EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.01.10

Eye on Security: Windows Malware, Emergency Patches, and BeyondTrust’s CEO from Microsoft

Posted in Antitrust, GNU/Linux, IBM, Microsoft, Security, Vista 7, Windows at 8:54 am by Dr. Roy Schestowitz

Summary: Security holes — some of which highly critical — continue to be found in Microsoft software; Justification of skepticism when it comes to new ‘research’ from former Microsoft staff, based on Microsoft-supplied data

OVER the past few days we have gathered more evidence to show that security problems only affect/target Windows and that those who flatter Windows for security are often tied to Microsoft (Window Snyder is just one example).

Windows-only Threats

Download Squad has this new post which compares Norton’s Security Scan to malware (it sure takes up a lot of resources). Those who think it’s bizarre should check out this minor piece of FUD and the rebuttal from The Source.

Right, so the Murphy’s Law headline is “Stop Supporting Open-Source Bloat“, where the author goes on to decry shady tactics of several programs, like:

* Revo Uninstaller
* Digsby
* ImgBurn

…NONE OF WHICH ARE OPEN SOURCE

Ignorance or deliberate deception? Either way, it looks bad for Maximum PC. Windows problems are now being described as “Open-Source” for no apparent reason.

TechDirt shows how copyright scare is being used to install malware/back-doors on people’s Windows machines. This relies on the infamous click-to-execute mentality that’s so prevalent in the Windows world. Actually, Microsoft software also tends to execute arbitrary code when one just visits a Web page (Active X is notorious for this reason).

Microsoft Emergency

The security flaws are so serious that Microsoft has just released an “emergency” patch for no less than 10 holes in Internet Explorer (which Microsoft neglected to patch for many months, leading to otherwise-preventable chaos [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]).

From The Inquirer:

SOFTWARE INSECURITY SISYPHUS Microsoft has released an out-of-cycle patch for users lazy or ignorant enough to still be using an old version of Internet Explorer.

It’s generally rare that threats are deemed serious enough for Microsoft to not wait until its next Patch Tuesday, which would be April 13th now, but a vulnerability hit Internet Explorer 6 and 7 that left them open to potential remote code execution.

More at CNET:

Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.

The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.

Internet Explorer 8 is also affected.

BeyondTrust is Hard to Trust

BeyondTrust logo

Judging by previous incidents, past Microsoft employees who become 'researchers' typically produce output that's biased in Microsoft's favour. That’s why we decided to take a careful look at BeyondTrust. Their web site is all Microsoft stack-based (showing the lower probability that they understand security) and their CEO “spent seven years at Microsoft Corporation in a variety of executive sales and marketing positions,” according to the company’s own pages. “Sales and marketing,” eh? Now, we have already covered security problems Vista 7 suffers from, in a wide range of posts including:

“Statistics must not depend on Microsoft’s own data and presented in a favourable way by design.”This brings us back to BeyondTrust (wow, what a name!). Their latest promotion of Windows for security is quoted a lot by Microsoft boosters like Emil this week. They are measuring the wrong thing by wrongly assuming that Microsoft tells the truth about its patches. Microsoft is patching its software secretly a lot of the time. We saw that many times before and thus we urge people to be skeptical. Statistics must not depend on Microsoft’s own data and presented in a favourable way by design. Remember that there are “lies, damned lies, and statistics,” according to Benjamin Disraeli and others. There may also be reason for bias here.

Speaking of potential connections to Microsoft, an anonymous reader told us to “beware that TurboHercules might be financed by Microsoft”. This reader has not produced evidence to show what led to such suspicions (it may give away the identity), but as we recently showed, TurboHercules did join a Microsoft front. It aligned itself with Microsoft and companies/campaigns that are partly owned by Microsoft.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. IBMFanboyMSHater said,

    April 1, 2010 at 11:18 am

    Gravatar

    I really liked the Hercules Software. Alas!

What Else is New

  1. Links 5/4/2020: MindSpore, Covid-19 Projects and More

    Links for the day

  2. EPO is Just Like Some Cruel Political Party and Not a Patent Office

    The "cabal" which runs today's EPO (even the word "Mafia" seems suitable here) isn't acting -- not even remotely -- like a patent office; it's a patent-printing operation ("protection money" as income) that uses shallow political stunts to manufacture consent with the EU's 'generous' assistance

  3. Digitalisation and Digital Technologies as a Ploy to Justify Illegal Software Patents

    Say "hello" to the next weasel word/s; from the "hey hi" hype wave we've now moved to something "digital" (which can mean just about anything, including algorithms of all sorts)

  4. The Fall of the UPC - Part X: How We Shall Catalogue UPC Lies

    The cult that Team UPC became (one member lying to another member, maintaining a false version of reality) will be judged based on underlying facts, not lying about facts; we start with a token of contempt for IP Kat and Bristows LLP (there are overlaps)

  5. IRC Proceedings: Saturday, April 04, 2020

    IRC logs for Saturday, April 04, 2020

  6. Major Revelation: Microsoft Blackmail Against LAMP (GNU/Linux and Free Stacks for Servers) Goes At Least 16 Years Back, Predating the Novell Patent Deal

    (Techno-)Anthropological analyses of Microsoft's patent war on Free/libre software must take into account what Microsoft did to MySQL, a Swedish company at the time

  7. Links 4/4/2020: Sparky 5.11, Firefox 74.0.1, POCL 1.5

    Links for the day

  8. IRC Proceedings: Friday, April 03, 2020

    IRC logs for Friday, April 03, 2020

  9. Links 3/4/2020: Ubuntu Beta, GNOME 3.36.1, ExTiX LXQt Mini, NetBSD 8.2 Released

    Links for the day

  10. Digital Communication, Digitalisation and Videogaming Among the EPO's Latest Smokescreens for Illegal and Abstract Patents on Algorithms

    The EPO keeps liaising with the EU to promote patents which EU officials have themselves said were illegal; to make matters worse, the EPO's violations of its own laws inspire the United States to do the same

  11. Emotional Blackmail for Illegal Software Patents

    Semantic tactics the European Patent Office (EPO) uses to promote software patents in Europe and may theoretically use in the future (satire)

  12. Clear Linux is to GNU/Linux What Clearly Defined is to Open Source

    The idea that we need Intel to take GNU/Linux ‘mainstream’ is ludicrous; as OSDL co-founder (now succeeded in the flesh of the Corporate Linux Foundation), Intel is more about Linux (with DRM, “secure boot” and everything that lets it be remotely controlled) than about GNU and it’s not too keen on GPL (copyleft), either

  13. IRC Proceedings: Thursday, April 02, 2020

    IRC logs for Thursday, April 02, 2020

  14. Links 2/4/2020: Linux 5.6.2, Qt Creator 4.11.2, LineageOS ROM Based on Android 10

    Links for the day

  15. OIN in 2020 Resembles Linux Foundation in 2020 (Corporate Front Group Piggybacking the Linux Brand)

    We regret to say that the Open Invention Network seems not to care at all about Software Freedom; to make matters worse, it is a proponent of software patents and a voice for companies like IBM and Microsoft, not the "Community" it fancies misrepresenting

  16. Inside the Free Software Foundation (FSF) - Part IX: Semi-Happy Ending

    Richard Stallman is here to stay and the FSF will let him stay (as chief of GNU); we want to close the series on a positive note

  17. IRC Proceedings: Wednesday, April 01, 2020

    IRC logs for Wednesday, April 01, 2020

  18. Upcoming Articles and Research Areas

    Although we've failed to write as much as usual, we're still preparing some in-depth articles and maintaining Daily Links (in spite of unforeseen ordeals like a forced laptop migration)

  19. Links 2/4/2020: ProtonMail Bridge for Linux, GTK 3.98.2 and Red Hat DNF 4.2.21

    Links for the day

  20. Links 1/4/2020: Linux 5.7 Merges, Qt 5.14.2, GhostBSD 20.03, Linux Mint 20 Ulyana Plans, WordPress 5.4 “Adderley”

    Links for the day

  21. IRC Proceedings: Tuesday, March 31, 2020

    IRC logs for Tuesday, March 31, 2020

  22. Techrights to Delete Articles From All Past Years to Save Disk Space

    What if we deleted over 25,000 posts?

  23. IRC Proceedings: Monday, March 30, 2020

    IRC logs for Monday, March 30, 2020

  24. Links 30/3/2020: GNU Linux-libre 5.6, WireGuard 1.0.0

    Links for the day

  25. IRC Proceedings: Sunday, March 29, 2020

    IRC logs for Sunday, March 29, 2020

  26. Links 30/3/2020: Linux 5.6, Nitrux 1.2.7, Sparky 2020.03.1

    Links for the day

  27. The Fall of the UPC - Part IX: Campinos Opens His Mouth One Week Later (and It's That Hilarious Delusion Again)

    Team Campinos said nothing whatsoever about the decision of the FCC until one week later, whereupon Campinos leveraged some words from Christine Lambrecht to mislead everybody in the EPO's official "news" section

  28. Pretending EPO Corruption Stopped Under António Campinos When It is in Fact a Lot Worse in Several Respects/Aspects (Than It Was Under Benoît Battistelli)

    Germany's eagerness to keep Europe's central patent office in Munich (and to a lesser degree in Berlin) means that politicians in the capital and in Bavaria turn a blind eye to abuses, corruption and even serious crimes; this won't help Germany's image in the long run

  29. IRC Proceedings: Saturday, March 28, 2020

    IRC logs for Saturday, March 28, 2020

  30. Links 28/3/2020: Wine 5.5 Released, EasyPup 2.2.14, WordPress 5.4 RC5 and End of Truthdig

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts