Microsoft Unveils $5M Reward Program to Fight Viruses

Discussion in 'Computers' started by Lefty Wilbury, Nov 5, 2003.

  1. Lefty Wilbury
    Offline

    Lefty Wilbury Active Member

    Joined:
    Nov 4, 2003
    Messages:
    1,109
    Thanks Received:
    36
    Trophy Points:
    36
    Ratings:
    +36
    http://www.foxnews.com/story/0,2933,102261,00.html

    Microsoft Unveils $5M Reward Program to Fight Viruses

    Wednesday, November 05, 2003

    WASHINGTON — Microsoft Corp. (MSFT) announced Wednesday it is creating a $5 million reward program to help law enforcement identify and convict those who illegally release worms, viruses and other types of malicious programs on the Internet.

    Microsoft said the first two rewards it will offer will be for information leading to the arrest and conviction of those responsible for the spread of the MSBlast.A worm (search) and the SoBig virus (search) unleashed earlier this year.

    The company offered $250,000 rewards for each.

    Those two malicious programs attacked computers that ran Microsoft's Windows operating system and caused widespread problems for companies and home users earlier this year.

    Microsoft executives made the announcement, flanked by representatives of the FBI, Secret Service and Interpol international police agency. Residents of any country are eligible for the rewards, officials said.

    "The malicious distribution of worms and viruses ... are far from victimless crimes," said Keith Lourdeau, acting deputy assistant director of the FBI Cyber Division (search). He noted that Internet attacks have cost businesses and home users millions of dollars, with some estimates putting it into the billions.

    Microsoft's software has been the target of the most serious Internet attacks over the last two years, and company founder Bill Gates has announced a "trustworthy computing" initiative to focus on improving the security of all of Microsoft's products.

    Also, Interpol (search), an international law enforcement organization, will play a critical role in the program by helping the world's police forces to share information.

    The role of Interpol is particularly important because the Microsoft initiative is a global one a cybercrime that endangers national infrastructure and individuals worldwide.

    "Interpol is particularly interested in fighting the malicious spreading of viruses because this represents truly borderless crime that requires a truly global response, a global collaboration between police and private industry," said a statement by Interpol Secretary General Ronald K. Noble in Lyon, France.

    "This Microsoft reward program is an opportunity to continue building effective relationships between the world's police and the private sector in order to prevent and prosecute cybercrime," it said.

    "While some might consider certain cybercrime offenses to be little more than mischief, they actually threaten the physical security of all of those who rely on technology in their lives," said Peter Nevitt, Interpol's Director of Information Systems and Technology.
     
  2. eric
    Online

    eric Guest

    Ratings:
    +0
    That's a start Wilbury, but what microsoft should do is focus more on real security than marketing. The company I run is an IT firm, and unfortunately we are all too aware of the security flaws in microsoft products. We have to spend enumarable amounts of time and effort correcting and working around these flaws in the software that we produce. The sad part is many of these flaws violate elementary security principles. A terrific example is the infamous "Buffer Overrun", which pops it's ugly head up in just about every Microsoft Product and product version. Now this is inexcusable.

    To illustrate my point let me describe this flaw:

    When input is required from an end user the software must prompt the user and store this input in memory (RAM, at least temporarily). The programmer sets aside a certain portion of memory for such input, this memory space exists within a reserved space in the software's executable code. If the programmer does not limit or test the length of the user input, the extra characters overwrite the actual code following the reserved space. A crafty hacker, can exploit this by feeding more bytes into the input field than the program expects. After the reserved space is filled his malicious code will overwrite the programs original code, thereby altering the program itself. The simple solution is to test the input length and chop off any extra bytes. Now this is a simple example, but illustrates the basic concept. Even when working in a more complex environment, a few relatively simple validations can be performed to prevent this.

    But Microsoft is far more concerned with stuffing a lot of cute features into their products, so they can justify the high cost of their software, and rushing them out to market. Ever wonder why Windows Update exists?

    They need to take a lesson from linux, which was built from the ground up with security as a top priority. It may not look fancy, although this is changing rapidly, but when it comes to security it's hard to beat. This is why we are seeing more and more major corps jumping ship.
     
  3. jimnyc
    Offline

    jimnyc ...

    Joined:
    Aug 28, 2003
    Messages:
    10,113
    Thanks Received:
    244
    Trophy Points:
    83
    Location:
    New York
    Ratings:
    +246
    This is what microsoft was busy doing when they thought of security:

    :wank:
     
  4. eric
    Online

    eric Guest

    Ratings:
    +0
    Boy I can't wait to get a beta copy of Longhorn, their next attempt at a real OS. Where the hell did they get that name. I think Billy is trying to make up for some of his shortcomings.
     

Share This Page