Conficker worm has become a PR problem

Sam Varghese
Monday, 16 February 2009 06:01

IT Industry - Market

How many people are involved in code review at this huge company, the same way in which the OpenBSD developers pore over code and try to eliminate every single vulnerability? One? Two? Or none?

Such activity wouldn't bring in much revenue, I'm sure, but it would definitely improve the product.

Just how much thought has gone into providing an easy way to update one's system using any browser, not just the bloated, insecure Internet Explorer? Why is ActiveX, one of the most insecure controls ever devised, still needed?

Why does Microsoft not make the creation of an ordinary user account at the first Windows boot-up mandatory?

Could it be because you would lose a lot of that glorious freedom - which you should never have had in the first place - that you enjoy when using Windows with an account that has administrator privileges?

When, oh when, will we see a clear demarcation between userspace and kernelspace on Windows?

One of the preventive steps being touted to keep the Conficker worm at bay is the disabling of auto-run for USB keys. But just have a look at how easy it is to do that.

How many people would willingly undertake a task like this, one that could damage the registry, that overly-complex single point of failure still present on every avatar of Windows?

At what point will Microsoft decide that it needs to break backwards compatibility in order to build its next operating system on a firm foundation?

Or would the potential loss of all those millions of users continue to convince the company that it can hose down the next Conficker by using PR again?

The worm itself appears to be moving merrily along. The last time I looked, the number of infected Windows computers was in the region of 10 million. It's got a few hundred million to go, that's all.