Bonum Certa Men Certa
Links 19/7/2021: Handbrake 1.4 Release and Devuan 4.0 Alpha | Links 20/7/2021: Kodachi 8.7, GNOME 40.3, GNOME 41 Alpha

Is Microsoft a National Security Threat?

Reprinted with permission from Mitchel Lewis

Ransom infection vector



Despite entire industries and trade disciplines existing solely to manage Microsoft architecture and mitigate attacks against it, including a partner network consisting of 17 million+ IT professionals, 99% of all ransomware attacks still occur on Windows. Meanwhile, Microsoft architecture, including its cloud services, maintains a monopoly on botnet, brute-force, malware, phishing, virus, and zero-day attacks just the same. From individuals and small businesses to enterprises and government entities with unlimited IT budgets, everyone standardized on seemingly unsecurable Microsoft architecture are being phished, breached, exploited, and ransomed daily with no end to this in sight. Not even Microsoft is safe from this digital blitzkrieg, hence why they tell us to “assume breach”.



This isn’t to say that Linux OSs and macOS don’t see these attacks on their platforms though; they have and will again. Long-term savings and productivity advantages aside, they just don’t garner the same level of attack that Windows does, nor are they as likely to get exploited at the same rate as Windows when they are attacked. Put simply, Mac and Linux have a smaller attack surface and get to treat Windows like an umbrella against attacks due to its prominence in the OS space. Both of which are the two primary reasons why I maintain that the best thing that organizations can do to mitigate these attacks, for now at least, is to migrate away to macOS or a Linux-based operating system such as RedHat, CentOS, Ubuntu, etc.

With the above in mind though and when also accepting that there is no aspect of cyber, economic, environmental, homeland, human, and political security along with the security of our infrastructure and natural resources, national security if you will, that isn’t intricately dependent on Microsoft architecture, this reality alone is more than enough to warrant a discussion on whether or not Microsoft architecture is a consequent threat to national security. So, is Microsoft a threat to national security?



In order to answer this question, we first have to address why Windows and other Microsoft services are being breached so often in the first place. We have to see if they can be faulted for this present state, if there is another causal problem that’s beyond their control, or if anyone with their market share is destined to be a victim of their own success and dominance. And to be fair, not everyone will agree with my assessment above or below.

MalwareTech

For one and in response to a previous article where I suggested migrating to macOS and Linux to mitigate these aforementioned attacks, Michael Gillespie, and Marcus Hutchins (MalwareTech) seem to think that Microsoft architecture is exploited most frequently simply because it is the most prominent architecture and that migrating wouldn’t render you any less vulnerable. Put simply, they seem to think that differing attack surfaces are irrelevant to rates of exploitation and that macOS would be exploited at the same rate as Windows if the tables were turned with respect to market share.

Meanwhile, I’m not denying that that prominence is a factor, at all, I’m just saying that attack surface is on the same footing as prominence and that other solutions with smaller attack surfaces will be attacked and exploited at a lesser rate with the same market share which they disagreed with. However, it is also my stance that Microsoft’s anti-competitive practices aimed at obtaining and maintaining their dominant market share with low-quality products has further exacerbated this issue into what we have before us today; more on this later.

Why this matters to the question of whether or not Microsoft is a national security threat is simple. By suggesting that Microsoft is merely a victim of its own success and that anyone with their market share would see the same rate of exploitation, they’re also absolving Microsoft of responsibility for the present state of threat. But by suggesting that Microsoft’s galactic attack surface is equally responsible with their dominance for their security woes and that Microsoft wouldn’t be in the position they are in now if they had quality products that didn’t have to rely on anti-competitive practices to maintain market share, I’m naturally shouldering Microsoft with their share of the blame in the threat posed to America’s IT infrastructure at present.

One immediate problem with the prominence argument though is that those relying on it seem to resort to it in response to the suggestion of migrating to macOS or RedHat in an effort to mitigate attacks. If you really think about it though, this is irrational and shouldn’t discourage anyone from making the switch. Based on their own logic, Mac and RedHat users would still be much better off than Windows users so long as Windows remains dominant and continues to take all of the flak and function as an attack umbrella.

That said, I’m failing to see how this argument is relevant to their stance, how it invalidates my suggestion, or how it could discourage anyone from migrating to Mac or Linux so long as Windows maintains a dominant market share. If anything, those leveraging this argument seem to be unwittingly reinforcing my suggestion of treating Windows like an umbrella; all of which I’m totally fine with.

Another odd aspect of the prominence argument is that I have yet to see an actual post-mortem or a root cause analysis faulting the dominant market share of Windows as a causal reason for <insert any breach/exploit/ransomware attack here>. In fact, Microsoft doesn’t even take the prominence stance. Instead, their root cause analyses focus on the attack surface, mistakes/oversights, mitigation steps, etc. The anatomy of a breach is never reduced to “They hate us because they ain’t us.” by people who are actually paid to do RCAs for a living as Hutchins and Gillespie suggest; if only it were that simple.

Another major flaw in the prominence fallacy is that those invoking it are unwittingly implying that attack surface has no bearing on rates of exploitation or that the attack surface of each of these platforms is equal; which is bold to say the least. For one and given that attack surface is a function of the overall complexity of their infrastructure, no differently than ownership costs and instability, they might as well be suggesting that all platforms are equally stable with no variance in ownership costs; none of which could be further from the truth.

IBM chart

With Windows generating 3x+ the TCO that MacOS/Linux does, analysts can and do infer this is a reflection of disparity in relative complexity, attack surfaces, and stability because they all come hand in hand. Put simply, if one architecture generates significantly more ownership costs more to maintain over its lifespan than another, it’s rational to assume this is due to it being poorly engineered, consequently overly complex, and unstable; attack surface or otherwise. This is what software engineers refer to as software entropy.

And if they’re going to imply that attack surface doesn’t influence rates of exploitation then the onus is on them to support this stance with data and research. Just as complexity driving cost, instability, and attack surface is fundamental to engineers, so is a ballooning attack surface driving rates of exploitation. This is why engineers treat simplicity like their North Star. That said, great claims that run contrary to fundamentals and conventional wisdom tend to require great amounts of evidence; none of which has been furnished.

On top of lacking a fundamental precedent, yet another oddity of the prominence fallacy is that it lacks historical precedent. It’s important to remember that we’ve only lived in an Information Age with Microsoft at the top. We’ve never lived in a connected world with another OS dominating the market, it’s always been Windows. As such, to say that this would be the case for anyone at the top is a conjecture on its best day.

It’s almost scraping the barrel at this point, but yet another problem with the prominence fallacy is that it ignores how Microsoft obtained its dominant share of the market and why they had to resort to these tactics in the first place. Not only is it Microsoft’s modus operandi to rely on anti-competitive tactics to obtain and maintain a dominant market share, a monopoly if you will, they only have to rely on said tactics because their products couldn’t garner this market share on merit alone.

Natural selection applies to free markets in that the fittest products will naturally dominate a free market. That said, the best architecture would dominate a market naturally and wouldn’t need to resort to anti-competitive practices. And if Microsoft were the best in class, then they wouldn’t need to be optimizing their architecture for lock-in while bullying or buying out their competition at every avenue as they are today. They wouldn’t need to implore their partners to “create stickiness” by entrenching their products to further inflate switching costs.



All said, it’s safe to say that Microsoft is by no means a victim of their own success here so much as they’re a karmatic victim of their own anti-competitive practices and low-rent approach to software engineering; a digital Icarus complex if you will. There is much that Microsoft can do but doesn’t to simplify their products, shrink their attack surface, reduce ownership costs, reduce their rate of infection, and reduce the consequent threat that they present to America and the world. And to say that they aren’t complicit in the security threat that their architecture poses to America borders on the insane. But does the current level of threat that Microsoft poses constitute them as being a national security threat?

Although I’m not an expert in this regard, those that are have a few qualifying questions in order to really answer this question. IE, in order to classify Microsoft as a threat to national security, threat analysts would have to ask if Microsoft’s undue vulnerability and inorganic prominence mentioned above is a critical threat to our cyber, economic, environmental, homeland, human, and political security along with our infrastructure and natural resources.

Even Microsoft would claim that their architecture is detrimental to all of the aforementioned aspects of national security though. And given the extent of Microsoft architecture throughout personal, industrial, and governmental sectors and its rate of exploitation, it’s hard to see how Microsoft doesn’t expose all of these aforementioned categories to undue risk; a threat if you will.

Further, there is nothing to suggest that a platform with a smaller attack surface won’t have a lower rate of exploitation with the same market share while fundamentals and conventional wisdom suggest smaller attack surfaces lead to lower rates of exploitation. And as a consequence of this, it’s probably safe to say that Microsoft and its architecture is indeed a national security threat in comparison to less prominent Linux and Mac alternatives.

And given that ransomware and anti-trust has already been deemed a threat to national security, it’s not much of a stretch, at least in my opinion, to extend this classification to Microsoft when considering their history with anti-trust and monopoly on exploitation. Nor is it a stretch to suggest migrating onto modern platforms rather than crying about it to the competition exploiting weaknesses; no differently than we do with other critical infrastructure. This is why we rely on nuclear subs now instead of wooden ships.

It’s not a coincidence that the same countries exploiting the US as a whole, China and Russia, are the same countries moving to Linux as I’m typing this. It’s not just about cost-savings and productivity for justifying this move though. And mitigating the risk that Microsoft architecture poses to their national security also happens to be a primary motivating force behind their migrations. Maybe they understand something about Microsoft architecture that America is still slow to realize?

I digress, but even if my assessment above is wrong, prominence is all that matters, and Microsoft isn’t a national security threat, individuals and organizations alike are still better off abandoning the Microsoft ecosystem on any scale in favor of more modern alternatives for the foreseeable future. Although Microsoft gets a lot of criticism for the low quality of their products, hence the persistent updates (552 in 2021 thus far) and a revolving door of CVEs, few seem to see the genius behind them. Microsoft doesn’t need to maximize quality or even compete on that field of play when they can render entire organizations dependent on products of less quality.

Because of this, organizations relying on Windows will have a hell of a time migrating away from Windows and the rest of the Microsoft ecosystem which means that they’re naturally going to drag their toes in doing so; the bigger they are, the slower any attempt at a migration will go. In turn, this means that there is plenty of time for those that can easily migrate away from the madness and insecurity of the Microsoft ecosystem as a means of sheltering themselves from a barrage of attacks safely in the shadow of Microsoft for the time being.
Links 19/7/2021: Handbrake 1.4 Release and Devuan 4.0 Alpha | Links 20/7/2021: Kodachi 8.7, GNOME 40.3, GNOME 41 Alpha

Recent Techrights' Posts

The four freedoms and GNU/Linux naming controversy, by Akira Urushibata
Social control media owned and run by 'broligarchs' keeps attacking RMS for insisting on names that include GNU
Open Source Initiative (OSI) Not Doing Its Job, Instead It's Promoting Microsoft Ponzi Schemes
it participates in Microsoft's Ponzi scheme, which helps Microsoft distract from or excuse the mass layoffs
The Register MS: Installing Free Software on Your Device is 'Sideloading'
This is a form of propaganda
Mozilla's Assisted Suicide, Assisted by GNOME
Firefox is meant to get better all the time, but instead it gets worse
Frankly Getting Sick of Slop About "AI" (Slop)
Calling everything out there "AI" serves nobody and nothing but the Ponzi scheme
Media Gaslighting Dooms the Media
this "AI" gaslighting is done because publishers get paid to do so
 
The Free Software Foundation (FSF) Looking to Add Associate Members
"Celebrate '26 by helping us reach our New Year's goal before Jan. 16: join as an associate member today. You will help the FSF remain strong and independent to empower technology users everywhere. Join us today and help us reach our goal of 100 new associate members!"
Only Google is Still Spreading Lots of Slopfarms' Fake News and Plagiarism About Linux
2 days' worth of Google News spewing crap out about "Linux"
Georgia Institute of Technology (Georgia Tech) Formally Announces Upcoming Richard Stallman Talk
Room 100, Scheller College of Business
Links 07/01/2026: Europe's 'Binding Commitments' on Ukraine's Security, "Venezuelan Leaders Project Independence"
Links for the day
Gemini Links 07/01/2026: Smart Toaster and Social Control Media Fatigue
Links for the day
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Even Microsofters Now Speak About Microsoft Reportedly Planning to Sack 10% of Its Staff (as Early as This Month, or 2 Weeks From Now) as Real Income Falls
Microsoft buying from Microsoft isn't real income, it is accounting fraud
Crans-Montana, Le Constellation: journalists, victims' families, ProtonMail users at risk, police raids
Reprinted with permission from Daniel Pocock
GNU/Linux Reaches All-Time High in Tanzania
This month (and year) GNU/Linux is measured at an all-time high there, based on the data that statCounter can see
Links 07/01/2026: Microsoft ChatGPT Killing People and Microsoft "Github monopoly is destroying the open source ecosystem"
Links for the day
Mass Layoffs in Microsoft's XBox Soon, Just Like We've Said for Months
IBM and Microsoft are heading in a similar trajectory and are hiding how bad things are using similar tactics
Now It's a Mainstream Media (MSM) Story: Microsoft Layoffs Coming, They'll be Vast (and They Blame "AI", As Usual!)
the books were cooked (accounting fraud) to hide what really went on
Stick to the Science, the Facts, the Observable Reality
Science is at the heart of this site
Africa's Search Market Has Been Unfavourable to Microsoft
In Africa, as we've just noticed, Bing is moving down, even more sharply this year
Slideshare is Slop
Be sure fools will rewrite history online
Gemini Links 07/01/2026: Looking at 2026, Linux Anti-Minimalism, Diode Function Generators, and Inkscape
Links for the day
Projection Tactics - Part I: What is "Serious Harm"? Or Whose?
the most serious harm was done to us
Links 07/01/2026: More Signs XBox the Console is Dead/Dying, Convicted Felon Repeats Threats of Greenland Annexation
Links for the day
EPO People Power - Part XXVII - Science- and Principles-First Journalism About Issues That Matter
journalism became so shallow that nowadays it can be replaced by bots
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 06, 2026
IRC logs for Tuesday, January 06, 2026
Gemini Links 06/01/2026: Collective Responsibility, Pico2DVI, and TV Detox
Links for the day
Microsoft Loves Freedom, Democracy... and Linux? No, Microsoft Laying Off Because "Microsoft Loves Linux" Was Failed Posturing, Its Former Staff Moves to GNU/Linux
"What are the running totals for IBM and Microsoft layoffs?"
GNU/Linux at 4% "Market Share" (Even According to Steam Survey)
Another milestone
Links 06/01/2026: Neglect of the Elderly, Abandonment of International Laws
Links for the day
Links 06/01/2026: More Reports Point to Mass Layoffs at Microsoft (Later This Month), Greenland/Denmark Cautions the Dictator Who Illegally Invaded Venezuela
Links for the day
Internet Policy/Net Reality: You Must Never Ever Rely on Google (no "S.E.O." Either)
Stack Overflow is dying
Ahead of Mass Layoffs Microsoft Tries to Rebrand or Redefine XBox (Because the XBox is Tentatively Dead)
2026 will be the last year of XBox in all likelihood
Richard Stallman (RMS) Announces His Georgia Talk 2.5 Weeks in Advance
A lot earlier than usual
Dr. Andy Farnell on Technology That Harms People (and Lack of Regulation Which is Needed to Address This Problem)
Dr. Farnell's article is long but well worth reading
GNU/Linux Rising to 5% in Cameroon and It's Hardly the Exception
"AI" is just a smokescreen as losses pile up
Rumours: Microsoft to Lay Off 12,500-25,000 Workers Soon (Tentatively Wednesday, 15 Days From Now)
"Layoffs are coming third full week of Jan. Likely 21st but these things can move around a bit based on last minute developments."
EPO People Power - Part XXVI - European Media Has Become Part of the Problem
it is as clear as daylight that Cocainegate is real
IBM 2026 "Organizational Change/s" Means Layoffs Resume Soon, Some Claim "Forever Layoffs."
It's about "narrative control"
Microsoft Layoffs in January 2026
Get ready
Google Still Boosting Slopfarms
Slopfarms will probably all perish as soon as Google News quits sending them visitors
Links 06/01/2026: Cryptocurrency Scam Emails and Greenland's Fear of Getting 'Venezuelad'
Links for the day
Links 06/01/2026: DIY Projects and Inertial Music
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 05, 2026
IRC logs for Monday, January 05, 2026
To The Register MS, ARM Means Microsoft Windows (Follow the Money)
the Free software community can campaign and run sites (like the one below), but it cannot afford to bribe so-called 'news' sites like Microsoft and its OEMs do
IBM's CEO Makes No Sense
"IBM CEO Aravind Krishna on what’s really driving tech layoffs"
Links 05/01/2026: Tensions in Korea, Ukrainians See "Double Standard" in a US Russia-Style Invasion
Links for the day
Gemini Links 05/01/2026: Farewell to CBS Reality, Being On-Call, Digital Ad Spendings
Links for the day
Remember That Nobel Prizes Are All Named After the Inventor of Explosives (Even a "Nobel Prize for Peace")
These rewards are only as valuable as the reputation they earn for themselves
Baidu and Yandex Have Overtaken Microsoft in Asia
how about all the Bing layoffs?
Googlebombing for Bill Epsteingate
Maybe the slopfarms too can help him cover up
Of Course GNU/Linux Has Reached All-Time High in Africa in 2026
Africa will, on average, gravitate towards Free software or whatever costs less
From GNU/Linux Boosting to Slop-Boosting Career
It is sad to see someone who devoted many years of his life producing GNU/Linux stories stooping down to this "AI" boot-licking
IBM Buys, Then Disposes/Sacks, the Staff (That It Paid For)
Any money gained is spent buying some more companies to add/join up their revenue, even if the debt surges and there's little integration going on (misfits absorbed)
Time for Microsoft to Rebrand to Fit the Vapourware (Ponzi Scheme)
something between Meta and Alphabet
Links 05/01/2026: Slop Ruining Children's Minds, "Complicity of the Press in US Violence"
Links for the day
Microsoft's Windows Falls Below 20% in the UK
After a lot of years of advocacy and hard work
The Real GNU Anniversary (Not Manifesto or Announcement) is Today
the development, not the manifesto
GNU/Linux Usage Said to Have Doubled in Oceania
it's hard to discount or dismiss Oceania as a bunch of "coconut islands"
There's No Such Thing as "AI Godfather", Stop Repeating This Pure Nonsense!
Infantile or corruptible media that plays along with slop or uses slop will perish
Gemini Links 05/01/2026: "Poverty and Hunger", "Entrepreneurial Family", "Abandoning Obsidian for Logseq"
Links for the day
Links 05/01/2026: A Shrinking Canadian Economy, Brigitte Bardot's Environmentalism Recalled, Unredacted Epstein Files
Links for the day
Microsoft Allegedly Uses Performance Improvement Plans (PIPs) to Hide the Massive Scale of Company-Wide Layoffs
Just like IBM; they meanwhile talk a bunch of nonsense about "AI" to distract from their commercial calamity
Battles Are Won in the Court of Public Opinion
Many "systems" rely on the mere perception or appearance of legitimacy
No, Writing Isn't in Decline, Some of the Large and Centralised Platforms Are
Slop isn't really competition, just a passing fad and pure noise
GNU/Linux Share in Mongolia More Than Doubles
they probably lack any genuine excitement for "hey hi PCs"
Whistleblowing is About Understanding Boundaries and Risks
The bottom line is, people typically find out the truth at the end
EPO People Power - Part XXV - While EPO Managers Snort Cocaine the Staff Compiles 'Insurance Files' to Expose EPO Corruption
In this increasingly authoritarian world we need more whistleblowers
"The European Patent Reform" That Represents a Gross Violation of Laws, Constitutions, and Conventions (in Order to Make the Rich Even Richer, Mostly Outside Europe)
How far and how long will EPO corruption go?
The Reputation Issue Is Not Our Fault
Trying to squash words (and people) merely diverts more attention to them
GNU/Linux Distribution "Ultimate Edition" Fixes Its Web Site (Apparently Compromised Months Ago)
they dealt with the issue before media shame and a catastrophe of trust
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 04, 2026
IRC logs for Sunday, January 04, 2026