01.08.09

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Dr. Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

What Else is New


  1. Living in a State of Constant and Never-Ending Fear Will Harm Software Freedom

    "Freedom" or "liberty" may seem to have been co-opted by extreme right-wing and COVID-denying (or COVID-minimising) elements, but at the moment we do stand to lose many "tech rights" (in the name of "protecting" us)



  2. [Meme] Mozilla's 2020 Vision

    Mozilla does not seem to understand that proprietary Azure and proprietary GitHub won't offer Mozilla a way/path out of the mess it's in



  3. Techrights Done With Maintenance For Now, Will Resume Posting at a Higher Publication Pace

    With a few new features added to the site we can finally resume normal operations (more articles per day)



  4. Moving to Phones Won't Liberate Users

    A so-called 'phone' (or 'smart' phone) with Linux under the bonnet isn't freedom; it's a branding war being won, but principles are being abandoned



  5. Links 29/10/2020: LibreOffice 7.0.3, Linux 5.9.2, NVIDIA 455.38 Linux Driver

    Links for the day



  6. Links 29/10/2020: Istio 1.6.13, Krita 4.4.1 and PyPI Key-Signing Ceremony

    Links for the day



  7. IRC Proceedings: Wednesday, October 28, 2020

    IRC logs for Wednesday, October 28, 2020



  8. Links 28/10/2020: Linux Dropping WiMAX Support, Istio 1.7.4, Ubuntu is “Hirsute Hippo”

    Links for the day



  9. Linux Foundation (Men for Monopolies) Once Again Hijacking Women's (and Minorities') Voices for Public Relations

    Diversity and tolerance are absolutely essential, but those who preach or lecture us about it most loudly (their financial means or privilege enable media reach) set a bad example and are mostly opportunistic hypocrites who perpetuate the status quo



  10. In a State of Flux Due to Maintenance and Improvements

    For the first time since summer of 2019 we're investing time and effort improving the site in a number of ways



  11. Links 28/10/2020: Torvalds on Succession, PyTorch 1.7.0

    Links for the day



  12. [Meme] Stealing the Competition

    After the fall (and fail) of CodePlex Microsoft decided to grab the Linux Foundation and most Git-based projects (through GitHub) — a strategy even Microsoft can learn to love



  13. IRC Proceedings: Tuesday, October 27, 2020

    IRC logs for Tuesday, October 27, 2020



  14. Links 28/10/2020: FreeBSD 12.2, NixOS 20.09 and WordPress 5.6 Beta 2

    Links for the day



  15. Taking Our Efforts to the Next Level in an Increasingly Proprietary and Hostile Web

    Web users are being repressed by mechanisms of mass manipulation, control and restrictions; the Web may not be going away any time soon, but architectural and topological issues need to be overcome (the sooner, the better)



  16. Read Techrights Without a Web Browser

    Any text editor can now be used to read Techrights, owing to a daily bulletin we've set up and will maintain every day



  17. [Meme] Torvalds Assimilated

    People belatedly realise that Microsoft’s plan for Git (and for Linux) isn't for the betterment of those projects but for Microsoft monopoly



  18. Links 27/10/2020: FuguIta 6.8, Fedora 33, Red Hat Satellite 6.8, KDE Plasma 5.20.2 and GStreamer 1.18.1

    Links for the day



  19. Site Changes Ahead of Anniversary

    We’re making some changes to the presentation and function of the site — changes that will become more prominent over the coming days



  20. IRC Proceedings: Monday, October 26, 2020

    IRC logs for Monday, October 26, 2020



  21. Links 26/10/2020: rpminspect 1.2, Open Source Hardware Certification and LibreOffice Conference

    Links for the day



  22. Links 26/10/2020: Debian "Bullseye" Artwork, Fwupd 1.5 Released

    Links for the day



  23. [Meme] Satya Na-DL

    Microsoft has shown its real priorities (just before the weekend when many people might not notice)



  24. Jonathan Wiltshire and Debian, Falsified Harassment Claims, Tiger Computing and GCHQ

    Reprinted with permission from Debian Community News



  25. Links 26/10/2020: Linux 5.10 RC1 and Loongsoon Laptops

    Links for the day



  26. The Downfall of Free Software Leaders (and Their Projects or Missions)

    "Cancel George Orwell, and happy hacking."



  27. IRC Proceedings: Sunday, October 25, 2020

    IRC logs for Sunday, October 25, 2020



  28. Links 25/10/2020: Kodi 18.9, ScummVM Android Love, Cutelyst 2.13

    Links for the day



  29. [Meme] Captain Zemlin and Neil McGovern's Ugly Legacy in GNOME (His Predecessors Work for Microsoft Directly Now)

    The Linux Foundation is already ‘sold’ and Microsoft Tim‘s interview with Neil McGovern, published a few days ago, was rather revealing (comments on the article/interview were also harsh)



  30. How Microsoft is Still Worse Than Google

    "I have decided that we should not publish these extensions. We should wait until we have a way to do a high level of integration that will be harder for the likes of Notes, Wordperfect to achieve, and which will give Office a real advantage."


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts