Tuesday, December 14, 2010

Microsoft VS The Virus ....

Last night on my XP box which has a ton of service pack installed and using Intercrap Explorer 8, I was browsing a wikileaks mirror site and caught the think pointe virus.

Not only did it slip by Microsoft Security Essentials it crippled the software such that it wouldn't updated the virus def files. This thing causes all sorts of havoc on the OS, IE lock ups, browser redirects, hides itself from the task manager, system tray warning and even changes the XP UI. The icing on the cake are the dialogue windows that the virus displays, they look exactly like Security Essentials caught the virus. I even did a double take when they popped up.

I figured no big deal boot into safe mode and restore, well that didn't work. I found a KB and manually updated the security essentials files then let it cook for about 3 hours scanning the PC and it still didn't find anything. It gave this infected crippled PC a clean bill of health.

Next try was Adware by lava soft, it found a couple problems but didn't totally fix things. I downloaded Malwarebytes which finally cleaned the PC.

I was curious, given I knew I could get rid of the virus, so I went back on the same site with Google Chrome - which by the way the newest version of the browser is very impressive and snappy definitely worth checking out - and the virus was not able to infect the PC.

Of course I have to tie this experience into Visual Studio :0) ... The thought crossed my mind given all the security BS we have to deal with in Visual Studio for web development, strong type declarations which cheerleaders argue brings stability (another blog worthy topic - which wasn't required in Visual FoxPro) and a ton of bloat in the .BLOAT wrapper classes, how did IE let this infection occur?

We also need to consider the virus was probably written by a single person or small group of people yet they managed to cripple XP while rendering I.E. and Security Essentials useless. Furthermore two smaller software companies writing free malware programs found and fixed problems Microsoft missed! Am I the only one that doesn't get how this can occur at Microsoft with all their brainpower and resources at their fingertips? Folks this is a freaking embarrassment plain and simple which happens so often, I guess, now it has become an accepted standard!

I wonder if the problem is Microsoft has so many layers and bloat on top of layers of bloat in their source code they have reached a point it is now virtually impossible for them to lock down their software anymore and as a result developers are stuck dealing with all this security crap and ass-backward programming hole plugging workarounds that slows down development? Moreover should their best practices even be followed when they can't make them work effectively?

Some things to think about ......

Till next time


No comments: