EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.08.08

Another Reason to Avoid Mono: Security

Posted in GNU/Linux, Microsoft, Mono, Novell, Security, Windows at 5:27 pm by Dr. Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

Miguel de Icaza

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.


Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)


For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 28/3/2015: FoundationDB FOSS Shut Down by Apple, European Commission Support for Free Software

    Links for the day



  2. Microsoft Keeps Pretending to be 'Open Source', Despite Relentless Assaults on Open Source

    Microsoft's charm offensives against Free/libre software are proving to be rather effective, despite them involving a gross distortion of facts and exploitation of corruptible elements in the corporate media



  3. Željko Topić and Ivan Šimonović, Two Residues of Ivo Sanader's Corrupt Regime, Seen as Indirectly Connected

    Further exploration of the remnants of Sanader's highly notorious record and those whom he had brought to power before he landed in jail



  4. Links 27/3/2015: Ubuntu 15.04 Second Beta, Dart 1.9

    Links for the day



  5. The EPO's Dutch Scandal Leaves Battistelli and His Cronies on the Run

    EPO management is making concessions and issues statements which admit defeat, allowing the staff union to continue its activities



  6. Microsoft Won't Let People Wipe (Off) Windows But Happily Wipes Android, Wipes Android Apps Through Cyanogen and Blackmailed 'Partners'

    Microsoft's obscene double-standards leave Android and Linux between a rock and a hard place



  7. Links 26/3/2015: GNOME 3.16 Officially Released

    Links for the day



  8. Links 25/3/2015: India Moving to Free Software

    Links for the day



  9. Another Reason to Boycott UEFI: Back Doors or Crackers

    UEFI makes computers more prone to infections, according to some security experts



  10. The EPO's Administrative Council is Under Increased Pressure to Rein in and to Finally Stop Benoît Battistelli

    The EPO's Administrative Council (AC) is about to have a meeting, so the Member States' delegations are urged to call for action



  11. IRC Proceedings: February 22nd - March 21st, 2015

    Many IRC logs



  12. The Latest Microsoft Attacks on GNU/Linux and Free/Libre Software

    Microsoft is still hiding behind the façade of 'love' whilst actively attacking GNU/Linux and Free software from many directions



  13. Attempts to Disrupt Android by Pushing Microsoft Software Into It (Using Patent Blackmail and Cyanogen)

    Microsoft's Android coup d'état is succeeding owing to public apathy and poor comprehension of what Microsoft really is up to, partly due to media misdirection



  14. Links 24/3/2015: WebKitGTK+ 2.8.0, Black Lab Linux 6.5

    Links for the day



  15. Concerns Over Željko Topić's Alleged Powerful Links in Croatian Diplomacy

    Rikard Frgačić explains the powerful connections acquired though Ivan Šimonović, who is himself connected to EPO Vice-President Željko Topić



  16. Benoît Battistelli's EPO Comes Under Fire From Prominent Figures Who Are Key EPO Stakeholders, Expect Battistelli to Resign 'in the Longer Term'

    The ‘reign of terror’ which is primarily attributed to Battistelli and his cronies may be about to end; the Luxembourg parliament approves the Unified Patent Court



  17. Benoît Battistelli's EPO is Under Attack From French Politicians Yet Again

    More EPO interventions -- this time from France -- target Benoît Battistelli over his abuses and take it up to Eurocrats for political actions



  18. Bribes and Extortion Help Turn Android (Linux-powered) Into 'Microsoft Android'

    A strategy involving harassment and bribes drives large Android players into Microsoft's arms (PRISM and lock-in), much to Google's (and users') detriment and beyond regulators' range of visibility



  19. Microsoft-connected Black Duck Software Created by Microsoft Marketing Man as an Anti-GPL Operation, Admits the Management

    Black Duck "was founded [on] the idea ... to keep GPL-licensed code out of corporate codebases entirely," according to a new report



  20. Links 23/3/2015: Linux 4.0 RC5, Kubuntu Celebrates Ten Years

    Links for the day



  21. Microsoft Admits Lying (or Deceiving) About the Cost of Vista 10

    After much hype in the press about Windows being 'free' it turns out that Microsoft just lied yet again, leaving that lingering perception that Windows is as inexpensive as GNU/Linux



  22. Politics of Blackmail at the EPO

    Comments serve to highlight the role of bribes (or contrariwise blackmail), as allegedly exercised by the current management of the European Patent Office



  23. Benoît Battistelli's EPO Comes Under Attack From the British

    A British MEP criticises Battistelli and the management of the European Patent Office (EPO) while Baroness Lucy Neville-Rolfe, UK Minister for Intellectual Property, gets closer to Battistelli in a tactless effort to improve relations



  24. The Royal Norwegian Department of Labour on the Right of European Patent Office (EPO) Workers to Strike

    The role of bureaucrats from Norway in defending (or not) the rights of EPO workers -- rights that the EPO's management is actively trying to deny and punish for



  25. Michael Silver Back to Acting as Gartner's Microsoft Agent, Promoting Vista 10 Based on False Promises

    Vista 10 in the headlines as its marketing propaganda zones in on false perceptions around cost, aided in part by longtime foes of GNU/Linux such as Gartner, especially its Microsoft-embedded elements (Michael Silver and co-workers)



  26. Despite Media Propaganda About Security, Microsoft Windows Remains the Least Secure Operating System, by Design

    Amid highly misleading security-centric reports that rely on Microsoft's bogus number of vulnerabilities (Microsoft already admitted hiding many of them) Techrights presents recent news about Windows 'security'



  27. Canonical Goes to Bed With Company That Sues Linux Using Software Patents and Copyrights (Through SCO)

    Despite Microsoft's continued assault on GNU/Linux, Canonical is foolish enough to give Microsoft control over many Ubuntu instances



  28. Links 22/3/2015: GNOME 3.16 Shaping Up, LibrePlanet 2015

    Links for the day



  29. Microsoft Hates Linux - Part VI - Propaganda Wars Against Free Software Facilitated While Media Control is Secured and Abused

    How Microsoft systematically lies to the public, including decision-makers and officials who can be tricked into choosing proprietary software, thinking it is in fact "open"



  30. Microsoft Hates Linux - Part V - Dumping and Surveillance to Counter GNU/Linux Insurgence

    Microsoft makes false claims about future versions of Windows (with more surveillance) becoming 'free' in order to stop migrations to GNU/Linux


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts