EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.22.10

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft’s Own Flaws and Against Google)

Posted in Google, Microsoft, Security, Windows at 7:32 am by Dr. Roy Schestowitz

Chinese girl in beijing

Summary: Microsoft is transforming the debate from one which is centered on Microsoft’s inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

“Blame someone else” is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people’s PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):

We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it’s (a) big and (b) getting bigger. And there’s no reason, at present, to suspect that the trend will reverse, because nobody’s doing anything that appears to — in any significant way — to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?

So, according to the above, it’s safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It’s not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.

Chuck Norris Botnet Karate-chops Routers Hard

If you haven’t changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris — the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University’s Institute of Computer Science in Brno, Czech Republic.

Olympic skier Begg-Smith known as ‘spam king’

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware – usually in the form of fake point generators – often comes into play. “Fake points generators that run on your PC promise free Microsoft points in return for your login details,” Boyd explained. “Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake ‘it works’ messages on the videos promoting them [phishing tricks],” he added.

BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.

Obviously, people talk about the BSOD issue as one involving Microsoft’s attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft’s blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft’s inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn’t they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows’ fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They’re probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I’d say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn’t be any ‘unsupported’ ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down — most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn’t capable of keeping up with the hackers or their threats.

In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft’s own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say “allegedly” because the schools are denying it. From yesterday’s news: “Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday.” Here again is misplaced focus on people who exploited Microsoft’s defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: “Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source.”

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It’s the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. “Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t,” says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That’s Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google’s side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.

Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.

It’s the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It’s funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. More Threats From Elodie Bergot: The EPO is Back in a State of Disarray and That Authoritarian Atmosphere of Fear

    ‘Under the radar’ — so to speak — there have been further assaults and obvious deterioration at the EPO, where staff is being muzzled while robbed by people who gamble the EPO's money away



  2. Campinos Uses Donald Trump Associates to Attack the EPO's Staff Amid Coronavirus Pandemic (Whilst Also Threatening Staff Representatives)

    Mr. Blowhard “Breitbart” runs or does the EPO’s finances now; it doesn’t seem to bother EPO management that they’re relying on fraud — in fact, as one might suggest that this is exactly what they’re after (faking financial performance to implement unnecessary cuts)



  3. EPO Staff Union (SUEPO): “We Are Back to Battistelli's Times”

    The EPO‘s management continues its reckless and shameless attack on staff, based on complete lies and fabrications, even at times of uncertainty and stress



  4. IRC Proceedings: Thursday, April 09, 2020

    IRC logs for Thursday, April 09, 2020



  5. Links 9/4/2020: Qt and Free Software Contention, ReactOS 0.4.1, Jitsi Meet

    Links for the day



  6. The Fall of the UPC - Part XVII: Bardehle Pagenberg in 'Corona Zombie' Mode

    Gymnastics in logic and outright lies told by Bardehle Pagenberg, which spent endless time and money trying to pass the UPC(A) for its patent-trolling clients



  7. The Fall of the UPC - Part XVI: What's Reality Got to Do With It? Ask Hogan Lovells.

    Hogan Lovells, whose Counsel is Winfried Tilmann, wants us to think that UPC is dead only for formal reasons or that it's not really dead because they just need to vote again; reality, however, is far more complicated, but lawyers gonna lie...



  8. The Fall of the UPC - Part XV: A Three-Week Parade of Lies From Team UPC and Its Media Collaborators

    Team UPC continues to shamelessly lie about the fate of the Unified Patent Court Agreement (UPCA); we've studied all the responses we were able to find and we'll tackle them one by one (or firm by firm)



  9. Coronavirus Has Not Slowed Down the EPO's Promotion of Illegal Software Patents

    Using the latest buzzwords and weasel words (digital, games, videogames, digitalisation etc.) the EPO continues to invite bogus patents/applications and boasts about granting a lot more of them



  10. IRC Proceedings: Wednesday, April 08, 2020

    IRC logs for Wednesday, April 08, 2020



  11. Links 8/4/2020: Tails 4.5, Septor 2020.2, GNOME Money Awards and Mozilla's New CEO

    Links for the day



  12. IRC Proceedings: Tuesday, April 07, 2020

    IRC logs for Tuesday, April 07, 2020



  13. GitHug - A Guest Article by Thomas Grzybowski

    "Now, if Azure revenue has increased 72%, but the gross revenue in this category has only increased 25%, that means that the other components, primary GitHub, are actually a substantial negative."



  14. Links 7/4/2020: Firefox 75, Python 2.7.1 RC1

    Links for the day



  15. The Fall of the UPC - Part XIV: Media Owned and Controlled by Law Firms Did Not Properly Cover the Decision of the German Constitutional Court (FCC)

    We take another look at the shallow if not deliberately misleading coverage in sites that are literally owned and run by law firms, for the benefit of law firms rather than informing the public



  16. The Media Paints Bill Gates as the Man Who Will Save the World While Seattle's Police Department Obstructs Access to Documents About Pedophilia Arrest at His Home

    We're still unable to receive even one single page of the police report about arrest for pedophilia at the home of Bill and Melinda Gates; the media says nothing about this and instead it paints Gates as a national or international hero



  17. IRC Proceedings: Monday, April 06, 2020

    IRC logs for Monday, April 06, 2020



  18. Software Patents Remain Junk Patents in the United States (Not Enforceable), Whereas the EPO Keeps Granting Them and Promoting Them

    We take note of the positive outcomes in the US, where courts continue to reject software patents, but in Europe the largest patent office, which sought to replace all the courts, still acts as if patent law does not exist and patents can be endlessly printed irrespective of their merit (or validity as judged by actual courts)



  19. The Fall of the UPC - Part XIII: A Death Worth Celebrating and Many Lies Worth Debunking

    We take stock of positive responses to the decision made by the German constitutional court (FCC) 2.5 weeks ago; we also explain why it has taken so long to piece together firm-by-firm scoresheet for UPC lies



  20. GitHub is Moving the Free Software Movement Into “Check”

    GitHub's growing levels of control over Free software projects (GitHub itself is proprietary and Microsoft-controlled) ought to alarm the community; it's a lot worse than most people care to acknowledge, based on weeks of detailed analysis of GNU/Linux distros



  21. Links 6/4/2020: New Red Hat CEO, elementary OS Hera Updates

    Links for the day



  22. When the Decision is OK and the Judge's Motivations Are Also OK

    Justice Huber made the right call; but the bullies and charlatans who conspired to undermine laws and constitutions will never be satisfied



  23. The Fall of the UPC - Part XII: Doing the Unthinkable by Blaming the Judge's (Justice's) Wife?

    Team UPC and its media partners never cease to amaze us; anybody who stands in their way is either portrayed as a Russian stooge or too ignorant to be worth talking to



  24. The Fall of the UPC - Part XI: Lies Told by Bundesverband der Deutschen Industrie (BDI) in Süddeutsche Zeitung

    Today we look at misleading claims (or lies) published by Süddeutsche Zeitung after the Germans' constitutional court (FCC) had pointed out the obvious, namely that UPC ratification would be in violation of the German constitution



  25. IRC Proceedings: Sunday, April 05, 2020

    IRC logs for Sunday, April 05, 2020



  26. Links 5/4/2020: MindSpore, Covid-19 Projects and More

    Links for the day



  27. EPO is Just Like Some Cruel Political Party and Not a Patent Office

    The "cabal" which runs today's EPO (even the word "Mafia" seems suitable here) isn't acting -- not even remotely -- like a patent office; it's a patent-printing operation ("protection money" as income) that uses shallow political stunts to manufacture consent with the EU's 'generous' assistance



  28. Digitalisation and Digital Technologies as a Ploy to Justify Illegal Software Patents

    Say "hello" to the next weasel word/s; from the "hey hi" hype wave we've now moved to something "digital" (which can mean just about anything, including algorithms of all sorts)



  29. The Fall of the UPC - Part X: How We Shall Catalogue UPC Lies

    The cult that Team UPC became (one member lying to another member, maintaining a false version of reality) will be judged based on underlying facts, not lying about facts; we start with a token of contempt for IP Kat and Bristows LLP (there are overlaps)



  30. IRC Proceedings: Saturday, April 04, 2020

    IRC logs for Saturday, April 04, 2020


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts