01.20.10

“Emergency!” Says Microsoft as It’s Losing Market Share; All Versions of Windows Are Vulnerable

Posted in Free/Libre Software, FUD, GNU/Linux, Microsoft, Security, Windows at 5:48 pm by Dr. Roy Schestowitz

Summary: Microsoft responds very urgently to the gains Firefox and other Web browsers are making as more vulnerabilities start to surface; Microsoft also throws FUD at Firefox, just as it does against GNU/Linux

INTERNET EXPLORER is under attack [1, 2, 3, 4, 5, 6, 7]. Microsoft calls it an “emergency”, but the emergency is that Microsoft is losing market share, not that customers are at risk. Microsoft had publicly belittled this issue… until governments started to speak out and complain.

This is the real emergency:

German government IE warning leads to spike in Firefox downloads

Following a warning last Friday from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) concerning the security hole in Internet Explorer (IE), Mozilla has said that it has recorded a “huge increase” in the number of Firefox downloads in Germany. According to a post by Mozilla’s Ken Kovash on the Mozilla Blog of Metrics, more than 300,000 downloads of the open source browser took place during the recent Friday to Monday period. Similarly, Opera also reportedly saw downloads of its browser in Germany more than double.

“MS to issue emergency patch for potent IE vuln,” heralds The Register:

Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies.

Even the BBC wrote about it, having previously served as Microsoft’s mouthpiece amid these embarrassing incidents.

SJVN has just published “Who cares if IE is patched soon?”

Microsoft is now promising us that they’ll have a patch for the latest IE security hole … real soon now. So what? This problem, while it’s been exploited the most in IE 6, it exists in all modern versions of IE and it can be exploited in every version of Windows from Windows 2000 to Windows 7. And, I’m supposed to trust that Microsoft will ‘patch’ it right this time and that it won’t blow up on me again? I don’t think so.

SJVN is right. Governments complained due to a pattern of shoddy maintenance/stewardship from Microsoft, not because of this one incident. Enough it enough and taxpayers are paying the price while Microsoft and its ecosystem are profiteering from malware.

Microsoft is publicly defending the already-poor reputation of Internet Explorer. It does so right now “by spreading FUD against Firefox,” says Glyn Moody. He cites the following article:

With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in its browser. Easiest way to do it, apparently, is by saying that other browsers are even worse than IE.

The FUD against Firefox is made out of fabrications and secrets. It’s not even worth quoting.

Very recently we also caught Microsoft attacking Linux [1, 2] in order to defend Windows Mobile. So, Microsoft is finally just attacking rival operating systems and Web browsers when its own products come under scrutiny. Microsoft is miserable enough to descend to the final stage per Mahatma Gandhi, who said: “First They Ignore You, Then They Ridicule You, Then They Fight You.”

Linux is not taking Microsoft’s insults without rebutting. Jim Zemlin, the head of the Linux Foundation, has just shot back at Microsoft for its remarks. Here’s the background he provides:

Last week, David Coursey reported that Microsoft entertainment and devices boss Robbie Bach made the prediction in an analyst briefing that Linux on mobile will lose. Why? It’s choice is a bad thing for customers and that there is too much Linux in the mobile marketplace

But wait. There’s more. Since we’re discussing operating systems, check out this new article from The Register:

Windows plagued by 17-year-old privilege escalation bug

A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.

Well, is anyone surprised at all? Not the Slashdot crowd, that’s for sure. Microsoft never pretended to be a master of security until it became a huge threat to its survival. Microsoft must pretend now. Why? Because there’s potent competition. █

“Our products just aren’t engineered for security.”

–Brian Valentine, Microsoft executive

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

subsonica said,

January 20, 2010 at 7:25 pm

If it were just Internet Explorer…

http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

there is something fundamentally wrong with Windows security design.
Windows was never meant nor actually prepared to be multiuser or networked. Back in the days, Microsoft simply took MS-DOS + LAN MANAGER and glued to it a ripoff of the Digital VMS model of user security, copied the HPFS filesystem from OS2 (shafting IBM in the process) and called it NTFS, then added the Netware and BSD TCP/IP stack into the mix, called it “Windows NT” and they have just kept patching that model up to the current offerings, adding an E+E+E’ed version of LDAP called “Active Directory” on top of it from Windows 2000 on.
Every day that passes, keeping relying on this windows model for your data, services and applications is becoming more and more an irresponsability.
Dennis Murczak said,

January 21, 2010 at 1:45 pm

That pretty much sums up Windows history. They also copied KDE and sudo and marketed both as groundbreaking new stuff.

They should have stopped slapping new features onto a rotten legacy architecture years ago; now they are paying the bill. Not to mention that the only market in which they don’t have to compete is shrinking.

What Else is New

The Time for Freedom-Respecting Routers Has Come

Hardware sales are affected by the latest NSA revelations (back doors and flawed encryption) and now there is a window of opportunity for Free software alternatives
GNU/Linux-Powered and Freedom-Respecting Phones (OpenMoko is Sort of Back)

Perhaps a phone which Richard Stallman can use is already in the making, depending on how phone networks behave and how hardware behaves (whether it permits purely Free/libre software shim)
Forget Camera Gimmicks; Google Should Add Legitimate Encryption and Improve Privacy in Android

A call for Android developers to take privacy more seriously and not turn users of Android devices into products
Microsoft's Anti-Linux/Android Patent (FAT) Collapses in Europe, But Microsoft-backed Xamarin Tries to Interject Other Microsoft Patents Into Google Gear

A new ruling in Germany threatens Microsoft's campaign of fear and racketeering against Android (and GNU/Linux), but Microsoft allies from the now-defunct Novell help patent-pushing efforts, threatening to add new bait to Android
FreeBSD Lost Trust in Hardware Makers, Alleging NSA Tampering

FreeBSD believes that the NSA tampered with hardware-level random number generators
Xbox Live Shows Even Higher Degree of Microsoft/NSA Collusion

Xbox Live caught in the latest NSA scandal and the high degree of collusion seems to be reinforced by Microsoft's reluctance to comment; other developments like Microsoft's attack on rivals using the "privacy" card
Docker: Yet Another Software Deployment Endeavor
IBM and Microsoft Crushed Patent Reform in the United States, Last Resort is SCOTUS Again

Legislation in the US continues to be steered by large companies (or their lobbyists) with heaps of software patents; SCOTUS receives another opportunity to cross out software patents
Microsoft Shows That Corruption Pays Off

The company which aids crimes of the state is protected from having its crimes treated as such; just like big banks that receive bailouts rather than jail sentences, Microsoft receives document formats monopoly rather than embargo
Links 10/12/2013: Games, Applications, and Instructionals

Links for the day
Links 9/12/2013: Screenshots

Links for the day
Ubuntu is Not Truly Focused on Desktops Anymore

More signs that Ubuntu is deemphasising the desktop and treating users like a product/commodity, not entities whose interests should drive development
Fedora 20 About a Week Away

Fedora's latest release is just around the corner (released scheduled for December 17th)
Mother Jones Shows That Gates Foundation is a Hypocritical Ploy

Popular magazine Mother Jones is the latest among many magazines (those which have not been paid by Bill Gates yet) to tell readers the true story of the tax-evading, investment-driving, PR-pumping, Microsoft- and patents-boosting operation known as "Gates Foundation"
EU Commissioner VP Joaquin Almunia Aware of Microsoft's Anti-Linux By-Proxy Patent Strategy (Nokia), Threatens Antitrust Action

Formally, or at least publicly, European regulars say that they are aware of what Microsoft/Nokia is up to and they're not going to tolerate it
'Secure' Boot is Not Secure, Time to Abandon It

The 'security' boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI's expense
Benefits of Ubuntu's Derivatives: MATE, Cinnamon, and the Depth Desktop Environment

The power of deviation as demonstrated by Linux Mint and Linux Deepin, two of the more widely used derivatives of Ubuntu
Don't Rule Out Gentoo, Slackware, and Mandriva Just Yet

How distributions which were largely forgotten some years ago are making a comeback and spawning new derivatives
State-of-the-Art Gaming on GNU/Linux Not Only Possible But Becoming Default Option, Hardware Products

GNU/Linux as the operating system of gaming consoles no longer a far-fetched dream; companies other than Valve explore these possibilities
Links 8/12/2013: Applications and Instructionals

Links for the day
Drifting Away From Copyleft in Databases

Databases which are Free/Open Source software (FOSS) are becoming less liberal/freedom-respecting while deceiving labels hide it
Roman Catholic Church Joins Opposition to 'Trade' Agreements

The Church which claims to have 1.2 billion members is expressing dissatisfaction and opposition to TPP and TAFTA/TTIP
'Unauthorised' Programming and What It Means to Software Freedom

DRM and DMCA versus society, or how operation-restricting legal mechanisms are affecting coders, for whom not only software patents are now a creativity wall
Assassinations by Drone Make the West Hypocritical on Syria

Putting in context the cycle of violence which the West uses to justify indefinitely detaining the domestic population, assassinating parts of it, and spying on everyone (even domestically, using loopholes)
Links 6/12/2013: KDE and GNOME News

Links for the day
Links 6/12/2013: NSA News

Links for the day
Microsoft Sued Over Collusion With the NSA, Microsoft Issues Orwellian Statements

Microsoft is lying about privacy of its customers and the Free Software Foundation (FSF) responds
To Oracle, 'Community' Means Paying Oracle Customers

Oracle continues to extend only its own distribution of GNU/Linux (which is a ripoff of another), leaving everyone else out in the cold
Patent Policy Change a Victory for Large Corporations, Real Reform Remains Elusive

Patent extortion and litigation by proxy still permitted in the United States, even after the passage of a celebrated (by corporations) new bill
A Western Assault on GNU/Linux Security and Privacy

Governments (which are dominated by corporations) continue to make security hard as part of a campaign to spy on everyone under claims that it helps "national security" (control from above)