EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.16.10

Kaspersky Slams Windows for Insecurity, Microsoft Delivers Bad Patches and Leaves Windows Exposed

Posted in Microsoft, Security, Windows at 3:41 am by Dr. Roy Schestowitz

Eugene Kaspersky

Summary: Security guru Eugene Kaspersky has harsh words for Microsoft, which still fails to secure its platform and even patch software without breaking it

IT HAS been another tough week for Windows, which simply cannot be secured, not even with ‘snake oil’ software that’s called “anti-virus” (unless the placebo effect counts).

A few months ago we wrote about Microsoft being allowed into Ford cars. There are already security concerns about that at Ford. They worry about Windows/WiFi in the car getting hijacked.

“Sadly, we live in a world where Microsoft pressures journalists to misreport incidents.”We wish to discuss for a moment an interesting phenomenon. When a car breaks down (let us say a Toyota), the news will say a Toyota car is having issues, it won’t say that cars in general have issues. That’s because the market is full of choices. Yes, choices, diversity, not “fragmentation” as Microsoft would probably put it. If “Windows” is embedded in PCs, then Windows can become interchangeable and synonymous with “computing”. Then, people would not realise what’s really wrong and that they also have better choices. Sadly, we live in a world where Microsoft pressures journalists to misreport incidents. Taken from a long discussion we’ve had by E-mails for a few days now, consider the fact that we have documented examples where journalists received mail from Microsoft’s PR agencies (e.g. W-E) to tell them off and ask them to change articles about Windows security. The Inquirer is good in that regard because without much reluctance it spilled the beans when that happened. We have given articles from them where content was being tempered by Microsoft PR agencies, whose job was to spin the vulnerabilities in Vista.

Reporters who are contacted because they describe Windows security problems as just “computer problems” often cite the “popularity” myth of Windows as the cause. It’s PR. Given the widespread use of GNU/Linux in servers and devices everywhere, people should struggle to reason about lack of cracking as related to “popularity”. Windows is not popular by the way, it’s just ubiquitous*. Moreover, Microsoft commissions and manufactures its own ‘studies’ where it hides flaws and reports bogus numbers. There are many examples to that effect.

Here is what Eugene Kaspersky said about Windows earlier this month:

Security chief Eugene Kaspersky has launched a scathing attack on Microsoft’s security record.

[...]

There are already some new examples of Microsoft’s poor patching. Last week Microsoft delivered broken/rogue security patches and later admitted the problem which had the following effect:

Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

The admission was the second in the past two days from Microsoft’s Office team of a gaffe involving a recent security update.

How does Microsoft break languages while fixing a security problem? One might remark that this implies poor software design.

Speaking of Office, this area is in a state of transition in an economy where people use Free software or access software in the form of a service. Don Reisinger, typically a troll/baiter who writes bizarre reversals of truths at CNET, explains some of the issues and Microsoft resorts to more AstroTurfing by offering money to those who create “viral Office 2010 videos” for YouTube.

Want a chance to win $10,000 for your small Seattle business or start-up? The Greater Seattle Chamber of Commerce and Microsoft have partnered up in a contest for making videos about Office 2010.

In case it sounds familiar, it should. Microsoft also hires people to post comments favourable to Windows in social networking sites.

Anyway, going back to the subject of insecurity, someone writes a guest post at ZDNet about “the cadence of Microsoft security patches” and ECT notes that Windows is already vulnerable again, as usual.

The expected batch of patches wasn’t the only thing Windows users got with Microsoft’s latest Patch Tuesday update. The set of fixes was accompanied by a warning about an unpatched zero-day exploit for Internet Explorer.

All that Microsoft can offer is a workaround:

Microsoft has revised their advisory for the newest IE 0Day vulnerability to note that working exploit code is now available and that they are aware of “targeted attacks attempting to use this vulnerability.” They have also created “Microsoft Fix it” links to disable and re-enable the vulnerable software components.

The Inquirer wrote:

The flaw in Internet Exploder versions 6 and 7 allows an attacker to take control of a victim’s computer.

Internet Explorer was the cause of a lot of damage earlier this year [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. In 4 countries, authorities recommended that citizens abandon Internet Explorer.
____
* It’s more about reminding reporters that people choose to buy a computer, they don’t choose to buy Windows. Calling Windows “popular” is like calling cockroaches “popular” because there are many of them out there. It ought to be one of those things that people should train themselves to avoid saying because Windows is not “popular”.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 8/12/2019: Debian Init Systems GR, NomadBSD 1.3

    Links for the day



  2. Can We Quit Celebrating DRM in GNU/Linux?

    Over the past couple of days various news sites and "Linux" sites expressed great satisfaction [1-5] over the passive embrace of Disney's DRM ploy (Disney+), even when Disney itself rejects DRM, seeing the harms practically caused by it [6,7]



  3. You Know WSL is Bad for GNU/Linux Because Anti-Linux People, Microsoft and Its Propagandists, Want People to Use That

    Microsoft and its boosters (and media partners) haven’t grown tired of spreading falsehoods to stigmatise and take control of GNU/Linux by creating their own versions and traps for it



  4. IRC Proceedings: Saturday, December 07, 2019

    IRC logs for Saturday, December 07, 2019



  5. 5 Years Ago the Linux Foundation Turned Linux.com Into a Non-Linux Site

    One can leverage the Internet Archive’s Wayback Machine to better understand how, over time, the Foundation called “Linux” deviated or diverged away from its mission statement for the sole purpose of raising corporate funds and selling influence to corporations (passing the community’s hard work to them — a form of tacit privatisation)



  6. Microsoft Redefining Ownership and Identity of GNU/Linux

    The idea that “Microsoft loves Linux” is as insane as it gets; but the lie which is “Microsoft loves Linux” is a powerful enabler of Microsoft entryism, e.g. if Greg steps down, does a Microsoft employee become the deputy of Linus Torvalds?



  7. Things That Cannot Be Said

    The limits on what we can say are mostly defined by what sources permit us to say publicly (for the sake of source protection)



  8. Fake European Patents (on Algorithms) Leading to Fake Embargoes

    Law firms have gotten their way in Germany; instead of supporting the productive workers the patent system is nowadays promoting the litigation 'industry' and it ought to be corrected



  9. From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

    What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse



  10. Dangerous Thinker

    Society oughtn't be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people



  11. Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

    It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as "news sites" latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)



  12. IRC Proceedings: Friday, December 06, 2019

    IRC logs for Friday, December 06, 2019



  13. Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

    Links for the day



  14. Links 6/12/2019: DRM in GNU/Linux and Sparky Bonsai

    Links for the day



  15. The EPO Rejects Innovation

    The EPO ceased caring about the needs of scientists whose work involves invention; instead, EPO management crafts increasingly lenient guidelines that yield illegal European Patents (not compatible with the EPC) that heavily-besieged EPO judges are unable to stop



  16. Startpage CEO Robert Beens in 'Damage Control' Mode, Trying to Get Startpage Relisted After Selling to a Massive Surveillance Company

    PrivacytoolsIO is being lobbied by the CEO of Startpage to relist Startpage, based on no actual refutations at all



  17. IRC Proceedings: Thursday, December 05, 2019

    IRC logs for Thursday, December 05, 2019



  18. Links 5/12/2019: qBittorrent 4.2.0, Expensive Librem 5 and OpenBSD Bugs

    Links for the day



  19. Microsoft Staff Repeatedly Refuses to Tell How Many People Use WSL, Defends Patent Extortion and Blackmail of Linux Instead

    The people who develop WSL (mostly Microsoft employees) get easily irritated when asked how many people actually use this thing; but more interestingly, however, they reveal their disdain for GNU/Linux and support for Microsoft blackmail (for 'Linux patent tax')



  20. IRC Proceedings: Wednesday, December 04, 2019

    IRC logs for Wednesday, December 04, 2019



  21. Links 4/12/2019: Tails 4.1, UCS 4.4-3 and Proxmox VE 6.1

    Links for the day



  22. Google Tightens Its Noose

    Now it’s official! Google is just a bunch of shareholders looking to appease the Pentagon at all costs



  23. Europeans Still Need to Save the European Patent Office From Those Who Attack Its Patent Quality

    Patent quality is of utmost interest; without it, as we're seeing at the EPO and have already seen at the USPTO for a number of years, legal disputes will arise where neither side wins (only the lawyers win) and small, impoverished inventors or businesses will be forced to settle outside the courts over baseless allegations, often made by parasitic patent trolls (possessing low-quality patents they don't want scrutinised by courts)



  24. We Never Accepted and Will Never Accept Corporate Money

    Corporate money is a unique problem because of its magnitude and the fact that it's impersonal; shareholders can only ever accept its supposed justifications if they're receiving something in return (of proportional worth to the payment/transaction)



  25. IRC Proceedings: Tuesday, December 03, 2019

    IRC logs for Tuesday, December 03, 2019



  26. Links 3/12/2019: elementary OS 5.1 Hera, Plasma 5.17.4, Firefox 71

    Links for the day



  27. Laundering the Reputation of Criminals: That's an Actual Job

    An important reminder that the manufactured, paid-for (media is being bribed) image of Bill Gates is the product of the PR industry he enlisted to distract from his endless crimes



  28. 'Priceless' Tickets to the EPO's Back End and Team UPC

    CIPA's and the EPO's event (later this week) is more of the same; the EPO exists not to serve European businesses but a bunch of law firms and their biggest clients (which usually aren't even European)



  29. IRC Proceedings: Monday, December 02, 2019

    IRC logs for Monday, December 02, 2019



  30. New EPO Leak Shows That the Rumours and Jokes Are Partly True and We Know Who 'Runs the Show'

    Europe’s second-largest institution is so profoundly dysfunctional, a reprehensible kakistocracy of tribalism, money-grabbing career-climbing autocrats and possibly major fraud; today’s leak looks at what motivated and enabled the formation and latest incarnation of “Team Campinos”


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts