EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

Miguel de Icaza

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.


Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)


For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. The 'Linux' Foundation is Acting Like a Microsoft ISV Now, Commitment to Linux and FOSS Deteriorates Even Further

    The Linux Foundation has just announced a new Microsoft-funded initiative that's pushing GitHub and CLAs (passing copyrights on code to corporations)



  2. Links 18/7/2019: OPNsense 19.7, Krita 4.2.3 and KDevelop 5.3.3 Released

    Links for the day



  3. Index: G 2/19 (Enlarged Board of Appeal, EPO)

    G 2/19 (Enlarged Board of Appeal, EPO)



  4. EPO Looney Tunes – Part 4: G 2/19 - Faites Vos Jeux…

    "Josefsson needs to bring in the “desired result” for his political masters in the Administrative Council if he wants to be in with a chance of reappointment."



  5. Media Not Interested in G 2/19, Which Demonstrates Patent Justice is Nowadays Impossible at the EPO

    The EPO spreads patent injustices to other countries and courts; the media is miraculously enough not interested, almost as though there's a coordinated blackout



  6. Librethreat Database Updated

    Database which keeps track of variants of attack vectors on Free/libre software now includes two more forms of threat



  7. A Look Back (and Forward) at Friendly Programming

    Historical perspective on computer languages and how to do better



  8. Red Hat's Freedom Reduced to Just Online Partner Enablement Network (OPEN) and Microsoft as a Close Partner; Canonical's Ubuntu Just an 'App' for Windows?

    Free software is being snapped up by proprietary software giants and patent bullies that treat it as little more than an 'add-on' for their proprietary offerings



  9. Linux Foundation Apparently Celebrates Sysadmin Day With a Microsoft Windows Site!

    The Linux Foundation shows ‘love’ to actual GNU/Linux (the real thing) by apparently rejecting it and badmouthing it



  10. EPO Looney Tunes – Part 3: The Legal Line-up for G 2/19

    The deck appears to have already been stacked for G 2/19, a decision on EPO judges' exile to Haar (veiled disciplinary action/collective punishment by those whom the judges are supposed to 'oversee')



  11. Links 17/7/2019: VirtualBox 6.0.10 and Mageia 7.1 Releases, Mint Betas

    Links for the day



  12. Links 16/7/2019: Btrfs Gets 'Cleaned Up', Clonezilla Live 2.6.2-15

    Links for the day



  13. EPO Looney Tunes - Part 2: The “Difficult Legacy” and Its Dark Historical Shadow

    Assuming that he was informed, then it seems fair to say that Battistell’s little “joke” at the expense of the Boards was in very bad taste



  14. EPO Noise Machine Turned On as Haar Hearing Kicks Off, Patrick Corcoran Defamed Again

    The EPO does not want people to hear about Haar; it just wants people to hear about how wonderful the EPO is and there are some who have just decided to slander Patrick Corcoran again



  15. Microsoft is 'Doing Kamikaze' (神風) on Linux

    An analogy for what the Linux (only in name!) Foundation and Microsoft mean to Linux — or by extension to GNU/Linux and Free software whose largest repository Microsoft took control of



  16. The 'New' Linux.com Sometimes Feels Like a Microsoft Promotion Site

    Anything that the ‘Linux’ Foundation touches seems to turn into its proprietors’ agenda; one of those proprietors is Microsoft, which has a "Jihad" against Linux



  17. IBM is a Threat to the Internet, Not Just to Software Development (Due to Software Patents Aggression)

    IBM continues its aggression against technology — a fact that’s even more distressing now that IBM calls the shots at Red Hat



  18. EPO Looney Tunes - Part 1: Is D-Day Approaching for Battistelli’s “Difficult Legacy”?

    European patent justice isn’t working within the premises of EPOnia; a bunch of ‘show trials’ may in fact turn out to be just that — a show



  19. Links 16/7/2019: LXD 3.15, Q4OS 3.8 and D9VK 0.13f

    Links for the day



  20. Links 15/7/2019: Vulkan 1.1.115 and Facebook Openwashing

    Links for the day



  21. Microsoft Office 360 Banned

    OpenDocument Format (ODF, a real standard everyone can implement) and Free/libre software should be taught in schools; it's not supposed to be just a matter of privacy



  22. Microsoft, in Its Own Words...

    Sociopathy, incompetence and intolerance of the rule of law, as demonstrated by Microsoft's top managers



  23. Microsoft's WSL is Designed to Weaken GNU/Linux (on the Desktop/Laptop) and Strengthen Vista 10

    What Microsoft does to GNU/Linux on the desktop (and/or laptop) bears much resemblance to what Microsoft did to Java a couple of decades ago



  24. Links 14/7/2019: Linux 5.2.1, Unreal Engine 4.23 Preview, Linux Mint 19.2 Beta

    Links for the day



  25. 25,500 Blog Posts and Pages

    With our thirteenth anniversary just a few months away we're at a pace of about 2,000 posts per year



  26. With WSL Microsoft is Doing to GNU/Linux What It Did to Netscape

    Embrace, extend, extinguish. Some things never really change even if they become an old and repetitive accusation.



  27. Allowing Bad Guests to Become the Hosts

    Why the so-called 'Linux Foundation', a nonprofit that acts more like a PAC controlled by proprietary software companies and people who don't even use Linux, is increasingly becoming a Linux-hostile front group



  28. Honesty and Collaboration Make Free Software Stronger, Microsoft is Inherently a Misfit

    In spite of all the lies Microsoft and its Web sites spew out on a daily basis, nothing has really changed and Microsoft is still attacking Software Freedom (mostly from the inside nowadays, helped by FUD proxies such as WhiteSource and Snyk)



  29. Patent Certainty Waning, But That's Still OK for Patent Trolls

    Patent maximalism remains a threat to everyone but patent lawyers (and patent office chiefs who measure their own performance only by the number of patents granted); best served are the patent trolls who extrajudicially attack already-impoverished parties behind closed doors



  30. GitHub is Microsoft's Proprietary Software and Centralised (Monopoly) Platform, But When Canonical's Account There Gets Compromised Suddenly It's Ubuntu's Fault?

    Typical media distortions and signs that Microsoft already uses GitHub for censorship of Free/Open Source software that does not fit Microsoft's interests


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts