Summary: While Microsoft software comes under another zero-day attack, Microsoft's Charney, who came from the U.S. Department of Justice, wants to introduce Internet usage tax to pay for the inspection and quarantine of Windows zombies, according to IDG

Microsoft software is full of security holes and there is clearly negligence [1, 2, 3] because Microsoft does not patch known holes until the attacks begin. We wrote a lot of posts about this in January [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] since a known Internet Explorer hole that Microsoft had ignored for 5 months caused enormous damage to many businesses, Google included. This is the type of situation that Microsoft should be made liable for. It's not about shoddy programming but about shoddy maintenance and damage that could easily be avoided. Yesterday we shared reports about Free software being more secure than proprietary software because it is patched more regularly, according to Veracode (more on that here).

There is a new hole in Internet Explorer and not surprisingly it is a zero-day hole, which means that it's already being exploited. From the news we have:

Microsoft warned of a new hole on Monday that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.

Here is another report:

According to the firm the problem relates to Windows 2000 and Windows XP by default, and to a lesser extent, Windows 2003 Server. It added that its internal investigations revealed that Windows 7, Windows Server 2008, and Windows Vista were not affected. Regardless of this, it appears that if there is a risk to systems it is users that cannot stop themselves from pressing a button.

How long can Microsoft get away with this? Windows users seriously need help here, but they cannot press F1.

Now, here comes the outrageous part amid scaremongering about cyberwars. According to IDG (also here), "Microsoft's Charney suggests 'Net tax to clean computers" [via]

How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.

Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.

Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."

Remember last month's "Internet 'Driver's Licenses'" fiasco from Microsoft's Mundie? This company has got some nerve. As Richard Rasker put it, regarding another report from RSA, "I've got to hand it to this guy, this is a Great Idea. Taking some 60% of the world's PC's offline will certainly clean up the Internet. Now there appears to be some doubt about the viability of this plan:

The logistics of such a plan remain woefully unformed. While many say ISPs should monitor subscribers for infections, there's considerable disagreement about how with providers should carry out and pay for such a system.

"So providers should monitor users' computers? What a stupid idea. It's almost exclusively a Microsoft problem, so why not dump it on Microsoft's plate? Let those computer wizards from Redmond adapt their Malware Tool to disconnect any suspect machine from the larger Internet, and force this tool onto their hapless users' machines in the usual way (i.e. through a Critical Update). Now that should really make a dent in malware infestations." In Germany, taxpayers already pay for Microsoft's negligence.

We have occasionally shown how Microsoft is profiteering from Conficker (there are several examples that we gave), but what also ought to be mentioned is Charney's position in the United States government. As we once showed (when he was hired), an article revealed that "he had worked for the U.S. Department of Justice and served as assistant district attorney in the Bronx, at what he said was a unique time." Microsoft's Charney has some more government connections that he is apparently using. He might be what Microsoft calls “insider friend, ‘the fox’.” ⬆