Bonum Certa Men Certa

Microsoft: Still a National Security Threat



Guest article by Mitchel Lewis

Windows ransomware



In 1998 for Computerworld and later in 2001 for PBS’s Frontline, Paul Strassmann, the former CIO of Xerox, NASA, and the DOD, highlighted an interesting analog between agricultural monocultures and software monocultures (monopolies), specifically Microsoft’s, in that they are naturally more susceptible to disease and pests, viruses and hackers if you will, than less prominent alternatives. Strassmann went on to suggest that Microsoft’s overly complex, defective, and vulnerable systems, which have become vastly more complex, defective, and vulnerable since this was written mind you, exacerbated this “monoculture effect” to the point of embodying a new threat to the national security and systematic reliability of our computer-based society.

Microsoft-National-Security-Threat-by-Paul Strassmann



Never one to stay quiet and in response to Strassmann’s monoculture analogy and designation of Microsoft as a national security threat, Microsoft, by way of Steve Lipman and Howard Schmidt, insinuated that “the analysis made in his paper suffers both from a fundamentally flawed assumption and from a series of errors in analyzing the state of computer security and its causes.”. And much like a squid deploying their ink, Microsoft went on to insist that “Computers aren’t potatoes”, and opted to drag this discussion into the ontological weeds with a few buzzwords thrown in for good measure. And everyone pretty much left it at that.

"Given Microsoft’s modern monopoly on botnet, malware, ransomware, virus, and zero-day exploits along with rudimentary brute-force attacks and advanced phishing schemes, none of which is proportional to their market share, it’s painfully evident that Strassmann not only won this debate but that his monoculture analog and his reasoning hold up to this day."Much to the chagrin of Microsoft though, to say that Strassmann’s analogy and assessments have aged well is an understatement. Given Microsoft’s modern monopoly on botnet, malware, ransomware, virus, and zero-day exploits along with rudimentary brute-force attacks and advanced phishing schemes, none of which is proportional to their market share, it’s painfully evident that Strassmann not only won this debate but that his monoculture analog and his reasoning hold up to this day.

That said, I think enough time has elapsed to confirm that Paul Strassmann is an authority on such matters and that Microsoft is precisely who he said they were. Further and with hindsight in our pocket, it seems as if Microsoft was merely projecting when they said Strassmann’s paper was flawed and that he made errors in analyzing the state of computer security and its causes in light of their 95–99% monopoly on ransomware infections alone and that ransomware is already considered to be a national security threat.

However, this should have been everyone’s assumption by default when a rebuttal is as poorly framed and laden with fallacies as Microsoft’s was presented as a counter-argument to Strassmann. With regard to rhetoric, fallacies of this magnitude are not only smoke signals for bad arguments, but can also be indicative of superior ignorance, zeal, and/or nefarious motives aimed at gaslighting and subverting the truth for profit which is essentially what corporate counsel and PR, Microsoft or otherwise, exists to accomplish.

Monocultures



For example, Microsoft kicks off their rebuttal with a straw man/reduction to absurdity fallacy with a low-key ad hominem attack minced in by stating that Strassmann confused potatoes for computers for the purposes of re-framing his argument into something absurd while discrediting him as confused rather than addressing the validity of his argument; Microsoft didn’t want one bit of that smoke. Meanwhile, Strassmann was merely suggesting that there is an overlap on the Venn Diagram between farms and information systems at scale.

"...Microsoft kicks off their rebuttal with a straw man/reduction to absurdity fallacy with a low-key ad hominem attack..."In the same paragraph, Microsoft also asserted that farms and potatoes are natural systems, which is categorically false, and that there was no option to alter the attributes of potatoes and the like to resist new threats, also false; even GMO foods were already around for a decade by then.

For those unaware, there’s no such thing as a natural farm. All of our food has been genetically engineered by humans via selective breeding over the course of thousands of years to look, feel, taste, smell, and transport to our liking while being cultivated on things called “farms” that have to be vigorously maintained because they are unnatural and constantly under attack by nature. Genetic engineering of food has only sped up this process while giving us a few new tools.

Vulnerabilities



Ironically and as shown to the left, Microsoft goes on to showcase just how little they know about farming by describing the inorganic nature of managing computers in a manner that is eerily similar to that of…farming. And in doing so, Microsoft inadvertently offered further agricultural analogs in support of Strassmann’s monoculture analog.

Call me crazy, but didn’t we engineer our food in a manner that forced it to evolve to our standards? Aren’t farms built, operated, and maintained by teams of skilled people? Don’t farmers and agriculture workers, many of whom have technical and scientific degrees mind you, apply expertise in various specialties, including the security, development, operation, and maintenance of their farms in a hostile environment? Or if a particular crop or patch of land is vulnerable to a specific sort of attack, then can’t farmers also intervene and change those properties in pursuit of profit?

Don’t Sysadmins and the like spend a lot of their time optimizing and doing disease/pest control just as farmers are planning, spraying, weeding, trapping, and crop-dusting? Hell, has anyone else referred to a collection of servers as a server farm? I have, even while working at Microsoft. It’s almost like potatoes and computers are relatable to some extent or something.

"Another glaring problem with their fleet analogy is that it’s hard to see how everyone wouldn’t be dead if we drove cars or flew in planes that were engineered and manufactured by Microsoft given their fast and loose approach to quality."Adding insult to injury, Microsoft then proceeded to liken their products to that of fleets of trucks and aircraft and that their prominence is the result of “fleet operators” (businesses) flocking to them after being deemed “best of breed”. One immediate problem with this analogy is that it doesn’t take into account Microsoft’s anti-competitive heritage and that is notorious for impeding free markets and grenading merit-based assessments. From their products being designed for maximal lock-in to Microsoft finding all matter of ways to drown out their competition rather than having to meet them on merit alone, Microsoft is built in the image of Bill Gates, for subversion and domination, and appear to be genuinely terrified of an honest, head-on competition.

Another glaring problem with their fleet analogy is that it’s hard to see how everyone wouldn’t be dead if we drove cars or flew in planes that were engineered and manufactured by Microsoft given their fast and loose approach to quality. One consequence of an anticompetitive monopoly, especially in the technology space, is that they have little to no regulations, especially in 1998, don’t have to compete on quality, and consequently have a much higher rate of defect than entities like Boeing or Ford who have far more regulations, competition, and oversight than Microsoft. But if you’re waiting for Microsoft employees to admit their anticompetitive DNA, a monopoly share, or even quality issues plaguing their entire ecosystem then you had better pack a lunch.

Later in this rebuttal, Microsoft exclaimed that when they get exploited, it’s not just Microsoft solutions getting exploited but other interconnected solutions from other vendors too that are necessary to secure Microsoft solutions being exploited before ultimately exploiting Microsoft. While this is absolutely true, most of these vendors are monocultures in their own right, are also Microsoft partners, and are suffering the same fate as Microsoft because of this while others are merely filling Microsoft’s competence gaps. However, none of them have anywhere near the rate of defect, overall complexity, or threat surface as the Microsoft ecosystem. And it’s often the complex architecture of the Microsoft ecosystem itself that necessitates their involvement in the first place. Simpler environments mitigate the necessity of many of these vendors.

Failure-prone code



Digging the hole deeper, Microsoft also insisted that Strassmann was basing his analogy on one virus in the desktop market, the “I Love You” virus to be exact. Besides drawing his critique from a core set of fundamental principles that are apparently omitted from the University of Phoenix curriculum where Schmidt graduated, Strassmann clearly and correctly anticipated similar problems for Microsoft’s Web and cloud ambitions. In fact, almost half of his article on Computerworld covers Microsoft’s ambitions beyond that of the desktop market while neither this article nor his follow-up on PBS’s frontline mentioned Windows by name. Oddly enough, Microsoft appears to be the one focusing on the desktop space, not Strassmann.

"Oddly enough, Microsoft appears to be the one focusing on the desktop space, not Strassmann."Microsoft went on to say that they’re too heavily invested in the enhancement of the security of their products to even list all of their accolades. One problem with this is that they cannot be invested in maximizing security without also being simultaneously being invested in complexity, cost, defect, and instability reduction. And upon accepting Microsoft’s aforementioned monopoly on <insert attack here> for the past 25 years on top of them consistently offering the most complex, expensive, defective, and unstable solutions available, it’s difficult to dignify such claims without sacrificing one’s credibility in the process.

Microsoft then proceeded to assert that being large simply makes them an easy target and that many of the problems they face would be faced by Linux, Unix, and the like, which is true to some extent. But while Linux and Unix aren’t fool-proof, their rate of exploit per attack is far below that of Windows. This isn’t because they’re attacked less, but because they have open sources and are under constant quality revision from countless perspectives. Meanwhile at Microsoft, source code is a trade secret and SDETs, QAs, and the like are hard to come by, further exacerbating Microsoft’s quality woes.

Microsoft concluded their rebuttal with the following:

Security and responsibility



While the majority of this is unimpeachable, it’s hard to consider Microsoft a strong supplier when it’s mostly just good at getting its way by bullying competition and dragging things out forever in court like some affluenza’d son of a prominent Halliburton attorney instead of simply shipping the best products possible. And this is especially the case when the company was founded by Bill Gates, who is literally the affluenza’d son of a Halliburton attorney whose firm also represented the slimy likes of Wells Fargo, Bank of America, Goldman Sachs, Blackwater, Merrill Lynch, Microsoft, and god knows who else; what a mensch.

In summary and rather than refuting Strassmann’s monoculture analogy, Microsoft ignorantly fortified his stance with their fleet analogy in their counter-argument after invoking several fallacies about Strassmann confusing computers for potatoes. Rather than refuting Strassmann’s assessment that Microsoft’s software monoculture and the horrid approach towards quality has culminated into a national security threat, Microsoft’s offered irrational counter-arguments and a glimpse into the extreme level of ignorance, delusion, and denialism one must embody in order to work at Microsoft, let alone climb its ranks; similar to those within the vatican ignoring the ritualistic rape of children among countless other atrocities.

ransomware-by-system



As far as Microsoft being a national security threat is concerned, given that ransomware has been deemed a national security threat while Microsoft is home to 95–99% of all ransomware attacks, it’s not exactly a reach to saddle Microsoft with part of the blame and designate their systems as threats to national security just as same Strassmann did decades ago. And this argument only becomes more compelling when you begin to consider their monopoly on countless other attacks in the desktop and cloud spaces.

For what it’s worth, I also don’t think it’s a coincidence that the countries exploiting the United States via the Microsoft ecosystem the most, China and Russia, happen to be the same countries migrating away from the Microsoft ecosystem in favor of Linux. Although they’ve never stated their reasoning, I can’t help but think that national security wasn’t a motivational force behind such moves given their international exploits with Windows.

There was some truth to Microsoft’s rebuttal though. They are indeed targeted largely in part due to how big their market share is, but this is equally due to how defective they are. But upon agreeing on this, you can easily mitigate the onslaught of attacks that Microsoft solutions attract by simply migrating away from them to Linux and macOS. Although the entry burden to these alternatives can be high, this is due in part to Microsoft’s lock-in tactics (re: anti-competition), the long-term effect is an IT infrastructure that is less expensive, simpler, more secure, attacked less, and exploited at a lesser rate than anything that slithers down Microsoft’s leg.

I’d act like I’m perplexed by the government’s lackluster response to Microsoft’s blatant monopoly or the threat their systems pose to national security, but just as history teaches us that Strassmann was spot-on, history also shows us that governments all around the world have a penchant for turning a blind eye to the behavior of monopolies, hence why there are so many monopolies at present, and this is especially true of their relationship with Microsoft.

To be fair, it’s easy to see why they do nothing given how successfully regulating Microsoft in a manner they truly deserve, regulating them out of existence, would almost immediately create a multi-trillion dollar burden for the government to modernize IT infrastructure that is presently standardized on Microsoft legacy solutions. Rumor has it that taking Microsoft to court can be quite expensive and time-consuming too.

Besides this, Microsoft’s partner network alone employs over 17 million IT professionals around the world and this doesn’t even account for the majority of privately retained IT professionals in Microsoft-centric positions; many of these jobs would disappear if Microsoft were to be regulated. And let’s also not forget that Microsoft is a defense contractor, biting and scratching for government contracts, and a major IT vendor for the government as a whole and I can’t imagine that regulating bodies don’t consider the impact to the government when evaluating charges.

But without Microsoft being sanctioned and without businesses/government entities being heavily incentivized to migrate to Linux and macOS to balance out the market share, I don’t see Microsoft’s dominance or the threat said dominance poses to the US or anyone else around the world relying on their systems going anywhere anytime soon.

With Microsoft unchecked and given the relationship between cryptocurrency and ransomware, we might have to consider banning cryptocurrency instead. But in doing this, we would only be removing the financial incentive for digital pirates to attack business and government entities who would otherwise remain vulnerable to foreign governments seeking to exploit our weak IT infrastructure for reasons beyond that of immediate financial gain.

However, I’d like to think that Microsoft would get creative if the government were to sanction Microsoft by allowing allow citizens and businesses impacted by ransomware to bill Microsoft for the cost of the ransom and their losses in productivity. And although Microsoft cannot be faulted for the attacks, they can be faulted for their shit-in-hand approach to quality and security while sanctioning them until they actually take a common-sensical approach to quality and security appears to be the simplest means of combating ransomware and mitigating the threat it poses to our national security.

Recent Techrights' Posts

Next Month 'New Techrights' Turns Two
Next month, on the fourth week, it'll be 2 years since the migration
Online Safety Act Tries to Accomplish the Impossible
All I can say is, "good luck with that!"
 
They Tell Us That "Cloud Storage" is Safe and Robust to Incidents Like Fires
Do you have backups? Where are they and who controls them?
"Allowing SDL to default to Wayland caused a number of customer issues so keep the default at X11 for now"
2025 is another year of Wayland ambitions. It's also a year of self-fulfilling prophecies.
In The United Kingdom (UK), Microsoft Search (Bing) Falls to All-Time Low
Grow? What grow??? It's collapsing.
GNU/Linux Reaches 5% in Oman
Some GNU/Linux distros are made in Oman
Google's "AI Mode" is a Pathetic Joke Prematurely Introduced in the UK (Like "Bard", Which Sank the Company's Shares)
what Google "thinks" about PCLinuxOS
What the Free Software Foundation Started Four Decades Ago is Becoming Mainstream
"Four decades; Four freedoms; For all users"
Doing a Better Job at Labelling Slop Images
we'll label screenshots that contain slop, typically with red-coloured text overlay
Social Control Media is Out of Style
What's your excuse for wasting time on (or in) it?
Maldives: GNU/Linux at All-Time High, Windows at New Lows
data from statCounter shows a reassuring trend
Efficiency is Good, So Why Won't Governments Cull LLM Companies Using Stronger, Stringent Policies?
Like every bubble that ever existed, including some recent ones, an end will come
The Defunct Site LinuxConfig Has Published a Fake Article About Richard Stallman Using LLM Slop, Which Stallman Calls "Bullshit Generator"
Worse yet, it is writing using a "Bullshit Generator" (the term used by Stallman) about Stallman's health
Microsoft Windows Falls to All-Time Lows in Morocco and Algeria
About 70% or even less
StopGenAI in the Cyber Show (C|S)
covering a theme that we too covered a lot lately
Gemini Links 03/08/2025: Once-a-Decade Couch Shopping and Blessings in Disguise
Links for the day
Links 03/08/2025: Political Catch-up, Global Warming, and Hunger
Links for the day
Brittany Day Entered LLM Slop Into LinuxSecurity.com and Something Hilarious Happened: The Site is "Exploited"
The brainless, effortless copypasta of "slop artists" shows its limits
Links 03/08/2025: Microsoft Exchange 0-day Exploited and Avoidable Nuclear Escalation
Links for the day
Definitely Not a Ponzi Scheme
Bitcoin v Microsoft
The Electronic Frontier Foundation (EFF) is a Billionaires' Lobby
Billionaires that control tech companies
Microsoft Borrows 3 Billion Dollars Per Month, a Company Truly Worth Trillions Would Not Do This
if Windows (and Office) "market share" fell from about 90% to barely 30%, how come Microsoft is now "valued" at 20 times more?
It's Even Worse Than Microsoft Lunduke Puts It; GNOME is SLAPPing Journalists
In our experience, GNOME is so malicious - some elements of it in particular - that it would launch multiple simultaneous SLAPP campaigns not only against journalists but also their spouses
GNU/Linux Adoption Reaches All-Time Highs in Chile, statCounter Indicates
This month marks 4 years since Vista 11 came out (as a fake "leak") and some surveys still measure its adoption at less than 40%
Slop Will Not Change the World
Some of us grow up sooner and leave that nonsense behind (or altogether avoid/skip it)
Gemini Links 03/08/2025: Nostalgia and TOFU
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 02, 2025
IRC logs for Saturday, August 02, 2025
Google Throwing Out the Search Engine With the Bathwater is a Complete and Utter 'Shi---ow' as the Company Drowns in Debt, Layoffs, and Worse
The mainstream media almost never mentions GAFAM debt
Operating Systems' Statistics in New Zealand: GNU/Linux Up, Windows Down to All-Time Lows
Remember all this when the media says that Microsoft became like 10 times more valuable in those 15 years (from 400 billion to 4,000 billion in alleged "worth")
Microsoft Windows "Market Share" Measured Around 2.7% in Iraq, Plunges to 6.5% in Saudi Arabia
Microsoft isn't on the agenda in Iraq
GNU/Linux Share in Sweden Has Doubled Since PewDiePie, A Swede, Recommended It
months ago he moved to GNU/Linux, then told others to consider doing the same
GNU/Linux Hits Record High in Portugal
GNU/Linux picking up in Portugal
Gemini Protocol is Not Dying, It's Growing
When people say things like "Gemini Protocol is dying" the data does not support them
GNU/Linux is Thriving This Summer
It is meanwhile acknowledged, even by Microsoft pushers, that many GNU/Linux PCs will get sabotaged next month
The End of Microsoft's Reign in Spain: Windows Falls to All-Time Lows in Spanish Web Traffic
Windows sank to new lows in Spain
The Bots Never Sleep: In The Weekends, Slopfarms Dominate Google News, Majority of Entries in Google Are Fake Articles About 'Linux'
Google is fast becoming an ocean of plagiarism; the same goes for Google News, which was supposed to have extra quality control
Russia's Yandex Has Caught Up With Bing in Terms of "Market Share"
Microsoft has been firing loads of Bing workers for over 2 years already
Canada: GNU/Linux Up to Records Highs, Windows Down to Record Lows
Microsoft already announcing some plans to shut down Vista 11
Gemini Links 02/08/2025: Transducers in Typed Racket and American ISPs
Links for the day
Links 02/08/2025: Microsoft Already Kills Vista 11 SE, Smartphone Sales Down, Truth Gets "You're Fired!" in the US
Links for the day
Video: The Rise of GNU/Linux and Free Software as Seen by RMS in 2004
DTP's founder argued that when Windows goes below 85% "market share", it'll lose its grip in the monopoly sense
Russia: GNU/Linux Rises to Highest Adoption Level Since Invasion of Ukraine
Moving up in the north
Microsoft's Latest Financial Report: We "Gained" 300 Million Dollars in "Goodwill" and Liabilities Grew by 32 Billion Dollars
Microsoft's debt has reached an all-time high
The Register US = The Register MS
Formerly The Register UK
Weeks After Microsoft Shut Down Its Operations in Pakistan Windows Falls to All-Time Lows
Only less than a month ago it was quietly revealed, based on laid-off staff, that Microsoft shut down in Pakistan
Criminal Behaviour is the Standard Operating Procedure at Microsoft
In the future I'll be able to tell how, when dealing with SLAPPs from Microsofters, their Microsoft services failed me and sometimes even blocked my contacts
GNU/Linux Rises to All-Time Highs in Europe
many people will get fired for buying Microsoft
All-Time Highs for GNU/Linux on the Client Desktop/Laptop, Based on Steam Survey
GNU/Linux rose to 2.89% in Steam
Links 02/08/2025: Blaugust 2025 and "Russia Declares Navalny Memoir ‘Extremist’"
Links for the day
Free Software is Not a Business Model
Go ahead, ask your friend, "how do you plan to monetise your children?"
When (Almost) One-Man Operations Are Disguised as Medium-Sized Companies
the CEO hides in the US (hiding from his ex-wives, 4 daughters from those wives, and Sirius staff that he defrauded)
LLM Slop Harms Real Literature, Real Web Sites, Real Journalism
LLM slop is a parasite and it'll run out of legitimate outputs
Upcoming OSI Scandal Series
The OSI is a rogue actor because it serves Microsoft in exchange for money
Slopwatch: The Issue Persists, But the Consensus in the Media Changes as Google Enrages It With LLM Plagiarism
We've meanwhile assessed the latest output from Linuxiac
Microsoft Actually in Trouble, Microsofters Unable to Obey Judges' Orders
For the second time in a week, Microsofters are unable to obey orders
IRC Proceedings: Friday, August 01, 2025
IRC logs for Friday, August 01, 2025
Over at Tux Machines...
GNU/Linux news for the past day
Links 02/08/2025: İstanbul Retail Inflation Reaches 42.48%, US FBI Opens Office in New Zealand
Links for the day
Gemini Links 02/08/2025: ZFS, LLM Hype, and Fake Modules
Links for the day
Links 01/08/2025: Health, Conflict, and Attacks on Freedom of the Press
Links for the day
Microsoft's Debt Exploded by 15.4 Billion Dollars in the Past 9 Months Alone (Despite All the Layoffs)
As of minutes ago, at 6PM on a Friday, the numbers are made public
Meeting (Webchat) With Maria Arranz Gomez, Florian Grundies, Jürgen Janda and Konstantinos Kortsaris Confronts EPO Management About Breaking Promises and Crushing Workers
The lack of consistent messages suggests plans other than what's advertised and the lack of consultation (secrecy) likewise
Links 01/08/2025: "The Great British Firewall" and U.S. Army Sponsors Palantir
Links for the day
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says"
The editor in chief exercises control over everybody else
LLMs as Attack Method Against Free Software and Programming
DDoS in "hey hi" (slop) clothing
Stability and Reliability, Backward Compatibility
I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025
The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop)
Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's
Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM
How much lower will IDG sink?
Google as a 'Bullshit Generator' Disguised as Intelligence
It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search
At this point more people ought to stop and think: Does Google's search engine deserve trust?
The Data You Don't Give Away is Your Advantage
stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing
The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025
IRC logs for Thursday, July 31, 2025