03.19.10
Elinor Mills Finally Calls Out Windows
Summary: CNET’s (CBS) Elinor Mills, who improved her coverage by naming Microsoft and Windows as part of the problem, deserves some credit
IN preparation for the “Call Out Windows” campaign, we are trying to see which reporters routinely describe Windows-only problems as “computer problems”. After much pressure, John Markoff from New York Times was finally willing to call out "Windows" (when the problems he described were obviously specific to Windows). We mustn’t assume that every “PC” owner uses Windows because according to Microsoft’s own charts, GNU/Linux is bigger on the desktop than Apple, which admittedly has a niche market in rich countries.
People deserve to be told where the problems that they are experiencing actually come from. Some problems can rightly be called “computer problems”, but very few deserve that labeling (usually tied to an industry standard rather than an implementation of it, DNS poisoning being an example). As we pointed out last week, Toyota problems are not being described as general problems with cars because Toyota has no monopoly on the automobiles market. The same line of reasoning ought to be applied to computing.
In any event, here is the latest rather serious Microsoft flaw.
An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.
Microsoft disputes this, but as we showed last month, Microsoft’s gymnastics in logic rarely compute. Microsoft is the boy who cried “Wolf!” Using PR tactics, Microsoft often blames crackers rather than its own incompetence (which allowed crackers to intrude in the first place).
Given Elinor Mills’ history of not mentioning Windows when it comes to Windows problems, we were encouraged so see her at least alluding to Windows in her coverage of the above. Here is another new article where Windows specificity is made implicit by her:
PandaLabs connected the S21Sec employee’s microSD card to his PC and found that the smartphone was loaded with the malware on March 1, more than a week before he had received the phone from Vodafone.
“This Mariposa botnet client is also loaded in the same hidden NADFOLDER directory. It is also named as AUTORUN.EXE and will automatically run when connected into a Windows machine unless you have autorun disabled (download USB Vaccine to disable autorun if you haven’t done so yet),” the PandaLabs blog item says.
The article’s headline is “Malware found on second Vodafone HTC Magic”; a better headline would be: “Windows malware found on second Vodafone HTC Magic”
“Notice the slogan of IE 9. Is Microsoft really in a state of thinking that improved security is its market distinguisher in Web browsers?”There are many more examples that we could give of such reporting and it hopefully remains civil and polite. Informers of the public do have a responsibility and we know for a fact (based on evidence such as this) that Microsoft interferes with reporting that names Windows as the source of problems. In previous posts about Internet Explorer 9 (IE 9) [1, 2, 3] we wrote about security problems it may have (worse and less secure than predecessors in some ways). A reader of ours, a former Microsoft MVP who sometimes participates, told us last night that “IE 9 preview sucks.” He actually tried it.
Earlier this year we found a lot of Microsoft spin about Internet Explorer. Internet Explorer was found to be the cause for many Web attacks, including some against Google [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft used this as an opportunity to advocate IE 8 (an ‘upgrade’), of course not telling the public that IE 8 too was vulnerable at the time (without patches available yet). Notice the slogan of IE 9. Is Microsoft really in a state of thinking that improved security is its market distinguisher in Web browsers? █
“It’s really secure this time. We promise!”
