08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.

Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)

For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors. █

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

Drifting Away From Copyleft in Databases

Databases which are Free/Open Source software (FOSS) are becoming less liberal/freedom-respecting while deceiving labels hide it
Roman Catholic Church Joins Opposition to 'Trade' Agreements

The Church which claims to have 1.2 billion members is expressing dissatisfaction and opposition to TPP and TAFTA/TTIP
'Unauthorised' Programming and What It Means to Software Freedom

DRM and DMCA versus society, or how operation-restricting legal mechanisms are affecting coders, for whom not only software patents are now a creativity wall
Assassinations by Drone Make the West Hypocritical on Syria

Putting in context the cycle of violence which the West uses to justify indefinitely detaining the domestic population, assassinating parts of it, and spying on everyone (even domestically, using loopholes)
Links 6/12/2013: KDE and GNOME News

Links for the day
Links 6/12/2013: NSA News

Links for the day
Microsoft Sued Over Collusion With the NSA, Microsoft Issues Orwellian Statements

Microsoft is lying about privacy of its customers and the Free Software Foundation (FSF) responds
To Oracle, 'Community' Means Paying Oracle Customers

Oracle continues to extend only its own distribution of GNU/Linux (which is a ripoff of another), leaving everyone else out in the cold
Patent Policy Change a Victory for Large Corporations, Real Reform Remains Elusive

Patent extortion and litigation by proxy still permitted in the United States, even after the passage of a celebrated (by corporations) new bill
A Western Assault on GNU/Linux Security and Privacy

Governments (which are dominated by corporations) continue to make security hard as part of a campaign to spy on everyone under claims that it helps "national security" (control from above)
The Copyright Cartel Takes Over Schools to Deceive and Indoctrinate Children

Schools become a target of shameless copyright propaganda and promotion (advertising) of copyright boosters/maximalists
While Nokia Becomes Microsoft's Anti-Linux Litigation Front, Pre-Elop Nokia Revived, Jolla Sells All Available Phones

More of the old products of Nokia are brought back to life owing to former Nokia staff while existing Nokia staff, led by a Microsoft mole, continues to attack Linux-powered phones with patents
Custom-built Distributions and the 2,000+ GNU/Linux Distributions Listed by Softpedia

Customisation for different users, localisations, system ages etc. motivate plurality and diversity, which now yields thousands of packaged (for installation) GNU/Linux images
Links 4/12/2013: Games News

Links for the day
NSA Leaks: Still Yielding New Scandals, But Fewer Than Before

A roundup of news about cracking, sabotage, privacy infringement and illegal surveillance by the NSA and its allies
Links 3/12/2013: Screenshots

Links for the day
Links 3/12/2013: Applications and Instructionals

Links for the day
Apple and Microsoft Claim Patent Tax on GNU/Linux, Red Hat's Response Too Weak

GNU/Linux is said to be among the targets for illegal extortion, but even self-professed backers of GNU/Linux aren't interested in addressing this problem
GNU is Not Linux: Richard Stallman Explains the Origins of GNU

Stallman tells Techrights/TechBytes lesser-known details about the birth of GNU in the early 1980s
Reminder to Corporate Press: PHP is Not Linux

Reporting on scare-mongering from Symantec mostly off target
Bill Gates Brings NSA-esque Surveillance to Children

Plutocrats are using US schools to indoctrinate, control, and even spy on tomorrow's adults
Culture of Violence a Disservice to National Security

How a culture of unprecedented violence leads to less security and more hostility towards the West
Anti-GNU/Linux Campaigns Are Not Left Behind at Microsoft, Only the Brands Change

Microsoft's offensive and facts-free campaigns still target products which run GNU/Linux, even if the "G" and "L" words are not mentioned (Chromebooks/Google are the target now)
Links 1/12/2013: Android News

Links for the day
Liberating Devices From Android Using Replicant, Not CyanogenMod

Why Android is not enough and why CyanogenMod is not the solution, Replicant is
Links 30/11/2013: Ubuntu News

Links for the day
GNU/Linux in Games/Consoles Can Topple Sony and Microsoft, Pundits Say

As GNU/Linux matures, attracting developers and improving freedom-respecting drivers, the threat to proprietary gaming platforms increases
Links 1/12/2013: Applications and Instructionals

Links for the day
The Fiction of 'Piracy'

The problem known as "piracy" is an antiquated problem from history, tales, and Somalia, not people who challenge the real thieves -- those who hoard and monopolise what's public
The Problem is Distribution of Money, Not a Lack of Money

If one can always generate a new Bitcoin or print more paper money, then 'lack' of money certainly cannot be the issue