11.16.09

Microsoft Won’t Secure Firefox/Chrome Users, Shows More Negligence

Posted in Microsoft, Security, Vista 7, Windows at 9:19 am by Dr. Roy Schestowitz

Web browser icons

Summary: ActiveX required by Microsoft’s OneCare; investigation into Vista 7 vulnerabilities a case of “too little, too late”

MICROSOFT pretends to have changed for the better. It pretends that it allows users of Windows to use Web browsers other than Internet Explorer, but the following post — artistically titled “Microsoft being a Onecare [Wanker]“ — suggests otherwise:

For starters, it uses an ActiveX control – Internet Explorer required in other words – that’s annoyingly hard to install. You get warnings galore from Windows 7′s UAC and IE about popups and do you really really really want to install something that has the potential to roger your system well and truly?

ActiveX was designed to restrict competition by supplanting Web standards. It ended up becoming one of the biggest security nightmares out there and Novell supports this.

Here is the new story of a man who has just been fired because of these practices from Microsoft:

Linux Contractor Fired for Using Firefox/Linux

[...]

The irony? The “compentency test” was a Security & Privacy test from the four letter credit card company that HAD to be taken on MS Windows with IE?

I’ll let you be the ones to point out the obvious…the fact that this large computer/server company with three letters in their name is reportedly a “friend to Linux”. I’ll let you talk about how a Linux Professional who uses Linux as their desktop environment was denied access to employment. Employment that was based on his knowledge of Linux. Yeah, the server side…but still…

Now let’s brag about how much ground Linux has made…

And a Linux Project Manager for said company asking the question:

“What’s this Foxfire thing?”

As a secondary item of news, some days ago we argued for Microsoft liability when it comes to the latest Vista 7 vulnerability. Microsoft deserves to be accused of negligence and the following article implies deception too.

Is Microsoft Overhyping Security In Windows 7?

[...]

Microsoft has been aggressively marketing the security improvements in Windows 7, but some security experts believe this strategy could leave the software giant open to some unpleasant repercussions.

Vista 7 has been breached before and to give some examples of insecurity, we have:

Now there is the SMB flaw that Microsoft finally acknowledges.

Microsoft on Friday said it is working on a fix for a vulnerability in the Server Message Block file-sharing protocol in Windows 7 and Windows Server 2008 Release 2 that could be used to remotely crash a computer.

It really took them too long, having waited for attack code to appear before properly investigating. That’s negligence and it is irresponsible. Gregg Keizer writes:

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.

Why has Microsoft waited so long before looking into the problem? Could it be that lack of security and increased fear help Microsoft sell more ‘solutions’ to those very same problems? As we showed some days ago, is clearly profiting from Conficker, for example.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Needs Sunlight said,

    November 16, 2009 at 11:17 am

    Gravatar

    A verdict of Negligence would assume a competency or willingness to fix the problem. Likely neither are present in any measurable quantity.

    From the outside it looks more like a case of further anti-competitive behavior.

What Else is New


  1. Internal Error: Unified Patent Court and Unitary Patent Incompatible With the Constitution and Basic Laws

    The FFII has issued a statement for Members of the Bundestag, Members of the European Parliament, Members of the Council, German Presidency of the EU, Chancellor Merkel, Commissioner Von Der Leyen, Commissioner Reynders, and Battistelli's buddy Breton



  2. The EPO is Using Hype Wave and Buzzword to Promote Illegal Software Patents in a So-Called “Digital Conference”

    The "HEY HI" or "AI" hype is misused by the Office; not just in person but also in webstreams, which basically serve as a vehicle for illegal agenda



  3. Dutch Delegation and German Delegation at the Administrative Council of the EPO Upset at the Office for Secrecy, Working Behind the Scenes to Crush Productive Staff

    Less than halfway through his term at the Office, Battistelli's buddy already faces growing criticism and, according to the Central Staff Committee, he "was emotionally affected by the intervention such that he was not able to effectively reply to the questions of the delegates."



  4. Links 23/11/2020: GNU Guix 1.2.0, Evaluating Precursor’s Hardware Security, Kdenlive 20.08.3, Kodi 19.x Beta, Vulkan 1.2.162

    Links for the day



  5. Links 23/11/2020: Linux 5.10-rc5, GIMP Turns 25, 4MLinux 34.2, Escuelas Linux 6.11, MPV Player 0.33

    Links for the day



  6. How to Put on Airs of Professionalism Like a Boss

    "Boardroom suits are not meant to be flashy, but to conform. Simple lines and smart ties -- the opposite of what Richard Stallman would wear, show that you are either a well-machined cog or a serious adversary."



  7. IRC Proceedings: Sunday, November 22, 2020

    IRC logs for Sunday, November 22, 2020



  8. Legal Action at the European Patent Office (EPO) Leveraged Against Management... for Robbing EPO Staff and Robbing Europe, by Extension

    The EPO is being looted for its value; the staff is rightly concerned and there’s legal action on the way, filed reluctantly as there’s clearly no other option (a last resort/necessary recourse)



  9. Cory Doctorow at Privacy Week 2020 on DRM, Freedom/Software Freedom, Regulation, Etc.

    “We Used To Have Cake, Now We’ve Barely Got Icing” by Cory Doctorow.



  10. Links 22/11/2020: KaOS 2020.11, Calindori 1.3, KStars 3.5.0

    Links for the day



  11. New Position Paper on the Unified Patent Court (UPC) Says It's “Not the Best Solution for Europe” -- Clearly an Understatement

    UPC proponents (profiteers) aren't enjoying support anymore; not only has progress stalled (come to a complete stop) but the whole debate about the UPC (or anything conceptually like it) turned toxic and negative because facts come out, overriding lobbyists of litigation giants



  12. Mortality Rates Increase at the EPO and Christmases (or Holidays) During Corona Mean Fewer Days Off

    There's still no sign (other than hand-waving and empty gestures/smiles) that the EPO's management wishes to right the wrongs and undo the damage done over the past decade or so; in some ways, today's management is worse than ever before (grossly incompetent and eager to break the law at every turn)



  13. Newly Abnormal: A Crackdown on EPO Staff and Labour Rights in 'Survey' Clothing (Willis Towers Watson)

    In a very characteristic fashion, with zero consultation/input from staff (or staff representatives/union leaders) EPO President António Campinos proceeds to implementing illegal ‘reforms’, assuring any remaining non-sceptics that he’s just another Benoît Battistelli



  14. IRC Proceedings: Saturday, November 21, 2020

    IRC logs for Saturday, November 21, 2020



  15. [Meme] Good Advice From the FSF, So It's Time to #DeleteGitHub

    A good gift for the FSF would be git; not GitHub, but git



  16. Go Distributed, Go Encrypted, Go Secure, Transparency Still Possible

    Earlier today we enhanced access to our (sometimes anonymised) IRC logs by issuing text (ASCII) versions, which will from now onwards be a nightly/daily occurrence; we're also making everything we publish accessible from a large number of IPFS nodes (akin to P2P)



  17. IAM Celebrating and Glorifying Illegal Patents With Fake 'Awards' and Bogus 'Endorsements'

    IAM's fake 'awards' are nothing more than business and agenda-steering lies; it's time to call out again the real corruption that's driving IAM (which is itself supporting and advocating corruption)



  18. Been There, Done That: Team UPC's 'October' Becomes 'Early November' and Now Late November

    The self-serving litigation fanatics who mislead their customers are still at it; Bristows says that UPC has no issues other than “delay”



  19. The Only Real Dialogue the 'European' Patent Office is Having... is With Litigation Parasites, Even Foreign Ones

    The EPO's mask falls off again, revealing a ruthless herd immunity-like mentality that welcomes patent trolls, threatens/condemns actual scientists, harms Europe and basically does a disservice to everybody



  20. Inside the EPO During Corona: SUEPO (EPO Staff Union) and the Central Staff Committee Blast the Office for Illegal Practices and Threaten Legal Action

    The Staff Union of the European Patent Office (SUEPO) and the Central Staff Committee (CSC) are escalating their tone; the management of the Office and the Organisation is running out of time as staff loses its patience and its tolerance for the repeated abuses by the administration



  21. IRC Proceedings: Friday, November 20, 2020

    IRC logs for Friday, November 20, 2020



  22. Links 21/11/2020: Coreboot 4.13, EasyOS 2.5, Wine 5.22, Gmusicbrowser 1.1.16

    Links for the day



  23. Links 20/11/2020: Xfce 4.16pre2 and Qt Releases

    Links for the day



  24. Open Letter to Mogzagain (No Worries)

    figosdev responds to a concerned reader of Techrights, who wants Free software to succeed



  25. Better Privacy Than Pretty Good Privacy

    We're getting into distributed-as-in-decentralised and encryption-enabled page distribution; we're also likely to be adopting Sequoia-PGP over time



  26. Inside the EPO During Corona: The EPO is Violating Workers'/Stakeholders' Privacy and Breaking Data Protection Law (Again)

    There's no respect for the law or for the dignity/privacy of EPO staff; whenever the subject is being brought up there's nothing but stonewalling and the Data Protection Officer is a friend of the offender, who would be reluctant to oversee anything



  27. Conduct of EPO Management Lacks “Basis in Legality” According to EPO Staff Representatives

    The ongoing assault on staff of the EPO isn't going unnoticed and for the impression of consent (acceptance of this assault) a survey is being imposed on workers (with pressure put by line managers to participate); Europe as a whole is under assault from the EPO, whose decision-making groups are entirely infiltrated by special interests (to give an impression of professional consultation)



  28. Inside the EPO During Corona: Managers Don't Think of the Children, Cut Their Budget for First Time in Half a Century

    The systematic attack on staff's rights and welfare shows no signs of stopping; the so-called 'president', who isn't even showing up for meetings with staff, has turned Europe's second-largest institution from cash cow into a cash laundering apparatus that eats its own workers



  29. IRC Proceedings: Thursday, November 19, 2020

    IRC logs for Thursday, November 19, 2020



  30. Links 20/11/2020: Mir 2.2, Istio Releases, Linux 5.9.9

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts