EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.08.09

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Dr. Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

What Else is New


  1. Microsoft is Going to Get Tired of Whining About “GAFA” and Accept That It's Just as Bad If Not a Lot Worse at Privacy

    Microsoft is being treated by the US government as if it's not abusing anything, let alone people's privacy; if anything, this demonstrates the degree to which Microsoft infiltrated or 'vendor-captured' regulatory branches



  2. Links 6/7/2020: LibreOffice 7.0 RC1, MX-19.2 KDE Beta 1, Linux 5.8 RC4

    Links for the day



  3. ZDNet's 'Linux' Section: Linux is Full of Problems and It Loves/Embraces Software Patents

    Software patents promotion and GNU/Linux FUD; your daily dosage of 'news' from the tabloid known as ZDNet...



  4. IRC Proceedings: Sunday, July 05, 2020

    IRC logs for Sunday, July 05, 2020



  5. Links 5/7/2020: Slackel 7.3 Mate Beta and GNOME Gingerblue

    Links for the day



  6. Technological Progress? Only If We Assume The Wrong Things...

    When we're told that we're all dumb we're being given increasingly dumb technology (and they tell us dumber is better)



  7. Linux Foundation Still Owned and Controlled Largely -- and More Over Time -- by Surveillance Companies (Openwashing Services for Bad Practices and Bad Actors)

    The Linux Foundation‘s growing role in spying or the focus on data-mining operations is an eternal reminder or warning that the Foundation follows power and money, not freedom or ethics (it began as a salary-paying venture, crowdfunding among large corporations which conduct mass surveillance)



  8. Sharing is Caring, as Those Who Share Usually Care

    Going back to our human roots, people who cooperate and collaborate are vastly more likely to survive and thrive; Free software is almost guaranteed to become the norm when/once everyone demands it (proprietary software is too divisive, supremacist and even racist)



  9. Systems Can Crash and People Can Die by Changing Language (Even in Parameter and Function Space) to Appease Activists

    It seems clear that Intel takes the lead in trying to change Linux not in technical means but purely social means; even when (and where) that can compromise the robustness of the kernel (Intel is nowadays known for profoundly defective chips with back doors)



  10. António Campinos Should Speak to Peasants, Not Litigation Lawyers

    Mr. Campinos does not work for campinos but against campinos; he represents the people who sue or threaten them using ludicrous patents that should never have been granted (e.g. in Ethiopia)



  11. Christine Lambrecht (German Minister of Justice and Consumer Protection) Ignores the Fact That Even Patent Experts Reject the Unitary Patent (UPC)

    The debacle single-handedly caused by and attributable to Christine Lambrecht, who is eager to appease litigation lawyers, is made yet worse by the fact that people in this domain/profession reject what she's trying to ram down people's throats



  12. [Humour] The Linux Foundation is Not Even Using Linux

    The Linux Foundation does not support Linux except in name; it is important to remember that



  13. Microsoft Loves Power

    An explanation of why Microsoft says it loves this and that; Microsoft lacks the capacity to love or to express empathy as it's always about self gratification or coercion, nothing else



  14. IRC Proceedings: Saturday, July 04, 2020

    IRC logs for Saturday, July 04, 2020



  15. Indoors Society, Shut the Windows

    Times are changing in all sorts of ways; it seems like GNU/Linux and other Free/libre operating systems may emerge as winners when the 'dust settles'



  16. Allegation That Microsoft Adopted the Mentality of Suicide Bombers Against Linux, Leaks Reveal

    Looking at leaked E-mails from around the time Microsoft used Cyanogen as a 'proxy', we're finding some stunning admissions or speculation about the real motivations



  17. [Humour] A Union in Whose Interests?

    The union-busting 'yellow union' (the one that helped Benoît Battistelli marginalise SUEPO) is unable to represent staff any longer



  18. FFPE EPO Has Rendered Itself Obsolete by Liaising With Benoît Battistelli

    FFPE EPO has been left out of staff representation, demonstrating that liaising with the oppressor is a self-deprecating move which must be avoided (the only remaining potent union is SUEPO)



  19. Links 4/7/2020: LibreOffice 7.0 'Personal Edition', Atari VCS Coming Soon

    Links for the day



  20. [Humour/Meme] The 'New' Edge (Chrome Copycat) is Already Dead, So Microsoft is Trying to Just Kill the Competition

    Edge market share is so minuscule that it doesn’t even make it into this chart (it’s in “other”); no wonder Microsoft now bullies Windows users into using it, for users reject it even after months of endless advertising/AstroTurfing and aggressive exploitation/appropriation



  21. Fourth of July in the United Kingdom and the United States

    In these bizarre times Independence Day is still being celebrated, even as so many people are out of work, running out of hope and being fed xenophobia in social control media with a racist 'celebrity' president (the "user in chief")



  22. [Humour] Bigger is Always Better When You're a Deluded Maximalist

    The EPO totally lost sight of its mission; it's just speeding everything up, very carelessly, not minding quality and accuracy/certainty/legal validity



  23. 'Managing Intellectual Property' Managing to Become Uncritical Parrot of EPO Management

    Managing to amplify the EPO's lies isn't hard; one just needs to copy, paste, edit a little; then they call it 'journalism', irrespective of the proven track record of EPO management lying to staff and to the media



  24. IRC Proceedings: Friday, July 03, 2020

    IRC logs for Friday, July 03, 2020



  25. Monopoly Abuse, Still: Microsoft Pays Projects to Embrace/Move to C#, GitHub and Visual Studio

    Microsoft's greatest of efforts to lull regulators into inaction and fool us all into thinking that things have changed are undone by actual behaviour, which is abusive, anti-competitive and just... typical Microsoft



  26. Links 4/7/2020: Grml 2020.06 and diffoscope 150 Released

    Links for the day



  27. [Humour/Meme] Don't Let a COVID Crisis Go to Waste When You're Eager to Find Excuses for Many Layoffs and Shutdowns

    Microsoft business units that were defunct (long-failing, well before COVID-19) are being thrown out and Microsoft exploits a virus to rationalise these decisions while spicing up media coverage with "Hey Hi" (AI) and "virtual" experience or Facebook (to give the false impression that nothing really goes away)



  28. Free Software Tackles Political Issues. Political Tactics Are Also Being Weaponised Against Free Software.

    Divide-and-rule tactics seem to have been exploited to weaken collaborative work on Free/libre software; the response to these tactics needs to start with realisation that this is going on (even if it's done in a somewhat clandestine nature)



  29. Offence and Racism

    o those in positions of power and privilege (financial) you are controllable by guilt; dividing us and causing us to feel guilt and fear (over potential offence) is a powerful social control mechanism and pretext for dismissal, censorship, humiliation



  30. Links 3/7/2020: TrueNAS 12 Beta 1, Librem 13 Product Line

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts