Stuxnet is no ordinary worm. Stuxnet is a focussed, determined piece of application code written by an expert team of knowledgeable professionals with one task as its goal – to detect and destroy industrial systems running Siemans WinCC software. Many speculate on who is behind the creation of the worm, Israel, US or even NATO. Stuxnet exploits 4 zero day Windows vulnerabilities, has multiple propagation methods, uses genuine (but stolen) certificates and researchers are still trying to understand its encrypted payload.
My question is, why are companies using Microsoft Windows to control critical country infrastructure systems. Windows has more holes than a colander. It is obvious that I am going to sing the praises of open source, particularly Linux, even though it has has its share of problems over the years. Recently, there was a kernel exploit which found its way back in after being removed several years ago. It may also have zero day vulnerabilities. However, the fact is the source code is there for every one to look at, unlike Microsoft Windows which is closed source.
As more applications move away from the desktop and onto cloud servers it is reassuring to know the majority of users are not reliant on a single dominant platform to run the their programs. This isn’t going to stop worms or viruses but will make it more difficult for the writers to target the masses.