EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.22.10

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft’s Own Flaws and Against Google)

Posted in Google, Microsoft, Security, Windows at 7:32 am by Dr. Roy Schestowitz

Chinese girl in beijing

Summary: Microsoft is transforming the debate from one which is centered on Microsoft’s inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

“Blame someone else” is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people’s PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):

We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it’s (a) big and (b) getting bigger. And there’s no reason, at present, to suspect that the trend will reverse, because nobody’s doing anything that appears to — in any significant way — to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?

So, according to the above, it’s safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It’s not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.

Chuck Norris Botnet Karate-chops Routers Hard

If you haven’t changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris — the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University’s Institute of Computer Science in Brno, Czech Republic.

Olympic skier Begg-Smith known as ‘spam king’

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware – usually in the form of fake point generators – often comes into play. “Fake points generators that run on your PC promise free Microsoft points in return for your login details,” Boyd explained. “Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake ‘it works’ messages on the videos promoting them [phishing tricks],” he added.

BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.

Obviously, people talk about the BSOD issue as one involving Microsoft’s attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft’s blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft’s inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn’t they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows’ fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They’re probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I’d say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn’t be any ‘unsupported’ ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down — most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn’t capable of keeping up with the hackers or their threats.

In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft’s own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say “allegedly” because the schools are denying it. From yesterday’s news: “Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday.” Here again is misplaced focus on people who exploited Microsoft’s defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: “Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source.”

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It’s the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. “Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t,” says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That’s Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google’s side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.

Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.

It’s the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It’s funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Monday, January 27, 2020

    IRC logs for Monday, January 27, 2020



  2. Links 27/1/2020: Linux 5.5 is Out, Work on Linux 5.6 Commences, New Solus and Award for Andrew Tridgell

    Links for the day



  3. EPO: Goodbye to the Rule of Law and Hey Hi, AI!

    The EPO’s embrace of buzzwords — no longer a unique EPO strategy (it has already spread elsewhere) — puts examiners in a very bad position and they’re grappling with nerve- and mind-racking dilemmas (risk of unemployment for truly upholding the EPC)



  4. IRC Proceedings: Sunday, January 26, 2020

    IRC logs for Sunday, January 26, 2020



  5. Links 26/1/2020: MuseScore 3.4 Released, New Kate Icon and Solus 4.1 Fortitude Available

    Links for the day



  6. MIT and Microsoft Have Done Nothing to Actually Tackle Pedophilia and Ephebophilia

    MIT never actually resolved the issue that caused Joi Ito, Richard Stallman and others to be ejected; Microsoft meanwhile continues to profit from life-changing abuse (while seeding puff pieces in friendly media, just to pretend otherwise)



  7. Opinion: If You Advocate Population Control and You Are Yourself Doubling in One Single Generation, Then You Might be Hypocritical

    People with 3-5 children (each) tell us that the world has an overpopulation problem; while the growth of the population certainly poses a risk, these people lack the moral authority to lecture us about that (unless they adopt a eugenicist worldview, wherein only particular people are permitted to reproduce)



  8. IRC Proceedings: Saturday, January 25, 2020

    IRC logs for Saturday, January 25, 2020



  9. Nothing Has Truly Changed Since Netscape and Antitrust

    The same old crimes persist, as well as the blatantly anticompetitive behaviour



  10. When the Monopolists and the Patent Litigation Industry Hijack the News They Control the Narrative

    Money buys perception and litigation firms have certainly 'bought' the media coverage, which fails to convey the issue at stake and instead paints a rational court decision as tragedy for "innovation" (by "innovation" they mean monopolies on nature and on life)



  11. Links 25/1/2020: OPNsense 20.1 RC1 and DXVK 1.5.2

    Links for the day



  12. The Linux Kernel is No Longer Free Software?

    Gardiner Bryant, the creator of The Linux Gamer as well as The Off Topical Podcast, reacts to our articles about DRM in Linux (he even pronounced my name correctly)



  13. Sometimes Proprietary Software is Proprietary (Secret) Simply Because It is Not Good and Obfuscation Helps Hide Just How Ugly It Is

    Why nonfree (or proprietary) software generally fails to catch up with Free/libre software — at least on technical grounds — and then makes up for it with marketing and FUD offensives (discrediting perfectly-functioning things, based on their perceived cost)



  14. IRC Proceedings: Friday, January 24, 2020

    IRC logs for Friday, January 24, 2020



  15. Links 24/1/2020: GNU/Linux in Russia and More New Openings

    Links for the day



  16. When EPO Press Coverage Boils Down to Lobbying, Press Releases, EPO Lies, and Bribery

    Any attempts to properly assess and explain what happens in Europe's patent landscape are being drowned out by EPO-bribed and law firms-connected media; to make matters worse, the EPO's bribes have expanded to academia, so even scholarly work in this domain is corrupted by money of special interest groups



  17. IRC Proceedings: Thursday, January 23, 2020

    IRC logs for Thursday, January 23, 2020



  18. Links 23/1/2020: Qubes OS 4.0.3, EasyOS 2.2.5, GhostBSD 20.01

    Links for the day



  19. Passion of the Microsoft

    A rough timeline of Microsoft’s interactions with Linux and the Linux Foundation since 2015



  20. The Patent Microcosm is Really Panicking as European Patents on Life and Other Spurious Junk (Invalid Patents) Are Successfully Rejected

    European Patents (EPs) may be revoked en masse if what we're seeing is the gradual emergence of 'European Mayo' (and maybe soon 'European Alice')



  21. Distractions From Microsoft's Gigantic Tax Evasion and Contribution to Denial of Climate Science

    Microsoft (connected to oil companies) wants us to think of it as a "green" company; not only does it contribute to climate denial but it also evades tax, which is a serious crime that costs tens of billions of dollars (the public pays this money instead)



  22. Confirmation: System1/Startpage Offered Pay to People Who Pushed for (Re)Listing in Privacy Directories

    The debate is now settled; those arguing in favour of listing Startpage as privacy-respecting are in fact secretly 'compensated' by Startpage (in other words, they're Startpage 'shills')



  23. Vandana Shiva: “Bill Gates is Continuing the Work of Monsanto”

    A recent interview on what Bill Gates is really up to in that sham ‘charity’ of his



  24. IRC Proceedings: Wednesday, January 22, 2020

    IRC logs for Wednesday, January 22, 2020



  25. Extending Linux With DRM, Azure and exFAT

    An insufficiently 'conservative' Linux ceases to be freedom-respecting



  26. Linux Foundation (LF) Now Dominated by Lots of Microsoft People and LF Chiefs Join Microsoft in Smearing GPL/Copyleft

    We continue to see additional evidence which serves towards reinforcing our view that the so-called 'Linux' Foundation is actually hostile towards many things that are associated with Linux (unlike those looking to exploit/hijack Linux for proprietary ends)



  27. Links 22/1/2020: Wayland 1.18 Alpha, ODF 1.3 Approved

    Links for the day



  28. IRC Proceedings: Tuesday, January 21, 2020

    IRC logs for Tuesday, January 21, 2020



  29. Poor Excuses for Granting Poor (and Often Illegal/Invalid) Patents

    A quick look at some of the latest examples of software patents advocacy (not by actual software professionals, obviously) and why it's deeply misguided (or guided solely by greedy law firms)



  30. A Simple Plan For a Universal Free Software Community

    "For software to be free as in freedom, we need more people to care personally about software freedom."


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts