11.10.09

Microsoft Lies About Security

Posted in Free/Libre Software, FUD, Microsoft, Security, Windows at 8:56 am by Dr. Roy Schestowitz

Guerra al capitol

Summary: Security propaganda from Microsoft tackled yet again in light of this week’s security FUD against Free software

AS WE showed two years ago, Microsoft knowingly hides security problems in its software and sometimes fixes these problems without reporting it to the public. It can be very frequent a routine. This way, when outsiders compare the number of security problems across different products/vendors, they merely compare apples and oranges (Red Hat and Firefox are popular victims of such disinformation). Microsoft is cheating.

Earlier this week Slashdot revealed that Microsoft’s attitude when it comes to security of its on-line services is more or less the same. To make matters worse, Microsoft is trying to gag those who know the truth. From Slashdot’s summary:

Microsoft Tries To Censor Bing Vulnerability

Microsoft’s bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking bing cashback expoit with a cease & desist letter, rather than by fixing the underlying security problem.

Here is the original post.

The purpose of my post was to show an implementation problem, not to encourage defrauding Microsoft. I am surprised they would go through this much trouble to make me take down information that is obvious to anyone reading their documentation. I don’t like dealing with lawyers, so I’ve decided to comply with their request. The post is gone. I will still write a “non-technical” post on all the problems I see with Bing Cashback in the next few days.

The reason why hundreds of millions of Windows PCs are zombies is not just because of negligent users; it’s also because of a company that puts its image and its profits before the safety of computer users. It would shamelessly lie to the public as long as its shareholders’ interests are obeyed. Suffice to say, Free software does not have the same inherent deficiency which is a conflict of interests (honesty versus selfishness). Apache is a good example of this.

According to The Register, botmasters have found new ways of sending instructions to Windows zombies. It’s not the fault of Google, which merely stores arbitrary strings of texts like many other services.

Cyber criminals’ love affair with cloud computing just got steamier with the discovery that Google’s AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.

Sadly enough, we are all left at a dangerous state where cyberwar is said to be imminent, with hordes of Windows zombies recruited to such a task.

CBS News reports that cyber war is a reality that, according to cyber experts, the US will have to be prepared for – and soon.

It is worth adding that the US presidency now has the legal power to shut off the Internet and physical bombing of botmasters is one of the proposed strategies shall disaster strike.

“Security — including national security — must never be put in proprietary hands.”What does Microsoft do about this? It serves the interests of shareholders, which means pretending that Windows (and other Microsoft products) is secure, even by fabrication and outright lies. Security — including national security — must never be put in proprietary hands. It is a recipe for disaster.

One of our readers, pointing to this old gem about password encryption, remarks: “It’s pathetic to see how much Gates has been able to hold back computing. His current antics are not new. However, now his antics involve much more outsourced marketing and tremendous investment in lobbying firms.

Related posts:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/11/10/microsoft-propaganda-re-security/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

8 Comments

  1. Yuhong Bao said,

    November 10, 2009 at 5:20 pm

    Gravatar

    “It’s not the fault of Google, which merely stores arbitrary strings of texts like many other services.”
    And it is not the fault of Microsoft either, who just makes an OS that can run any program, including malware. But if the zombie programs take advantage of things like security vulnerabilities or holes in Windows, that is certainly MS’s fault, and on that here is a quote by Woody:
    From http://www.askwoody.com/2009/autorun-patch-kb-967715-mess/:
    “(Remember, this is the worm that has drawn a $250,000 bounty from Microsoft – and the folks at MS can’t even plug one of its simplest infection vectors.)”

    Roy Schestowitz Reply:

    This worm was the fault of Microsoft; it exploited a massive flaw.

    Yuhong Bao Reply:

    Yep, actually several security flaws in Windows, which are all MS’s fault. And yep, that is what the last quote exactly was about. But to be honest the Linux desktop had it’s share of similarly stupid features as well:
    http://lwn.net/Articles/178409/
    http://lwn.net/Articles/178411/
    http://www.geekzone.co.nz/foobar/6229
    http://www.geekzone.co.nz/foobar/6236
    http://lwn.net/Articles/318755/

    Yuhong Bao Reply:

    More link on this:
    http://lwn.net/Articles/320707/
    http://it.slashdot.org/article.pl?sid=09/02/17/1526244

    Yuhong Bao Reply:

    BTW, on Vista the security flaws are less severe, because Vista has ASLR which prevents one of the flaws from being exploited, and the AutoPlay dialog also got changed in Vista so it is easier to tell that the AutoPlay entry created by the worm is fake. Recent versions of Linux has ASLR too, as well as Mac OS X.

    Roy Schestowitz Reply:

    Don’t forget that Linux usually gets its software (‘alien’ files) from trusted repositories.

    Yuhong Bao Reply:

    Yep, I remember Autopackage aiming to change this, but it kind of failed, I think.

    Roy Schestowitz Reply:

    It’s probably to do with how proprietary software is sold, not distributed. Marketplace/Store paradigm is growing though, especially in phones.

What Else is New


  1. IRC Proceedings: Thursday, February 25, 2021

    IRC logs for Thursday, February 25, 2021



  2. Stéphane Bortzmeyer Explains Gemini Protocol (February 2021)

    A recent talk from Stéphane Bortzmeyer about Gemini and what it is for (or why)



  3. Links 26/2/2021: Istio 1.7.8 Announced, Blender 2.92, Firebird 3.0 Language Reference, FSF Against Twitter

    Links for the day



  4. Special Thanks to Mogz

    Credit where it's due to Mogz



  5. Modifying WordPress to Include Gemini Links in All Articles (Assuming a Canonical URL Form)

    In order to promote the departure from the World Wide Web (where possible and suitable; sites with text don't typically need Web-like features) one can promote the analogous pages in one's Gemini capsule; we suggest a way of doing so in WordPress (the most widely used CMS)



  6. Links 25/2/2021: RHEL for Open-Source Infrastructure, GNOME 40 Beta, LXPanel 0.10.1

    Links for the day



  7. IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge

    IBM and Qt Don't Understand Free Software and They Now Impose Terms and Conditions on Who Qualifies for Use of Free Software Free of Charge



  8. Techrights Gemini Capsule, Now With Over 35,000 Pages and Files

    Blog posts combined with static (plain text) files are now 36,000+ in number, just for Gemini protocol alone; that number keeps growing as our conversion proceeds and evolves (our software will be released under terms of the AGPLv3)



  9. Eventually, or Hopefully, Many People Will Come Back to What the Web Used to Be (Or Web Alternatives More Like the 'Old' Web)

    With RSS feeds making a comeback and a resurgence of personal blogs we can take back the Web from a cabal of tech/Internet giants and social control media, censored, curated and spied on by oligarchy



  10. If Wikipedia is Controlled by Corporations and Mobs, It Needs to Be 'Cancelled'

    Facts have never truly mattered in social control media sites; it certainly seems as though Wikipedia now suffers the very same issue/deficit, allowing oligarchs and their companies to define what goes on in the world and which people Wikipedia should regard as persona non grata



  11. GNU/Linux Reaffirms Its Status as the Universal and Inter-planetary Operating System

    The operating system made for and by scientists (not business sharks and marketing cults) is winning the battle, and not only in this planet



  12. IRC Proceedings: Wednesday, February 24, 2021

    IRC logs for Wednesday, February 24, 2021



  13. Links 25/2/2021: Kali Linux 2021.1, Wine Launcher 1.4.46, and Google's Security Posing

    Links for the day



  14. Links 24/2/2021: MariaDB 10.5.9, Krita 4.4.3 Beta, and Debuginfod Server for Debian

    Links for the day



  15. Self-Host Your Videos, Take Full Advantage of HTML5 and Video Attributes

    For self-hosting of videos over the World Wide Web (Gemini too can handle videos; its clients/browsers can, for example, link video files/URLs to external media players) it's worth reviewing the full set of features made available by the standards because a lot can be accomplished without JavaScript and without unnecessary bloat/complexity



  16. Trying Out NoiseTorch to Reduce Background Sound/Noise in GNU/Linux

    An introduction to noisetorch (or NoiseTorch), an application that helps create virtual microphones/devices with reduced background noise



  17. How the Big Banks and OIN Can Whitewash Software Patents and Do Nothing Concrete About Patent Trolls

    Response to the puff piece entitled "How the Big Banks and OIN Can Lock Out Patent Trolls with Enabled Publications"



  18. IRC Proceedings: Tuesday, February 23, 2021

    IRC logs for Tuesday, February 23, 2021



  19. How to Set Up a Gemini Server of Your Own, Even on a Simple Single-Board Computer

    Using Agate to start one's own Gemini capsule (self-hosted) is a lot simpler than one might be inclined to believe; this is a detailed HOWTO, hoping to encourage more people to join Gemini space, which is fast-growing and free of garbage



  20. Links 23/2/2021: Tails 4.16, Libinput 1.17, Fwupd 1.5.7, Firefox 86, NeoChat 1.1

    Links for the day



  21. The Word Master is Not Problematic in Most Contexts and Its Origin Hasn't a Connection to Slavery

    Slavery is to the word "master" mostly disconnected; it might, however, be closely connected in the minds of racists or the agenda of highly racist corporations (profiting from racism) that look for ways to distract from their racism



  22. On Misapplication, Misuse, Overuse and Abuse of Words (to Suit False Narratives)

    It is looking like the word "abuse" has been extended to basically mean all sorts of things including the act of actually exposing real abuse



  23. The Administrative Council Needs to Fix the EPO While It's Still Possible

    EPO staff and former staff (pensioners) aren't happy and the it's the responsibility of the Administrative Council to do something before it's too late (the reputation of the Office is already severely harmed and it's unable/unwilling to recruit suitable and qualified people, both as examiners and managers, respectively)



  24. 'These Questions Remain Unanswered': Campinos Became Battistelli Just Halfway Through His Term

    The Central Staff Committee of the EPO highlights the grim situation or the deadlock reached after totally dysfunctional Office management somehow managed to kill off channels of communication, in effect going back to where things were back in 2018 under Battistelli



  25. 'The One Percent': Salary Adjustment Procedure (SAP) Supported Only by 1% of EPO Staff

    Out of 2,237 EPO workers who expressed their position on the SAP, which in essence lowers their salary, only 31 expressed support for it (that's 1.385%)



  26. IRC Proceedings: Monday, February 22, 2021

    IRC logs for Monday, February 22, 2021



  27. DDOS Attacks and Decentralisation

    Our server, which is shared among sites, has been under persistent distributed denial of service (DDOS) attacks almost every day in recent weeks, culminating in much worse attacks last night, but we're not too worried anymore



  28. Links 23/2/2021: Gemini (and Gopher) on the Rise Again, Systemd 248 Reaches RC1

    Links for the day



  29. On the Terms Master, Main and Abuse

    Reprinted with permission from Daniel Pocock



  30. Microsoft Inside — Part IV: Microsoft Everywhere, Looking to Poach Developers, Not Disclosing What It Really Wants

    As it turns out, just about everyone looking to recruit for a Microsoft-connected project/company (working on Raspberry Pi, Ubuntu etc.) near Microsoft is 'former' Microsoft, but people who are being approached aren't being told so, at least not upfront; those are very familiar and old tactics, which merit a word of caution to all


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts