Who thinks its funny that the day after Patch Tuesday, Windows 7 and Server 2008 R2 get hit with a zero day exploit that causes them to crash? Its one of those things that the timing seems suspect on. Obviously they knew about the exploit before hand, and had to confirm it before they would allow the world to know about it.
Well if you think about it, waiting till Wednesday, Microsoft basically about itself a full month to get the patch out there. Its a stall tactic. Now considering the flaw does not allow access to data, allow rooting of the OS, or anything worse than a crash, it isn’t as bad as it could be.
The whole thing that people don’t understand about an exploit like this, and say Malware that gets on your system is where the real hole is. The ultimate hole in any OS is the end user. They don’t want to hear that going to their favorite adult site is what is causing them to get infected with malicious software. They patch their system, they only go to sites they trust.
Now I do agree that holes in the OS such as the recently patched kernel flaw can cause a ton of problems. Still once that gets patched, you have less of a chance of a drive by infection. When your users go to unsavory sites, sites that do a ton of redirecting, or just sites that really are not maintained, they cause a much bigger problem.
Then there is the problem of pirated software. The funny thing about pirated software is it usually isn’t the software itself that has the malware in it, its the crack that does. Whether it is a key generator or a small file you change out, that little piece of code is what opens you up. Mind you I’m not saying that file sharing is bad. I’m not bashing bittorrent at all. In fact Bittorrent is very useful for getting legitimate Open Source software, such as Linux ISOs.
I’m also well aware of how expensive software is. The amount of profit Microsoft makes off of Office is insane, and it wouldn’t be pirated nearly as much of the price came down to a more manageable level. The thing is that there is reputable legal free software that can do most of what the expensive software does, without cracks or malicious software hiding inside of a crack. Open Office, Gimp, Linux, VLC, Audacity, and many more Open Source projects are really coming into their own.
The bottom line is no matter what we do, unless we are willing to take the time to properly educate our end users, I don’t care how much you harden your system, something will happen to it. Best to be prepared, and have a slew of tools ready. Oh, and some of the best of those tools, are Open Source and free.