Bonum Certa Men Certa

Despite Media Propaganda About Security, Microsoft Windows Remains the Least Secure Operating System, by Design

"It is no exaggeration to say that the national security is€ also implicated by the efforts of hackers to break into€ computing networks. Computers, including many running Windows€ operating systems, are used throughout the United States€ Department of Defense and by the armed forces of the United€ States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



Summary: Amid highly misleading security-centric reports that rely on Microsoft's bogus number of vulnerabilities (Microsoft already admitted hiding many of them) Techrights presents recent news about Windows 'security'

WINDOWS is not a secure operating system. It's not intended to be, either (Microsoft's actions show that security is not the goal). One cannot ever patch NSA back doors safely. When these are patched, it's already too late and newer back doors remain in tact or are being added. Trusting Microsoft to secure Windows is misunderstanding the goal of Windows ('privileged' access) and as Stuxnet serves to remind us, the real owners of Windows are spy agencies, not people who use Windows (renting it from Microsoft in exchange for payments). See this new report titled "Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS". It says that "[w]hile most of the attention this Patch Tuesday has been focused on the FREAK encryption vulnerability, Microsoft's latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet." So they hadn't fixed it for so long and finally decided to do something about it? Knowing that espionage agencies were exploiting holes and taking control of PCs that have Windows installed? Wake up and smell the coffee. These actions speak volumes.



Adding insult to injury, last week we learned that "Microsoft RE-BORK[ED] Windows 7 patch after reboot loop horror". To quote the report itself: "Reports are emerging that a twice-issued Microsoft Windows 7 patch is still causing pain for users, with some claiming the fix is triggering continuous reboots.

"The patch was first issued as KB2949927 and withdrawn in October due to system faults, before being re-released this week as KB3033929."

So our conclusion is that even when Microsoft offers so-called 'patches' or 'security' there are negative consequences which are too risky to accept. For more information see this article titled "Problems reported with Microsoft patch KB 3002657, warning issued on KB 3046049". A lot of people are still using Windows XP, which receives no patches at all. Some genius, eh?

Some Web sites are now claiming that the NSA and fellow espionage operations have been largely responsible for the SSL hole someone dubbed "FREAK". Of course, despite media spin and a clear Microsoft role (perhaps inside knowledge becoming public), the flaw affects Windows as well (all versions) and Microsoft failed to properly address the problem when it was already known (advertised as public knowledge). "The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators," according to one British news site/magazine which focused on security. CBS covered this only after it had been wrongly spun as a Linux and Apple issue. "Microsoft was late with the announcement so that the press could focus on Android and iOS and make it look like their problem," said iophk. Microsoft took many weeks to do anything, which gave enough time for passwords to be intercepted and for entire networks to be compromised. So again we are being reminded that Microsoft just doesn't take security seriously. While some reports try to frame Windows as most secure because Microsoft hides many flaws and games the numbers to make the competition look bad, anyone with experience in this area ought to see that Microsoft's encryption was always bogus, and very much by design! Here is another brand-new example of Microsoft 'security' in action: "Microsoft is scrambling to block a fraudulent HTTPS certificate that was issued for one of the company's Windows Live Web addresses lest it be used by attackers to mount convincing man-in-the-middle attacks."

Soon enough, based on some observers, Microsoft Windows-running "PC will become slower as it will serve the updates to another client."

It is a peer-to-peer approach that externalises cost and liability. Is Microsoft really trusting this to work better given the above reports about man-in-the-middle attacks and fraudulent HTTPS certificates? Platforms with back doors cannot ever be relied on for serving security to other systems. It's a collective compromise. Botmasters will love it!

Our last piece of relevant news deals with Pwn2Own. The headline says that "security [is] still a myth on Windows PCs" [via] and that it took just one day to crack Windows. To quote: "Day one of the 2015 Pwn2Own hacking contest in Vancouver, Canada, saw big wins for contestants and headaches for software makers: competing teams successfully exploited fresh vulnerabilities in Adobe Flash and Reader, Microsoft's Windows and Internet Explorer, and Mozilla's Firefox, to hijack PCs."

Was it Firefox on Windows as so often is the case? Not even Tor is secure on Windows.

Recent Techrights' Posts

Slopwatch: LinuxSecurity, UbuntuPIT, and Google News
We've also just noticed more slop from UbuntuPIT
 
Links 09/10/2025: Farewell to Jane Goodall, California Bans Algorithmic Price-Fixing
Links for the day
Gemini Links 09/10/2025: Lost Wages and a Saga Of Continuing To Use Palm PDAs
Links for the day
Richard Stallman's Talk in Helsinki is Done. Tomorrow Göteborg.
There are scarce details in Finnish about Dr. Stallman's talk
New XBox Leaks Probably Serve to Confirm XBox's Collapse (Many More Layoffs)
It's very much consistent with what many other sites have reported lately
The Slop Song
The train wreck marches on
LLM Slop/Advanced Plagiarism Flooding the Zone With Capital That Does Not Exist
Many publishers out there still participate in this bubble instead of calling it what it is
Links 09/10/2025: Sacked Microsoft Workers Make "Sackbird", IBM Taps CockroachDB for PostgreSQL
Links for the day
"Happy Hacking Day" Richard Stallman Talk This Afternoon (From 14:00 to 16:00) at Haaga-Helia University in Pasila
Richard Stallman in Helsinki, Finland
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 08, 2025
IRC logs for Wednesday, October 08, 2025
Links 09/10/2025: Impact of Microsoft Layoffs, More Data Breaches
Links for the day
Gemini Links 09/10/2025: Autumn Blues and C IRC Bot
Links for the day
Slopwatch Appreciated by Real Authors of GNU/Linux Articles
We do try to keep on top of those things
Upgraded R.R.R.R.R.R. Today
The Web of 2025 is full of garbage, not limited to slopfarms
Freedom From Proprietary Prisons
Forking always an option
IBM's Watson Died in 1956, Now Watson Dies Again
IBM is becoming just a reseller of GAFAM and other stuff
Microsoft Says That Constant Mass Layoffs Are Success, the Media Isn't Buying This Microsoft Narrative Anymore
If people in the media feel an obligation to repeat whatever lies Microsoft tells, what point will there be to the media?
Links 08/10/2025: "Mali Puts Free Speech on Trial" And Apple Enforces Dictatorship
Links for the day
Links 08/10/2025: ‘Death to Spotify’ and Law to Ban Loud Commercials on Streaming (Dis)Services
Links for the day
Links 08/10/2025: Real Innovation and Nina.chat is Dead
Links for the day
Links 08/10/2025: Y2K38 Bug is a Vulnerability, Chat Control in Europe a Threat
Links for the day
Microsoft Windows is No Longer an Operating System, It's Surveillance Project
Why is this even legal to preload on PCs outside the US?
How and Why Once-Legitimate Sites Turn Into Slopfarms
Many sites will go offline and many social control networks will shut down once they realise or even openly admit they spend money and time gardening a bunch of bots and slop
UbuntuPIT Became a Slopfarm and Gnoppix Tarnishes Its Own Brand With Slop
It fits all the characteristics of mildly-edited (if at all) slop
Slopwatch: Linux Journal and Other Slopfarms
GAFAM needs to go the way of the dodo
Gemini Links 08/10/2025: "Seek Seek Revolution" and Gradient Backgrounds
Links for the day
Qualcomm Arduino Takes Aim at Raspberry Pi
Qualcomm is a Microsoft partner
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 07, 2025
IRC logs for Tuesday, October 07, 2025
Stagnation of the Economy and What Free Software Can (or Could) Do For It
If your economic model is based on a pyramid of lies, it won't last very long
Social Control Media is Sinking
it would rightly seem like the era of centralised "social" sites (they're not social, they're about controlling the users) is ending, not overnight but gradually
Participation in Cancel Culture Detrimental to One's Career
A cautionary tale
Passion Wins
we've increased the number of birds we feed to 100+
How Solderpunk and Sean Conner Started Gemini Protocol (and, Collectively, Geminispace) Back in 2019
Based on the "official" history
Arduino is Now a Patent Bully (Qualcomm)
Qualcomm has just bought Arduino
Many Years of Microsoft Cancellations and Faked (Acquired) Revenue "Growth"
XBox is basically the "next Skype"
The Comment TheLayoff.com Has Just Censored for Criticising a Ridiculous Puff Piece of IBM Management
If comments get censored for their "style" rather than their substance, then society will be worse off
The Power of Writing Down Facts
The more we write and publish, the more people will know what happened
Microsoft's Non-Denying Denial About XBox's Death is Already Being Shattered to Pieces
Like Microsoft's 'open' 'hey hi', heralding meaningless non-committing agreements with AMD is little more than vapourware
Slopwatch: UbuntuPIT Joins the Slopfarms Club
Slopfarms gonna slop
Links 07/10/2025: Privacy at Risk, GAFAM Remains Off the Hook
Links for the day
Gemini Links 07/10/2025: Modern Retro Console Idea and Batch vs Bash
Links for the day
Links 07/10/2025: International Criminal Court (ICC) Convicts Ali Kushayb; Moroccan Imprisoned for 'Offensive' Shirt
Links for the day
Links 07/10/2025: EU' Chat Control is Back, US Cracks Down on Democracy
Links for the day
Techrights Pursues Justice and Truth Because, Without Those, Society Descends Into Chaos
most people reject dogma and pseudoscience
Upcoming Talks by Richard Stallman in Helsinki, Göteborg, and Rome
Join with him and share the software
Something Bad is Happening in the Open Source Initiative (OSI)
The latest OSI blog post is from a Microsoft operative and a few weeks ago the Executive Director left
TLS 1.3 Dominates Geminispace (99% of Known Capsules)
it's nowadays safe to assume almost every capsule can handle TLS 1.3
Why soylentnews.org Has Been Having Technical Difficulties Lately
The network has been going up and down quite a lot this past week
A Statement Against Violence
The facts are on our side
They've Run Out of Things to Rebrand or Label as "AI"
The next few years will be interesting because if Microsoft lays off tens of thousands of workers each year, there won't be much left except mountains of debt and dying brands
The Register MS is Still Being Paid to Participate in the "AI" Ponzi Scheme Which Will Crash the Economy
The Register MS is hoping to get lucky by tricking people into a scam
Richard Stallman Confirms His Talk in Göteborg This Coming Friday
"The hosts say that the list will not be given to the state"
Most of the "Linux" Results This Morning in Google News Are LLM Slop From the Same Slopfarm, Plagiarising Phoronix
The main question is, does Google even care at this point?
Gemini Links 07/10/2025: Civil War and "Goodbye Web"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 06, 2025
IRC logs for Monday, October 06, 2025