[Infowarrior] - Microsoft to Get Malware Bailout in Germany

Richard Forno rforno at infowarrior.org
Wed Dec 9 15:10:07 UTC 2009 

Microsoft to Get Malware Bailout in Germany
2009-12-08

Print version

http://www.quantenblog.net/security/microsoft-malware-bailout

With the economic crisis still being in full effect, Germany wants to  
throw government money at another industry giant. However, this time  
it is not an ailing car manufacturer, but the software producer  
Microsoft. The German Federal Office for Information Security (BSI)  
plans to team up with internet service providers (ISPs) to establish a  
call center helping malware-troubled Windows users.

The project was announced today at the German IT summit in Stuttgart.  
Starting in 2010, ISPs will track down customers with infected PCs,  
e.g., by looking for communication with botnet controllers. These  
customers will then be directed to a special website offering advice  
on removing the malware. If this is unsuccessful (or the site is  
blocked by the malware), people will get access to a call center,  
where a staff of about 40 will try to fix the problem.

This approach raises a number of concerns. First, it leaves the  
software manufacturers out of the equation. Therefore, there will be  
little incentive to write secure code, as the cost of additional  
support will be passed (at least partly) to the government. Second, it  
also discourages the users from switching to more secure products.  
Both aspects can be interpreted as a direct subsidy for Microsoft. The  
timing of the initiative could also not be better: last week  
Microsoft's Internet Explorer, the attack vector number one, lost its  
leadership in Germany to rival Firefox. Additionally, the plan  
establishes questionable practices for IT security. Malware infections  
are seen as something inevitable, which is definitely not the case.

Unfortunately, how much government money is involved is also kept  
secret. SPIEGEL ONLINE reports that the BSI refused to disclose the  
costs for the project, citing procurement regulations. However, the  
plans could be overthrown anyway: chances are that such subsidies are  
in violation of EU laws.

More information about the Infowarrior mailing list