EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Microsoft Hides Security Flaws, Then Brags About Transparency

Posted in Microsoft, Security, Windows at 8:10 am by Dr. Roy Schestowitz


Summary: Security news from Microsoft and the facts Microsoft carries on hiding

MICROSOFT’S practice of silent patching (fixing security bugs without ever telling anyone about it) does not prevent the company from lying about disclosure [1, 2] and even bragging about “transparency”. What a nerve they have when they produce reports that daemonise Red Hat based on incomplete data which Microsoft itself is knowingly hiding.

Today we look at some recent security problems, starting with one which was covered before:

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

“Microsoft gives up on Windows security flaw,” says the headline of another report.

DEVELOPER OF INSECURE SOFTWARE Microsoft has seemingly given up on finding a solution to a security vulnerability that takes advantage of the way Windows uses shortcuts.

As The INQUIRER reported on Monday, just about every operating system released by the Vole in the past decade is affected by the security flaw, which allows hackers to remotely execute code on Windows systems. Microsoft was relatively quick to admit to the problem, saying that the fault lies with the fact that “Windows incorrectly parses shortcuts”.

The risk was increased by removable and network storage mechanisms such as USB memory drives, which can be ‘autoplayed’ when connected. Due to a dodgy digital certificate in a driver, users would be none the wiser as control of their system was being outsourced to someone else.

From Slashdot (the summary):

Microsoft Has No Plans To Patch New Flaw

“Microsoft has acknowledged the vulnerability that the new malware Stuxnet uses to launch itself with .lnk files, but said it has no plans to patch the flaw right now. The company said the flaw affects most current versions of Windows, including Vista, Server 2008 and Windows 7 32- and 64-bit. Meanwhile, the digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers.”

Glyn Moody explains that “after all, with all the others [flaws], who will notice?”

Dell is now shipping computers with a hardware trojan that only affects Microsoft Windows. The New Scientist does not call out Windows, but the malware name is self explanatory.

Further information posted on Dell’s community forum reveals that the trojan in the affected motherboards is stored in onboard flash memory rather than firmware ROMs. And the malware at issue is called w32.spybot.worm, which normally spreads using file-sharing networks and an internet chat client.

Social networks are now being blamed for merely carrying messages that are used to control Microsoft Windows botnets. One should say “Windows botnet” and “Windows malware”, not just “malware”; these things are not universal. They specifically exploit Microsoft’s bad engineering. “Time to Get Rid of That Other OS,” argues Pogson.

The latest outrage is an attack that exploits another form of “autorun” for shortcuts/links on USB drives. That other OS lets the malware walk right in even if the user does not click on any of the links. That other OS tries to be so helpful…

The original article does name Windows as the problem (also in the headline).

Hackers have developed malware that spreads via USB sticks using a previously unknown security weakness involving Windows’ handling of shortcut files.

“Don’t Call the Police,” Pogson concludes.

There is no limit to how bad malware can be. It can range all the way from sending spam e-mail from your machines to selling all customer lists and sabotaging data by rot over a long period of time so that by the time you catch it weeks of work could go down the drain. The worst case is killing your operation through lawsuits charging negligence in allowing disaster to happen when reasonable people know you do not allow malware to run on your systems.

Running Windows is truly a liability. Windows was never designed to be secure.

“There was no strategic direction from Bill and Ballmer about these two things. It was like, ‘Well we have these two things, DOS and Windows, and do we have to run on top of this new multitasking DOS? Are we running on top of DOS 3.0 and we just ignore those guys?’ That went on for a year, this lack of strategic direction. And we just made our own decisions.”

Steve Wood, one of the first Microsoft developers

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Team Battistelli and Team UPC Are Both Very Deep in Denial

    The perpetrators of a terrible patent system that permits patents on abstract ideas (which sometimes aren't novel, either) and litigation as a priority refuse to let go of their dream -- a distant, runaway fantasy which may soon cost over a thousand examiners their careers

  2. Guest Post: Battistelli's Former “Padrone” Facing Corruption Charges in France

    Battistelli's former "padrone" made the headlines this week when he was taken into police custody in France and charged with corruption and other breaches of law

  3. Links 23/3/2018: Fedora 28 Beta Delayed, Mintbox Mini 2 is Out

    Links for the day

  4. The Enemies of the Patent System Are Patent Maximalists, Not Those Pursuing Saner Patent Policy

    Taking stock of some recent news and remarking (yet again) on the danger the patent system faces if it allows patent lawyers rather than inventors to steer/influence policy (as seen in Europe with the failed UPC bid)

  5. The European Patent Office’s (EPO) Declining Patent Quality 'Tackled' by Making Appeals/Oppositions Harder and More Expensive

    The so-called 'System Battistelli' is proving to be a disaster which makes both examiners and patents obsolete; Making applications cheaper while making appeals/oppositions harder and more expensive is a recipe for disaster, assuring nothing but more litigation and more workloads for courts, where fees rise to extraordinary levels (in effect externalising the costs/toll of EPO to the public, primarily for gains of patent law firms)

  6. Ericsson, Acting Directly Rather Than Via the Patent Trolls It Habitually Uses, in a Patent War Against Linux/Android

    LG is the latest company to be sued by Ericsson, which doesn't just harass the competition (which actually sells something) through patent trolls but also directly, having won a case in the notorious Eastern District of Texas (EDTX/TXED)

  7. The Federation of International Civil Servants' Association: Frenchman “Campinos is Known for Having Close Ties to Mr. Battistelli Who Strongly Supported His Candidacy.”

    Readers find little or no room for optimism as Battistelli's final day at the Office approaches; FICSA is not optimistic either and the general consensus is that Battistelli's so-called 'reforms' will soon yield layoffs

  8. Links 22/3/2018: Mesa 17.3.7, Mesa 18.0.0 RC5, RawTherapee 5.4, Krita 4

    Links for the day

  9. Japan is Becoming Firmer on Patents, Whereas China Goes in the Opposite Direction

    Japan has become less tolerant of patent aggressors and more conscious/concerned about patent quality, which is why the patent microcosm would rather hail China as a role model (even when China's overall share of patents in Europe, for example, is about the same as tiny South Korea and a lot smaller than Japan's)

  10. Aggressive New Activities of Microsoft-Connected Patent Trolls: Finjan, Intellectual Ventures, and Dominion Harbor

    The extensive group of Microsoft-connected patent trolls is still very much active; Microsoft funds them, arms them, and gives them instructions while offering people 'protection' from them (if and only if they choose Azure)

  11. Battistelli's Ongoing Attacks on the Boards Are Helping Unitary Patent (UPC), Which in Turn Helps French Patent Trolls

    Battistelli will likely be remembered not only as the man who attacked justice (and judges) but also rendered staff redundant, issued a lot of highly controversial patents, and by doing so helped the insurgence of patent trolls in Europe

  12. Links 21/3/2018: Cutelyst 2, More on webOS

    Links for the day

  13. SUEPO: “Today May Be Your Last Chance to Demonstrate Against the Seriously Flawed Reforms That Mr Battistelli Has Imposed” on EPO Staff

    Benoît Battistelli will likely remain involved in EPO affairs for a long time to come (even through a fellow Frenchman, Campinos, whom he swaps two chairs with at the Office and CEIPI), but today is the last opportunity for EPO staff to march in protest against the Battistelli regime, which for the first time ever will result in major staff cuts and growing irrelevance for the Office

  14. Links 20/3/2018: GStreamer 1.14.0, Freespire 3.0, Endless OS 3.3.13

    Links for the day

  15. BIO, MDMA and PhRMA Are Pushing the PTAB-Hostile STRONGER Patents Act While IAM and Patently-O Continue to Bash PTAB

    The patent microcosm, which compares the Board to the above (crude analogy from Judge Rader and other patent extremists), is still trying to kill inter partes reviews (IPRs), in effect overlooking its own hypocrisy on the matter (they don’t want patent justice, they just want to metaphorically ‘shoot down’ the judges)

  16. 35 U.S.C. § 101 is Still Effectively Tackling Software Patents in the US, But Patent Law Firms Lie/Distort to 'Sell' These Anyway

    The assertion that software patents are still worth pursuing in 2018 is based on carefully-constructed spin which mis-frames several court decisions and underplays/downplays/ignores pretty much everything that does not suit the narrative

  17. Battistelli's EPO Became Extremely Reliant on China for Distraction and on Endless Supply of Applications (Supply Which Doesn't Exist)

    Discussion about the EPO granting machine (or patent-printing machine) and figures the way EPO management would rather the public won't ever see them; the concept that China means redemption for this patent system is as laughable as always

  18. The US International Trade Commission (USITC) Against Comcast, Courtesy of the Intellectual Ventures-Connected Rovi

    The USITC/ITC, which mostly serves to impose embargoes (sometimes in shocking defiance of PTAB decisions), is being invoked by a firm connected to the world’s largest patent troll, Intellectual Ventures

  19. Tinder/Match Group Uses Software Patents to Sue a Rival, Obviously Choosing to Sue in Texas

    Software patents are being used for leverage, but only those which were likely granted before Alice and only in courts at districts somewhere around Texas

  20. Links 19/3/2018: Linux 4.16 RC6, Atom 1.25, antiX 17.1, GNU Mcron 1.1

    Links for the day

  21. From PTAB Bashing to Federal Circuit (CAFC) Bashing: How the Patent 'Industry' Sells Software Patents

    The latest tactics of the patent microcosm are just about as distasteful as last month's (or last year's), with focus shifting to the courts and few broadly-misinterpreted patent cases (mainly Finjan, Berkheimer, and Aatrix)

  22. Patent Maximalists Keep Coming Up With New Terms and Buzzwords to Bypass the Practical Ban on Software Patents

    The fightback against Section 101 and the US Supreme Court (notably Alice) seems to concentrate on old and new buzzwords, such as "Software as a Medical Device" ("SaMD") or "Fourth Industrial Revolution" ("4IR"), which the EPO recently paid European media to spread and promote

  23. News About Patents is Often Just Advertisements Composed Directly or Indirectly by Companies That Sell Patents and Patent Services

    Infomercials are still dominant among news about patents, in effect drowning out the signal (real journalism) and instead pushing agenda that is detached from reality, pertinent facts, objective assessment, public interest and so on

  24. Blocks and Paywalls Won't Protect the Patent Trolls' Lobby From Scrutiny/Fact-Checking

    Joff Wild and Benoît Battistelli have much in common, including patent maximalism and chronic resistance to facts (or fact-checking)

  25. China Has Become Very Aggressive With Patents

    China now targets other Asian countries/firms -- more so than Western firms -- with patent lawsuits; we expect this to get worse in years to come

  26. UPC/Battistelli Booster IAM Blames Brexit Rather Than EPO Abuses

    While the EPO is collapsing due to mismanagement the boosters of Team Battistelli would rather deflect and speak about Brexit, which is itself partly motivated by such mismanagement

  27. European Commission Again Urged to Tackle Abuses at the European Patent Office (EPO)

    Rina Ronja Kari is the latest MEP attempting to compel the Commission to actually do something about the EPO other than turning a blind eye

  28. Links 18/3/2018: Wine 3.4, Wine-Staging 3.4, KDE Connect 1.8 for Android

    Links for the day

  29. TXED Courts Are Causing Businesses to Leave the District, Notably For Fear That Having Any Operations Based There is a Legal Liability

    A discussion about the infamous abundance of patent cases in the Eastern District of Texas (TXED/EDTX) and what this will mean for businesses that have branches or any form of operations there (making them subjected to lawsuits in that district even after TC Heartland)

  30. PTAB Hatred is So Intense Among the Patent 'Industry' That Even Scammers Are Hailed as Champions If They Target PTAB

    The patent microcosm is so eager to stop the Patent Trial and Appeal Board (PTAB) that it's supporting sham deals (or "scams") and exploits/distorts the voice of the new USPTO Director to come up with PTAB-hostile catchphrases


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts