Bonum Certa Men Certa

Microsoft Claims Credit for Failing in Security

Servers rack - amateur



Summary: Latest security issues and systematic deception, mostly from Microsoft and its various boosters across the Web (giving credit to Microsoft after Microsoft messed up)

Gratis as in Lock-in



A FEW days ago we wrote about Microsoft's attempt at disconnecting the air supply from third-party AV vendors, at least in small businesses. This would only decrease security due to monoculture, decreased competition, and lack of incentive to improve. The funny thing here is that Microsoft sells a vulnerable operating system and then claims to be distributing "free of charge" (only to some people) what ought to have been a characteristic of the operating system, not an add-on. The spinners from Seattle call it a "free" anti-virus software and what's meant by free is not freedom. It's free as in gratis, with lock-in. It decreases one's personal freedom and also impedes freedom of choice. A better headline than "Free Anti-Virus Protection Spurs More Robust Options" would be "Free-of-charge Anti-Virus Pseudo-protection Depresses More Robust Options".



Watch the Indian press turning the whole thing into Vista 7 promotion: "IT major Microsoft has launched a campaign to help computer users identify threats to their systems and how their networks can be made secure using Original Windows 7 that now comes with the advantage of Microsoft Security Essentials."

So Microsoft wants to dump Security Essentials on the market (as expected by many people all along) and already we learn that "Scareware Apes Microsoft Security Essentials". Microsoft has always performed very poorly among the security products already available and well established. "Anti-virus systems get tested" says The Inquirer which gives the following details:

A NUMBER of the most common anti-virus security systems have had a beady eye passed over their effectiveness and fitness for purpose in an assessment.

The study, which was carried out by the Austrian AV Comparatives group, looked at twenty products from the main providers that volunteered to take part.

We do not know who if anyone refused, but AV Comparatives said that it had limited test subjects to no more than twenty and required that participants adhered to its undisclosed criteria.


"Over half of all apps have security holes," claims Veracode (which we mentioned in [1, 2]).

More than half of all software applications failed to meet an acceptable level of security, according to a study based on real-world code audits by application security firm Veracode.

Around 57 per cent of applications failed to pass muster when first submitted to Veracode’s cloud-based testing service. A similar 56 per cent of finance-related applications failed first testing by Veracode’s security audit. The quality of the code used in many business-critical banking and insurance operations was simply not up to snuff.


ASP.NET Under Attack, Spin



In security news, the other major issue last week was the Microsoft ASP.NET vulnerability, which we wrote about in [1, 2, 3, 4].

“Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?”The ASP.NET problem alarmed Microsoft a great deal and the PR spin strives to make Microsoft be seen as responsive. An advisory was quickly issued [1, 2, 3] because of bad publicity and because it was already being exploited (a demo existed). There is only a temporary fix, not a permanent one. There are third-party fixes.

So, once again Microsoft pays attention to flaws a tad too late and then scrambles to limit damage it could probably prevent. Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?

Just like in the case of Russian spin [1, 2], Microsoft is trying to make itself look like the saviour rather than the problem. Lee Pender of the Microsoft boosters is trying to make Microsoft look good by painting it as responsive and responsible. To quote: "Well, late last week, we got an update from a Microsoft spokesperson who wanted to tell us that Microsoft hasn't just buried its head in the sand on Stuxnet."

We wrote about Stuxnet in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14].

Microsoft-Police



Over in Australia, Microsoft is involving the police right now (funded by taxpayers) [1, 2, 3, 5]. It's about a computer scam that affects Microsoft.

Twitter and Fog Computing



The other day we wrote about the major problem Twitter.com was having. Half a million Twitter users are said to be affected by a Twitter worm and Slashdot discusses the matter before and after the patching. Here are "the names and faces behind the 'onMouseOver' Twitter worm attack". It's one of those risks of Fog Computing. Even a teenager turns out to have been smart enough to do it.

But later, some mischievous users of the site started using the exploit to make people "retweet" infected messages (when they hovered over a tweet with the code inserted) that they had not authorised.


The guy is Australian, so will the police get involved? Or does the Australian police get involved only to help Microsoft?

Recent Techrights' Posts

The Solicitors Regulation Authority (SRA) Has a Policy on Racism and Sexism
In then future we'll show the misogyny and racial slurs
The 50-Pound Note Experiment and the "War on Cash"
Britain is actually seeing a rebound in cash payments, and it's not a temporary phenomenon
 
Slopwatch: Google News and the Evident Slopfarm Infestation
This is what people get about Linux when they query Google for Linux
Links 22/09/2025: Murdochs Might Join Fentanylware (TikTok) 'Investors' (Masters), United Kingdom Recognises Palestinian Statehood
Links for the day
Gemini Links 22/09/2025: Esperanto Music History and Apps For Android
Links for the day
Links 22/09/2025: More American 'Censorship' (Retaliation for Journalism), Cheeto "Might Be Losing His Race Against Time"
Links for the day
The Blob Slop
Give me more words, give me some text
Slopwatch: Blaming the Victims for Microsoft's Failures and Plagiarising Phoronix
That's what Google has been reduced to: slop and slopfarms
Links 22/09/2025: Breaches, Windows TCO, and Arrests
Links for the day
Gemini Links 22/09/2025: Rabbit Hole and DeGoogling Fairphone
Links for the day
Links 22/09/2025: Russian War Planes Invade NATO Airspace While Dihydroxyacetone Man Escalates Attack on Free Speech Because of Critics
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 21, 2025
IRC logs for Sunday, September 21, 2025
Links 21/09/2025: "Hey Hi" (Hype) Under Fire, Fakes Identified; Tesla Burns Family
Links for the day
Google's Software is Malware and Malware in Mobile Devices
Originally posted by Rob Musial
Links 20/09/2025: Hegemony Coming to a Close, Luigi Mangione Ruled Not Terrorist
Links for the day
Gemini Links 21/09/2025: "Charlie Kirk Was a Hateful Piece of Shit" and Slop Code Attempted by Microsofter
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 20, 2025
IRC logs for Saturday, September 20, 2025
Gemini Links 20/09/2025: Snowy Photos and utism is a Spectrum
Links for the day
Microsoft-Sponsored Xenophobia and Nationalism
IBM is very similar in this regard
Vintage is Sometimes Better
Why can't we get back to "simple" if (or where) "simple" means better?
Climate Breakdown Means We'll be Publishing More, Not Less
Press freedom will be a common, recurring theme
Our 5-Year Geminispace Anniversary is Coming Up
I still remember when Gemini Protocol was quite new
It's Right to Point Out Violence From the Right
Violence is a recurring theme
Tentative Summary of Things to Publish in Project 2030
I'll still be in my forties by then
Web Browsers That "Do Hey Hi" (AI)
State-of-the-art plagiarism or "autocomplete on steroids" (not coined by us, nevertheless a nice description) don't have much/any prospect
Links 20/09/2025: Hardware Projects in View, Some Independent Publishers About Russia Prosper After Cheeto Cuts Funding
Links for the day
Gemini Links 20/09/2025: Options and TV Time Machine
Links for the day
Links 20/09/2025: Retrocomputer, Antique Phone Experience, and More
Links for the day
Links 20/09/2025: Internet Shutdowns, Media Censorship, and Climate Worries
Links for the day
About 700 New Gemini Capsules in 13 Months (or 54 Per Month)
4.8K would represent a 20% increase
Rust People: Drain the Swap, You're Holding It Wrong
Does Rust make sense?
Techrights the Name Turns 15
About 6 weeks from now we turn 19
Microsoft is Running Out of Time and Floating Fake Figures, Fake Projects, Fake Narratives, Fake Excuses
Also, a lot of Microsoft's "revenue" claims are circular financing (i.e. Microsoft buying from itself, which means Ponzi-like fraud)
Slopwatch: LinuxSecurity, linuxconfig.org, and Plagiarised Phoronix
Many articles out there are nowadays fake
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 19, 2025
IRC logs for Friday, September 19, 2025
Gemini Links 20/09/2025: Navigating the Pressures of Modern Life and SpellBinding Accidentally Wrote Another Gemini Server
Links for the day