1 of 17Image
Malware is short for malicious software, and it’s been a nagging problem on Windows since at least the mid-1990s.
In January 2002, after a series of high-profile and highly embarrassing attacks that affected Windows customers and Microsoft itself, Bill Gates wrote his now famous “Trustworthy Computing” memo. Although it was viewed with some skepticism at the time, it really did represent a turning point for Microsoft.
Until that point, security was literally an afterthought. As a result of the Trustworthy Computing initiative, Microsoft introduced a massive change in the way it develops software. The Security Development Lifecycle has paid off hugely over the last 10 years and has been widely praised and copied.
Today, as this chart shows, most malware is installed via social engineering or by using exploits that target vulnerabilities that have already been patched.
In summer 2003, if you were a PC support specialist, the dialog box above meant that your life was hell. The malicious software attack called MSBlast/32 (aka Blaster) spread over networks using the RPC protocol and caused affected computers to go into a spontaneous reboot loop. This contemporaneous SANS writeup notes that this worm had the potential to be more than annoying: It could have allowed an attacker to run code with Local System privileges on the compromised system. Fortunately, whoever wrote Blaster was apparently more interested in creating havoc.
Blaster’s incredible effectiveness was directly attributable to a terrible decision Microsoft made with Windows XP, which included an effective firewall that was turned off by default.