EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.08.09

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Dr. Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

What Else is New


  1. Guest Post: Free Software is About Software Ownership

    "In effect, companies will lose control and profit. Will they accept that?"



  2. IRC Proceedings: Monday, January 27, 2020

    IRC logs for Monday, January 27, 2020



  3. Links 27/1/2020: Linux 5.5 is Out, Work on Linux 5.6 Commences, New Solus and Award for Andrew Tridgell

    Links for the day



  4. EPO: Goodbye to the Rule of Law and Hey Hi, AI!

    The EPO’s embrace of buzzwords — no longer a unique EPO strategy (it has already spread elsewhere) — puts examiners in a very bad position and they’re grappling with nerve- and mind-racking dilemmas (risk of unemployment for truly upholding the EPC)



  5. IRC Proceedings: Sunday, January 26, 2020

    IRC logs for Sunday, January 26, 2020



  6. Links 26/1/2020: MuseScore 3.4 Released, New Kate Icon and Solus 4.1 Fortitude Available

    Links for the day



  7. MIT and Microsoft Have Done Nothing to Actually Tackle Pedophilia and Ephebophilia

    MIT never actually resolved the issue that caused Joi Ito, Richard Stallman and others to be ejected; Microsoft meanwhile continues to profit from life-changing abuse (while seeding puff pieces in friendly media, just to pretend otherwise)



  8. Opinion: If You Advocate Population Control and You Are Yourself Doubling in One Single Generation, Then You Might be Hypocritical

    People with 3-5 children (each) tell us that the world has an overpopulation problem; while the growth of the population certainly poses a risk, these people lack the moral authority to lecture us about that (unless they adopt a eugenicist worldview, wherein only particular people are permitted to reproduce)



  9. IRC Proceedings: Saturday, January 25, 2020

    IRC logs for Saturday, January 25, 2020



  10. Nothing Has Truly Changed Since Netscape and Antitrust

    The same old crimes persist, as well as the blatantly anticompetitive behaviour



  11. When the Monopolists and the Patent Litigation Industry Hijack the News They Control the Narrative

    Money buys perception and litigation firms have certainly 'bought' the media coverage, which fails to convey the issue at stake and instead paints a rational court decision as tragedy for "innovation" (by "innovation" they mean monopolies on nature and on life)



  12. Links 25/1/2020: OPNsense 20.1 RC1 and DXVK 1.5.2

    Links for the day



  13. The Linux Kernel is No Longer Free Software?

    Gardiner Bryant, the creator of The Linux Gamer as well as The Off Topical Podcast, reacts to our articles about DRM in Linux (he even pronounced my name correctly)



  14. Sometimes Proprietary Software is Proprietary (Secret) Simply Because It is Not Good and Obfuscation Helps Hide Just How Ugly It Is

    Why nonfree (or proprietary) software generally fails to catch up with Free/libre software — at least on technical grounds — and then makes up for it with marketing and FUD offensives (discrediting perfectly-functioning things, based on their perceived cost)



  15. IRC Proceedings: Friday, January 24, 2020

    IRC logs for Friday, January 24, 2020



  16. Links 24/1/2020: GNU/Linux in Russia and More New Openings

    Links for the day



  17. When EPO Press Coverage Boils Down to Lobbying, Press Releases, EPO Lies, and Bribery

    Any attempts to properly assess and explain what happens in Europe's patent landscape are being drowned out by EPO-bribed and law firms-connected media; to make matters worse, the EPO's bribes have expanded to academia, so even scholarly work in this domain is corrupted by money of special interest groups



  18. IRC Proceedings: Thursday, January 23, 2020

    IRC logs for Thursday, January 23, 2020



  19. Links 23/1/2020: Qubes OS 4.0.3, EasyOS 2.2.5, GhostBSD 20.01

    Links for the day



  20. Passion of the Microsoft

    A rough timeline of Microsoft’s interactions with Linux and the Linux Foundation since 2015



  21. The Patent Microcosm is Really Panicking as European Patents on Life and Other Spurious Junk (Invalid Patents) Are Successfully Rejected

    European Patents (EPs) may be revoked en masse if what we're seeing is the gradual emergence of 'European Mayo' (and maybe soon 'European Alice')



  22. Distractions From Microsoft's Gigantic Tax Evasion and Contribution to Denial of Climate Science

    Microsoft (connected to oil companies) wants us to think of it as a "green" company; not only does it contribute to climate denial but it also evades tax, which is a serious crime that costs tens of billions of dollars (the public pays this money instead)



  23. Confirmation: System1/Startpage Offered Pay to People Who Pushed for (Re)Listing in Privacy Directories

    The debate is now settled; those arguing in favour of listing Startpage as privacy-respecting are in fact secretly 'compensated' by Startpage (in other words, they're Startpage 'shills')



  24. Vandana Shiva: “Bill Gates is Continuing the Work of Monsanto”

    A recent interview on what Bill Gates is really up to in that sham ‘charity’ of his



  25. IRC Proceedings: Wednesday, January 22, 2020

    IRC logs for Wednesday, January 22, 2020



  26. Extending Linux With DRM, Azure and exFAT

    An insufficiently 'conservative' Linux ceases to be freedom-respecting



  27. Linux Foundation (LF) Now Dominated by Lots of Microsoft People and LF Chiefs Join Microsoft in Smearing GPL/Copyleft

    We continue to see additional evidence which serves towards reinforcing our view that the so-called 'Linux' Foundation is actually hostile towards many things that are associated with Linux (unlike those looking to exploit/hijack Linux for proprietary ends)



  28. Links 22/1/2020: Wayland 1.18 Alpha, ODF 1.3 Approved

    Links for the day



  29. IRC Proceedings: Tuesday, January 21, 2020

    IRC logs for Tuesday, January 21, 2020



  30. Poor Excuses for Granting Poor (and Often Illegal/Invalid) Patents

    A quick look at some of the latest examples of software patents advocacy (not by actual software professionals, obviously) and why it's deeply misguided (or guided solely by greedy law firms)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts