Bonum Certa Men Certa

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Recent Techrights' Posts

What 'Hulk Hogan of UEFI' Could Learn From Jimmy Kimmel About the 'Streisand Effect'
Lawyering up is risky and is usually doesn't work
Purchasing Concert Tickets in 2025 in Manchester: The "Modern" Experience
I recently spent a couple of days here testing the "terrain" in order to better understand how large public venues, for concerts rather than sporting events like football, currently "work"
 
Links 26/09/2025: Hardware, Security, Health, and Nuclear Armament
Links for the day
Links 26/09/2025: "Digital Fatigue" and Slop Frenzy (Hype) Ruining Work Productivity, Culture, Languages
Links for the day
Brett Wilson LLP Unwilling to Disclose or Explain How 'Hulk Hogan of UEFI' Pays for His SLAPPs Against Us (He Cannot Afford These), So We Are Escalating
Escalated in the British authorities
Linux is Replacing Apple
Apple is money down the drain. Not only are the gadgets overpriced; they cost a lot to maintain and keep going over time
"We don't have that kind of relationship with Microsoft. The only public key that every UEFI firmware is guaranteed to have is Microsoft's, and only Microsoft owns the private key."
This is how to sabotage GNU/Linux distros that Microsoft does not control
Slopwatch: linuxconfig.org, linuxsecurity.com, and Google's Promotion of the Worst and Most Prolific Slopfarms
Over in Google News it has been quite chaotic this past day
Gemini Links 26/09/2025: Reading RSS Feeds, ROOPHLOCH 202
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 25, 2025
IRC logs for Thursday, September 25, 2025
Links 25/09/2025: More European Airports Shut Down Due to What Seems Like Russian Drones
Links for the day
Gemini Links 25/09/2025: Amiga Revived and Hackers (UTF-8)
Links for the day
Links 25/09/2025: French Unions Want Another Strike, Super Typhoon Ragasa Kills Many
Links for the day
Microsoft 'Secure Boot' and Shim as Barrier or Obstacle to New GNU/Linux Users Trying to Escape Microsoft
Just as intended all along
Lovers and Haters
Always beware hate preachers and demagogues (or how they frame issues or whose fault they distract from)
Focusing on What People Have in Common Instead of Killing and Cancelling One Another
Men and women of both "wings" stand to gain a lot by working together on common interests
'Cancel Culture' Isn't About Enforcing Ethics (and It's Done by People on the Right, Not "The Leftists")
Smarter folks would leave social control media
Russia's Attack on Europe (and NATO) Will Worsen Censorship and Corruption in Europe
Can we still debate issues that predate the invasion of Crimea?
Lawyers Should Permanently Lose Their Licence (and Worse) for Using Chatbots in Legal Work
They not only waste people's money and time. They pollute the literature with falsehoods. They commit perjury. [...] Brett Wilson LLP sent the Judge nearly 1,000 pages of material (mostly mine, copied without proper permission) shortly before a short Hearing, which lasted less than an hour
GAFAM and MATA (Mythical, Metaphor) as Explained by analognowhere.com
They're instruments of suppression that sponsor the oppressor
We've Already Mentioned Who Nowadays Funds Garrett's SLAPP Against Us (Not Garrett), Let's Examine Who Sponsored His Litigation Partner (Other Than Microsoft Salaries There's a Buddy of Bill Gates)
it's alleged that the Serial Strangler from Microsoft got money from him
Florian Müller: Using Software Patents to Attack Software Developers, Agitate Against Patent Reform
He also promotes attacks on the German Constitution and laws
Reliance on Typepad Seems to Have Doomed the Voice of Software Patents and Patent Maximalists in PatentDocs
Follow the money
UEFI 'Secure Boot' is Potential Mayhem to the Environment (Older and Leaner Distros Stop Working)
creating new problems, disguised as "solutions" to problems that do not exist
Sometimes 'Cancel Culture' Backfires Badly
There's no such thing as "too much" coverage
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 24, 2025
IRC logs for Wednesday, September 24, 2025
Links 25/09/2025: Jimmy Kimmel Returns to Air (With Limitations) and London Stansted Airport Latest to Have Incident (Fire)
Links for the day
Slopwatch: Fake Articles, SPAM With Slop, and Google News Directs People to Read Slopfarms
why does Google News insist on still linking to prolific slopfarms?
Gemini Links 25/09/2025: New Game for Gemini Protocol, Eleven, and Network Solutions Woes
Links for the day
Punching People Doesn't Work
It makes nobody any safer
Look Ma, No "Cloud"
So far this year we've had an almost perfect uptime
Links 24/09/2025: Autism Blame-Shifting and Typhoon Ragasa Enters China
Links for the day
Buying From Oneself is Not Business Success
This isn't at all a joking matter even if you already laugh at the whole thing because your pension, savings etc. are tied to this scam at some level
This is How Microsoft's XBox and Entire Consoles (If Not Gaming) Ventures Will Ultimately Die
Ensure you can blame "Tariffs" (politics)? If not "hey hi", the fashionable go-to excuse when businesses fail?
What They Really Hate David Heinemeier Hansson (DHH) for
Nothing to do with code
Smart People Won't Buy 'Smart' Cars
Imagine trying to sell someone a house (proper home) while insisting that it'll need to be demolished 5 or 10 years later, then rebuilt again from scratch on the same vacant lot
The Relationship Between IBM Red Hat and Microsoft, Visualised
This metaphor goes a long way (projects, collaborations, and outsourcing
The Complaint About Brett Wilson LLP - Part III - Spying on Reporters' Families, Chaining Cases for Microsoft Employees Who Demand Censorship of Facts (Even Politely Expressed)
the time seems right to wrap up this introductory series
The Complaint About Brett Wilson LLP - Part II - UK SLAPPs for Americans, SLAPPs for Profit
Brett Wilson LLP has a track record of this kind
Cloudflare Gives Us All Another Reason to Boycott Cloudflare
If Cloudflare wants to use its vast surveillance network (which is what it does as a CDN) to foist paywalls and maybe something worse (like DRM on top), then Cloudflare should be more widely rejected as a company
Links 24/09/2025: "NASA Moving Out of Entire Buildings as It's Gutted" and Purge of Online Critics (Opposing Fascism Becomes Unlawful)
Links for the day
Science is Under Attack
Oligarchy prefers a dumbed-down population
Someone Expiring Certificates on the Day of the 9/11 Attacks is Not Someone I Would Want Controlling My PC (or Deciding What's Authorised for Booting)
"social justice warriors"
The Solicitors Regulation Authority (SRA) Has Reportedly Failed People With Wrong Advice
At the moment the SRA has a PR blunder
The Man Suing Brett Wilson LLP and Gervase de Wilde (5RB)
Now he's probably using the (almost) 200,000 pounds he's supposed to receive to sue Brett Wilson LLP and former colleagues/partners
More Microsoft-Red Hat Cross-Pollination as the Company Loses a Managing Director
some people move from Microsoft to Red Hat and some do the opposite
Slopwatch: A World Wide Web That's Rotting for Companies That Won't Even Exist in a Few Years
some of the junk Google News is promoting
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 23, 2025
IRC logs for Tuesday, September 23, 2025
Links 24/09/2025: Qt Creator 18 Beta, Microsoft Cannot Bail Out "ChatGPT" Anymore, China and US Intensify Censorship
Links for the day