06.10.10

Gemini version available ♊︎

Microsoft is Again “Sabotaging” Free Software on Windows (and Why Windows is the Least Secure Platform)

Posted in Free/Libre Software, Microsoft, Security, Windows at 9:12 am by Dr. Roy Schestowitz

Firefox search

Summary: Microsoft has once again pushed its own code into Firefox, without any consent from the users

Putting Free software only on Windows is not a smart decision. On Windows, Microsoft is in total control and Microsoft does abuse this control all the time.

When it comes to Mozilla Firefox, Microsoft is routinely tinkering with it without permission (assuming one runs it on Windows). The word “sabotaging” first came up here, with additional coverage in:

Microsoft is doing it yet again. Microsoft boosters are among the first report on it: (and yes, Ars Technica has at least two Microsoft boosters as well)

i. Microsoft hides mystery Firefox extension in toolbar update

As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user’s permission. As you can see in the Windows Update screenshot above, Microsoft does not indicate that the update will install anything for either browser. It’s also not really clear what the installed extension actually does.

ii. Is Microsoft pushing stealth updates to users again? This time, it’s toolbars …

I’m getting numerous reports from readers claiming that Microsoft is back to pushing stealth updates to Windows users via Windows Update. This time, the update seems related to its browser toolbars.

Readers started reporting this issue to me yesterday, when Firefox users started noticing that Extensions window was opening up when launching the browser and showing something new – Search Helper Extension.

When it comes to Microsoft’s security patches, there is a lot of secret behaviour such as the above. Microsoft claims to be handling 34 flaws this week, but there are actually more because of secret patches.

Ars Technica writes about Richard A. Clarke’s new book, which blames Microsoft for national and international security problems (Windows has a huge number and proportion of zombie PCs).

Who wrote those lines? Steve Jobs? Linux inventor Linus Torvalds? Ralph Nader? No, the author is former White House adviser Richard A. Clarke in his new book, Cyber War: The Next Threat to National Security and What to Do About It.

[...]

Money talks

Why has the national response to this problem been so slow? Lack of consensus on what to do and fear of the “R-word”—government regulation, Clarke contends. Then there’s Reason Number Five on his list, which basically boils down to “Microsoft.”

“Some people like things the way they are,” Clarke obliquely observes. “Some of those people have bought access.” Microsoft, he notes, is a prominent member of OpenSecrets.org’s “Heavy Hitters” political donor list. Most of the list’s stars are trade associations. “Microsoft is one of only seven companies that make the cut.”

The software giant’s largesse has shifted from Republicans back in the Clinton antitrust days to Obama, he continues, but the agenda is always clear: “Don’t regulate security in the software industry, don’t let the Pentagon stop using our software no matter how many security flaws it has, and don’t say anything about software production overseas or deals with China.”

Clarke tries to be fair. He notes that Microsoft didn’t originally intend its software for critical networks. But even his efforts at fairness are unflattering. Microsoft’s original goal “was to get the product out the door and at a low cost of production,” he explains. “It did not originally see any point to investing in the kind of rigorous quality assurance and quality control process that NASA insisted on for the software used in human space-flight systems.”

But people brought in Microsoft programs for critical systems anyway. “They were, after all, much cheaper than custom-built applications.” And when the government launched its Commercial Off-the-Shelf program (COTS) to cut expenses, Microsoft software migrated to military networks. These kind of cost cutting reforms “brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer,” Clarke writes.
Floating i-brick

The former White House advisor cites the 1997 USS Yorktown incident as a consequence. The Ticonderoga-class ship’s whole operational network was retrofitted with Windows NT. “When the Windows system crashed, as Windows often does, the cruiser became a floating i-brick, dead in the water.”

In response to this “and a legion of other failures,” the government began looking into the Linux operating system. The Pentagon could “slice and dice” this open source software, pick and choose the components it needed, and more easily eliminate bugs.

“Never mention Windows and security in the same breath,” writes Sam Varghese in the headline of another new article. It refers to the dishonest "damage control" from Microsoft after Google's mass-desertion, as seen last week.

If I had a dollar for every time Microsoft was forced to defend the abysmal security of its Windows operating system, I would probably be lying on a beach in the Bahamas and sipping a cocktail right now, with my financial future secured.

The latest defence, from Windows communications manager Brandon LeBlanc, has as many holes as Windows does in its security armoury.

As my colleague Jake Widman reported earlier today, LeBlanc took issue with a story stating that Google was moving its internal workstations away from Windows to OSX and GNU/Linux due to Windows’ poor security.

In his response, LeBlanc talks of security issues with the Mac and Google too. That isn’t the point – no system or company is perfect.

We are talking here about the relative security of various operating systems – and Windows is, without any doubt, the worst. Put it up against OpenBSD, Solaris, NetBSD, FreeBSD, GNU/Linux, OpenSolaris, or any other, Windows comes out last when it comes to security.

“Being virus and malware-free” is another new article about escaping Windows (like Google did, for security reasons). The haven from security problem really is seen as a reason to embrace software freedom, not just an afterthought or excuse.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  2. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  3. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  4. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  5. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day



  6. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below



  7. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  8. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  9. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  10. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  11. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  12. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  13. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  14. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  15. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  16. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  17. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  18. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all



  19. Jack Dorsey's Decision is a Wake-up Call: Social Control Media is Just a Toxic Bubble

    The state of the World Wide Web (reliability, preservation, accessibility, compatibility etc.) was worsened a lot more than a decade ago; with social control media that’s nowadays just a pile of JavaScript programs we’re basically seeing the Web gradually turning into another Adobe Flash (but this time they tell us it’s a “standard”), exacerbating an already-oversized ‘bubble economy’ where companies operate at a loss while claiming to be worth hundreds of billions (USD) and generally serve imperialistic objectives by means of manipulation like surveillance, selective curation, and censorship



  20. IRC Proceedings: Monday, November 29, 2021

    IRC logs for Monday, November 29, 2021



  21. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day



  22. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission



  23. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention



  24. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)



  25. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day



  26. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel



  27. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)

    Balabhadra (Alex) Graveley was promoting .NET (or Mono) since his young days; his current job at Microsoft is consistent with past harms to GNU/Linux, basically pushing undesirable (except to Microsoft) things to GNU/Linux users; Tomboy used to be the main reason for distro ISOs to include Mono



  28. Dr. Andy Farnell on Teaching Cybersecurity in an Age of 'Fake Security'

    By Dr. Andy Farnell



  29. IRC Proceedings: Sunday, November 28, 2021

    IRC logs for Sunday, November 28, 2021



  30. Links 29/11/2021: Linux 5.16 RC3 and Lots of Patent Catch-up

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts