05.20.11

Gemini version available ♊︎

It’s Not a Virus If the User Needs to Actually Install It

Posted in Apple, GNU/Linux, Microsoft, Security, Vista 7, Windows at 7:23 am by Dr. Roy Schestowitz

Virus

Summary: Rebuttal to security FUD from the Microsoft crowd amid attack on the US Energy Research Lab, which got cracked because of Windows

GOOGLE abandons Windows due to security reasons. It’s really quite simple. But if enough Microsoft people (e.g. former staff) manage to enter news sites, then “news” becomes just agenda-filled propaganda. That’s what happened in the BBC, which we call the MSBBC. Not too surprisingly, Microsoft's Bought Bot and MSBBC, which loves to post FUD about Android every time someone is able to do something to break it (we covered just one such example recently even though there are more), are at it again. In order to fight the perception that Windows is insecure by design (which it is, even by Microsoft’s own admission) they try to paint other platforms as “inseucre”, by improperly naming malware “virus” or something along those lines. This usually requires that the user should be actually be installing it (not drive-by), in which case the software is granted permission to do exactly what it was designed to do.

SJVN writes a rebuttal to the Bought Bot by noting that “One in fourteen Internet downloads is Windows malware” (not the same as viruses):

Yes. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use, “1 out of every 14 programs downloaded is later confirmed as malware.”

If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”

Window PCs has far, far more malware trouble than Macs, and I can’t resist mentioning that after in twenty-years of Linux, we’ve not seen a real-world example of Linux malware–not counting the Android malware mess. Ironically, these latest appalling Windows malware numbers are shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.

There is another new pattern of FUD at the moment, where a weakness that affects virtually all phone platforms is ascribed only to Android. Linux is winning, so it is becoming a prime target for FUD. One of our reader supplies this recent link on “Wild Android Growth”. It says that “100 million Android devices have been sold, more than Apple… 36 OEMs, 215 carriers, and 450K developers push Android/Linux, 310 different devices sold in 110 countries, 400K activations daily, 4.6 per second, 200K available applications exist, and 4.5 billion installations of applications have been done, an average of 45 per device.”

Suffice to say, there is also patent as well as copyright FUD against Android and it comes from someone whom Microsoft Florian has been repeatedly interacting with recently. He used to work for Microsoft. “I think it’s more likely not about press for himself for himself as for press on the issue,” writes Pamela Jones, “preparatory to more hijinks filing of bogo-complaints against a Microsoft competitor.” It’s like mercenaries galore.

In other news, “U.S. Energy Research Lab Still Recovering From Internet Explorer Exploit,” says this report:

The Department of Energy’s largest science and research lab in Tennessee is still recovering from a sophisticated attack from hackers intent on stealing information from the lab in early April.

The attack left the lab in a communications limbo for two days as technicians dealt with its aftermath.

“Most of the staff are back up, and the business functions are performing as usual,” said Barbara Penland, the Oak Ridge National Laboratory’s director of communications. “But as you can imagine, when we were trying to get everything back up in a hurry, there were some shortcuts taken, and now the IT folks are rebuilding things in the background, and building some things that will make us more secure.”

“US nuclear materials lab, Oak Ridge, and RSA done in by Windows and IE attack in April,” explains a contributor of ours. “The only common “Advanced Persistent Threat” shared by the two is Windows,” he adds, quoting:

To deal with the attack, Oak Ridge lab’s technicians had shut down access to its e-mail systems and some of its servers for more than 48 hours. They found that it was an attack that relied on a combination of social engineering and an unknown security hole in Microsoft’s Internet Explorer browser. … the attack is noteworthy because it was clearly an attempt to steal information from a facility that is at the heart of America’s materials, national security and energy research. …

The characteristics of the this latest attack also appear similar to those used in the widely-publicized SecurID phishing attack, which compromised the computer security company RSA’s widely-used product. In the RSA attack, a malicious Flash object in a scam Excel file was used to infect recipients’ computers with malicious computer code.

Incidentally, he add that “NSA tells people to buy Vista/Windows 7 or OSX instead of moving to free software. They probably justified the omission based on perceived OS prevalence but most of the measures recommended are useless and real security is easier to find in freedom than in jail.”

We wrote about the NSA issue quite recently [1, 2]. To the FBI, for example, malware is not a bad thing, it's just business as usual. To them, insecurity at the user level is an advantage. Security means “securing those in power from the population” when it comes to secret agencies.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 7/12/2021: Plasma Mobile Gear 21.12 and Tails 4.25

    Links for the day



  2. All IRC Logs Now Available as GemText Over Gemini Protocol

    Today we've completed the transition from plain text over gemini:// to GemText over gemini:// for IRC logs



  3. IRC Proceedings: Monday, December 06, 2021

    IRC logs for Monday, December 06, 2021



  4. [Meme] Rowing to the Bottom of the Ocean

    The EPO‘s Steve Rowan (VP1) is failing EPO staff and sort of “firing” workers during times of crisis (not at all a crisis to the EPO’s coffers)



  5. EPO Gradually Reduced to 'Fee Collection Agency' Which Eliminates Its Very Own Staff

    Mr. Redundancies and Mr. Cloud are outsourcing EPO jobs to Microsoft and Serco as if the EPO is an American corporation, providing no comfort to long-serving EPO staff



  6. Linux Foundation 2021 Annual Report Made on an Apple Mac Using Proprietary Software

    Yes, you’re reading this correctly. They still reject both “Linux” and “Open Source” (no dogfooding). This annual report is badly compressed; each page of the PDF is, on average, almost a megabyte in size (58.8 MB for a report of this scale is unreasonable and discriminates against people in countries with slow Internet connections); notice how they’re milking the brand in the first page (straight after the cover page, the 1991 ‘creation myth’, ignoring GNU); remember that this foundation is named after a trademark which is not even its own!



  7. Links 7/12/2021: OpenIndiana Hipster 2021.10 and AppStream 0.15

    Links for the day



  8. Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

    Guest post by Ryan, reprinted with permission



  9. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  10. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  11. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  12. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  13. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  14. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  15. Links 6/12/2021: HowTos and Patents

    Links for the day



  16. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  17. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  18. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  19. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  20. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  21. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  22. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  23. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  24. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  25. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  26. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  27. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  28. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  29. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  30. Links 4/12/2021: Gedit Plans and More

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts