02.07.10

Another Misdirected Response from the Government to the Company “Not Engineered for Security”

Posted in GNU/Linux, Microsoft, Security, Windows at 5:03 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Another terrible month for Microsoft insecurity and the government is still unable to respond sensibly to the threat

YESTERDAY we wrote about Microsoft's lobbying for an Internet "Driver's Licence" policy. Rather than blocking the real culprit (Windows) it might only block BSD and GNU/Linux. More importantly, it would resolve absolutely nothing for the reasons just explained by Mike Masnick:

And an internet driver’s license is even more ridiculous. Unlike a car, the internet is something that people have to use all the time. No driver’s license is going to stop people from getting suckered by scammers.

Exactly. And what does the US government do? Rather than mimic Australia’s plan to ban many Windows machines [1, 2], the US government throws some more money into “research”. US taxpayers will once again pay for Microsoft's incompetence, just like in Germany.

The US House of Representatives has overwhelmingly passed a bill that would direct almost $400m toward research designed to shore up the nation’s cybersecurity defenses.

Microsoft’s software will never be secure. Microsoft itself has admitted that its “products just aren’t engineered for security.” Based on the news, there is yet another Internet Explorer flaw:

CURSED BY ITS HAIRBALL CODE, Microsoft has released another security warning relating to a bug in Internet Explorer.

There have been so many such flaws recently [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] that it’s hard to keep track of which is which. Many are highly severe and there was also an IE flaw reported just the day after Microsoft had released an emergency IE patch (for a flaw it knew about and willingly ignored for almost 6 months, demonstrating Microsoft’s negligence [1, 2, 3] and infinite arrogance).

Based on CNET, Microsoft is to bring patches for no less than 26 holes next week:

Microsoft will patch 26 holes next week, including critical ones in Windows, one affecting the kernel of 32-bit versions, and several holes in Office, the company said Thursday in a preview of its Patch Tuesday.

That’s just a lower bound though. As we already know, Microsoft is patching many flaws without even telling the public in order to embellish its public record. This is a company of systematic liars, a company that is unable to make secure software, let alone patch it in a responsible (and timely) fashion. Had the government tried to resolve its security issues, then it would impose and use greater pressure to move to UNIX and Linux [1, 2].

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Jose_X said,

    February 7, 2010 at 10:03 pm

    Gravatar

    Anyone know who is getting what fraction of the $400 cybersecurity money? If Linux is represented, then a “drop Windows wherever possible” as a solution might get proposed. Is the MS related cyberchief (iirc) in charge of accepting proposals?

What Else is New


  1. Guarding Your Privacy With E2EE: Primer

    "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."



  2. Links 27/11/2020: Systemd 247 and Cockpit 233

    Links for the day



  3. A Free Speech Deficit Harms Software Freedom

    Free software and Software Freedom cannot possibly succeed if we keep accepting or even just tolerating systematic censorship of opinionated people in our community; failing to speak out on this matter (for fear of supposedly offending someone, risking expulsion) is part of the problem — complicity by passivity



  4. Perception of Difficulty

    New poem by figosdev



  5. IRC Proceedings: Thursday, November 26, 2020

    IRC logs for Thursday, November 26, 2020



  6. Cartoon: After Gambling With Workers' Savings the EPO Can Do Real Estate

    New EPO cartoon from EPO insiders (the one on the right certainly looks a lot like António Campinos and the one on the left can be his EUIPO ‘import’ or Benoît Battistelli‘s INPI ‘import’)



  7. Free as in Freedom Should Not be Associated With Cost

    It's important to remind people that so-called 'free' services (Clown Computing, centralised spaces that 'farm' their so-called 'users') aren't really free; we need to advocate freedom or free-as-in-freedom alternatives



  8. [Meme] UPC's Pyrrhic Victory

    Contrary to what Team UPC says, what happened earlier today is hardly a breakthrough



  9. Many Thanks to Free Software, the Demise of Software Patents (in Europe and the US), and So Much More

    On a positive note we're heading into the end of November, one month before Boxing Day; we take stock of patent affairs that impact software developers



  10. Links 26/11/2020: PHP 8.0, Proxmox VE 6.3, UNIGINE 2.13

    Links for the day



  11. 29,000 Blog Posts and Recent Site Improvements

    Over 29,000 blog posts have been posted here, but more importantly we've made the site a lot more robust and resilient, accessible in more formats and protocols (while improving transparency, too)



  12. [Meme] Trump is Out. Now It's Time to Pressure the Biden Administration/Transition Team on Software Freedom Issues.

    The Biden transition is in motion and tentative appointments are underway, based on news reports (see our Daily Links); now is the time to put pressure, e.g. in the form of public backlash, to ensure it's not just another corporate presidency



  13. Boycott ZDNet Unless You Fancy Being Lied to

    ZDNet's Catalin Cimpanu continues to lead the way with misinformation and lies, basically doing whatever he was doing to land that job at ZDNet (after he had done the same elsewhere)



  14. The UPC and Unitary Patent Song

    On goes the UPC symphony, as the Unified Patent Court (UPC) is almost here, always coming "real soon!"



  15. Open Letter to the German Greens on UPC and Software Patents: Don’t Betray Your Voters and Your Promises, or You Will Regret it

    Dear Members of the German Greens in the Bundestag. By Benjamin HENRION.



  16. [Meme] One Step Away From Replacing Patent Examiners With 'Hey Hi' (AI)

    If it's not legal for 'Hey Hi' (AI) to get a patent, why should it be legal for patents to be granted by those who are invisible (and sometimes in de facto house arrest)?



  17. European Patent Office (EPO) Reduced to 'Justice Over the Telephone' and Decree by E-mail

    The EPO is trashing the EPC and everything that the Office was supposed to stand for, as it wrongly assumes demand for monopolies (typically from foreign corporations) comes before the rule of law and Europe's public interest



  18. Making Free Software Work for Users

    The latest reply to a non-developer concerned about software freedom; guest post by figosdev



  19. IRC Proceedings: Wednesday, November 25, 2020

    IRC logs for Wednesday, November 25, 2020



  20. Links 26/11/2020: AV Linux 2020.11.23 and Blender 2.91 Release

    Links for the day



  21. Links 25/11/2020: GamerOS and Biden Transition in Motion

    Links for the day



  22. An Orwellian December

    With December around the corner and states tightening the screws on the population (or employers on employees) at least we can look forward to spring



  23. The Non-Technical (or Lesser Technical) Software User That Wants Software Freedom

    Assuming that Free software should care about what users — not only developers — really want (and need) it’s important to understand how they view the current situation (with growing waves of corporate takeover and compromises, even expulsions)



  24. The European Patent Office Should be Run by Patent Examiners (Scientists), Not Politicians

    Europe would be better off (and patent quality much improved) had people with an actual grasp of science and reality were in charge of the EPO, not a money-chasing kakistocracy (which is what we have now)



  25. Member of the EPO's Boards of Appeal Explains Why VICOs (or ViCo/Video Conferences/Virtual 'Hearings') Are Not Suitable for Justice

    It's interesting to hear (or see/read) what people inside the EPO have to say about the "new normal" when they enjoy a certain level of anonymity (to avert retribution)



  26. Open Source Initiative (OSI) Co-founder Bruce Perens: Open Invention Network (OIN) is Protecting the Software Patent System From Reform and OSI Approves Faux 'Open' Licences (Openwashing)

    Richard Stallman was right about the OSI and the fake 'movement' that claims to have 'coined' the term "Open Source" (it wasn't a new term at all; it had been used in another context and the Free software community spoke of things like "Open Hardware" years earlier)



  27. IRC Proceedings: Tuesday, November 24, 2020

    IRC logs for Tuesday, November 24, 2020



  28. Making JavaScript Suck Less

    "Other than that, the first rule of JavaScript is: Do not use JavaScript. But this article is for people who break the first rule."



  29. Microsoft 'Moles' Inside WINE Project? WINE Should Bring Windows Users to GNU/Linux, Not the Other Way Around.

    The press release above (link omitted, it was pinned in several sites) is a cause for concern; after Microsoft infiltrated OSI and the Linux Foundation (both are now GitHub boosters, in effect diverting projects to Microsoft’s proprietary monopoly) it’ll be important to watch this space



  30. Links 25/11/2020: Raspberry Pi 400 With Touchscreens, Animation Framework in GTK/GNOME

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts