Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Russian Roulette with your Network (part 2)

Russian Roulette with your Network (part 2)

  • Comments 3
  • Likes

My latest blog post on this matter generated quite some attention. Based on what happened since then, let me be clear on what I wanted to say (and still want to say):

If you decide not to roll out a security update which is so critical that we decide to go out of band, you play Russian Roulette with your network as you can guess that there will be attacks exploiting this vulnerability pretty soon. The same is actually true if you do not run and maintain an appropriate Anti-Malware solution. There were just a few that are able to detect and remove Conflicker (ours was one of the first!)

Now, if we look at Conficker.B: This is really an ugly beast: You need just one infected machine in your network in order to have it spread across your network fast and aggressively. You can get it even through a USB-stick.

So, drawing the conclusion that I said every customer having Conflicker.B did not patch and therefore playing Russian Roulette is completely inaccurate and not what I said!

it just needs one unpatched/infected machine…

Roger

Comments
  • I´d like to comment on your critical evaluation and your lack of understanding of your customers.

    It is just natural that your customers refuse to lay back to your spam like support of your operation systems.

    It is obvious to anyone you miss use your customer relations to organize and squeeze the part of the market you are holding. The Chicago Mafia worked their neighbourhood markets the same way, creating a problem and selling the solution.

    To support this allegation I will ask booth you and readers of your blog to reflect on the fact that Microsoft supports their operation systems in quite another manner than the company support their office support programs.

    The obvious reason to conduct support fore these like vice complicated integrated systems differently is solely based on market power and customer fears.

    Every business leader small or large knows there are alternatives to Microsoft's office solution, but at least small business leaders are uncertain about their alternatives when it comes to operating systems. This is a well sustained illusion off course.

    You are systematicly depriving your customers their ability to make qualified choices, and some how your customers reaches this insight because humans are sophisticated beings with abilities far beyond the logical ones. They look trough lies, hidden agendas and double standards when confronted with them, without the need to know why. If you customers were so logically and limited as you pretend them to bee they would not like to work in a “window” or put “icon´s” all over their “desktop”. And they would write their own programs, so you would have no business.  

    Everyone can be bought for a price, but bought intellectual capacity dos not surpass or out range the power of common sense in the long run.

    Take learning from your successes not from your limited presumptions.

    My sincere advice to microsoft is work with people and not against them. Don´t play power tricks on the public or pretend to be a know it all authority on computing, viruses malware adware or other threats. A lot of people are better on threats than computer geeks, don´t even make such threats.

    Are you certain you want to play a scam ?

    If you keep on like this the computing public might fail you.

    Have you closed all other running options, if not keep them open !

    You computing company is at risk, to mend this problem take your customers best interest in to consideration!

    If you experienced this before council a licensed human being or computer user.

  • Hi,

    I appreciate your comment and would love if you would base your allegations on facts rather than just statements especially if you comapre us with the Mafia. Therefore I do not think that I really want to comment on your post.

    The only thing I want to tell you: We support all our products with regards to security updates for 10 years. If you comapre the threat landscape 10 years ago and today, I personally think that any product designed 12 years ago and delivered 10 years ago is definitely not good engouh anymore to defend against today's threats.

    Roger

  • Roger

    I agree, products delivered a decade before has not been as good as the products now. And Geir I am aware of the fact that you believe and know Roger is actually saying.

    Regards,

    Noorah

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment