Microsoft Windows and malware (duqu)

Facts have proven time and again, that Microsoft Windows is inherently insecure, whatever may be told to the world about it’s security having improved over the years. In fact, those who get infected on account of these defects should take the battle to Microsoft and demand compensation. Though there are other technical controls within their environment, to prevent the Microsoft Windows system from getting infected by malware, it still does not make sense for Microsoft to deliver products with holes in them to customers. Deploying Microsoft Windows boxes with flaws / defects is like buying armor with chinks in it. Deploying other technical controls around that defective armor, is like closing those chinks with band aid.

The company whose servers have been seized for investigation, would definitely experience loss of revenue, reputation, for not have put in place adequate controls and it would be a long time before they get their equipment back. Whilst the investigation is on, their customers’ data would also be used as part of the investigation, and there is a high likelihood that the data would be leaked inadvertently. The Indian IT Act 2000 gives the investigators lots more power than that given elsewhere in the world. So, let’s see how this case unfolds.

Meanwhile, as a precaution, it would be wise to investigate thoroughly the issues around Windows as a secure solution versus other Operating Systems. Features in some versions of Linux like SELinux and AppArmor introduce that one extra layer of security on top of an already secure server environment.