It seems that sometimes you just can’t do right for doing wrong. You’d think that a company helping to clean up the internet by wiping out malware would be on the receiving end of praise and adulation. But despite its role in combating Trojans used by cybercriminals, Microsoft is coming under fire for wrestling control of websites from dynamic DNS provider No-IP. Security experts are suggesting that Microsoft has been too heavy-handed in its approach, and should stop trying to police the internet.
Microsoft managed to obtain a court order that enabled it to take control of a number of malware-spreading domains, but there was something of an unwanted side-effect. While Microsoft’s actions certainly helped to stem the flow of malware infections, there were also a large number of entirely legitimate websites knocked offline. This unwanted side-effect has led to condemnation of Microsoft from the security industry, with commentators suggesting that the company is getting ideas above its station.
Security researcher Claudio Guarnieri said: “It’s laudable that Microsoft is taking such an aggressive stand against malware and criminals, but they’re not entitled to police the internet at their own discretion and we should collectively condemn them and prevent them from further harming other businesses in the future.”
Communication — or a lack of it — seems to have been a large part of the problem. No-IP has complained that Microsoft went straight to court rather than talking with the dynamic DNS company. While it is almost certainly true that No-IP’s services were being used by criminals (as is the case with other similar services, anonymizing tools and the like) it should have been possible for No-IP to take care of the more nefarious activities without the need for Microsoft’s or a court’s intervention. But No-IP claims that no contact was made by Microsoft — and no advance warning was given to other users who might be affacted.
It is interesting to see that a court order was obtainable. Security analyst Andreas Lindh said: “It’s a crazy world where one corporation can decide that another one isn’t doing its job good enough and then simply get legal backing for taking the services of that company down.” It’s hard to disagree. It would seem that the sensible thing to do would be for Microsoft to either speak directly with No-IP, drawing the company’s attention to the darker side of their operation, or for the court to do this.
Millions of internet users are currently feeling the fallout of the action against No-IP; innocent users who had turned for No-IP for entirely legitimate reasons. Microsoft may have been trying to act on the name of good, but the consequences have been devastating for many.
How do you feel about it? Was wiping out countless legitimate sites acceptable collateral damage, or was Microsoft too heavy-handed in its approach?
