seen in the past 20 years were the low end of an 
exponential curve, and we're now getting to the steep part.

The problem is that any given computer is only capable of so much 
processing.  It has an upper limit to the amount of malware it can 
filter, those limits being related to CPU speed, RAM, diskspace, 
network bandwidth.  This upper limit looks like a horizontal line, on 
the chart that shows the exponential curve mentioned above.

So my point, is that eventually, the exponential curve is going to 
cross that horizontal line, for any given computer, and when that 
happens, that computer will no longer be able to filter malware.  It 
will only be able to filter a subset, and thus be vulnerable to the 
rest. Consequently it will not be usable, for instance, on the web, 
and will essentially become a doorstop...

The only escape from this inevitability is to ditch the platform that 
is permitting the malware - that is, the only escape is to ditch 
Windows. It is being eaten alive, by predators that only have a 
foothold because there are weaknesses in the platform.

Given that it can take years to migrate to a new operating system, I 
do recommend, if you have not already done so, that you commence 
planning to ditch Windows.  I might be wrong about the exponential 
curve, but if I'm not, then there may not be a lot of time in between 
when malware levels seem managable, and the time when they are not.  
If your business depends on Windows machines and they all become 
unusable, you will have no business.  What you definitely must NOT 
do, is assume that Windows is going to be around for a long time.  It 
is a dead man walking.

- Of course, there might be a few years yet.  You can spend those 
years running up your IT bill, with lots of new computers that are 
required to filter all that malware while still performing at a 
useful speed.  Or, you can ditch Windows, and keep your existing 
hardware - it runs perfectly well, when it's not weighed down 
defending the indefensible.

[If Microsoft dooming Windows isn't ironic enough, consider that 
every time malware authors pump out another set of mutations, they 
are nailing one more nail in the coffin of the platform that they 
depend on to make their living! Ahh, there is justice in the world 
after all.]

[And the end game?  Well, M$ could open-source Windows, but frankly, 
why would anyone bother trying to fix it?  As the old saying goes, 
don't flog a dead horse...]

---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] windows future
  - From: lsi

Prev by Date: Re: [Full-disclosure] phish war game
Next by Date: Re: [Full-disclosure] [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation
Previous by thread: Re: [Full-disclosure] phish war game
Next by thread: Re: [Full-disclosure] windows future
Index(es):
- Date
- Thread