10.13.09

Gemini version available ♊︎

Vista 7 Gets Royal (Patch) Treatment, Windows XP in Court for “Spyware” Behaviour

Posted in Courtroom, Microsoft, Security, Vista 7, Windows at 11:15 am by Dr. Roy Schestowitz

Windows XP wallpaper style

Summary: Many security issues in Vista 7, Windows XP has Microsoft sued for behaving like malicious software

SEVERAL days ago we wrote about Vista 7 being left insecure. Given all that has happened in the past year (c.f. links at the bottom), this should not be surprising and SJVN has just written a short article claiming that Vista 7 suffers from “unimproved security”.

When it comes to security and Windows 7, it’s just more of the same old, same old.

This point really came home to me when I was looking over all the patches that Microsoft will delivering tomorrow in what may be the largest Patch Tuesday ever. Microsoft “will ship a total of 13 updates next week, eight of them pegged “critical,” the highest threat ranking in its four-step scoring system, beating the previous record of 12 updates shipped in February 2007 and again in October 2008.”Of these 13, five are for Windows 7.

That’s Tuesday, that’s today.

Microsoft claims 5 patches for Vista 7, but as experience suggests, Microsoft lies about these numbers. It is not obliged to adhere to the same reporting standards as Free software.

Many people will continue using Windows XP when 7 comes out, but XP is permanently insecure since Microsoft refuses to patch it. And to make matters worse, based on this report, Microsoft is still stuck in court having been sued for XP being spyware, which it is (for more than one reason).

The plaintiffs allege that Microsoft improperly distributed the Windows Genuine Advantage tool, without proper consent from users, in a manner normally reserved for “high priority” security updates. WGA, as it’s known, tests to see if a copy of Windows is valid and delivers warnings if it doesn’t pass. Microsoft’s Automatic Update system lets users opt in to receive fixes and patches for the operating system.

That’s a lie or an embellishment at the very least. Microsoft overrides those settings. Even if the user requests that updates shall not be pushed through, Windows settings are totally ignored. Users have shown this for years.

On Vista 7 security problems:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. Yuhong Bao said,

    October 13, 2009 at 1:56 pm

    Gravatar

    “Microsoft claims 5 patches for Vista 7, but as experience suggests, Microsoft lies about these numbers. It is not obliged to adhere to the same reporting standards as Free software.”
    Yep, it is not as simple as comparing numbers.
    “Many people will continue using Windows XP when 7 comes out, but XP is permanently insecure since Microsoft refuses to patch it.”
    Not completely, you should see my comments on the linked article, which talks about this in more detail.

    Roy Schestowitz Reply:
    October 13th, 2009 at 2:10 pm

    Disablement is not a fix though.

    Yuhong Bao Reply:
    October 13th, 2009 at 4:17 pm

    Of course not, even MS claimed that it was only a workaround. MS released the fix for this SMB2 flaw today, and it is MS09-050. I was mostly commenting on the lack of XP and 2000 patches for MS09-048, saying it is that it is only this particular patch that don’t have a version for Win2000 or WinXP. MS has not in general stopped patching Win2000 or WinXP and will not until the extended support ends.

    Roy Schestowitz Reply:
    October 13th, 2009 at 4:24 pm

    Patching does not equate to quality patching. The half-hearted maintenance is causing trouble to all of us who share the Internet (systemic cost).

    Yuhong Bao Reply:
    October 13th, 2009 at 5:06 pm

    Note in this particular case however that the vulnerablities MS is not patching are only DoS vulnerablities that in theory only affects the machine attacked. There is a Remote Code Execution vulnerablity in the bulletin, but it only affects Vista and Server 2008, not XP or Server 2003. If you want more info, you should read the bulletin:
    http://www.microsoft.com/technet/security/Bulletin/ms09-048.mspx

DecorWhat Else is New

  1. Links 4/12/2021: Gedit Plans and More

    Links for the day

  2. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day

  3. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021

  4. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day

  5. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year

  6. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be

  7. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them

  8. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing

  9. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day

  10. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021

  11. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day

  12. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day

  13. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue

  14. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021

  15. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”

  16. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same

  17. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day

  18. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below

  19. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation

  20. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains

  21. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day

  22. Links 1/12/2021: NixOS 21.11 Released

    Links for the day

  23. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021

  24. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day

  25. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves

  26. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."

  27. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline

  28. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day

  29. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers

  30. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts