The recent MS10-015 incident, related to BSODs and rootkit infections
, got me thinking about a time, not so long ago, when Microsoft had to fight with security companies in order actually secure Windows. I know of no other example of a company doing valid work to bulletproof their software only to be accused by prominent members of the security industry that it was actually making its products less secure. But such is Microsoft and the Windows ecosystem, full of paradoxes. Some three years back, the Redmond company had to fight its way amidst accusations fueling the perspective that Windows and user security were not intersecting concepts in a PR face-off, just to add mitigations to its OS to prevent rootkit infections. The kind of mitigation that safeguards PCs against Alureon, and other rootkits.
Sometimes, all it takes is an apparently insignificant piece of malware for customers to lose their sensitive information via credit card data theft, or get their identities stolen, to have their compromised PCs turned into zombie computers and harvested for botnets, or to find their machine completely useless. Just ask the Windows users recently infected with the Alureon rootkit. As soon as they deployed Microsoft Security Bulletin MS10-015 (KB977165)
released this month, they threw their PCs in an unbootable state and were confronted with frustrating Blue Screen of Death errors. And this is the least of their problems, as they should run to check their bank accounts for disappearing money.