08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.

Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)

For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors. █

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

Chamber of Commerce Lies About the United States Like It Lies About Other Countries for the Sole Purpose of Patent Maximalism

When pressure groups that claim to be "US" actively bash and lie about the US one has to question their motivation; in the case of the Chamber of Commerce, it's just trying to perturb the law for the worse
Links 21/5/2018: Linux 4.17 RC6, GIMP 2.10.2

Links for the day
The Attacks on the Patent Trial and Appeal Board (PTAB) Have Lost Momentum and the Patent Microcosm Begrudgingly Gives Up

The Patent Trial and Appeal Board (PTAB), reaffirmed by the Court of Appeals for the Federal Circuit (CAFC) and now the Supreme Court as well, carries on preventing frivolous lawsuits; options for stopping PTAB have nearly been exhausted and it shows
Software Patenting and Successful Litigation a Very Difficult Task Under 35 U.S.C. § 101

Using loads of misleading terms or buzzwords such as "AI" the patent microcosm continues its software patents pursuits; but that's mostly failing, especially when courts come to assess pertinent claims made in the patents
António Campinos Will Push Toward a France-Based Unified Patent Court (UPC)

Frenchmen at EPO will try hard to bring momentum if not force to the Unified Patent Court; facts, however, aren't on their side (unlike Team UPC, which was always on Team Battistelli's side)
In Apple v Samsung Patents That Should Never Have Been Granted May Result in a Billion Dollars in 'Damages'

A roundup of news about Apple and its patent cases (especially Apple v Samsung), including Intel's role trying to intervene in Qualcomm v Apple
Links 20/5/2018: KDevelop 5.2.2 and 5.2.3, FreeBSD 11.2 Beta 2

Links for the day
Aurélien Pétiaud's ILO Case (EPO Appeal) an Early Sign That ILO Protects Abusers and Power, Not Workers

A famous EPO ‘disciplinary’ case is recalled; it’s another one of those EPO-leaning rulings from AT-ILO, which not only praises Battistelli amid very serious abuses but also lies on his behalf, leaving workers with no real access to justice but a mere illusion thereof
LOT Network is a Wolf in Sheep's Clothing

Another reminder that the "LOT" is a whole lot more than it claims to be and in effect a reinforcer of the status quo
'Nokification' in Hong Kong and China (PRC)

Chinese firms that are struggling resort to patent litigation, in effect repeating the same misguided trajectories which became so notorious in Western nations because they act as a form of taxation, discouraging actual innovation
CIPU is Amplifying Misleading Propaganda From the Chamber of Commerce

Another lobbying event is set up to alarm lawmakers and officials, telling them that the US dropped from first to twelfth using some dodgy yardstick which favours patent extremists
Patent Law Firms That Profit From Software Patent Applications and Lawsuits Still 'Pull a Berkheimer' to Attract Business in Vain

The Alice-inspired (Supreme Court) 35 U.S.C. § 101 remains unchanged, but the patent microcosm endlessly mentions a months-old decision from a lower court (than the Supreme Court) to 'sell' the impression that everything is changing and software patents have just found their 'teeth' again
A Year After TC Heartland the Patent Microcosm is Trying to 'Dilute' This Supreme Court's Decision or Work Around It

IAM, Patent Docs, Managing IP and Patently-O want more litigation (especially somewhere like the Eastern District of Texas), so in an effort to twist TC Heartland they latch onto ZTE and BigCommerce cases
Microsoft Attacks the Vulnerable Using Software Patents in Order to Maintain Fear and Give the Perception of Microsoft 'Safety'

The latest patent lawsuits from Microsoft and its patent trolls (which it financially backs); these are aimed at feeble and vulnerable rivals of Microsoft
Links 19/5/2018: Mesa 18.0.4 and Vim 8.1

Links for the day
Système Battistelli (ENArque) at the EPO is Inspired by Système Lamy in Saint-Germain-en Laye

Has the political culture of Battistelli's hometown in France contaminated the governance of the EPO?
In Australia the Productivity Commission Decides/Guides Patent Law

IP Australia, the patent office of Australia, considers abolishing "innovation patents" but has not done so yet (pending consultation)
Fishy Things Noticed Ahead of the Passage of a Lot of EPO Budget (Applicants' Money) to Battistelli's Other (and Simultaneous) Employer

Observations and odd facts regarding the affairs of the council in St Germain; it certainly looks like Battistelli as deputy mayor and the mayor (Arnaud Péricard) are attempting to hide something
Links 18/5/2018: AsteroidOS 1.0 Released, More Snyk/Black Duck FUD

Links for the day
Today's EPO Financially Rewards Abuses and Violations of the Law

Battistelli shredded the European Patent Convention (EPC) to pieces and he is being rewarded for it, perpetuating a pattern of abuses (and much worse) being rewarded by the European Patent Organisation
So-Called 'System Battistelli' is Destroying the EPO, Warn Insiders

Low-quality patent grants by the EPO are a road to nowhere but a litigious climate in Europe and an unattractive EPO
Rise in Patent Trolls' Activity in Germany Noted Amid Declining Patent Quality at the EPO

The UPC would turn Europe into some sort of litigation ‘super-state’ — one in which national patent laws are overridden by some central, immune-from-the-law bureaucracy like the EPO; but thankfully the UPC continues its slow collapse
EPO's Battistelli Taking Days Off Work for Political 'Duties' (Parties) in His French Theatre Where He'll Bring Buckets of EPO Budget (EPO Stakeholders' Money)

More tales from Saint-Germain-en-Laye...
Links 16/5/2018: Cockpit 168, GCompris 0.91, DHCP Bug

Links for the day
The EPO's 'Inventor Award' Scam: Part III

An addendum to the "inventor of the year" affair, namely the case of Remmal
Apple and Microsoft Are Still Suing Companies -- Using Patents of Course -- Which 'Dare' Compete (by Leveraging GNU/Linux)

The vanity of proprietary software giants — as the latest news serves to reveal — targeting companies with patent lawsuits, both directly and indirectly
The Anti-PTAB (Patent Quality), Anti-§ 101 Lobby is Losing Its Mind and It Has Become Amusing to Observe

The rants about the Patent Trial and Appeal Board (PTAB), the courts and even the law itself have reached laughable levels; this reveals that the real agenda of patent maximalists is endless litigation and their methods boil down to those of an angry mob, not legal professionals
EPO Has Become Overzealous About Software Patents, Probably More So Than Almost Anywhere Else

The promotion of an extreme patent regime in Europe continues unabated; whether it succeeds or not depends on what EPO examiners and citizens of Europe can do
Links 15/5/2018: Black Duck's Latest FUD and the EFF's EFFail FUD Debunked Further

Links for the day
Xiaomi, Samsung, TCL and Others Demonstrate That in a World With an Abundance of Stupid Patents Like Design Patents Nobody is Safe

The "Cult of Patents" (typically a cabal of law firms looking to have everything on the planet patented) has created a battlefield in the mobile world; every company, once it gets big enough, faces a lot of patent lawsuits and dying companies resort to using whatever is in their "portfolio" to destroy everyone else inside the courtroom (or demand 'protection' money to avert lawsuits)