06.26.15

Proprietary Software on Top of Proprietary Software (AV on Windows) Only an Illusion of Security

Posted in Free/Libre Software, Microsoft, Windows at 11:21 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Remarks on the recent revelations about code and communication interceptions targeting insecurity firms and Microsoft’s claim that ‘transparency’ alone would be enough to assure security

RECENT reports about state surveillance on anti-malware/virus software (which could not detect Stuxnet, for example, making this more like snake oil) have led to the claim that Microsoft Windows cannot be made secure, not even with additional ‘security’ software. “Security by obscurity” does not work when the state can see everything and also sponsors the world’s biggest (and best funded) cybercrime operations. Windows is simply not designed to be secure and security is not the goal as the underlying design serves to prove. As Pogson put it this week:

Given That Other OS is just about everywhere and is helpless without anti-malware software, the NSA and others have studied the anti-malware software to exploit it as a back door to TOOS… Ironic, isn’t it?

Microsoft and security don’t belong in the same sentence. As FOSS Force reminds us, this NSA ally with worst of spyware uses the “transparency centers” [1] sham that we wrote about earlier this month. They are replacing software freedom with “transparency” nonsense. They pretend that “transparency” somehow improves security. It doesn’t.

The only way to perpetually and universally verify (by audit) the security of software, or pressure its maker/distributor to pursue genuine security at all times, is to ensure the software is Free software. Microsoft’s longtime employee (on and off for years at a time) and occasional mole inside FOSS [1, 2, 3, 4] says that Free software has not won and even uses a picture of a pig to prove it or at least make his case (crass, but typical of him). Don’t let these people shape the consensus; after the NSA leaks a lot of semi-technical people can easily understand that Free software is the only way to go. Secrecy, like secret (proprietary) code, is as trustworthy as politicians. It’s time for proprietary software to go. Backbone infrastructure sure is heading towards Free software-only (as a matter of policy), as several consortia already serve to demonstrate. It’s going to be a harsh reality for Microsoft.

Related/contextual items from the news:

  1. The NSA, Windows & Antivirus

    Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.

    [...]

    The spooks have been reverse engineering. They’ve been dismantling Karpersky’s software, searching for weaknesses. They’ve been mining sensitive data by monitoring the email chatter between Kaspersky client and server software. In other words, while IT security folks outside the U.S. have been keeping a wary eye on their Windows servers while trusting their antivirus to be a tool to help them secure the unsecurable…well, their antivirus software has been being a Trojan in the truly Homeric sense of the word.

    [...]

    In the meantime, Windows becomes less safe by the minute for corporations and governments hoping to keep private data private. I’m certain that Red Hat, SUSE, and even Ubuntu are taking advantage.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Wednesday, December 02, 2020

    IRC logs for Wednesday, December 02, 2020



  2. Links 2/12/2020: Multi-Touch Gestures in elementaryOS, DXVK 1.7.3

    Links for the day



  3. Links 2/12/2020: ZaReason RIP, Rancher Now SUSE-Owned, OSI Board Director Works for/on Azure

    Links for the day



  4. [Meme] Espionage With Spyware: Slack's Data Sold to Company That Helps ICE Kidnap Children and Forcibly Sterilise Women

    There's now an additional good reason to boycott Slack's malware, which is basically surveillance of workers disguised as 'collaboration'



  5. IRC Proceedings: Tuesday, December 01, 2020

    IRC logs for Tuesday, December 01, 2020



  6. The World is Ill

    Not only Europe's second-largest institution (the EPO) is morbidly if not critically ill; the OSI is now a zombie controlled by Microsoft and friends, much like the so-called 'Linux' Foundation



  7. Censored EPO Publication: Staff Representatives Cannot Comment on the Survey Conducted by the Office's Management

    EPO management tried to muzzle EPO staff after the Office-wide staff survey turned out to be “nothing short of a disaster.”



  8. Censorship at the EPO is Counterproductive, Rendering the Censored Publications More Seductive and Censored People More Disgruntled

    The efforts to gag Techrights or to intimidate us have all been unfruitful; in a sense, they encouraged us to focus on EPO scandals even more and arguably invoked the 'Streisand Effect' at the EPO (most workers read this site, no matter what their bosses say)



  9. EPO Management Has No Plans Other Than Granting Loads of Invalid Patents (e.g. Software Patents) to Pocket Fees and Then Grift/Gamble With the Money

    The EPO does not know what the hell it’s doing; it’s more of that magical festival-like thinking, as if running a patent office is Eurovision



  10. Links 1/12/2020: KDE Plasma 5.20.4, GNU Octave 6.1, OpenZFS 2.0, and PinePhone KDE Community Edition

    Links for the day



  11. [Meme] Public Servants Who Only Serve Themselves and Their Predecessors (Who Gave Them the Job)

    The Benoît Battistelli-appointed António Campinos (an old friend of his) isn’t just covering up the EPO‘s financial scams but contributes to these; when will this house of cards (arse-covering) fall and will that take a special (independent) investigator?



  12. Censored EPO Publication: Battistelli Can Have His Multi-Billion Euro EPO Scam, So Why Can't Campinos Too?

    Mr. Campinos, seeing what Mr. Battistelli has managed to get away with (the Commission approves, having been infiltrated by friends of the ringleaders), piggybacks or follows the steps of his appointer by blasting almost a billion euros on a worthless project with no real purpose and the Central Staff Committee (CSC) warns it has "very high risk of mismanagement and fraud"



  13. Staff Representation of the EPO Explains to EPO Management That It's Breaking the Law, Robbing the Staff, and Lying to Staff

    Human rights, basic dignity and labour protections of EPO staff are routinely violated and the staff is also being robbed based on false pretenses; the staff representatives write to refute "[t]he Office’s report [which] has been made available on the Intranet"



  14. European Commission's Thierry Breton Covers Up EPO Corruption For His Friend Benoît Battistelli

    Thierry Breton is the sort of official who causes people to vote for Brexit (or similar exits from the EU); he’s enthusiastically defending EPO corruption and he also calls for constitutional violations in many member states — all in the name of patent maximalism (Team UPC’s coup attempt)



  15. IRC Proceedings: Monday, November 30, 2020

    IRC logs for Monday, November 30, 2020



  16. Links 30/11/2020: GhostBSD 20.11.28, Nitrux 1.3.5, Linux 5.10 RC6, GNOME Circle, Microsoft Collapses Again in Web Server Share

    Links for the day



  17. Alternatives to the World Wide Web, to HTML, to HTTP/S, and to the Internet

    Looking around the Web (yes, the Web) for alternatives to the Web (and the stack underneath the Web), we're finding that IPFS is mature and robust enough for our needs



  18. Management of the EPO Dragged to the International Labour Organisation Over Its Assault on the Right to Strike

    Opinion on strikes challenged by the Central Staff Committee of Europe's second-largest organisation; if strike rights are almost abolished there, what hope is there for the rest of Europe?



  19. [Meme] Management of the EPO Cannot Let the Staff Breathe or Smell Freedom

    Working for the EPO means giving up on one’s human rights; that’s the sort of conclusion many workers have reached



  20. “ViCo” is Nothing New (Not Even the Acronym), Done on 9/11 Last Year, Been Possible as Long as the EPO Has Existed

    Contrary to what many people are led to believe, the EPO isn't embracing innovation, it's just embracing COVID-19 and leveraging lock-downs (de facto house arrest to some) to impose an illegal practice on EPO staff and EPO stakeholders



  21. Release: Early Letters and Documents About Financial Hoax Disguised as EPO 'Study'

    It was over a year ago that staff representation at the EPO expressed concerns about what would later enrage workers — seeing that based on unscientific fabrications the EPO would take away what had been promised to them



  22. IRC Proceedings: Sunday, November 29, 2020

    IRC logs for Sunday, November 29, 2020



  23. Managing IP: Puff Pieces Galore for the EPO's Dictatorship (Complete With Buzzwords and PR Stunts)

    By giving a platform to notorious patent trolls and ‘engaging’ with the EPO‘s dictator (whom only 3% of EPO staff trusts) Managing IP is sort of giving away its real agenda, which isn’t journalism but conducting or assisting misinformation campaigns



  24. Links 29/11/2020: Genode OS Framework 20.11, Linux 5.11 Kernel Changes, and Latest in KDE Itinerary

    Links for the day



  25. Sincere Thoughts About Outreachy

    Outreachy's role in the Free software community and inclusion in the FSF's High Priority Projects, as seen from the eyes of a female coder from a minority group; she used to work for the Free Software Foundation (FSF) and she expresses concerns about what Outreachy has become



  26. Free Software Under Tyranny of Codes of Conduct as the Western Equivalent of Blasphemy Law (Corporations as the New Religion/Sponsors as Deities)

    The free speech crisis in Free software communities has enabled expulsion of opinionated people whose opinions truly matter; in their place we now have companies that bomb people, sometimes even kidnapping children and sterilising women because nothing says “Ethics” like naked fascism and corporate domination everywhere



  27. Release: 4 More Documents and Letters About the Financial Siege at Europe's Second-Largest Institution

    Documents disputing the accuracy of the "hoax" from António Campinos and the Mercers



  28. One Year Ago: The Last EPO Demonstration Before COVID-19

    About a year ago staff of the EPO apparently had its last protest (in front of the Isar building) before staff got ‘herded’ into homes, where workers became more isolated and even illegally spied on



  29. [Meme] Unified Patent Court Agreement (UPCA) is an Attack on Europe and the European Businesses That Don't Do Litigation

    Litigation lawyers and patent zealots want to set Europe ablaze with legislation that they themselves crafted; thankfully, however, they face constitutional obstacles, no matter how many politicians they bamboozle and buy



  30. Reasons EPO Staff Decided to Go on Strike This Year (Before or Until Coronavirus Prevented It)

    An year-old letter from the Staff Union of the European Patent Office (SUEPO) to the President of the EPO; 7 reasons for going on strike are enumerated


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts