As you can see from both of these articles & blog posts there is growing support for this radical idea. Recent DDoS attacks from Windows PCs that took down Twitter, Facebook and other social networking sites were aimed at just one person (and launched on a whim) and leads us to consider Windows completely unsafe. But is blocking Windows users a good course of action, and could it be achieved even if we tried?
The most common argument posed to excuse Windows security is that as the dominant OS it is the main target of hackers. This is true to an extent, but as the market leader it also gains the benefits of the top security software companies in the industry and the benefit of security experts in Microsoft itself and its business clients. The key issue here is generally the user. I am not saying Microsoft is totally blameless here, but as we will see in subsequent sections there are several good reasons why Windows is as insecure as it is.
We all saw the outcry when Windows Vista was released and the world cried, “Old piece of software X doesn’t work!” The result is that deprecated and known-to-be-vulnerable components of the OS have to be maintained for compatibility purposes (and subsequently patched and repatched for each vulnerability). Users then happily run their old software (also riddled with bugs and security vulnerabilities) wondering why they have to download so many updates.
Microsoft has tried to remedy these problems to an extent by flagging up an absence of security software, rewriting much of the kernel in their latest releases and by offering XP compatibility (a packaged VM) as an optional download with Windows 7 Pro, but Windows will still have many of these problems moving into the future as there is no obvious solution to this problem.
Despite recent campaigns such as http://www.end6.org and http://www.ie6nomore.com (there are over 70 sites of a similar ilk) IE6 still remains popular. It is a relic of the last browser war where Netscape Navigator was squeezed out of existence before Internet Explorer was left to stagnate. It hasn’t been too innovative since the turn of the millennium, and as a result is also the chief cause of most security problems because most malicious sites target this browser specifically. Microsoft moved to IE7 by default for Vista, but the corporation can’t force XP users to upgrade IE6.
Despite the best will of PC World and other boutiques’ sales teams to sell expensive copies of Norton 360 and McAfee Security with all new machines, most Windows users have little or no security software installed. This isn’t always intentional, and is usually caused out of ignorance or simply failing to renew their subscriptions once their protection has expired.
These people come from the same majority which open random emails with dodgy attachments, (ironically) run bogus anti-virus checkers on the net and click ‘OK’ on every pop-up. Unless someone who knows better tells them otherwise, they will continue to do this. Microsoft has added security centre to nag people about not having adequate security, but unfortunately it doesn’t work in the majority of cases as it does not motivate people to protect themselves.
It pains me to say it, but Windows is not the beginning and end of the problem. Microsoft is making the OS the majority of people want. Unfortunately for the internet, the majority of Windows users consist of non-IT literate people who demand everything works without hassle, whatever the consequences (before I get flamed, I am not saying ALL Windows users are like this, but the general populace as I have experienced them on forums and whose computers I wind up fixing).
The answer is NOT to ask everyone to buy a Mac or install GNU/Linux, BSD or some other Unix variant over their Windows partition. Nor is it the answer to filter every Windows user from the internet, which would be a logistical nightmare and take out the vast majority every-day users (but seriously please partisan supporters of alternative operating systems).
The answer is to re-educate people. As they start using these services and becoming components in botnets, direct them to security software. If they don’t want to fork out for one, simply suggest free alternatives they can download from the net. They are usually just as good, or in the worst case are better than nothing. If all else fails, act like an insurance salesman and point them to a folder of their beloved family photos (which won’t be backed up) and while they’re reminiscing about those occasions tell them what will happen if they don’t get security software. Persistence is the key and unless people are motivated to protect themselves they won’t.
Also, by posting in forum signatures, personal websites and social networking profiles in prominent places that Internet Explorer 6 users need to update their browser you can increase awareness of the situation. Some users don’t even know what a browser is, so be patient and answer any questions calmly. If everywhere they look on the net views their browser with disdain they will do exactly what most consumers always do in that situation – get a new one. Even if they stick with Internet Explorer, we still raise awareness about what a browser is and why it is important to update.
If Windows 7 sees the rush we’re all expecting from the hype IE8 might make this a moot point, but in the meantime it is important to send people this message. I will certainly be doing so with the next version of this site (still under development).