Feeling lucky, punk? I’m writing this from Las Vegas, where the Consumer Electronics Show is underway. Bill Gates is here, of course, pushing the Wintel monopoly through consumer products. He’s also betting that you will want to continue your investment in Windows and Microsoft technology despite the odds that you’ll suffer more vulnerabilities by sticking with the monopoly.
The rule in gambling is that you should never gamble more than you can afford to lose. But if you rely on your Windows PC this week, you might be gambling more than you bargained for. A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won’t deliver a fix until next week, according to Wait for Windows patch opens attack window by Joris Evers of CNET News.com. That leaves your Windows PC extremely vulnerable to attacks over the next seven days — or until you download the patch from Microsoft on the next “patch Tuesday”. [Addendum: Microsoft decided to release the fix early, on Jan. 5. See Microsoft’s security bulletin.]
Reports surfaced about the security problem last week (while I was sandbagging my office to protect against the rising Russian River in Guerneville, Calif. — I eventually had to abandon that effort and flee to Vegas). Hackers can misuse a function in the rendering of Windows Meta File (WMF) images to install adware or spyware or turn your PC into a zombie spam mailer. The WMF vulnerability affects Windows XP with Service Packs 1 and 2, as well as Windows Server 2003. You can get infected simply by visiting a Web site that contains a malicious image file. Since most PC users are unaware of this vulnerability, you can expect that it will turn a lot more PCs into zombies.
According to the news report, a number of attacks that take advantage of the flaw have surfaced, including thousands of malicious Web sites, Trojan horses and at least one instant messaging worm. According to the news report:
More than a million PCs have already been compromised, said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. He has found a hidden Web site that shows how many copies of a program that installs malicious software have been delivered to vulnerable PCs.
While the Wintel monopoly makes attacks more lucrative, the monopoly is not the only problem; Microsoft’s technology is just too complex to fix easily. According to the news report:
Part of the problem is that the Microsoft’s software is complicated and vulnerable to unintended side effects of patches, [Stacey Quandt, an analyst with the Aberdeen Group] said. If the company sends out a fix prematurely, the update could cause bugs that affect the normal operation of systems, she said.
I’m sure that Microsoft is working feverishly on the patch while Gates and his lieutenants fleece the crowds at Vegas CES. My advice is to stop betting on Big Green. Put your money on Apple, Google, Red Hat, Sun, Novell, or even IBM. The odds are better that you won’t be so vulnerable in 2006.
Meanwhile, back in Vegas I’m up $40. On with the show.