Bonum Certa Men Certa

Microsoft Angers the World by Asking for a Form of Security Bailout, More Fundamental Windows Flaws Found

Screaming



Summary: Microsoft's recommendation of "Internet tax" for removing Windows botnets/zombies doesn't fly; Windows DEP (data execution prevention) is busted

EARLIER in the week we wrote about Microsoft's Charney suggesting that everyone -- UNIX and Linux users included -- should pay [1, 2] to compensate for Microsoft's own negligence [1, 2, 3]. Many people already pay for the damage collectively; for instance, if banks lose money due to zombie Windows PCs that compromise accounts, then interest rates will be lessened. These are some of the hidden costs everyone pays for Microsoft's incompetence. In Germany, it's hardly even hidden anymore.



"Microsoft's Laugh-a-Minute Show Continues," says Glyn Moody regarding Microsoft's arrogant suggestion.

Can you believe it? Microsoft's lousy programming has caused *billions* of pounds worth of damage to the global economy in terms of downtime, lost files (and probably blood pressure problems) and it has the bare-faced cheek to suggest there should be an “Internet usage tax” on *everyone* (including GNU/Linux users) to pay for the rectification of *its* mistakes? No wonder Scott Charney has the humorous and manifestly self-contradictory title of “Microsoft Corporate Vice President for Trustworthy Computing”....


Here is another response: "Taxing every citizen for Microsoft Windows problems? Are we insane?"

Just when you think you've heard everything, something new arrives. Two years ago, we heard that half a million computers are infected with malicious bots every day (a "bot" is a software program that enters your computer from the Internet or inside infected files, then runs in the background to steal your data, send spam or wreak havoc in some other way).

This is a huge problem both because we depend on digital data in too many ways to explain them here (but you may read about them in the Open Government Book) and because of environmental reasons. According to a McAfee report published in May 2009 the amount of energy used every year to transmit, process and filter spam would be enough to power 2.4 million homes, with the same Greenhouse Gas emissions as 3.1 million passenger cars.

On March 2nd, 2010, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney spoke at a computer security conference about this very theme, that is how to fight the damages caused by computers infected by bots (or "malware").

According to the summary published on ComputerWorld, Mr Charney started correctly. He pointed out that, just as there are quarantine programs for people with infective diseases, the same thing should happen with people who have computers infected by malware but, for any reasons, won't fix them up as soon as possible: such people should not be allowed to go online until their computer is clean and safe.


Windows is insecure not because people are negligent; Microsoft itself is extremely negligent and there are many examples of this. "Typical Windows user patches every 5 days," says this new report from IDG (quoting Secunia).

75 Microsoft, third-party patch events each year are a burden most users can't bear, says Secunia


Here is Berend-Jan Weve finding another security problem in Windows. From SJVN:

Honest to God I don't go around trying to pick on Windows for its security problems, but the hackers keep finding new ways to break into it. And, this time, they've found a doozie. Berend-Jan Wever, aka "Skylined," a Google security software engineer has busted DEP (data execution prevention), one of the few significant security improvements Microsoft has made to Windows.

DEP, which was added to Windows back in August 2004 in XP SP2. It addressed the very common hacking technique of buffer overflows. In a buffer overflow attack, a malicious program tries to overwrite the buffer, the amount of memory a program has been allocated for running its code in. By so doing, a buffer overflow overwrites memory that may or may not have been allocated to other programs. In either case, it can then use this overwritten memory for its own purposes. Usually this means running malware or even taking over the computer itself.

[...]

Unfortunately, Wever, using a variation of a hacking technique he helped perfect called heap-spraying has busted DEP. In heap-spraying, the attack code made an educated guess at where vulnerable memory that could be used to execute unapproved programs could be found. In Wever's latest trick, the attacking code looks for clues on where to find memory that's allowed by DEP to run programs. Once armed with this information, the attack code can then successfully plant itself in the system.

While the attack code isn't ready to go for any script-kiddie, as Wever himself points out, he has given enough information on how to defeat DEP that it's only a matter of time before a competent cracker uses the code to start enabling new attacks.

[...]

In short, if you're running 32-bit Windows of any sort-XP, Vista, 7, Server 2008-you can look 'forward' to being even more vulnerable to attacks. Have I mentioned lately that I tend to do most of my desktop computing with Linux? Well, I am. This exploit opens up a new and huge hole in Windows' already vulnerable defenses.


For some of its better enhancements to security, Microsoft relies on Free software in the form of firewalls, even virus scanners.

The open source ClamAV project is often used on servers as a way to scan and secure e-mail gateways and Windows file shares. Now ClamAV is coming to the Windows desktop too, by way of the cloud.


Vista 7 is not a solution because it's not secure either. See the links below.

  1. Cybercrime Rises and Vista 7 is Already Open to Hijackers
  2. Vista 7: Broken Apart Before Arrival
  3. Department of Homeland Security 'Poisoned' by Microsoft; Vista 7 is Open to Hijackers Again
  4. Vista 7 Security “Cannot be Fixed. It's a Design Problem.”
  5. Why Vista 7 Could be the Least Secure Operating System Ever
  6. Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
  7. Vista 7 Vulnerable to Latest “Critical” Flaws
  8. Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
  9. Reason #1 to Avoid Vista 7: Insecurity
  10. Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)
  11. Trend Micro: Vista 7 Less Secure Than Vista
  12. Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!

Comments

Recent Techrights' Posts

Obscene Contradiction in Microsoft's Layoffs Tally ("Official" Numbers Do Not Add Up)
Notice how they treat "LinkedIn" as separate
Confirmed: Microsoft Layoffs Come in Two Waves, Just Like Last Summer
To us, what stands out is the admission from Microsoft that there are two (or more) waves
Links 06/07/2026: Artists Reject Slop (or Even de Facto Bribes to Market/Endorse Slop)
Links for the day
The Media Needs to Speak of Slop as a Climate Issue Like It Did With Bitcoin
But the slop industry keeps paying the media to play along with the hype
 
SLAPP Censorship - Part 130 Out of 200: Jealousy, Envy, Hubris
This site is primarily about Free software
Gemini Links 06/07/2026: Still Mostly Dry, GoToSocial, and More
Links for the day
European Patent Office (EPO) Series: Effective Dispute Resolution… But Not For EPO Staff
Slovenia fielded one of the few Administrative Council delegations which managed to maintain its own independent line against the tyrannical EPOnian "Sun King"
Community Sites Need Genuine Collaboration and True Autonomy
People who want to communicate, federate and organise for effective change need to evolve
Free Software Foundation (FSF) Covers Quibble, Free Software for Secure Communications, in the FSF Summer Bulletin
The Georgia Tech folks are bringing Free software education and contributions to one of the better known Computer Science hubs in the US
Microsoft Layoffs Include Windows, Bing, Slop (CoPilot etc.) and There Will More More Rounds (or Waves) to Come
"43% of Xbox laid off"
Preserving Comments About the Real IBM Before They Get Deleted
IBM in the 1980s is not what it is right now
Cybershow on "Escaping Prisons For Your Mind"
"THE CYBER SHOW: Stealing technofascism's boots, and stomping on its own face with them."
The Media Talks a Lot About XBox Layoffs, a Closer Look at the Data Show Microsoft 'Bloodbath'
'Bloodbath' is the term insiders use
Links 06/07/2026: At Least 20% Staff Reduction in XBox (Microsoft), Taiwan Sees Uptick in Chinese Aggression/Provocation, Senator Rodante Marcoleta Arrested
Links for the day
In Praise of the UK's Stance on Free Speech (but Some Reservations)
At the moment there is a healthy discussion going on with the objective of disrupting attacks on British press
Exposing Corruption at the European Patent Office (EPO), a Call for More Whistleblowers
We predict that, provided enough whistleblowers speak out, António "the unready" won't even finish his current term
Leaving Our Pets for Several Days
This week our pets will be worried that "mommy and daddy" are away
Dating Trees and Dating 'Apps'
several high-profile stories in the news about scandals in "dating apps"
DW Documentary About Julian Assange Turns 2
It was released just days after Assange had turned 53 and about two weeks after he had left the UK
Independent Media is the Only Form of Legitimate Media
Independent media is, indeed, what we need to demand more of
The Story of the European Patent Office (EPO) Wagging the Dog (EU)
The aim of the series is to properly inform the world - not just Europeans - how Europe's second-largest institution is run [...] How did a corporate hub of monopolies become so detached from the Rule of Law?
GNU/Linux Up to New High in Libya, Windows Down to All-Time Low
GNU/Linux touches 5% there, based on statCounter
SLAPP Censorship - Part 129 Out of 200: Iranian Tactics
Hunger for revenge compels people to do overzealous, irrational things
Quiet Week
Many in the US are still enjoying an extended weekend
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day
Not Everything Should be Electric
technology has become detrimental to society
Gemini Links 05/07/2026: Eye of the Beholder and Baldur’s Gate 3 and Alhena 5.6.5
Links for the day
GNU/Linux Market Share is Already High
GNU/Linux has fast become and is still becoming mainstream in recent years
The 9-Step IBM Algorithm: Gaming Wall Street While Shedding Off Staff and Bribing the Mainstream Media to Play Along
Any time IBM preaches manners (e.g. CoC) to the community remember that IBM works closely with and flatters the dictator
XBox is Practically 'Dead Man Walking' at This Point
writings on the wall
They Could Never Kill the Ideas of Richard Stallman (RMS), But They Are Still Trying
Killing an idea is harder than killing a person and killing a person is illegal
Only Germany Objected to Salary Adjustment (Reduction) Procedure of "Team Campinos"
"flash report on the Administrative Council of 30 June and 1 July 2026"
A "Never Slop" Policy in Quibble
"every change in the repository must be made by a human"
Series on GNU/Linux in Japan
This series can last a week or longer
75% of All the Patents Last Year Were Software
The corporate media has more or less ceased to discuss this matter
At Microsoft "the Morale of Developers is at an All-time Low"
Numerous reports today say that after at least 5 studios got marked for shutdown (mothballing) by Microsoft there are rumours about Obsidian as well
Links 05/07/2026: Data Breaches, Heat Waves, and Weinstein Rape Conviction Upheld
Links for the day
Confidentiality at Risk With Slop 'Coding'
People who continue to cheer for slop aren't just misguided fanbis and fangurls
False Narratives of Slop "Efficiency" as Debt Climbs
false stories about slop
July 8 as "D-Day" for Microsoft, Mass Layoffs Planned
Microsoft's grip on the market has slipped for a long time
GNU/Linux Leaps to 6% in Thailand
Can we expect 10% by year's end?
SLAPP Censorship - Part 128 Out of 200: Making Laws Work for Britain, Not Oversensitive Americans Looking for 'Revenge' by Lawfare
The SLAPPs are intended to protect corporations (employers like Microsoft)
EC Looking for Input on Digital Networks Act Until Next Month
New initiative
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 04, 2026
IRC logs for Saturday, July 04, 2026
Gemini Links 05/07/2026: Ragebaited and Removing Lines in Emacs
Links for the day
Links 05/07/2026: "Tesla Slams Into Crowded Cafe" and "ChatGPT [Turned] Into a Sociopath"
Links for the day
BRICS and Windows: All-Time Lows
Expect many more Microsoft layoffs in years to come
Do No Evil, Do Not DDoS
Sites that attract DDoS attacks because of their message are sites that are difficult to debunk or debate
France is Winning the Race Against Windows
France instructs, then orders, government agencies to adopt GNU/Linux
Not 2.5% and Not 2.5 Billion Dollars for "Hey Hi"; 2 Waves of Microsoft Layoffs Rumoured This Month, July 8th, Then July 22nd (Just Before 'Results')
People there join unions, knowing they will be terminated silently or otherwise
Microsoft Double Trouble With Slop
What does Microsoft even sell at this point?
Based on US Government Sites, GNU/Linux Has Reached About 8% "Market Share" in Desktops/Laptops
Culled to exclude mobile platforms, GNU/Linux would likely be above 8%
TheLayoff.com is Deleting Comments About IBM Offshoring
Meanwhile, rage-baiting Internet trolls and sometimes trolls who paste in LLM slop are immune from censorship
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026