EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.15.11

Negligence at Microsoft, Not ‘Market Share’, Causes Major Technical Problems

Posted in Deception, Microsoft, Security, Windows at 11:51 am by Dr. Roy Schestowitz

Not a victim of “success”

Swing

Summary: Microsoft’s vanity about market share is being used as a distractor in face of allegations that its software is inherently shoddy

THE MONOPOLIST (poor Microsoft) loves blaming its illegally-earned market share on the desktop for security problems, but as we explained yesterday, this is a nonsensical argument and it is negligence [1, 2, 3] — not installed base — which makes software vulnerable. Vista 7 is not secure and even Microsoft’s fanbase is willing to admit this. And in Windows, the “latest hole will soon be patched after a decade of vulnerability,” says a blogger. It is not the first such example of belated patching. If Microsoft’s installed base is the reason exploitable errors can be found, why has it taken a decade? The matter of fact is, less auditing of code lowers the quality of the code. Developers can get away with terrible programming practices and security is assumed to be assured by secrecy, not peer review that requires full transparency. This explains not only why Microsoft software is not secure but also why it is of such low quality (which makes the coders embarrassed to show it). As mentioned briefly in the daily links, Microsoft Fog Computing turns out to be as unreliable as its desktop-side software:

Customers on BPOS in the US and worldwide were kicked off their hosted Exchange email systems, being unable to read, write, or access their messages. All users were affected – from down in the cubicle farm all the way up to the CEO’s corner office. The outages started Tuesday and came after weeks of the service slowly degrading.

In conclusion, secret code is shoddy code. Free code is high-quality code. The more a stack uses components like Linux and Apache, the more solid it is likely to be. Every day I write software that will be freely shared; the visibility of the code comes with a burden — the burden that the code should actually be decent and well tested, not “spaghetti” as Vista’s codebase was once referred to as.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. Needs Sunlight said,

    May 16, 2011 at 2:51 am

    Gravatar

    Incompetence as much as negligence is likely to blame.

  2. TemporalBeing said,

    May 19, 2011 at 12:15 pm

    Gravatar

    Microsoft has several problems on the security front:

    1. They don’t have a very good patch management system, likely due to their source code management practices. The big problems result in one patch fixing an issue, and another unfixing it; this then goes round and round over years.

    2. Win32 by design is insecure and cannot be fixed. The basic interface for applications with the Windows API is a system that utilizes and object called a HANDLE. Applications are suppose to use the HANDLE to do something, and then clean it up when they’re done. However, there is not protection against one application getting a HANDLE for an object of another application. Furthermore, a HANDLE is merely a _pointer_ into one of several different tables (which one depends on the use of the HANDLE) inside kernel space, and by the way there is no method to authenticate the validity of a HANDLE – at least from the application layer.

    What this means is that Win32 by design allows other applications to put bugs into your application. here’s one very valid example:

    Your application creates a text box that is suppose to only be 256 characters long. You specify this on the creation of the text box. You properly use the text box to get the 256 characters.

    However, your friend BillB writes another application that accesses your text box and changes it to be 64536 bytes long, and inserts a lot of extra text into it to use up the entire space. Windows updates your text box to be the size BillB’s application said it is, but its YOUR text box, not BillB’s. Your application is now subject to a buffer overflow attack through no fault of your own. (Your application properly used the text box.)

    That is just one attack vector – and it applies to any use of a HANDLE to do something – whether it is a text box or a lock; yes, Locks use HANDLES – so BillB’s application could access one of your locks and cause your application to go into a Deadlock situation -or worse, unlock something at the wrong time. There are simply no protections and no method of protecting against those kinds of attacks – it’s the design of the Win32 API.

What Else is New


  1. This Article About GitHub Takeover Never Appeared (Likely Spiked by Microsoft and Its Friends Inside the Media)

    And later they wonder why people distrust so much of the media (where paying advertisers set the agenda/tone)



  2. Raw: How Microsoft and/or the EPO Killed an Important EPO Story About Their SLAPP Against Techrights and Others

    Spiking a story about spiked stories about corruption



  3. The Linux Foundation 'Bootcamp' -- Badly Timed and Badly Named in June 2020 -- Only Uses Linus Torvalds Like a 'Prop' (for Legitimacy) While Promoting Militarised Monopolies

    Sometimes a picture says a lot more than words, especially in light of political events in the US and a certain Chinese anniversary we cannot name (Microsoft censors mentions of it)



  4. IRC Proceedings: Thursday, June 04, 2020

    IRC logs for Thursday, June 04, 2020



  5. The Gates Press (GatesGate) -- Part II: When Media That You Bribe Calls All Your Critics 'Conspiracy Theorists' (to Keep Them Silenced, Marginalised)

    The assault on the media by Bill Gates is a subject not often explored by the media (maybe because a lot of it is already bribed by him); but we're beginning to gather new and important evidence that explains how critics are muzzled (even fired) and critical pieces spiked, never to see the light of day anywhere



  6. GitHub is Not Sharing But 'Theft' by Microsoft

    Microsoft buying GitHub does not demonstrate that Microsoft loves Open Source (GitHub is not Open Source and may never be) but that it loves monopoly and coercion (what GitHub is all about and why it must be rejected)



  7. The Huge Damage (Except for Patent Lawyers' Bottom Line) Caused by Fake European Patents

    The European Patent Office (EPO) keeps granting fake patents that cause a lot of real harm (examiners are pressured to play along and participate in this unlawful agenda); nobody is happy except those who profit from needless, frivolous lawsuits



  8. Red Hat/IBM Got 'Tired' of RMS. Is It Getting 'Tired' of GPL/Copyleft Too?

    After contributing to the cancellation of Richard Stallman (RMS) based on some falsehoods perpetuated in the media we're seeing the sort of thing one might expect from IBM (more so now that it totally controls Fedora and RHEL)



  9. Links 4/6/2020: Proton 5.0-8 Release Candidate, GNU Linux-libre 5.7

    Links for the day



  10. IRC Proceedings: Wednesday, June 03, 2020

    IRC logs for Wednesday, June 03, 2020



  11. Social Engineering of Free Software, Based on Corporate Criteria

    What "professional" nowadays means in the context of coding and honest assessment of technical work



  12. Weakening GNU/Linux by Disempowering Its Leaders and Founders, Replacing Them With Microsoft Employees and GNU/Linux-Hostile Moles

    The coup to remove (or remove power from) Stallman and Torvalds, the GNU and Linux founders respectively, is followed by outsourcing of their work to Microsoft’s newly-acquired monopoly (GitHub) and appointment of Microsoft workers or Microsoft-friendly people, shoehorning them into top roles under the disingenuous guise of "professionalism"



  13. Sword Group Violates Its Own Commitment by Working for the EPO

    The European Patent Office (EPO) keeps outsourcing its work to outside contractors (for-profit private entities) to the tune of hundreds of millions if not billions — all this without any oversight



  14. In 2020 Canonical No Longer Fights for Freedom

    Freedom requires a GNU/Linux distro other than Ubuntu, which seems unwilling or unable/incapable of speaking about and promoting the ideals of GNU/Linux



  15. We Need to Use the F Word (Freedom) to Promote Adoption of GNU/Linux

    "People get the government their behavior deserves. People deserve better than that." -Richard Stallman



  16. People Who Want to Explore GNU/Linux With Ubuntu See This Today

    "Wait, am I in a GNU/Linux blog or another Windows blog," a visitor might think... or, is Microsoft 'taking over' messaging at Canonical? (Same with code)



  17. Links 4/6/2020: Septor 2020.3, Nextcloud and Blender 2.83

    Links for the day



  18. Hey, Where's Red Hat (IBM)?

    Red Hat is conspicuously silent at these critical times (in its home country); Must be too busy hailing and cashing in on Trump's military (state) while dishing out shallow and self-contradictory diversity PR/fluff…



  19. Microsoft's Latest Vapourware About Supercomputers

    Microsoft has spent almost two decades dropping supercomputers vapourware on the media, but those misinformation dumps always turn out to be 100% hot air, no substance



  20. 2020: A Time for Resolutions or Revolutions?

    There are nonviolent means by which the current system can be corrected; we need to convince peers and relatives to change the way they behave and not cooperate with unjust elements of the system



  21. IRC Proceedings: Tuesday, June 02, 2020

    IRC logs for Tuesday, June 02, 2020



  22. The Gates Press (GatesGate) -- Part I: Lost the Job After Writing an Article Critical of Bill Gates for Attacking Some Actual, Legitimate Charities (Because They Had Spread GNU/Linux)

    The sociopaths from the fake 'charity' of Bill Gates would go to great lengths to squash criticism and also to eliminate critics; this series tells the story of some of those personally affected



  23. Don't Fall for the Spin, Microsoft is Laying Off Workers and It's Not Just Because of the Pandemic





  24. All They Want is Litigation, Not Innovation

    It's getting difficult to ignore or to overlook the fact that the 'litigation lobby' (the likes of Team UPC and today's EPO management, guided by groups like the Licensing Executives Society International) doesn't care about innovation and is in fact looking to profit by crushing innovation



  25. Reminder: Microsoft Profits From Crushing Protesters for Donald Trump

    Don't lose sight of the fact that what's going on in the United States right now is very profitable to Microsoft



  26. No, GNU/Linux Isn't at 3% and Windows Isn't at Over 90%, Either

    This ludicrous idea that "Linux" (however one defines it) enjoys just 3% of the "market" is false and it should be treated as laughable spin (it is being widely promoted this week, often by Microsoft boosters looking to make charts where Windows stays at above 90% and Vista 10 is 'gaining'... at the expense of Windows)



  27. Links 3/6/2020: Devuan Beowulf 3.0.0 and Tails 4.7 Released

    Links for the day



  28. Links 2/6/2020: New Firefox Release (77), Debian-based MX Linux 19.2, KDevelop 5.5.2, GNU/Linux Growth on Desktops/Laptops

    Links for the day



  29. Techrights Can Figure Out Source Protection/Anonymisation Whilst Operating Very Transparently

    We're still quite radically transparent whilst at the same time enjoying 100% source protection record; we're also improving the software we use to publish more quickly and efficiently



  30. IRC Proceedings: Monday, June 01, 2020

    IRC logs for Monday, June 01, 2020


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts