Bonum Certa Men Certa

Microsoft -- Like David Cameron -- Attacking the Computer Security Industry

Microsoft is essentially a snitching company, unconditionally serving those in power

Police



Summary: Microsoft's latest moves that help expose its real policy when it comes to computer security and people's privacy

THE OTHER day we mentioned demands for back doors, which basically would make any piece of proprietary software (where back doors cannot be removed) utterly useless for any serious work because secure communication is a cornerstone of computing in a connected environment. We also mentioned Microsoft hiding many of its existing back doors even more aggressively, essentially telling users nothing about their easy-to-compromise systems.



"Always remember that Microsoft makes money from spying on users (government subsidies for the back door access), including in cases where this directly benefits Microsoft's business interests"This article from the British press says that this "move was criticised by some security professionals, who said it would hinder organisations’ ability to quickly test and deploy Microsoft’s updates."

They should just quit relying on Windows. Sony can tell them how reliance on Microsoft Windows already caused them to be doxxed against, potentially costing the company many billions of dollars in damages. One security-oriented professional "called the change, which was made with no advance notice, an “assault” on IT security teams."

Microsoft "assaults" the IT security industry. It attacks security itself, too. To quote further from the article: "Other industry observers said the change may have resulted from a broad reorganisation at Microsoft that began in 2013 and included large-scale layoffs in the middle of last year, with the Trustworthy Computing security group shut down in September. The reorganisation is itself the result of a broad industry shift toward mobile devices which has diminished the importance of Microsoft products such as Windows.

"Prominent figures at MSRC have left Microsoft, including senior development manager Jonathan Ness and Dustin Childs, group manager of response communications. In November Microsoft discontinued a long-running webcast in which engineers gave details on the monthly updates.

"Microsoft said in a statement that while ANS is no longer public, the company may also “take the appropriate actions to reach customers” if it determines that “broad communication” is needed for a specific situation."

So Microsoft Windows bug doors are becoming more secretive now. Nice timing given Cameron's call for back doors in everything; he would be so proud. Remember that Microsoft tells the NSA (and hence GCHQ too) about these bug doors well before they are patched, even 3 months in advance (Microsoft does not bother to patch holes until much later, if ever).

GNU/Linux is completely different because the code is visible and everyone can patch holes as soon as they are revealed. There are huge software repositories for which source code is available, so even underlying applications -- not just the operating system -- can be fixed. On Windows it is a sordid mess of random downloads of binaries from the Web and so-called 'crapware' that comes preinstalled with Windows and often has malicious behaviour. As Jim Lynch put it the other day: "I guess the bottom line here is to try to avoid being the sucker by installing crapware in the first place, regardless of the operating system you are using. If you don’t understand or aren’t sure about what’s being installed THEN DON’T INSTALL IT on your system. And only install software from trusted sources that don’t engage in the freeware bundling shenanigans."

Free software has none of these issues. The user is in charge.

Caspar Bowden, whom Microsoft fired for 'daring' to care about security and privacy, talks about Microsoft's publicity stunt case (intended to make it look like Microsoft cares about security and privacy). He now says he hopes Microsoft's publicity stunt will go down in flames and here is why: "His reasoning is that the US government can use other legal instruments, such as FISA 702 or Executive Order 12333, to brush aside such niceties as Safe Harbor or binding corporate rules (BCR) to get its hands on such data perfectly legally any time it likes, and as such the whole case is a smokescreen that actually suits both parties.

""Even if Microsoft wins that case, and I hope they don't because that'll just shore up the whole rotten system, it will make no difference to surveillance by the NSA under FISA 702 or Executive Order 12333 [see below]," he told Computing.

"Bowden - who was the chief privacy adviser to 40 national technology officers at Microsoft before he was "let go" in 2011 after revealing what FISA 702 implies for the firm's non-US customers - believes that this is all for show. It is part of a campaign of "cloudwashing" on the part of government and the industry, he says, that deliberately conflates data security - over which US cloud companies and their customers can take an active role - and government surveillance, over which, for legal reasons, they cannot. FISA 702 allows the US government to install surveillance apparatus inside the data centres of US companies. These interventions are covered by the espionage law, and anyone revealing their existence could face a lengthy jail sentence, as Yahoo's Marissa Mayer revealed."

Bowden is a Brit speaking about Ireland in the British press. We are happy to see him using the term "cloudwashing" -- a term we have used a lot for years. A lot of the pro-cloud hype is about increasing surveillance; it's often the business model. Always remember that Microsoft makes money from spying on users (government subsidies for the back door access), including in cases where this directly benefits Microsoft's business interests.

Recent Techrights' Posts

In defence of JD Vance, death of Pope Francis
Reprinted with permission from Daniel Pocock
Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus
Reprinted with permission from Ryan Farmer
Approaching 10,000 Articles/Pages Since Going Static
Trying to silence or derail the site was always a dumb strategy
Microsoft is Shedding Off Loads of Staff and That Can be Dangerous Too
Working for Microsoft is a choice; nobody forces you to do it
Richard Stallman and the Unix Philosophy
When asked about systemd people must remember that RMS speaks as an active Board member of the FSF and also the founder of the FSF
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals)
Security as a term has mostly lost its meaning due to repeated misuse for many years
Serial Sloppers Are Killing the Web (They Probably Don't Care, Either)
Slop is a disease on the Web
 
Links 26/04/2025: Facebook Layoffs Again, Remembering What's Real, and Say No to Mass Surveillance
Links for the day
Links 26/04/2025: NOAA Budget Cuts and "Dog Days Ahead"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 25, 2025
IRC logs for Friday, April 25, 2025
Links 25/04/2025: Slop Fatigue and Patent Judges Flocking to Fake, Unconstitutional and Illegal Kangaroo Court (UPC, Captured 'Justice')
Links for the day
Gemini Links 25/04/2025: Night Manager and Devuan in Hosting
Links for the day
Windows Falls to New Lows in Nicaragua, Now Below a Quarter (It Used to be Almost 100%)
Another all-time low for Windows
The Cost (to Linux) of LLM Slop
Slop 'artists' like Fagioli are far from harmless
Links 25/04/2025: Ubisoft Spyware, Hegseth Fails at Tech on Every Level
Links for the day
Gemini Links 25/04/2025: Food Forest Update and Facebook Destroying the Net
Links for the day
Streaming Apps Are “Investor Fraud” That Kills the Planet
Reprinted with permission from Ryan Farmer
Things Get Increasingly Nasty at Microsoft Ahead of the Fake Results and May's Mass Layoffs Wave
They try to get people to 'resign' so that they won't count as layoffs and the company's 'wellbeing' will seem better
IBM's Debt Ballooned by 8.5 Billion Dollars in Just 3 Months!
Hallmark of a company in a state of disarray, trying to spend its way out of trouble
Big Trouble in GNOME
even GNOME people admit the CoC went wrong
Slopping the Trough: Disney Plus Loses Billions and the Decline of Physical Media in America
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 24, 2025
IRC logs for Thursday, April 24, 2025
Links 24/04/2025: GAFAM Problems and No Peace (or Ceasefire) in Sight
Links for the day
Slopfarms on the Web Almost Always Generate Anti-Linux FUD When They Produce "Linux" Output
Welcome to the dying Web
Richard Stallman's Oxford Talk Has Just Ended, Here Are Some Photos
he might hop over to another European country
Gemini Links 24/04/2025: Birthday and Good Work of Academia in Esotericism
Links for the day
Links 24/04/2025: EU fines Apple and Facebook, Another Microsoft GitHub Security Blunder
Links for the day
New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations
Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM
Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft
Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore
"I would not be surprised if we see a layoff every quarter this year."
Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours
If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies')
Things must be getting really bad when lawyers act for raving antisemites
We're Working to Make Full-Site Search Available
This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily')
Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society
another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025
IRC logs for Wednesday, April 23, 2025