EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

Miguel de Icaza

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.

Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)

For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 23/9/2019: Ulauncher 5.3, ClonOS 19.09, ReactOS 0.4.12 Released

    Links for the day

  2. Time to Send a Thank GNU to Richard Stallman

    In case Stallman's resignation marks the beginning of something even better (from Stallman himself) people are encouraged to send messages of solidarity

  3. Department of War and IBM Among Top Clients of Richard Stallman's Alleged Ouster

    Richard Stallman (RMS) is down but not out; if we pick up the pieces and chronicle the media campaign that led to his resignation we find a leaker to the media who chose a dishonest site funded by a close friend of Bill Gates

  4. The Unspeakable Problem is Big Proprietary Corporations Taking Over Free Software While Telling Their Opponents They're Racist and Sexist (Intolerant)

    Thin-skinned people are being weaponised against opposition to one's views, just like blasphemy law is brought up to defend fiction/lies and censor/self-censor one's critics (because truth is sometimes "offensive")

  5. OSI Did Not Guard the Open Source Brand; Now Its Own Name, Open Source Initiative, is Being 'Diluted' and “Open Source” is Almost Meaningless

    The term or the brand “Open Source” is becoming worthless because those who use it typically engage in production of proprietary software falsely marketed as “Open Source” (that's what openwashing is inherently about)

  6. Microsoft is Not an Open Source Authority But an Opponent of Open Source

    Various outlets that are closely connected to Microsoft are trying to convince us that Microsoft is now 'king' of Open Source; nothing could be further from the truth however

  7. Links 22/9/2019: KMyMoney 5.0.7, Lennart's Latest Plan

    Links for the day

  8. Summits of Open Bear Traps: The Open Core Summit and Other 'Open' Events That Actually Attack Software Freedom

    Conferences that call themselves "open" something are sometimes nothing but an attack on openness (not to mention freedom) and promotion of FUD about Free/Open Source software (FOSS); there's an ample set of examples to that effect

  9. Openwashing Report: 'Open Source' Without Any or Most of the Benefits

    The cheapening of the term "Open Source" continues; sooner or later everything out there will be called "open" irrespective of what it really is

  10. Patent Extremism is Not Normal and Not an Innocent Mindset

    Reflection upon the sad state of the European patent system and how media turns a blind eye to it; worldwide, in general, the discussion about patents is being warped by the litigation giants, whose sole goal is to maximise the number of lawsuits/shakedowns (personal gain)

  11. Links 22/9/2019: LLVM 9.0.0 and FreeBSD 12.1 Beta

    Links for the day

  12. Links 21/9/2019: Plasma 5.17 Beta in Kubuntu, Cockpit 203

    Links for the day

  13. IBM Cannot Become a True Friend of Free Software Because of Its Current Patent Policy

    IBM needs to quit bullying people/companies with software patents; that would help towards appeasement of IBM critics and sceptics

  14. When Patent 'Professionals' Sound Like Children Who Learned to Parrot Some Intentionally-Misleading Buzzwords, Myths and Lies

    With buzzwords like "AI" and misleading terms like "IP" the litigation zealots are trying to convince themselves (and the public) that software is a physical thing and a "property" which needs "protecting" from "theft"; it doesn't seem to bother these people that copyright law already covers software

  15. The European Parliament Needs to Become More Outspoken About EPO Abuses

    There are few encouraging signs in Europe right now because the EPO's disregard for patent law (striving to just grant as many patents as possible) earned it much-needed backlash from the European Parliament

  16. Links 19/9/2019: German Federal Ministry of the Interior Wants FOSS, Top Snaps Named

    Links for the day

  17. Buying the Voices of 'Linux' People to Repeat Microsoft's Talking Points While Removing Our Icons and Leaders (Calling Them Sexist)

    The dirty games leveraged by several companies including Microsoft target charismatic people who are essential for morale and leadership; these tactics aren't particularly novel

  18. When the EPO Sees Itself as Above European Law, Grants Patents in Defiance of the EPC (Its Founding Document) and Violates Staff's Labour Rights/Protections (International Law)

    The absurd state of affairs at the EPO has reached the point where laws at every level are being violated and even judges are being threatened or vainly ignored; the EU is belatedly trying to tackle these issues, which have actually cost its credibility a great deal and threaten the perception of Rule of Law at multiple levels

  19. Links 19/9/2019: Samba 4.11.0 and Kubernetes 1.16

    Links for the day

  20. Update on Koch v EPO: Internal Appeals Committee (IAC) Composition Still Likely Illegal

    An important EPO case, concerning a dismissed staff representative, shows what ILO-AT and the EPO's Internal Appeals Committee boil down to

  21. Links 18/9/2019: Fedora Linux 31 Beta, PCLinuxOS 2019.09 Update

    Links for the day

  22. Links 17/9/2019: CentOS 7.7 and Funtoo Linux 1.4 Released

    Links for the day

  23. EPO is Not European

    Internationalists and patent trolls are those who stand to benefit from the 'globalisation' of low-quality and law-breaking patents such as patents on algorithms, nature and life itself; the EPO isn't equipped to serve its original goals anymore

  24. The EPO's Central Staff Committee and SUEPO (Staff Union) Respond to “Fascist Bills” Supported by EPO President António Campinos

    Raw material pertaining to the latest Campinos "scandal"; what Campinos said, what the Central Staff Committee (CSC) said, and what SUEPO said

  25. Storm Brewing in the European Patent Office After a Hot Summer

    Things aren't rosy in EPOnia (to say the least); in fact, things have been getting a lot worse lately, but the public wouldn't know judging by what media tells the public (almost nothing)

  26. Why I Once Called for Richard Stallman to Step Down

    Guest post from the developer who recently authored "Getting Stallman Wrong Means Getting The 21st Century Wrong"

  27. As Richard Stallman Resigns Let's Consider Why GNU/Linux Without Stallman and Torvalds Would be a Victory to Microsoft

    Stallman has been ejected after a lot of intentionally misleading press coverage; this is a dark day for Software Freedom

  28. Links 16/9/2019: GNU Linux-libre 5.3, GNU World Order 13×38, Vista 10 Breaks Itself Again

    Links for the day

  29. Links 16/9/2019: Qt Quick on Vulkan, Metal, and Direct3D; BlackWeb 1.2 Reviewed

    Links for the day

  30. Richard Stallman's Controversial Views Are Nothing New and They Distract From Bill Gates' Vastly Worse Role

    It's easier to attack Richard Stallman (RMS) using politics (than using his views on software) and media focus on Stallman's personal views on sexuality bears some resemblance to the push against Linus Torvalds, which leans largely on the false perception that he is sexist, rude and intolerant

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts