By now, unless you’ve been living under a rock in the computing world, I hope you’ve heard about Conficker.
Richard Adhikari over at TechNewsWorld has heard about it too – in fact, he just published an article about Conficker’s latest endeavors, which are apparently leaving the computing world’s security experts baffled. But there was one quote in the article that really stuck in my craw:
Here’s the painful truth: Conficker would not be anywhere near as effective as it is in growing if PC users had only kept up with their updates and patches. It leverages a vulnerability mentioned in Microsoft (Nasdaq: MSFT) More about Microsoft Security Bulletin MS08-067, which was published last October.
Sadly, Adhikari gets it all wrong. You don’t blame users for a security hole that should never have existed in the first place. If we were to discover a major defect in an automotive product, we wouldn’t blame the drivers of the affected cars – we’d blame the manufacturer and the designer. Remember – Conficker isn’t a computer explot, it’s a Windows exploit – and were it not for the swiss-cheese security of the Windows product, Conficker wouldn’t exist.
If we’re going to toss blame around, it’s put it where it’s due: at the feet of the Redmond Giant.