01.20.10

Gemini version available ♊︎

“Emergency!” Says Microsoft as It’s Losing Market Share; All Versions of Windows Are Vulnerable

Posted in Free/Libre Software, FUD, GNU/Linux, Microsoft, Security, Windows at 5:48 pm by Dr. Roy Schestowitz

Summary: Microsoft responds very urgently to the gains Firefox and other Web browsers are making as more vulnerabilities start to surface; Microsoft also throws FUD at Firefox, just as it does against GNU/Linux

INTERNET EXPLORER is under attack [1, 2, 3, 4, 5, 6, 7]. Microsoft calls it an “emergency”, but the emergency is that Microsoft is losing market share, not that customers are at risk. Microsoft had publicly belittled this issue… until governments started to speak out and complain.

This is the real emergency:

German government IE warning leads to spike in Firefox downloads

Following a warning last Friday from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) concerning the security hole in Internet Explorer (IE), Mozilla has said that it has recorded a “huge increase” in the number of Firefox downloads in Germany. According to a post by Mozilla’s Ken Kovash on the Mozilla Blog of Metrics, more than 300,000 downloads of the open source browser took place during the recent Friday to Monday period. Similarly, Opera also reportedly saw downloads of its browser in Germany more than double.

“MS to issue emergency patch for potent IE vuln,” heralds The Register:

Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies.

Even the BBC wrote about it, having previously served as Microsoft’s mouthpiece amid these embarrassing incidents.

SJVN has just published “Who cares if IE is patched soon?”

Microsoft is now promising us that they’ll have a patch for the latest IE security hole … real soon now. So what? This problem, while it’s been exploited the most in IE 6, it exists in all modern versions of IE and it can be exploited in every version of Windows from Windows 2000 to Windows 7. And, I’m supposed to trust that Microsoft will ‘patch’ it right this time and that it won’t blow up on me again? I don’t think so.

SJVN is right. Governments complained due to a pattern of shoddy maintenance/stewardship from Microsoft, not because of this one incident. Enough it enough and taxpayers are paying the price while Microsoft and its ecosystem are profiteering from malware.

Microsoft is publicly defending the already-poor reputation of Internet Explorer. It does so right now “by spreading FUD against Firefox,” says Glyn Moody. He cites the following article:

With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in its browser. Easiest way to do it, apparently, is by saying that other browsers are even worse than IE.

The FUD against Firefox is made out of fabrications and secrets. It’s not even worth quoting.

Very recently we also caught Microsoft attacking Linux [1, 2] in order to defend Windows Mobile. So, Microsoft is finally just attacking rival operating systems and Web browsers when its own products come under scrutiny. Microsoft is miserable enough to descend to the final stage per Mahatma Gandhi, who said: “First They Ignore You, Then They Ridicule You, Then They Fight You.”

Linux is not taking Microsoft’s insults without rebutting. Jim Zemlin, the head of the Linux Foundation, has just shot back at Microsoft for its remarks. Here’s the background he provides:

Last week, David Coursey reported that Microsoft entertainment and devices boss Robbie Bach made the prediction in an analyst briefing that Linux on mobile will lose. Why? It’s choice is a bad thing for customers and that there is too much Linux in the mobile marketplace

But wait. There’s more. Since we’re discussing operating systems, check out this new article from The Register:

Windows plagued by 17-year-old privilege escalation bug

A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.

Well, is anyone surprised at all? Not the Slashdot crowd, that’s for sure. Microsoft never pretended to be a master of security until it became a huge threat to its survival. Microsoft must pretend now. Why? Because there’s potent competition.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. subsonica said,

    January 20, 2010 at 7:25 pm

    Gravatar

    If it were just Internet Explorer…

    http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

    there is something fundamentally wrong with Windows security design.
    Windows was never meant nor actually prepared to be multiuser or networked. Back in the days, Microsoft simply took MS-DOS + LAN MANAGER and glued to it a ripoff of the Digital VMS model of user security, copied the HPFS filesystem from OS2 (shafting IBM in the process) and called it NTFS, then added the Netware and BSD TCP/IP stack into the mix, called it “Windows NT” and they have just kept patching that model up to the current offerings, adding an E+E+E’ed version of LDAP called “Active Directory” on top of it from Windows 2000 on.
    Every day that passes, keeping relying on this windows model for your data, services and applications is becoming more and more an irresponsability.

  2. Dennis Murczak said,

    January 21, 2010 at 1:45 pm

    Gravatar

    That pretty much sums up Windows history. They also copied KDE and sudo and marketed both as groundbreaking new stuff.

    They should have stopped slapping new features onto a rotten legacy architecture years ago; now they are paying the bill. Not to mention that the only market in which they don’t have to compete is shrinking.

DecorWhat Else is New


  1. IRC Proceedings: Tuesday, January 31, 2023

    IRC logs for Tuesday, January 31, 2023



  2. Links 31/01/2023: Catchup Again, Wayland in Xfce 4.20

    Links for the day



  3. Links 31/01/2023: elementary OS 7

    Links for the day



  4. Intimidation Against Nitrux Development Team Upsets the Community and Makes the Media Less Trustworthy

    Nitrux is being criticised for being “very unappealing”; but a look behind the scenes reveals an angry reviewer (habitual mouthpiece of the Linux Foundation and Linux foes) trying to intimidate Nitrux developers, who are unpaid volunteers rather than “corporate” developers



  5. Links 31/01/2023: GNOME 44 Wallpapers and Alpha

    Links for the day



  6. Free and Open Source Software Developers' European Meeting (FOSDEM) and KU Leuven Boosting Americans and Cancellers of the Father of Free Software

    The Free Software Foundation (FSF) and its founder, Richard M. Stallman (RMS), along with the SFLC one might add, have been under a siege by the trademark-abusing FSFE and SFC; Belgium helps legitimise the ‘fakes’



  7. Techrights in the Next 5 or 10 Years

    Now that I’m free from the shackles of a company (it deteriorated a lot after grabbing Gates Foundation money under an NDA) the site Techrights can flourish and become more active



  8. 60 Days of Articles About Sirius 'Open Source' and the Long Road Ahead

    The Sirius ‘Open Source’ series ended after 60 days (parts published every day except the day my SSD died completely and very suddenly); the video above explains what’s to come and what lessons can be learned from the 21-year collective experience (my wife and I; work periods combined) in a company that still claims, in vain, to be “Open Source”



  9. IRC Proceedings: Monday, January 30, 2023

    IRC logs for Monday, January 30, 2023



  10. Taking Techrights to the Next Level in 2023

    I've reached a state of "closure" when it comes to my employer (almost 12 years for me, 9+ years for my wife); expect Techrights to become more active than ever before and belatedly publish important articles, based on longstanding investigations that take a lot of effort



  11. The ISO Delusion: When the Employer Doesn’t Realise That Outsourcing Clients' Passwords to LassPass After Security Breaches Is a Terrible Idea

    The mentality or the general mindset at Sirius ‘Open Source’ was not compatible with that of security conscientiousness and it seemed abundantly clear that paper mills (e.g. ISO certification) cannot compensate for that



  12. Links 30/01/2023: Plasma Mobile 23.01 and GNU Taler 0.9.1

    Links for the day



  13. EPO Management Isn't Listening to Staff, It's Just Trying to Divide and Demoralise the Staff Instead

    “On 18 January 2023,” the staff representatives tell European Patent Office (EPO) colleagues, “the staff representation met with the administration in a Working Group on the project “Bringing Teams Together”. It was the first meeting since the departure of PD General Administration and the radical changes made to the project. We voiced the major concerns of staff, the organization chaos and unrest caused by the project among teams and made concrete proposals.”



  14. Links 30/01/2023: Coreboot 4.19 and Budgie 10.7

    Links for the day



  15. IRC Proceedings: Sunday, January 29, 2023

    IRC logs for Sunday, January 29, 2023



  16. [Meme] With Superheroes Like These...

    Ever since the new managers arrived the talent has fled the company that falsely credits itself with "Open Source"



  17. Not Tolerating Proprietary 'Bossware' in the Workplace (or at Home in Case of Work-From-Home)

    The company known as Sirius ‘Open Source’ generally rejected… Open Source. Today’s focus was the migration to Slack.



  18. The ISO Delusion: A Stack of Proprietary Junk (Slack) Failing Miserably

    When the company where I worked for nearly 12 years spoke of pragmatism it was merely making excuses to adopt proprietary software at the expense of already-working and functional Free software



  19. Debian 11 on My Main Rig: So Far Mostly OK, But Missing Some Software From Debian 10

    Distributions of GNU/Linux keep urging us to move to the latest, but is the latest always the greatest? On Friday my Debian 10 drive died, so I started moving to Debian 11 on a new drive and here's what that did to my life.



  20. Stigmatising GNU/Linux for Not Withstanding Hardware Failures

    Nowadays "the news" is polluted with a lot of GNU/Linux-hostile nonsense; like with patents, the signal-to-noise ratio is appalling and here we deal with a poor 'report' about "Linux servers" failing to work



  21. Microsofters Inside Sirius 'Open Source'

    Sirius ‘Open Source’ has been employing incompetent managers for years — a sentiment shared among colleagues by the way; today we examine some glaring examples with redacted communications to prove it



  22. Links 29/01/2023: GNOME 43.3 Fixes and Lots About Games

    Links for the day



  23. The Hey Hype Machine

    "Hey Hype" or "Hey Hi" (AI) has been dominating the press lately and a lot of that seems to boil down to paid-for marketing; we need to understand what's truly going on and not be distracted by the substance-less hype



  24. IRC Proceedings: Saturday, January 28, 2023

    IRC logs for Saturday, January 28, 2023



  25. Unmasking AI

    A guest article by Andy Farnell



  26. The ISO Delusion/Sirius Corporation: A 'Tech' Company Run by Non-Technical People

    Sirius ‘Open Source’ was hiring people who brought to the company a culture of redundant tasks and unwanted, even hostile technology; today we continue to tell the story of a company run by the CEO whose friends and acquaintances did severe damage



  27. Links 28/01/2023: Lots of Catching Up (Had Hardware Crash)

    Links for the day



  28. IRC Proceedings: Friday, January 27, 2023

    IRC logs for Friday, January 27, 2023



  29. Microsoft DuckDuckGo Falls to Lowest Share in 2 Years After Being Widely Exposed as Microsoft Proxy, Fake 'Privacy'

    DuckDuckGo, according to this latest data from Statcounter, fell from about 0.71% to just 0.58%; all the gains have been lost amid scandals, such as widespread realisation that DuckDuckGo is a Microsoft informant, curated by Microsoft and hosted by Microsoft (Bing is meanwhile laying off many people, but the media isn’t covering that or barely bothers)



  30. This is What the Microsoft-Sponsored Media Has Been Hyping Up for Weeks (Ahead of Microsoft Layoffs)

    Reprinted with permission from Ryan


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts