Bonum Certa Men Certa

Eye on Security: Windows Malware, Emergency Patches, and BeyondTrust's CEO from Microsoft

Summary: Security holes -- some of which highly critical -- continue to be found in Microsoft software; Justification of skepticism when it comes to new 'research' from former Microsoft staff, based on Microsoft-supplied data

OVER the past few days we have gathered more evidence to show that security problems only affect/target Windows and that those who flatter Windows for security are often tied to Microsoft (Window Snyder is just one example).



Windows-only Threats



Download Squad has this new post which compares Norton's Security Scan to malware (it sure takes up a lot of resources). Those who think it's bizarre should check out this minor piece of FUD and the rebuttal from The Source.

Right, so the Murphy’s Law headline is “Stop Supporting Open-Source Bloat“, where the author goes on to decry shady tactics of several programs, like:

* Revo Uninstaller * Digsby * ImgBurn

…NONE OF WHICH ARE OPEN SOURCE


Ignorance or deliberate deception? Either way, it looks bad for Maximum PC. Windows problems are now being described as "Open-Source" for no apparent reason.

TechDirt shows how copyright scare is being used to install malware/back-doors on people's Windows machines. This relies on the infamous click-to-execute mentality that's so prevalent in the Windows world. Actually, Microsoft software also tends to execute arbitrary code when one just visits a Web page (Active X is notorious for this reason).

Microsoft Emergency



The security flaws are so serious that Microsoft has just released an "emergency" patch for no less than 10 holes in Internet Explorer (which Microsoft neglected to patch for many months, leading to otherwise-preventable chaos [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]).

From The Inquirer:

SOFTWARE INSECURITY SISYPHUS Microsoft has released an out-of-cycle patch for users lazy or ignorant enough to still be using an old version of Internet Explorer.

It's generally rare that threats are deemed serious enough for Microsoft to not wait until its next Patch Tuesday, which would be April 13th now, but a vulnerability hit Internet Explorer 6 and 7 that left them open to potential remote code execution.


More at CNET:

Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.

The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.


Internet Explorer 8 is also affected.

BeyondTrust is Hard to Trust



BeyondTrust logo



Judging by previous incidents, past Microsoft employees who become 'researchers' typically produce output that's biased in Microsoft's favour. That's why we decided to take a careful look at BeyondTrust. Their web site is all Microsoft stack-based (showing the lower probability that they understand security) and their CEO "spent seven years at Microsoft Corporation in a variety of executive sales and marketing positions," according to the company's own pages. "Sales and marketing," eh? Now, we have already covered security problems Vista 7 suffers from, in a wide range of posts including:



“Statistics must not depend on Microsoft's own data and presented in a favourable way by design.”This brings us back to BeyondTrust (wow, what a name!). Their latest promotion of Windows for security is quoted a lot by Microsoft boosters like Emil this week. They are measuring the wrong thing by wrongly assuming that Microsoft tells the truth about its patches. Microsoft is patching its software secretly a lot of the time. We saw that many times before and thus we urge people to be skeptical. Statistics must not depend on Microsoft's own data and presented in a favourable way by design. Remember that there are "lies, damned lies, and statistics," according to Benjamin Disraeli and others. There may also be reason for bias here.

Speaking of potential connections to Microsoft, an anonymous reader told us to "beware that TurboHercules might be financed by Microsoft". This reader has not produced evidence to show what led to such suspicions (it may give away the identity), but as we recently showed, TurboHercules did join a Microsoft front. It aligned itself with Microsoft and companies/campaigns that are partly owned by Microsoft.

Comments

Recent Techrights' Posts

IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
let's revisit the subject
 
Links 11/06/2025: More Vulnerabilities Found in 'Smart' Phones, China Extends Reach in the Pacific
Links for the day
Gemini Links 11/06/2025: Grain and Steam Next Fest
Links for the day
Links 11/06/2025: "Quantum" Hype From IBM, US Closer to Martial Law, and “The Nation” Celebrates Milestone
Links for the day
IBM's Goal Is Not (and Never Was) Computer Users' Freedom
More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
Wayland Shows the IBM/Red Hat Way of Doing Things
IBM is trying to 'kill' X
GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
"IRS tax filing software [will be] released to the people as free software" ... In general this is good news
Slopfarm Catastrophe
Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
How many people need to die for these people to get their massive salaries?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 10, 2025
IRC logs for Tuesday, June 10, 2025
Links 10/06/2025: Apple Hype and Physical Attacks on Bloggers
Links for the day
Gemini Links 10/06/2025: Loon Lake, Farming, and Forth
Links for the day
Links 10/06/2025: Jaws at 50 and US Democracy Crushed Very Rapidly (Martial Law Seems Imminent)
Links for the day
Abuse Inside the Polish Patent Office (UPRP) - Part VII: Washing Their Hands After Corruption and Abuse
"Tragedy or comedy?"
Culling Bad RSS Feeds of Bad Sites
Not throwing out the baby with the bathwater
If 'Microsoft v Techrights' is Dealt With by a 'Microsoft Court' (or a Court Outsourced to Microsoft)
More on that later
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 09, 2025
IRC logs for Monday, June 09, 2025
Gemini Protocol Turns Six in 10 Days From Now
If you haven't tried it yet, then give it a go today
Live as You Preach
technology is fast becoming dysphoric
Gemini Links 09/06/2025: Addition Addiction and Nitride
Links for the day
Links 09/06/2025: Science, Hardware Projects, and Democracy Receding
Links for the day
Computers Got Smaller, So GNU/Linux Got Bigger
Many people here recognise the lack of urgency (or need) to get expensive new laptops
BetaNews is a Plagiarism and LLM Slop Hub, the Chief Editor Isn't Addressing This Problem Anymore
SS Fagioli is basically a parasite leeching off or exploiting other people's work
Links 09/06/2025: Chaos in Los Angeles and Hurricane Season
Links for the day
GNU/Linux Grows at Windows' Expense and Microsoft Trolls Infest and Maliciously Target Articles About It
Microsoft is - and has long been - organised crime
They Say I'm Mr. Bombastic
They didn't take good lawyers
Links 09/06/2025: Windows TCO and Many Data Breaches
Links for the day
Abuse Inside the Polish Patent Office (UPRP) - Part VI: Political Stunts by Former President Edyta Demby-Siwek and the Connection to Profound Corruption at EUIPO
it's like a money-laundering operation where one politician rewards another at taxpayers' expense
Gemini Links 09/06/2025: Pipelines and Splitgate
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 08, 2025
IRC logs for Sunday, June 08, 2025