10.20.10

Bruce Schneier: “Keeping Control of Your Source Code Didn’t Magically Make Windows Secure”

Posted in Security, Windows at 12:39 am by Dr. Roy Schestowitz

Bruce Schneier
Bruce Schneier photo by sfllaw

Summary: Harsh words about Windows security from a security guru but promotion from the MSBBC

India’s “Grand Secret OS” (developed with involvement of the Indian government) has just led Bruce Schneier to making this statement which reminds us that transparency — not control — may be the key to making software more secure.

The only way to protect it is to design and implement it securely. Keeping control of your source code didn’t magically make Windows secure, and it won’t make this Indian OS secure.

Recall some of the latest (published this month) Microsoft security propaganda from the MSBBC [1, 2, 3]. “Who does Maggie Shiels work for? MS or the BBC It’s getting harder to tell,” argues our valued regular ThistleWeb, who respond to this latest advertisement from Maggie Shiels. She has been doing this for a while (pretending or neglecting to state that zombie PCS are a Windows issue). ThistleWeb adds, regarding this same article: “prepare for a new wave of malware, all powered by the infected MS cloud, instead of regular powered MS desktops”

Well, here is another new report about such issues:

A recently discovered category of malware — advanced evasion techniques — can sneak through most intrusion-prevention systems to deliver even well-known exploits such as Sasser and Conficker to targeted machines without leaving a trace of how they got there, researchers say.

When will the world’s governments realise that secure platforms are produced by collaboration rather than secrecy? And when will the BBC cease to be the second home of Microsoft UK? It has become embarrassing for a network which taxpayers are forced to fund.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. mcinsand said,

    October 20, 2010 at 7:24 am

    Gravatar

    Open or closed, there is no friggin’ way Windows could ever be secure given its current architecture. With everything coded together as a massive megalithic blob, cracking your way into one area gives access potential to everything else. Opening up the code would help MS out of their self-created security mess somewhat, but they can never be anything but a suite of security holes until they fix fundamental design flaws, such as getting the browser, and many non-OS utilities, out of the OS.

    Regards,
    mc

    Dr. Roy Schestowitz Reply:

    The problem is, in some countries like Korea the ties between the OS and ‘the’ MSIE are very close due to ActiveX. Web sites too will need to get ‘fixed’.

    mcinsand Reply:

    The world needs to recognize that MSIE is one of it’s greatest security risks. I have a neighbor that is an agent with the US State Department, and they have actually woken up; using MSIE is a terminable offense because of security. Countries will have to decide whether they want to leave citizens open to attack or have cute eye candy. Granted, Java has security concerns, too, but they are not nearly so great as having an browser integrated into the OS.

    In the US, there are also only two manufacturers of gasoline (petrol) handling pumps, and these are now sophisticated enough to connect to the internet, call for shipments, and arrange deliveries. One of these companies uses MSIE-only, and an executive (another neighbor) dismissed customers that want to avoid MSIE for security reasons as ‘whiners.’ Petrol is dangerous and, in today’s world, we can’t leave tanks open to crackers to mishandle or misroute.

    MSIE is a global security risk that we cannot afford.
    Regards,
    mc

    Dr. Roy Schestowitz Reply:

    There is a whole book called “Don’t Click on the Blue E!”

    http://oreilly.com/catalog/9780596009397

  2. mcinsand said,

    October 20, 2010 at 4:30 pm

    Gravatar

    Thanks! That book might make a nice holiday gift for some family members.

    Regards,
    mc

What Else is New


  1. EPO Staff Representation Complains That EPO Management Exploits Pandemic and 'House Arrests' to Overwork Staff, Lower Quality

    The EPO keeps breaking its promises to workers; not only are key employees seeing their net salary cut (inflation factored in) but pensioners too are being robbed and in the meantime the total time spent on work is increasing



  2. Fake News is Not a 'Wing' Thing

    The two-party corporate-led system (and media) would have us obsess/bicker about accuracy of news based on some binary/dual system of blind loyalty rather than underlying facts and priorities



  3. Links 25/1/2021: Huawei on GNU/Linux, NuTyX 20.12.1, Whisker Menu 2.5.3, Lutris 0.5.8.3, Linux 5.11 RC5

    Links for the day



  4. Fear, Uncertainty, and Doubt (FUD) in ZDNet is the Norm

    ZDNet continues to emit lots of garbage 'journalism', in effect Microsoft PR and what's known as "black PR" for Linux; just like Bleeping Computer, which ZDNet hired this writer from, there's no adherence to facts, just smears and innuendo



  5. Truth Tellers Aren't an Enemy of Free Software

    There's a perpetual attack on people who speak out against actors and corporations in positions of great power, however subtle and indirect those attacks may seem on the surface (they don't wish to be held accountable for defaming activists)



  6. The Linux Foundation, With Over 124 Million Dollars in Annual Revenue, is in Trouble Because of the Pandemic, So It's Trying to Reinvent Itself as Training and Certifications Outfit

    With mountains of cash and a Public Relations (PR) or marketing business model the so-called 'Linux' Foundation became reliant on travel, lodging, booths and speeches on sale; COVID-19 is a great risk to that business model



  7. IRC Proceedings: Sunday, January 24, 2021

    IRC logs for Sunday, January 24, 2021



  8. Our Move Further Away From the World Wide Web, the Browser Monopolies, HTTP, and HTML

    The World Wide Web (WWW) is going down a bad path and a clearly regressive direction; the solution isn't going 'retro' but exploring more sophisticated systems which are robust to censorship (localised or globalised) and downtime (related to censorship) while reducing surveillance by leveraging encryption at the endpoints



  9. Important Issues Not Entertained in the Community, Especially Critics of the Status Quo

    here's corporate infiltration inside communities (for oligarchy hunts volunteer, unpaid labour) and those who speak about that as a threat to our cause and objectives are painted as misguided outcasts who must be ignored



  10. Internet Origins of the Mob

    Reprinted with permission from Daniel Pocock



  11. When Proprietary Software Users Dictate the Freedom-Leaning Communities

    Fedora doesn't care about software freedom and its steward (or parent company) is sometimes imposing proprietary software on staff; they've quit caring



  12. In 2020 Onwards 'Open Source' is Just a Marketing Ploy of Monopolies, Unlike Free Software

    More people are nowadays seeing or witnessing 'Open Source' for what it truly is; the term has become a misleading marketing term of proprietary software firms looking to rebrand as "ethical" (e.g. by sharing some code with other proprietary software firms, over proprietary platforms such as GitHub)



  13. Microsoft: The Year After We Bought GitHub There Was a Significant Decline in Number of New Projects on GitHub

    Microsoft has just admitted that in 2019 GitHub saw a very significant decline in number of new projects (and users, which it is conveniently miscounting by adding 'phantom' ones) on the site. Just what we had heard before they confirmed it (and they foresaw this effect of the takeover, hence the lies about "loving" Linux).



  14. Social Control Media is a Passing Fad, We Should All Go Back to Blogging and Subscribing to RSS Feeds

    The whole "social control media" phenomenon has been oversold or promoted using lies; in reality, as a mountain of evidence serves to show, it's a way to manage society at a macro scale



  15. As Andrei Iancu Removes Himself From the Patent and Trademark Office All Eyes Are on Biden's Next Nomination

    Patent zealots and their front groups already lobby Joe Biden to put one of them in charge of the U.S. Patent and Trademark Office; we'll soon see if Joe Biden "means business" or simply means monopoly/large corporations (and their law firms/departments)



  16. Data Point: GNU/Linux Share in Desktops/Laptops Nearly Tripled in the Past Decade, Peaking This Past Month (All-Time High)

    Contrary to what some publishers try to tell us, GNU/Linux is still growing and mostly at the expense of Windows



  17. IRC Proceedings: Saturday, January 23, 2021

    IRC logs for Saturday, January 23, 2021



  18. Links 24/1/2021: Nouveau X.Org Driver Release and GhostBSD 21.01.20

    Links for the day



  19. InteLeaks – Part XXX: Harbor Research's Pseudo-scientific 'Research' for Intel, Bizarrely Suggesting a Microsoft Partnership for a Domain Largely Controlled or Dominated by Linux

    The full document that Intel paid for and in turn used to justify cracking down on Free software (obliterating Free software-based workflows inside Intel), instead outsourcing all sorts of things to proprietary software traps of Microsoft



  20. Chromium and Chrome Are Not Free Software But an Example of Microsoft-Fashioned Openwashing Tactics

    It's time to reject Google's Web monopoly (shared with other companies but still an oligopoly); removing its Web browser would be a good start



  21. Links 23/1/2021: Chromium Pains and New Debian Maintainers

    Links for the day



  22. InteLeaks – Part XXIX: Harbor Research Did Not Produce a Study But an Elaborate Hoax for Intel, Suggesting Microsoft Partnership and Outsourcing Based on Zero Evidence and No Solid Rationale

    The pseudo-scientific ‘report’ from Harbor Research is more of the same nonsense we’ve grown accustomed to; unethical if not rogue firms are being paid to lie — or to perpetuate falsehoods which someone stands to gain from



  23. Video: The State of Communities Surrounding GNU/Linux Distributions

    A discussion about the state of volunteer efforts going into the development, maintenance (in the 'maintainership' sense) and support/advocacy of GNU/Linux distros



  24. IRC Proceedings: Friday, January 22, 2021

    IRC logs for Friday, January 22, 2021



  25. InteLeaks – Part XXVIII: Intel Served Report From Microsoft Boosters, Who Provide No Actual Evidence and No Science to Back Their Supposed 'Findings'

    Findings and recommendations from Harbor 'Research' aren't based on any scientific methods, just perceived loyalty, branding, and a bunch of unsourced quotes (from unnamed people with ridiculous job titles like a soup of buzzwords)



  26. Erosion of Communities, Ascent of Corporate-Industrial Fake Communities

    Despite the attempts to manipulate/trick developers (and sometimes users) into becoming unpaid workforce of for-profit companies, there's an exodus back to real communities, which aren't subjected to the fury of wealthy shareholders who utterly dislike or simply don't care for software freedom



  27. The Corporate 'Left' and the Open Source Pseudo 'Movement'

    President Biden may not be as bad as his predecessor, but that hardly means very much; software freedom is still threatened, along with many other things



  28. Links 22/1/2021: pfSense Plus, Endless OS Foundation, and Many Laptops With GNU/Linux

    Links for the day



  29. The Linux Foundation is Trying to Obscure Racism Using Microsoft-Inspired Tactics (Vouchers Disguised as Actual Money)

    The Linux Foundation and its PR stunts don’t help combat racism; one might argue that the Foundation is leveraging racism, which prevails in the US, to paint itself as benevolent and caring (offering immaterial things and self-serving press releases)



  30. InteLeaks – Part XXVII: 'Pulling a Nokia' on Intel (Outsourcing to Microsoft)

    The recommendation of an Intel marriage with Microsoft (even in units that deal mostly with Linux) is an insulting slap across the face of developers employed there; we take a look at recommendations made to IoTG (Intel) by a firm with Microsoft orientation


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts