EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

Miguel de Icaza

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.


Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)


For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Microsoft is Now in the Technical Advisory Board of the Linux Foundation

    Techrights politely takes note of the growing role (or roles) of Microsoft employees inside the Linux Foundation; there are now at least half a dozen people



  2. Two Things IBM and Microsoft Have in Common: Layoffs and Fake Hype Like 'Clown Computing' and 'Hey Hi' (AI) as Perceived 'Opportunity' for 'Growth'

    The infamous pair of monopolists, Microsoft and IBM, are both suffering during the COVID-19 lock-downs (no matter how hard they try to spin it and/or distract from it)



  3. IBM (Red Hat) Lectured FSF That It Needed More Diversity, But Was It Looking at the Mirror? IBM and Red Hat Are Even Less Diverse.

    Techrights examines Red Hat’s (IBM’s) hypocritical claims about the Free Software Foundation, founded by Richard Stallman back when IBM was the “big scary monopolist”; IBM employees were prominent among those pushing to oust Stallman from the GNU Project, which he founded, as well



  4. IRC Proceedings: Friday, June 05, 2020

    IRC logs for Friday, June 05, 2020



  5. Guix Petition Demographic Data, by Figosdev

    That old anti-RMS letter, which called for his removal (or resignation) from GNU (RMS is the founder of the GNU Project), as characterised by metadata of signatories



  6. When You Realise People Who Don't Support RMS Do Not Really Support GNU, Either

    The (in)famous letter against Richard Stallman (RMS), which was signed by many Red Hat employees with Microsoft (GitHub) accounts, doesn’t look particularly good in light of recent revelations/findings; it increasingly looks like IBM simply wants Microsoft-hosted and “permissively” licensed stuff, just like another project it announced yesterday and another that it promoted yesterday



  7. The Gates Press (GatesGate) -- Part III: What Happens When You Tell the Truth About Bill Gates and the Gates Foundation

    One might not expect this from a so-called 'charity'; the Gates Foundation's critics are often met with unprecedented aggression, threats and retribution, which make one wonder if it's really a charity or a greedy cult of personalities (Bill and Melinda)



  8. Links 6/6/2020: Bifrost Meets GNOME, Wine 5.10 is Out

    Links for the day



  9. Links 5/6/2020: LibreELEC (Leia) 9.2.3, Rust 1.44.0, and Hamburg's Pivot to Free/Libre Software

    Links for the day



  10. This Article About GitHub Takeover Never Appeared (Likely Spiked by Microsoft and Its Friends Inside the Media)

    And later they wonder why people distrust so much of the media (where paying advertisers set the agenda/tone)



  11. Raw: How Microsoft and/or the EPO Killed an Important EPO Story About Their SLAPP Against Techrights and Others

    Spiking a story about spiked stories about corruption



  12. The Linux Foundation 'Bootcamp' -- Badly Timed and Badly Named in June 2020 -- Only Uses Linus Torvalds Like a 'Prop' (for Legitimacy) While Promoting Militarised Monopolies

    Sometimes a picture says a lot more than words, especially in light of political events in the US and a certain Chinese anniversary we cannot name (Microsoft censors mentions of it)



  13. IRC Proceedings: Thursday, June 04, 2020

    IRC logs for Thursday, June 04, 2020



  14. The Gates Press (GatesGate) -- Part II: When Media That You Bribe Calls All Your Critics 'Conspiracy Theorists' (to Keep Them Silenced, Marginalised)

    The assault on the media by Bill Gates is a subject not often explored by the media (maybe because a lot of it is already bribed by him); but we're beginning to gather new and important evidence that explains how critics are muzzled (even fired) and critical pieces spiked, never to see the light of day anywhere



  15. GitHub is Not Sharing But 'Theft' by Microsoft

    Microsoft buying GitHub does not demonstrate that Microsoft loves Open Source (GitHub is not Open Source and may never be) but that it loves monopoly and coercion (what GitHub is all about and why it must be rejected)



  16. The Huge Damage (Except for Patent Lawyers' Bottom Line) Caused by Fake European Patents

    The European Patent Office (EPO) keeps granting fake patents that cause a lot of real harm (examiners are pressured to play along and participate in this unlawful agenda); nobody is happy except those who profit from needless, frivolous lawsuits



  17. Red Hat/IBM Got 'Tired' of RMS. Is It Getting 'Tired' of GPL/Copyleft Too?

    After contributing to the cancellation of Richard Stallman (RMS) based on some falsehoods perpetuated in the media we're seeing the sort of thing one might expect from IBM (more so now that it totally controls Fedora and RHEL)



  18. Links 4/6/2020: Proton 5.0-8 Release Candidate, GNU Linux-libre 5.7

    Links for the day



  19. IRC Proceedings: Wednesday, June 03, 2020

    IRC logs for Wednesday, June 03, 2020



  20. Social Engineering of Free Software, Based on Corporate Criteria

    What "professional" nowadays means in the context of coding and honest assessment of technical work



  21. Weakening GNU/Linux by Disempowering Its Leaders and Founders, Replacing Them With Microsoft Employees and GNU/Linux-Hostile Moles

    The coup to remove (or remove power from) Stallman and Torvalds, the GNU and Linux founders respectively, is followed by outsourcing of their work to Microsoft’s newly-acquired monopoly (GitHub) and appointment of Microsoft workers or Microsoft-friendly people, shoehorning them into top roles under the disingenuous guise of "professionalism"



  22. Sword Group Violates Its Own Commitment by Working for the EPO

    The European Patent Office (EPO) keeps outsourcing its work to outside contractors (for-profit private entities) to the tune of hundreds of millions if not billions — all this without any oversight



  23. In 2020 Canonical No Longer Fights for Freedom

    Freedom requires a GNU/Linux distro other than Ubuntu, which seems unwilling or unable/incapable of speaking about and promoting the ideals of GNU/Linux



  24. We Need to Use the F Word (Freedom) to Promote Adoption of GNU/Linux

    "People get the government their behavior deserves. People deserve better than that." -Richard Stallman



  25. People Who Want to Explore GNU/Linux With Ubuntu See This Today

    "Wait, am I in a GNU/Linux blog or another Windows blog," a visitor might think... or, is Microsoft 'taking over' messaging at Canonical? (Same with code)



  26. Links 4/6/2020: Septor 2020.3, Nextcloud and Blender 2.83

    Links for the day



  27. Hey, Where's Red Hat (IBM)?

    Red Hat is conspicuously silent at these critical times (in its home country); Must be too busy hailing and cashing in on Trump's military (state) while dishing out shallow and self-contradictory diversity PR/fluff…



  28. Microsoft's Latest Vapourware About Supercomputers

    Microsoft has spent almost two decades dropping supercomputers vapourware on the media, but those misinformation dumps always turn out to be 100% hot air, no substance



  29. 2020: A Time for Resolutions or Revolutions?

    There are nonviolent means by which the current system can be corrected; we need to convince peers and relatives to change the way they behave and not cooperate with unjust elements of the system



  30. IRC Proceedings: Tuesday, June 02, 2020

    IRC logs for Tuesday, June 02, 2020


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts