EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Microsoft Cannot Offer Security on the Web, Either

Posted in Microsoft, Security, Windows at 1:36 am by Dr. Roy Schestowitz


Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as ‘the cloud’. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:

1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft’s Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers’ Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It’s e-mail addresses on those lists that could have been made available.

2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.

This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there’s no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don’t hesitate to define ”the first directed cyber weapon”. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.

Incidentally, there’s advice from Wayne Borean (“My Christmas gift to Windows Users” he calls it) which goes under the heading “Computer Security Suggestions For Microsoft Windows Users” and moving away from Windows is high up on the list. For those who don’t know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because “Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability” just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.

Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.

And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.

ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.

The problem is not just Windows; it’s Microsoft products in general.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. With Software Patents in Europe (and Pushes for the Same Thing in Australia and India) Patent Trolls Now Come to Europe, Attack Android/Linux

    Worst-case scenarios are becoming a reality as Android backers officially attacked by patent trolls using standard-essential patents in London, England

  2. New Information on Limbo in the Enlarged Board, Courtesy of Illegal Actions by the EPO's Benoît Battistelli

    Battistelli's bullying of people whom he is not even allowed to bully turns out to have gone on for a lot longer than promised, and there is no sign of light at the end of this tunnel

  3. Microsoft Customers Complain About 'Inevitable' Vista 10 Because Microsoft Nearly Forces Botched 'Upgrades'

    In a desperate effort to spread Vista 10, sometimes even against people's will, Microsoft really upsets loyal customers, who are eventually eager to explore alternatives

  4. Dr. Ingve Björn Stjerna Explains Why the UPC (“Unitary Patent“ System) is an Undemocratic Sham Whilst UPC Silently Advanced by Patent Lawyers and Politicians

    European patent laws are being covertly overridden so as to allow broader scope of litigation, higher financial damages, speedy injunctions, and even software patents; the European public is intentionally kept in the dark about it, hence kept unable to express scepticism or issue truly effective objections

  5. IRC Proceedings: September 13th, 2015 – October 3rd, 2015

    Many IRC logs

  6. Article Explains Why SUEPO Went Silent Well Over a Week Ago: Nobody is Allowed to Talk to Journalists Without Permission From Battistelli

    More threats from Benoît Battistelli (threats of termination and legal actions on top of it) help hide the abuses of Battistelli and his fellow thugs at the EPO

  7. A Linux World: After Billions of Dollars in Losses Microsoft Changes How It Reports Financial Results

    The abusive monopolist is trying very hard to hide its growing difficulties, especially in an effort to bamboozle non-technical shareholders who cannot understand how Linux has essentially taken over

  8. Microsoft Continues to Extort Linux and Android OEMs Using Software Patents, This Time ASUS (Forced to Pre-Install Microsoft Spyware With OOXML)

    A roundup of news illustrating that Microsoft is still very much in a total war against Android, (mis)using federal regulators and even software patents to get its way

  9. Links 4/10/2015: Linux 4.2.3 , 4.1.10; MPlayer 1.2 released

    Links for the day

  10. Links 2/10/2015: Qubes 3.0, Linux.Wifatch

    Links for the day

  11. Microsoft-Connected Firm Net Applications Used to Mislead About Vista 10 Share and Mock GNU/Linux

    People who are connected to Microsoft (some being former staff) link to a firm that is connected to Microsoft in order to create the illusion that Vista 10 market share grew to 6.63%

  12. Chairman of the Enlarged Board of Appeal (EBoA) and EPO Vice-President of DG3 Suspiciously on Unlimited Sick Leave After Benoît Battistelli's Unprecedented Attacks on Other EBoA Staff

    Rumours suggest that Benoît Battistelli's affairs at the EPO may have something to do with Wim Van der Eijk's longterm absence

  13. Microsoft's Secret Special Relationship With EPO Illustrates Serious Corruption at Microsoft and the EPO

    A big story about the EPO and Microsoft working in a sort of collusion-type setup so as to serve Microsoft's patent agenda, which involves aggression, even against European software that is Free (as in freedom)

  14. Links 1/10/2015: LFS 7.8, Calculate Linux 15 Released

    Links for the day

  15. The 'Microsoft Loves Linux' Baloney is Still Being Floated in the Media While Microsoft Attacks Linux With Patents, New Lawsuits Reported

    Despite Microsoft's continued assault on Linux and on Android (using software patents, which it still discreetly lobbies for), some figures in the media are perpetually peddling the Microsoft-serving lie that 'Microsoft loves Linux'

  16. The Microsoft Botnet Goes Bonkers and ATMs Running Windows Spew Out Cash

    The terrible security (by design) of Microsoft Windows is causing all sorts of very serious and collectively expensive issues

  17. Black Duck Continues to Pile FUD on Free/Libre Software

    Having spent nearly a decade promoting the fear of Free software licensing, Black Duck now does the same regarding Free software security

  18. Links 30/9/2015: New Kernels, Nexus Devices

    Links for the day

  19. Links 28/9/2015: Last News Catchup Before Resumption

    Links for the day

  20. Links 25/9/2015: GNU/Linux in Indian Government, NeoKylin in China

    Links for the day

  21. Süddeutsche Zeitung Explains Imminent Federal Scrutiny Against Battistelli's EPO in Germany

    The German newspaper Süddeutsche Zeitung reveals that actions by the German government may be imminent against the EPO's cliquish management, including its ringleader Benoît Battistelli

  22. EPO Managers, Patent Lawyers, Commissioners and Other Non-Technical Personnel Tackle Democracy, Alter Laws in Bulk and in Secret

    The reckless assault on European democracies and long-established laws across Europe are now lucidly demonstrated when it comes to patents

  23. Europe's Acceptance of and Resistance to Software Patents, Courtesy of Corporate Front Groups and Courtrooms Respectively

    A snapshot of recent developments and upcoming developments in Europe, regarding software patents in particular

  24. German Press Explains EPO Investigation Unit (I.U.), Struggles to Openly Speak to the Secretive EPO

    The secretive Investigation/Investigative Unit (I.U.) of the European Patent Office (EPO) is further studied/explored by a recent article from junge Welt, an old and well-established German newspaper (since 1947)

  25. Links 24/9/2015: GNOME 3.18, Fedora 23 Beta, New Firefox

    Links for the day

  26. Translation Needed of Article About EPO Threats Against SUEPO's Elizabeth Hardon

    A call for translation of an important article that may help shed light on the modus operandi of the Investigation/Investigative Unit of the EPO, which works with Control Risks Group (CRG), the 'British Blackwater'

  27. Media Filled With Spin and Lies Amid Microsoft's Admission of Internal Usage (and Modification) of GNU/Linux

    Further analysis of Microsoft's admission that it uses Linux internally and the media's poorly-researched response to that

  28. EPO Management Justifies Censorship (Even of Journalists) Using Its Vice-President Željko Topić

    The Topić connection to EPO-imposed and universally-induced censorship not just of news sites but also sites which speak about the censorship itself, or dare question the integrity of the EPO's management

  29. Changes at Techrights

    A few short notes on how we are going to re-align the site with disruptive trends, notably patents-related

  30. EPO President Benoît Battistelli Compared to Famous Criminals on European Television

    The Belgian TV network featured a show which was making fun of Battistelli earlier this month


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts