11.10.09

Gemini version available ♊︎

Microsoft Lies About Security

Posted in Free/Libre Software, FUD, Microsoft, Security, Windows at 8:56 am by Dr. Roy Schestowitz

Guerra al capitol

Summary: Security propaganda from Microsoft tackled yet again in light of this week’s security FUD against Free software

AS WE showed two years ago, Microsoft knowingly hides security problems in its software and sometimes fixes these problems without reporting it to the public. It can be very frequent a routine. This way, when outsiders compare the number of security problems across different products/vendors, they merely compare apples and oranges (Red Hat and Firefox are popular victims of such disinformation). Microsoft is cheating.

Earlier this week Slashdot revealed that Microsoft’s attitude when it comes to security of its on-line services is more or less the same. To make matters worse, Microsoft is trying to gag those who know the truth. From Slashdot’s summary:

Microsoft Tries To Censor Bing Vulnerability

Microsoft’s bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking bing cashback expoit with a cease & desist letter, rather than by fixing the underlying security problem.

Here is the original post.

The purpose of my post was to show an implementation problem, not to encourage defrauding Microsoft. I am surprised they would go through this much trouble to make me take down information that is obvious to anyone reading their documentation. I don’t like dealing with lawyers, so I’ve decided to comply with their request. The post is gone. I will still write a “non-technical” post on all the problems I see with Bing Cashback in the next few days.

The reason why hundreds of millions of Windows PCs are zombies is not just because of negligent users; it’s also because of a company that puts its image and its profits before the safety of computer users. It would shamelessly lie to the public as long as its shareholders’ interests are obeyed. Suffice to say, Free software does not have the same inherent deficiency which is a conflict of interests (honesty versus selfishness). Apache is a good example of this.

According to The Register, botmasters have found new ways of sending instructions to Windows zombies. It’s not the fault of Google, which merely stores arbitrary strings of texts like many other services.

Cyber criminals’ love affair with cloud computing just got steamier with the discovery that Google’s AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.

Sadly enough, we are all left at a dangerous state where cyberwar is said to be imminent, with hordes of Windows zombies recruited to such a task.

CBS News reports that cyber war is a reality that, according to cyber experts, the US will have to be prepared for – and soon.

It is worth adding that the US presidency now has the legal power to shut off the Internet and physical bombing of botmasters is one of the proposed strategies shall disaster strike.

“Security — including national security — must never be put in proprietary hands.”What does Microsoft do about this? It serves the interests of shareholders, which means pretending that Windows (and other Microsoft products) is secure, even by fabrication and outright lies. Security — including national security — must never be put in proprietary hands. It is a recipe for disaster.

One of our readers, pointing to this old gem about password encryption, remarks: “It’s pathetic to see how much Gates has been able to hold back computing. His current antics are not new. However, now his antics involve much more outsourced marketing and tremendous investment in lobbying firms.

Related posts:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

8 Comments

  1. Yuhong Bao said,

    November 10, 2009 at 5:20 pm

    Gravatar

    “It’s not the fault of Google, which merely stores arbitrary strings of texts like many other services.”
    And it is not the fault of Microsoft either, who just makes an OS that can run any program, including malware. But if the zombie programs take advantage of things like security vulnerabilities or holes in Windows, that is certainly MS’s fault, and on that here is a quote by Woody:
    From http://www.askwoody.com/2009/autorun-patch-kb-967715-mess/:
    “(Remember, this is the worm that has drawn a $250,000 bounty from Microsoft – and the folks at MS can’t even plug one of its simplest infection vectors.)”

    Roy Schestowitz Reply:

    This worm was the fault of Microsoft; it exploited a massive flaw.

    Yuhong Bao Reply:

    Yep, actually several security flaws in Windows, which are all MS’s fault. And yep, that is what the last quote exactly was about. But to be honest the Linux desktop had it’s share of similarly stupid features as well:
    http://lwn.net/Articles/178409/
    http://lwn.net/Articles/178411/
    http://www.geekzone.co.nz/foobar/6229
    http://www.geekzone.co.nz/foobar/6236
    http://lwn.net/Articles/318755/

    Yuhong Bao Reply:

    More link on this:
    http://lwn.net/Articles/320707/
    http://it.slashdot.org/article.pl?sid=09/02/17/1526244

    Yuhong Bao Reply:

    BTW, on Vista the security flaws are less severe, because Vista has ASLR which prevents one of the flaws from being exploited, and the AutoPlay dialog also got changed in Vista so it is easier to tell that the AutoPlay entry created by the worm is fake. Recent versions of Linux has ASLR too, as well as Mac OS X.

    Roy Schestowitz Reply:

    Don’t forget that Linux usually gets its software (‘alien’ files) from trusted repositories.

    Yuhong Bao Reply:

    Yep, I remember Autopackage aiming to change this, but it kind of failed, I think.

    Roy Schestowitz Reply:

    It’s probably to do with how proprietary software is sold, not distributed. Marketplace/Store paradigm is growing though, especially in phones.

DecorWhat Else is New


  1. Links 29/05/2023: Election in Fedora, Unifont 15.0.04

    Links for the day



  2. Gemini Links 29/05/2023: Rosy Crow 1.1.1 and Smolver 1.2.1 Released

    Links for the day



  3. IRC Proceedings: Sunday, May 28, 2023

    IRC logs for Sunday, May 28, 2023



  4. Daniel Stenberg Knows Almost Nothing About Gemini and He's Likely Just Protecting His Turf (HTTP/S)

    The man behind Curl, Daniel Stenberg, criticises Gemini; but it's not clear if he even bothered trying it (except very briefly) or just read some inaccurate, one-sided blurbs about it



  5. Links 29/05/2023: Videos Catchup and Gemini FUD

    Links for the day



  6. Links 28/05/2023: Linux 6.4 RC4 and MX Linux 23 Beta

    Links for the day



  7. Gemini Links 28/05/2023: Itanium Day, GNUnet DHT, and More

    Links for the day



  8. Links 28/05/2023: eGates System Collapses, More High TCO Stories (Microsoft Windows)

    Links for the day



  9. IRC Proceedings: Saturday, May 27, 2023

    IRC logs for Saturday, May 27, 2023



  10. No More Twitter, Mastodon, and Diaspora for Tux Machines (Goodbye to Social Control Media)

    People would benefit from mass abandonment of such pseudo-social pseudo-media.



  11. Links 28/05/2023: New Wine and More

    Links for the day



  12. Links 27/05/2023: Plans Made for GNU's 40th Anniversary

    Links for the day



  13. Social Control Media Needs to be Purged and We Need to Convince Others to Quit It Too (to Protect Ourselves as Individuals and as a Society)

    With the Tux Machines anniversary (19 years) just days away we seriously consider abandoning all social control media accounts of that site, including Mastodon and Diaspora; social control networks do far more harm than good and they’ve gotten a lot worse over time



  14. Anonymously Travelling: Still Feasible?

    The short story is that in the UK it's still possible to travel anonymously by bus, tram, and train (even with shades, hat and mask/s on), but how long for? Or how much longer have we got before this too gets banned under the false guise of "protecting us" (or "smart"/"modern")?



  15. With EUIPO in Focus, and Even an EU Kangaroo Tribunal, EPO Corruption (and Cross-Pollination With This EU Agency) Becomes a Major Liability/Risk to the EU

    With the UPC days away (an illegal and unconstitutional kangaroo court system, tied to the European Union in spite of critical deficiencies) it’s curious to see EPO scandals of corruption spilling over to the European Union already



  16. European Patent Office (EPO) Management Not Supported by the EPO's Applicants, So Why Is It Still There?

    This third translation in the batch is an article similar to the prior one, but the text is a bit different (“Patente ohne Wert”)



  17. EPO Applicants Complain That Patent Quality Sank and EPO Management Isn't Listening (Nor Caring)

    SUEPO has just released 3 translations of new articles in German (here is the first of the batch); the following is the second of the three (“Kritik am Europäischen Patentamt – Patente ohne Wert?”)



  18. German Media About Industry Patent Quality Charter (IPQC) and the European Patent Office (EPO)

    SUEPO has just released 3 translations of new articles in German; this is the first of the three (“Industrie kritisiert Europäisches Patentamt”)



  19. Geminispace Continues to Grow Even If (or When) Stéphane Bortzmeyer Stops Measuring Its Growth

    A Gemini crawler called Lupa (Free/libre software) has been used for years by Stéphane Bortzmeyer to study Gemini and report on how the community was evolving, especially from a technical perspective; but his own instance of Lupa has produced no up-to-date results for several weeks



  20. Links 27/05/2023: Goodbyes to Tina Turner

    Links for the day



  21. HMRC: You Can Click and Type to Report Crime, But No Feedback or Reference Number Given

    The crimes of Sirius ‘Open Source’ were reported 7 days ago to HMRC (equivalent to the IRS in the US, more or less); but there has been no visible progress and no tracking reference is given to identify the report



  22. IRC Proceedings: Friday, May 26, 2023

    IRC logs for Friday, May 26, 2023



  23. One Week After Sirius Open Source Was Reported to HM Revenue and Customs (HMRC) for Tax Fraud: No Response, No Action, Nothing...

    One week ago we reported tax abuses of Sirius ‘Open Source’ to HMRC; we still wait for any actual signs that HMRC is doing anything at all about the matter (Sirius has British government clients, so maybe they’d rather not look into that, in which case HMRC might be reported to the Ombudsman for malpractice)



  24. Links 26/05/2023: Weston 12.0 Highlights and US Debt Limit Panic

    Links for the day



  25. Gemini Links 26/05/2023: New People in Gemini

    Links for the day



  26. IRC Proceedings: Thursday, May 25, 2023

    IRC logs for Thursday, May 25, 2023



  27. Links 26/05/2023: Qt 6.5.1 and Subsystems in GNUnet

    Links for the day



  28. Links 25/05/2023: Mesa 23.1.1 and Debian Reunion

    Links for the day



  29. Links 25/05/2023: IBM as Leading Wayland Pusher

    Links for the day



  30. IRC Proceedings: Wednesday, May 24, 2023

    IRC logs for Wednesday, May 24, 2023


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts