October 04, 2009
The above map illustrates the projected arrival of broadband service to Africa in 2010 and 2011 via undersea cables. That’s the good news.
The bad news, and the point of this post, is that Africa is home to about 100 million PCs, 80% of which are estimated to be infected with some kind of malware. This has occurred because the intense poverty throughout the continent has resulted in a pervasive distribution of pirated software and the inability to pay for Anti-Virus protection. Currently, most Internet access is via dial-up, but once broadband comes to Africa, all of those infected PCs will become an easy target for bot herders looking to build the next mega-botnet; Think about it. Almost a hundred million PCs with little to no AV protection connected to the Internet backbone via a super highway instead of a dirt path. What could a bad operator do with a botnet of that size? Pretty much anything he wants, including paralyzing an entire nation’s networked infrastructure. That’s all systems connected to the Internet, including power, water, communications, commerce, etc.
If this were a public health risk, (a) it would never have been allowed to get this far out of hand, and (b) labs would be working around the clock to produce enough anti-virus serums to stop the pandemic in its tracks. If every infected PC in Africa were a person, this would rank as the second worst pandemic in the history of the world.
Today, botnets are a key asset for organized crime producing millions of dollars in revenue from a variety of malware schemes and a potentially potent weapon in Non-state geopolitical attacks against government Web sites. Simply put, Africa’s population of infected PCs is a significant emerging threat on an international scale and action must be taken to remedy it before those undersea cables go online.
Since Microsoft Windows is the OS that we are talking about, it falls on Microsoft to do something about this problem. One good first step would be what Microsoft’s Paul Cooke discusses here - support pirated versions of Windows 7 with patches, etc.
Keeping a machine up to date is one of the first steps in helping ensure that they remain reliable, compatible, and safe from threats when they are online. Some of the most famous incidents of malicious software infection have come after security updates were publicly available from Microsoft - Blaster, Zotob, Conficker and Sasser, just to name a few. Rest assured that we at Microsoft are committed to making sure that security updates are available to all of our users to help ensure a safe online experience for everyone.
Just doing this for Windows 7 is not nearly enough. Microsoft needs to make this commitment for all Windows PCs or it becomes more of a PR stunt then a genuine effort to do the responsible thing. However, even if MSFT would commit to such a massive endeavor (and I don’t believe that they would), it wouldn’t be enough because of its reputation of issuing free updates to pirated PCs which, in turn, make them unusable. There’s nothing wrong with that on principle, except that it has now established MSFT as untrustworthy (read the comments section of the above referenced Cooke quote to see what I mean). This means that other, independent agencies would have to vet the MSFT patches and security updates as not being disguised OS killers and then distribute them freely throughout Africa.
AV firms like Symantec, McAfee, and others should also consider offering free subscriptions to their AV lines on a project by project basis. This one would certainly qualify for such an altruistic effort.
Bottom line: if there isn’t a global response to this threat before mid-2010, we will all come to regret the consequences, and global corporations who could afford to act and didn’t, should be held accountable in the aftermath.
Posted by Naxal Watch at 1:03 AM