03.13.11

Gemini version available ♊︎

Can’t Produce Better Phones? Sue the Rival and Misuse Security, Says the Microsoft Camp

Posted in GNU/Linux, Google, Hardware, Microsoft, Patents at 4:40 pm by Dr. Roy Schestowitz

Jigsaw world

Summary: Bits of recent news (from last week and beforehand) about mobile platforms and platform security

IN THE LAST post on this subject (before moving to a new house) it was clarified that Linux had more or less won the mobile wars. Android is unstoppable, but Microsoft and Apple resort to dirty tactics which include patent lawsuits. There’s that lack of a sense of ethics in the proprietary software camp and it really shows.

It may take several days to catch up with the past week’s news, but looking a week back, there are certain unmissable incidents that ought to be filed here. First of all, Microsoft continues to be utter rubbish at security (and at mobile too) not because some of its software is ubiquitous but because Microsoft’s patching habits are poor. As The Register put it, “March Patch Tuesday leaves IE unpatched for Pwn2Own hackers”:

Microsoft – unlike its browser rivals – will not be patching Internet Explorer before the upcoming Pwn2Own hacking contest next week.

A March Patch Tuesday pre-alert, published on Thursday, reveals that Redmond will be issuing three security bulletins next week, one of which affects a critical flaw in Windows and none of which relates to IE. The critical update affects Windows XP, Vista and Windows 7 while the two lesser risk (“important”) bulletins cover a separate flaw in Windows and an update for the Office Groove 2007 software.

Here is some further commentary about it:

IE will not be fully patched in time for Pwn2Own next week. Let’s see. Hundreds of millions of PCs run IE and all the malware artists in the world will have IE’s downfall demonstrated in public… It boggles my mind that people run that software and M$ cares so little about the security of a necessarily-networked application.

Moving on to phones, nobody can get past the amazement at the NoWin deal (Nokia-Windows) [1, 2, 3, 4, 5], which made no sense for Nokia. None whatsoever. Someone whom I know at BT (a manager) called it “100% corrupt” and was surprised that it was allowed to get past regulators. Anyway, as one of our readers pointed out a couple of days ago:

Confirmation of Nokia’s role comes from PJ’s examination of Nokia’s SEC filing. She quotes the relevant parts in her news picks.

- Definitive agreements with Microsoft for the proposed partnership may not be entered into in a timely manner, or at all, or on terms beneficial to us.
- New sources of revenue expected to be generated from the Microsoft partnership, such as increased monetization opportunities for us in services and intellectual property rights, may not materialize as expected, or at all.
[PJ: So, they haven't signed on the dotted line yet, this is saying. And I gather they hope to sue people or threaten to do so to get royalties on patents. Blech. Can't Microsoft ever do anything *not* evil?] – Nokia’s Form 20F, SEC

I think she hit the nail on the head. We can conclude that all of the damage to Nokia is real but Microsoft’s promises are vapor. Perhaps there is resistance in the company beyond the thousands of engineers who walked off the job in protest.

It’s not entirely shocking because we predicated this and Elop has made comments which insinuated this right after signing the deal with Microsoft, in which he had a lot of his money invested at the time. Microsoft and its minions are also grooming Android (and MeeGo) for lawsuits/extortion, meaning that Microsoft will try to get a share of the profits, if not by extortion, then by lawsuits that speed up the act of surrendering. Microsoft is more like a racketeering operation and with Elop it got Nokia joining its mob army. Microsoft MVP de Icaza is promoting the MonoDroid poison pill [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] while a fellow Mono/.NET booster from Seattle (near Microsoft) stirs the broth: “The signed Honeycomb update from Moto/Google contains libmono.so and libunity.so. @migueldeicaza @unity3d” [thanks to G. Forbes for the headsup]

Watch out, Android. Companies like Acer and Motorola are not paying Microsoft for Android and Microsoft would love to change that. Microsoft’s own mobile platform is a massive failure given the massive advertising budget and the bad patches which brick phones that run Vista Phony 7 are just a sign of this. Well, the spin came shortly afterwards (blaming the connection because, of course, Microsoft would love people to believe that updates should not necessarily be resilient in case of intermittent mobile connectivity, which is common by the way) and it didn’t take long before phones ‘blew’ or got bricked again. How typical:

“Microsoft blows Windows Phone update, again

[...]

Samsung users who held off updating after hearing about the problems last time are being told to hold off again as the fixed fix isn’t really fixed at all.

This time it seems that owners of the Samsung Omnia 7 are OK as long as they’ve got 4GB of memory free, but any less than that and the updating process chokes with an error numbered “800705B4″, but at least no one is reporting bricked handsets this time.

At OpenBytes, Tim opines: “Of course non of this comes as any surprise to me and what really beggars belief is that after WinMob, Kin, Zune and a whole host of luke warm products (and that’s being nice) there are a few people still parting with cash for “Windows” products. Take the time to look at the Windows Phone 7 twitter account and read the plethora of problems being reported to them. Issues with Windows Phone 7 don’t seem limited to Samsung phones and the latest update, there’s a multitude of other issues presented to them aswell.”

Security at Microsoft is pants.

Mobile at Microsoft is pants.

Put the two together and it’s wet socks.

Not to worry though. The MSBBC has come up with propaganda which daemonises Android security for no apparent reason. The BBC Android FUD was covered here just before I moved to the new house (and no, this site is not “dead” as some people who mailed me started thinking). Basically, after I wrote that post about MSBBC’s Android FUD Glyn Moody did an article about it and there was a long discussion in Twitter/Identi.ca, including stuff like this (with others agreeing by chiming in):

@schestowitz I fail to see how BBC is writing for Microsoft. The exploit shows !Android market needs polishing and better security measures.

That’s not quite it, but Microsoft’s shameless booster Peter Bright saw it as an opportunity to spread FUD, stepping outside his “Microsoft Contributor” role at Ars. Moody says that the “#BBC [is] quick to fault #android & #openness – http://bbc.in/dLjLUz yet practically never names #windows in years of malware (v @schestowitz)”

One response says: “@glynmoody @schestowitz A big exaggerated. Check http://bbc.in/dXfNky #BBC #android #security”

Moody replies as follows: “@bortzmeyer @schestowitz not at all exaggerated. check this: http://bbc.in/hKmJuT *far more* stories that don’t mention #Windows at all”

And then: “@glynmoody @bortzmeyer @schestowitz just a little more of this logic and you’ll be able to show that Windows is under 5% market share”

From Moody again: “@pbeyssac @bortzmeyer @schestowitz certainly seems to be what the BBC is suggesting…so small it’s not worth mentioning…”

Here is Moody’s original piece which started a lot of this powwow. It starts as follows:

In fact, I have several – including the fact that I really want it to be the best broadcasting organisation in the world, as it once was. But my other bee/Beeb is that its journalistic standards in the few areas where I can claim some knowledge are pretty woeful.

This is seen nowhere more clearly than in its coverage of malware.

To read the reports on the BBC website (I don’t watch UK television, so I’ve no idea what happens there, but suspect it’s just as bad), you’d think that malware were some universal affliction, an unavoidable ill like death and taxes. Rarely does the BBC trouble its readers’ pretty little heads with the tiresome fact that the overwhelming majority of viruses and trojans affect one operating system, and one operating system only: Microsoft Windows.

To see this, try the following experiment. Search on the BBC news site for “microsoft windows virus” or “microsoft windows trojan” or “microsoft windows malware”, and you’ll get a few dozen hits, not all of which refer to Microsoft malware.

But try the same searches without the words “microsoft windows”, and you will get many more hits every year (try “computer malware”, for example), very few of which mention that such malware is almost exclusively for Microsoft’s platform.

That sin of omission has now been matched by an equally telling sin of commission. For hot on the heels of the first serious Android viruses, we have a report on BBC news spelling out the terrible facts

And again we come to Microsoft apologism such as this one which says: “@schestowitz Android’s security model is about equal to Windows Vista. S60 has a better model. Why the double standard?”

To rebut this quickly, the Android FUD was about cases where the user installs — willingly — malicious software. In the case of Windows, intervention from the user is rarely required; in some case, just visiting a page is a problem and a risk; why? ActiveX for starters. It’s a Windows issue, not an “Internet issue”; the very serious omissions in the corporate press are partly to blame for it all “and still no mention of the taboo “W” word…” wrote Moody regarding this new example. It’s like calling Toyota’s brake issue just a “car braking issue”. Imagine the outcry that sort of talking point would cause.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. TemporalBeing said,

    March 14, 2011 at 4:55 pm

    Gravatar

    At least last I checked (last week), according to Nokia’s own SEC filings, etc. (see Qt mailing list, and other sources on the Nokia-MS deal) the Nokia-MS deal for WP7 has not been finalized. Without it being finalized, regulators can’t allow or reject it. Furthermore, there seems to be a stockholder lawsuit in the works as well to prevent it from going forward.

    So, it may not be a done deal. There’s still some things that need to be caught up on.

    Dr. Roy Schestowitz Reply:

    Thanks for this bit of information. Earlier today I also came across:

    http://www.theinquirer.net/inquirer/news/2033794/nokia-admits-microsoft-windows-phone-risky-unproven?WT.rss_f=

DecorWhat Else is New


  1. Microsoft DuckDuckGo Falls to Lowest Share in 2 Years After Being Widely Exposed as Microsoft Proxy, Fake 'Privacy'

    DuckDuckGo, according to this latest data from Statcounter, fell from about 0.71% to just 0.58%; all the gains have been lost amid scandals, such as widespread realisation that DuckDuckGo is a Microsoft informant, curated by Microsoft and hosted by Microsoft (Bing is meanwhile laying off many people, but the media isn’t covering that or barely bothers)



  2. This is What the Microsoft-Sponsored Media Has Been Hyping Up for Weeks (Ahead of Microsoft Layoffs)

    Reprinted with permission from Ryan



  3. [Meme] António Campinos Wants to Be F***ing President Until 2028

    António Campinos insists he will be EPO President for 10 years, i.e. even longer than Benoît Battistelli (despite having appalling approval rates from staff)



  4. European Patent Office Staff Losing Hope

    The EPO’s management with its shallow campaign of obfuscation (pretending to protect children or some other nonsense) is not fooling patent examiners, who have grown tired and whose representatives say “the administration shows no intention of involving the staff representation in the drafting of the consultant’s mandate” (like in Sirius ‘Open Source’ where technical staff is ignored completely for misguided proposals to pass in the dark)



  5. IRC Proceedings: Thursday, January 26, 2023

    IRC logs for Thursday, January 26, 2023



  6. Sirius Relegated/Demoted/Destined Itself to Technical Hell by Refusing to Listen to the Technical Staff (Which Wanted to Stay With Asterisk/Free Software)

    In my final year at Sirius ‘Open Source’ communication systems had already become chaotic; there were too many dysfunctional tools, a lack of instructions, a lack of coordination and the proposed ‘solution’ (this past October) was just more complexity and red tape



  7. Geminispace Approaching Another Growth Milestone (2,300 Active Capsules)

    The expansion of Geminispace is worth noting again because another milestone is approached, flirted with, or will be surpassed this coming weekend



  8. [Meme] Cannot Get a Phone to Work... in 2022

    Sirius ‘Open Source’ wasted hours of workers’ time just testing the phone after it had moved to a defective system of Google (proprietary); instead of a rollback (back to Asterisk) the company doubled down on the faulty system and the phones still didn’t work properly, resulting in missing calls and angst (the company just blamed the workers who all along rejected this new system)



  9. [Meme] Modern Phones

    Sirius ‘Open Source’ is mistaking “modern” for better; insecurity and a lack of tech savvy typically leads to that



  10. The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

    Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)



  11. Links 26/01/2023: LibreOffice 7.4.5 and Ubuntu Pro Offers

    Links for the day



  12. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day



  13. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023



  14. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"



  15. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail



  16. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything



  17. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day



  18. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day



  19. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way



  20. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day



  21. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023



  22. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples



  23. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.



  24. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)



  25. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day



  26. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)



  27. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day



  28. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day



  29. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023



  30. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts