Microsoft Windows is a weapon of (cyber) war
Summary: Microsoft is still breaking the Internet using completely bogus takedown requests (an abuse of DMCA) and why Microsoft Windows, which contains weaponised back doors (shared with the NSA), should be banned from the Internet, not just from the Web
So Microsoft spreads its lies in the media again and one of the lies we hear too often is that Microsoft obeys the law and Free software is “hacking” (they mean cracking) and a tool of “pirates” or whatever the bogeyman du jour may be. Well, actually, the very opposite is true. Criminals use Microsoft Windows to bombard sites (as they have been doing against several of my Web sites — including Techrights — for well over a month now) and if justice was to be upheld, Microsoft Windows would be banned by ISPs. Microsoft is claiming that it is upholding the law but actually, in reality, it breaks the law; it is not even a veiled action. It’s very blatant and a serious violation of several laws. This is a valid claim at many levels and today we’ll assemble some relevant new evidence and patiently connect it. This post is relatively long, but it covers a lot of ground, so please bear with us and keep reading.
“With its bogus takedown requests, Microsoft has turned DMCA into more of a joke. It also shows how hostile Microsoft has become towards FOSS.”Chris Pirillo, a longtime proponent of Microsoft with deep links to the company (not just his MVP title), has just had a video censored by Microsoft. Yes, Microsoft has once again issued a bogus takedown request against Google, as it did before (repeatedly). Microsoft is a criminal company because here too there is illegal action being taken by Microsoft. These bogus takedown requests, as per DMCA, are clearly a violation of the law. Microsoft does not want to obey the law (it sees itself as above the law or exempt from the law), so law itself probably isn’t much of a deterrent. Here is a new report from Wired. It is titled “Microsoft Serves Takedown Notices to Videos Not Infringing on Anything” and it says:
Microsoft’s never-ending war on software piracy caused some collateral damage this week. The victims? A handful of prominent YouTube video bloggers.
The bloggers—including LockerGnome founder Chris Pirillo and FrugalTech host Bruce Naylor—took to Twitter on Tuesday, with the hashtag #Microstopped, to complain that they had received erroneous copyright infringement notices for videos that were often several years old. The notices were filed under the Digital Millennium Copyright Act, the U.S. law that seeks to control access to copyrighted material on the net.
The funny thing here here is that Pirillo is the target. How many people without the ability to protest publicly and loudly had the same thing done to them by Microsoft? We may never know. Censorship of evidence of censorship (e.g. channel bans) and other circular scenarios often kick in and become cynically applicable.
Pirillo would not sue Microsoft for breaking the law in this case because he is in Microsoft’s pocket, but will Google finally use the law against Microsoft? Enough is enough. Microsoft has done this to Google for years!
Microsoft’s censorship does not quite stop here. There is another new story which speaks about how Github will deal with takedown requests from now on. Remember that Microsoft censors GitHub this way, essentially damaging FOSS projects by altogether purging them.
GitHub explains its policy change as follows: “The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn’t make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.”
Mike Masnick said, “kudos to Github and its lawyers for recognizing that sometimes you have to let in a little legal risk for the good of the overall community.”
With its bogus takedown requests, Microsoft has turned DMCA into more of a joke. It also shows how hostile Microsoft has become towards FOSS.
Another new report from Wired says that “Conficker remains, six years later, the most widespread infection on the internet.” This report is titled “How Microsoft Appointed Itself Sheriff of the Internet” and it explains how in the midst of Internet chaos, caused by Microsoft Windows having back doors, Microsoft just decided to hijack a huge portion of the Internet, breaking it altogether (a lot of UNIX/Linux-based systems affected, including millions of services being down for days). This was an unbelievable and probably unprecedented abuse by Microsoft. A judge got bamboozled and Microsoft fooled the press into distracting from its serious abuses against No-IP. There ought to have been a massive lawsuit. As the author Robert McMillan explains: “For the past 15 years, Durrer has worked as the CEO of a small internet service provider called No-IP. Based on Reno, Nevada, the 16-person company offers a special kind of Domain Name System service, or DNS, for consumers and small businesses, letting them reliably connect to computers whose IP addresses happen to change from time to time. It’s used by geeks obsessed with online security, fretful parents monitoring nanny cams in their toddler’s bedrooms, and retailers who want remote access to their cash registers. But it’s also used by criminals as a way of maintaining malicious networks of hacked computers across the internet, even if the cops try to bring them down.”
It was actually Microsoft that took them down. Microsoft is a criminal company and it used its own abuses as an excuse to break other people’s network. Here we are talking about the company that cannot even patch its systems to stop zombie PCs (with back doors that enabled them becoming zombies). Here again we have Microsoft failing to patch Windows and instead breaking it:
Microsoft has withdrawn an update released this past Tuesday due to user reports of system reboots after installation.
The update released as described in Microsoft Security Advisory 2949927 added SHA-2 hash algorithm signing and verification for Windows 7 and Windows Server 2008 R2. It was one of three proactive security feature updates released on Tuesday in addition to the eight patches of Windows and Office.
Microsoft makes it impossible to close the latest back door which it already told the NSA about, so people with Windows on their PC will be unable to boot or simply stay ‘infected’ with the latest back door. It’s all binary, so there is nothing they can do; they can’t even apply their own patch. As another source put it: “Microsoft has pulled one of the updates from its most recent Patch Tuesday release and recommends anyone who downloaded the fix should uninstall it.
“The update added support for the SHA-2 signing and verification functionality to Windows 7 and Windows Server 2008 R2 machines with the intent of improving security over the more vulnerable SHA-1 hashing algorithm.”
Microsoft Windows is simply unfit for use. Techrights, for example, has been under DDOS attack for over a month now. We know the offending machines. They all are Microsoft Windows PCs that got hijacked (from many different countries). The total number of IP addresses banned in the latest DDOS purge (so far today) is nearly 2,000. That’s a lot of Microsoft Windows zombies (with over 1200 IPs banned in just half a day). When will this operating system be banned by ISPs for facilitating DDOS attacks? How many Web sites can withstand attacks from so many zombies PCs and for how long? This is indirectly Microsoft’s fault, not just the attacker’s (the botmaster’s) fault because Windows does what it was designed to do; it has back doors. It can be commandeered remotely. This is clearly incompatible with the Internet.
Free software does not have such issues, but distributions that make their source code freely available to anyone can at least be checked for back doors, perhaps with the exception of binary Red Hat distributions like RHEL, which may have some back doors since around the start of the millennium, i.e. the same time Microsoft Windows got them (reportedly 1999), based on an IDG report and one from Beta News that said at the time: “It appears that Microsoft Windows is not the only operating system on the market that has a backdoor for those users who know the magic words. While Red Hat officials downplayed its seriousness, a team at Internet Security Systems, Inc. reports the security hole allows an intruder to access and modify files on systems running the most recent version of Red Hat Linux.”
Speaking of Red Hat, we are saddened to see it taking a stance of silence on the whole
systemd issue. Red Hat is very much complicit in it, but it refuses to say anything. In fact, criticism of
systemd is now being treated almost as taboo in Debian mailing lists because
systemd‘s creator has shrewdly personified the issue and made it political, eliminating any chance to have truly technical debates about
systemd. Personally, I worry the most about the number of bugs it would introduce, opening the door for exploitation. It replaces too many mature components. Microsoft’s propaganda network 1105 Media keeps spreading negative articles about FOSS because of such feuds (the
systemd fued), so we don’t wish to feed this fire right here. Well, at least not right now.
Incidentally, also on the subject of security, here is a good new article titled “Enough! Stop hyping every new security threat” (especially against FOSS).
The author explains that “now it has reached a fever pitch, with proactive marketing of individual exploits with supercool names — Shellshock, Heartbleed, Sandworm — some of which even have logos.”
“Logos for malware,” he asks, “Really?” Microsoft partners did the logo work to help demonise FOSS and stir up a debate about FOSS security as a whole (because of one single bug!). There have hardly been any stories (i.e. evidence) that the Bash bug and OpenSSL bug resulted in some disaster or meltdown.
The bottom line is, proprietary software such as Windows has back doors and causes stormy weather on the Web (DDOS attacks). It’s Microsoft Windows that should be taken down as part of takedown requests, not innocent videos, whole networks (like No-IP) and FOSS code (GitHub) that Microsoft maliciously and deceivingly (against the law) calls offending and tries to take down. █
Send this to a friend
Summary: News reports circulate showing that Home Depot was knowingly careless with its Windows dependency while Microsoft lays off staff focused on security
Microsoft is not a company that cares about security. It seems to care about the security state (i.e. surveillance), which is why it makes its products so easy to infiltrate (by the “Good Guys”). As we showed before, Microsoft’s layoffs focus in part on security-related staff, or staff that’s associated with security state type of stuff (restricting operation of computers, back doors, etc.).
Microsoft uses secrecy as a weapon against fear-induced exodus because layoffs are company-wide and it's not about Nokia but about parts of the company which Microsoft would rather keep secret. To quote one source:
In a statement sent to Channelnomics sister-site CRN UK, Microsoft said the staff reductions in the latest round have been “spread across many business units and many different countries”, but did not go into specifics as to where it is swinging the ax.
“Trustworthy Computing group” is one of the affected units, based on Seattle-based press. Reportedly, according to this press (heavily biased in Microsoft’s favour), the group was “folding into other units”. It’s a clever and rather classic way to disguise layoffs (like the term “reorg”). “A spokesman confirmed that an unspecified number of jobs are being eliminated from the Trustworthy Computing group as part of the changes,” said the report that we cited last week. So by “folding into other units” he basically meant “layoffs”.
It is rather amazing that given all that is known, some businesses and even governments continue to procure and/or purchase more stuff from Microsoft. It’s worse than irresponsible, it’s suicidal. Ask Home Depot why it should not be using Windows anymore. According to reports such as , this retailer faces a massive security breach and it’s all the fault of Windows. Staff knew about it and also ignored the issues. It makes it both
irresponsible and suicidal. The company’s name is now tarnished.
Increasingly here in the UK I see businesses that move to Free software and GNU/Linux, usually for security reasons, not just cost savings (the migration itself can be pricey). Some months ago staff at Ryman (a large UK chain) told me that they had moved from Windows to Ubuntu GNU/Linux due to virus infections.
Now that Microsoft is eliminating security jobs people will hopefully realise that Windows security is not improving. It’s only going to get worse. Time to move to GNU/Linux… █
Related/contextual items from the news:
Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by the New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.
Send this to a friend
Summary: In the age of widespread fraud due to Microsoft Windows with its back doors there is an attempt to shift focus to already-fixed flaws/deficiencies in competitors of Microsoft
A Microsoft Windows (exclusively) infection is having a colossal impact on businesses right now, but corporate press coverage fails to name Windows [1, 2, 3], not to mention any possibility of blaming it. The name of an operating system is only mentioned for negative news when it’s not Windows. This is typical and it matches a pattern we have covered her under the “call out Windows” banner. IDG, the liars’ den, put it like this:
The Target data breach was one of the largest in recent memory, resulting in tens of millions of credit and debit cards being compromised. In the last couple of weeks, SuperValu said that at least 180 of its stores had been hit by a data breach and earlier this week UPS said 51 of it UPS Store locations had been hit.
We wrote about this last week because Windows was not being named, despite it being a critical part of this scenario. Instead, there was deflection to FOSS. It helped distract from Windows, which is insecure by design. It is an architectural problem because since 15 years ago, by some estimates, Windows has been a back doors carrier (for the NSA). Here is one British writer complaining about the approach Microsoft takes to composition as well:
In August last year, one-time-sysadmin and now SciFi author Charles Stross declared Microsoft Word ”a tyrant of the imagination” and bemoaned its use in the publishing world.
“Major publishers have been browbeaten into believing that Word is the sine qua non of document production systems,” he wrote. “And they expect me to integrate myself into a Word-centric workflow, even though it’s an inappropriate, damaging, and laborious tool for the job. It is, quite simply, unavoidable.”
To make matters worse, it facilitates surveillance and sabotage, as more stories from last years served to show (Snowden Files at the Guardian for instance). For security reasons Germany and Russia have moved back to typewriters; we can assume they were using Office and Windows beforehand.
Trust the spinners of Microsoft to create and disseminate some “Heartbleed” FUD, an OpenSSL bug that Microsoft likes to hype up and use to generalise so as to create an illusion that FOSS is inherently less secure. This has become Microsoft’s main propaganda against FOSS, based on just one single bug. The FUD started on the day that XP support (patches) came to an end; this timing is unlikely to be a coincidence for reasons we outlined before.
Jason Thompson writes an offensive piece titled “After Heartbleed, Is Open Source More Trouble Than It’s Worth?”
It starts with the following important disclosure:
Jason Thompson, formerly of Q1 Labs, is the vice president of worldwide marketing at SSH Communications Security.
Marketing for proprietary software (for Windows)? This is the type of thing we saw last week when issues in proprietary VPN software were unfairly blamed on OpenSSL. As we pointed out last week, there is also an attack on Android security (usually rogue apps at to blame) and then there is the recent security FUD against Android from former employees of Microsoft. Mind this new article which highlights Microsoft’s hypocrisy:
The Biggest Problem with the Windows Store: Scams Everywhere
Windows 8′s “Windows Store” is a great idea, but unfortunately, it’s a disaster. It’s full of scam apps, designed to trick you into buying an app you don’t need.
Our friends over at the How-To Geek recently wrote a great piece about the biggest problem with the Windows Store, and how Microsoft has apparently done nothing to address it (despite claiming they would over a year ago). For example, here’s what happens if you search for VLC, a popular free video player
Microsoft is creating some new FUD against Google at the moment and Google has responded as follows:
In Worldwide Partner Conference 2014, Microsoft Corporation (NASDAQ:MSFT) claimed that more than seven hundred and eighty five customers have switched to Microsoft Corporation (NASDAQ:MSFT)’s Office 365 from Google Inc (NASDAQ:GOOGL)’s Apps. Microsoft didn’t give any proofs for this claim, but shown a slide having the names of the pronounced customers who made the switch. Google Inc (NASDAQ:GOOGL) immediately started investigating this claim and has recently come up with a response. According to Google Inc (NASDAQ:GOOGL), 5,000+ companies sign up for Google Apps on a daily basis and thousands of these companies switch from Microsoft. In a Forbes article, Ben Kepes mentioned Google’s response and said that it was already expected that Google will come up with a befitting response on Microsoft’s claims.
Microsoft is a malicious, criminal company. Its ability to manipulate the press into writing negative stories about the competition is quite flabbergasting. Microsoft’s key strategy right now is badmouthing the competition. AstroTurf and press manipulation is how that's done, as we showed in the previous post. █
Send this to a friend
TJ Maxx all over again?
Summary: UPS is the latest victim of Microsoft’s shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software
A boycott against UPS, based on my bitter experiences, is nothing too prejudiced. Their system does not work well. That’s an understatement actually. It’s dysfunctional. In fact, it’s an utter mess. I wasn’t the only one who was utterly screwed, reputedly, and made deeply upset by them. I tried to accomplish something so simple and spent a huge amount of time achieving nearly nothing. They are badly coordinated and their system is crap. They’re using an utterly flawed system, especially when it comes to exchanges with clients, including financial exchanges. Last year I was upset enough to produce some memes like the following:
Now it turns out that UPS was foolish enough to be using Microsoft Windows. Consequently, in many countries (not just one) it got “infected with credit card stealing malware” and customers are going to pay dearly (customers, not UPS):
Grocery shoppers nationwide probably had credit card data stolen
Coast-to-coast: Albertsons, Acme Markets, Jewel-Osco and more were hit.
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.
“Windows, again,” says our reader. “See the annotations in the update…”
Notice how the Microsoft-friendly Condé Nast fails to even name Microsoft. Total cover-up, maybe misreporting. Disgusting. It’s like naming an issue in some car model, stating that it is chronic, dangerous and widespread, but still not naming the car maker or the model. Recall also the biggest credit card-stealing incidents in recent history; it is almost always due to Microsoft and Windows.
There is a bunch of reports circulating right now which blame an OpenSSL bug (that Microsoft likes to hype up) for patients’ data compromise.
A reader of ours who lectures on computer security explains: “The real problem was that, as seen in other articles, they used a VPN in place of real security. Oh, and the VPN was closed source, not OpenVPN.”
“This is no surprise as when given internal access to any computer network, it is virtually a 100% success rate at breaking into systems and furthering access,” says one report.
“They admit to having no security for their services and relying on a VPN to provide the illusion of security,” our reader explains. “They also misuse the marketing term ’0-day’.”
Anything to keep the term “Heartbleed” in headlines, creating a FOSS scare…
You can count on the likes of Condé Nast covering Microsoft-induced disaster without mentioning Mirosoft at all while at the same time shouting “Heartbleed” from the rooftops, as Condé Nast so regularly does. █
Send this to a friend
Summary: Despite strong evidence that Microsoft has been complicit in illegal surveillance, Gartner continues to recommend the use of Windows and other espionage-ready Microsoft software
One might think that the Gartner Group paid attention to revelations about Microsoft complicity and active collaboration with the NSA’s crimes. Apparently, however, being a rogue marketing operation (disguised PR), Gartner is seemingly unable to learn what a lot of the public (and CIOs, CTOs etc.) already know. Let’s face it. Bill Gates’ ‘investments’ in Gartner and Microsoft’s payments to this marketing (‘analyst’) firm did not fail to cloud its judgment. In world of Gartner, even though Vista 8 is a total disaster and the future of Windows is quite uncertain, the only choice one has is between versions of Windows, not between operating systems. To Gartner, anything other than Windows is not even an option. Back doors are here to stay and defects too are “necessary evil”, apparently.
Why is it that so many people continue to treat Gartner with respect? Any morsel of credibility should have been long gone, even by checking who subsidises this firm. It’s like a think tank or a collective lobbying group (for its corporate client who seek to sell, not to buy); that’s not what analysts are supposed to do.
John C. Dvorak published this column the other day, highlighting the fact that Windows is defective and remains defective even decades down the line. He wrote: “You would think that after 30 years of Windows, many of the obvious and consistent flaws would be fixed. Are they unfixable? Or are the people at Microsoft who can fix them uninterested?
“There is a belief within the tech community that Microsoft lost control of Windows years ago as the company turned over personnel—including the programmers who actually knew the base code of Windows itself. It has long since become what people call spaghetti code—a tangle impossible to unravel. Every patch has to be run through a regimen of tests to see if anything breaks. One thing is fixed and soon something else does not work right.”
Incidentally, see this new report about Microsoft bricking Windows with the latest patches. To quote:
Since Patch Tuesday this past week, Microsoft has been receiving reports of severe system errors caused by one or more of the updates.
Yes, that’s Microsoft ‘quality’. This spaghetti code is impossible to manage, apparently. Simon Phipps, the OSI’s President, also wrote quite recently for “Linux Voice“. He wrote about Microsoft’s inherently defective software, inadvertently echoing some of Dvorak’s observations:
The action law enforcement services have taken against the GameOver-Zeus malware syndicate is great news for a change. In the UK, this was communicated with typical tabloid alarmism, framed as “two weeks to save the world” instead of “unusually effective action by law enforcement”. As a result, UK publications have been posting self-preservation information for their readers.
This is a Windows-only issue and since Microsoft does facilitate back doors (bug doors to be precise), Microsoft deserves at least some of the blame here. As Phipps concludes:
So actually it’s somewhat appropriate to blame Windows versions prior to Windows 8 for being vulnerable to many viruses which exploited bugs in this way. The existence of the vulnerability was a conscious choice and a marketing decision; in OS/2, which had no legacy to accommodate, the ring 0 separation was enforced.
Yes, Windows also offers a larger attack “surface” because of its wide adoption, and yes, there are other exploit mechanisms. But this tolerated technical vulnerability is the root cause of a large number of exploits. So while it’s true that malware authors are directly to blame for malware, there’s also a culpability for Microsoft that can’t be ignored.
For Gartner to be advocating the use of such rubbish spaghetti code (in binary form) is worse than incompetent; it’s utterly irresponsible. Why will any serious CIO or CTO ever listen to Gartner again?
Based on publicly-available evidence, even BIOS cracks require Windows. To give “BULLDOZER” as an example: “The technique supports any desktop PC system that contains at least one PCI connector (slot) and uses Microsoft Windows 9x, 2000, 2003 server, XP, or Vista. The PCI slot is required for the BULLDOZER hardware implant installation.”
To give “DEITYBOUNCE” as an example: “DEITYBOUNCE supports multiprocessor systems with RAID hardware and Microsoft Windows 2000, XP, and 2003 Server.”
No wonder China and Russia are banning x86 and/or Microsoft Windows. It’s not because they’re “anti-American” but because Microsoft Windows and some US-made hardware are anti-users. In Germany, for example, ‘secure’ boot was banned for similar reasons. Perhaps they have not been taking Garner’s advice then. In Munich, Gartner notably tried to derail (with words) the migration to GNU/Linux, as we demonstrated some years ago. █
Send this to a friend
Tick the box to ban
Summary: Symantec, a Windows insecurity firm, is miserably trying to divert attention away from reports about distrust that led to a ban in China
According to many reports this week [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], China does not trust some US- and Russia-based companies to take care of ‘security’ in China. It’s about time.
Reports focus on two firms, but another one is seemingly affected (Symantec). While Kaspersky (which we occasionally mention here) does not deny the claims, Symantec does strike back and “Says its Products are Still Allowed in China”. This is a cleverly-worded denial. Some products are definitely banned, but the “Security software developer Symantec Corporation denied its software has been banned in China.” Symantec merely says or emphasises that not everything is banned.
Just to be more specific: “It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government.”
Kaspersky is hyping up security threats at the moment and Symantec is trying hard to dodge the negative publicity because trust is fundamental to their sales. Symantec, which has strong Microsoft connections and disdain for FOSS, should not be trusted if China does not trust Microsoft (we already know how China feels about the ‘new’ Microsoft). To quote an IDG report:
Symantec and Kaspersky Lab have become the latest tech firms to be kicked off the Chinese Government’s approved list, according to an unconfirmed report in the country’s media.
The People’s Daily newspaper broke the news at the weekend in a report that claimed that local supplies including Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising would from now on be the preferred software for antivirus duties.
The news seems to have surprised both firms, which have until now have been approved suppliers for desktop security.
Symantec has been overlooking government back doors such as the ones Microsoft puts in place and lets the US government know about. This is an older debate which made a comeback amid NSA leaks (other antivirus makers seemingly exempt government malware and such, e.g. Stuxnet). Here is Wall Street’s press coverage:
That’s a lesson that Microsoft and Symantec are learning right now. An antivirus company from Silicon Valley, Symantec competes in China against local favorites like Beijing-based Qihoo 360 Technology. According to reports by Bloomberg News and the Chinese media, China has instructed government departments to stop buying antivirus software by Symantec and its Moscow-based rival, Kaspersky Lab. Symantec software has backdoors that could allow outside access, according to an order from the Public Security Ministry. Not coincidentally, Qihoo’s New York-traded shares rose 2.7 percent yesterday, following reports of the move against Symantec and Kapersky.
Well, good for them. After being cracked by the NSA they need to secure their systems by better identifying possible moles (in the software sense).
Dan Goodin, who typically slams FOSS over security issues (less severe than in proprietary software), finally writes about Microsoft’s best known back doors that it tells the NSA about (Goodin does not mention the NSA connection):
There’s a trivial way for drive-by exploit developers to bypass the security sandbox in almost all versions of Internet Explorer, and Microsoft says it has no immediate plans to fix it, according to researchers from Hewlett-Packard.
The exploit technique, laid out in a blog post published Thursday, significantly lowers the bar for attacks that surreptitiously install malware on end-user computers. Sandboxes like those included in IE and Google Chrome effectively require attackers to devise two exploits, one that pierces the sandbox and the other that targets a flaw in some other part of the browser. Having a reliable way to clear the first hurdle drastically lessens the burden of developing sophisticated attacks.
What can Symantec do to stop this other than suggest abandoning Windows (its bread and butter)? Symantec must have known about back doors in the form of IE vulnerabilities, but did it properly protect China from it? No, Symantec makes money from the prevalence of Windows and the company’s management is deeply connected to Microsoft’s. █
Send this to a friend
Summary: News about raids in Microsoft China mostly lacking when it comes to background, context, and information about Microsoft’s crimes in China
THE WORLD is moving away from Microsoft. It starts with countries like China, which makes its own hardware (as well as much of the world’s), and then there’s Russia, which abandoned x86 (Wintel) and will make its own chips on which only GNU/Linux will neatly fit. We covered all that earlier this year and it’s clearly not just rhetoric; these things are already happening as the wheels are in motion. Microsoft is desperate to keep up with the changes, but Wintel is like an order of magnitude more expensive than Linux with ARM. It’s game over. Android is dominating many areas, along with its derivatives or other Linux-based operating systems.
The other day there was plenty of press coverage (e.g. [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) about Microsoft being raided by Chinese authorities. “Chinese regulators swarm Microsoft offices over antitrust concerns,” said some headlines (focusing on competition issues, not back doors), but most reports were a lot more vague with claims [1, 2, 3] ranging from nationalism to concerns about Office tie-up. The plutocrats’ media tried to blame it on China and make the Chinese government look irrational (watch what Microsoft boosters say, another one that’s Gates-washing it, and ludicrous claims that “China steps up the arms race in the digital cold war”). The English-speaking Chinese press says that 4 Microsoft offices were visited in the raid. One summary says that “[r]egulators claim Office, Windows illegally tied” while mostly, instead of speaking about recent success stories with Linux, including Android, the article looks backwards and says: “While there have been several attempts to get Chinese punters to switch to Linux – including Red Flag Linux and the unimaginatively named China Operating System – none have been particularly successful at shaking off Windows’ dominance.”
Now, remember that Microsoft was raided in other countries before (e.g. Hungary) and in 2013 the “US probe[d] Microsoft China bribery claim”, as we covered at the time. There is a criminal element to Microsoft’s conduct in China. One of our readers asked, “pressing for more bribes, discounts and backdoors?” Watch China demonised in Western media for protecting itself from espionage (terms like “Microsoft Chinese burn riddle” don’t help).
As Charlie Demerjian reminded us a short while ago, Microsoft is now extorting Windows users:
Microsoft decided to extort Windows 7 users too
Not content to blow both feet off with a shotgun, Microsoft is going for the kneecaps now by blackmailing it’s customers. If you are still dumb enough to use Windows, you are about have your wallet shaken down by Microsoft in a familiar yet still unwelcome way.
We don’t feel the need to sugarcoat this much because the company’s behavior is so blatant and uncaring it is almost staggering. Worse yet the victims, that would be almost all Windows users, have only themselves to blame because the pattern has been well laid out for years now. Microsoft has been unapologetically blackmailing users for years, anyone who bought one of their products in the last few years should have known better.
China has an issue like this; even in the UK the NHS has faced similar issues and is constantly being pressured by Microsoft, as we showed some weeks ago. Office (online) and Windows (the platform for Office on the desktop) are both banned by the Chinese government now.
Leading Chinese media, the New York Times (trend-setting in the US) and BBC (trend-setting in the UK) covered this and have ended coverage by now, so we saw no urgency to point out the news immediately (unlike some bloggers), only to add some background information which has been omitted by the media. A year after Microsoft came under investigation in the US (over allegations that had bribed Chinese officials) it got a visit from Feds, so what is the likelihood that these raids are at least partly related to criminal activity? Microsoft bribery in China is nothing new; it’s how Microsoft does business and the investigation dealt with numerous countries in which Microsoft was alleged to have bribed officials. The BBC says:
Microsoft has confirmed that officials from China’s State Administration for Industry and Commerce – the body responsible for enforcing business laws – have visited some of its offices.
It sounds like bribes would fall under this category. This comes amid shrinkage of Microsoft’s presence in China:
Microsoft Corp’s biggest reduction in company history could cost China more than 1,000 jobs, analysts warned on Friday.
Apple too is laying off employees, 200 people in fact, so let’s not treat Microsoft alone as the problem. Moreover, based on today’s (and yesterday’s) news [1-7], Russia may be close to banning or kicking out Apple and SAP, due to the fact that their software is secret (proprietary) and thus cannot be trusted. █
Related/contextual items from the news:
Russia has suggested that IT-giants Apple and SAP disclose their source codes to Russian state specialists in order to clear up information security issues after the chain of spy scandals undermined trust in foreign products.
Russia has made a bold request for both Apple and SAP’s source code to make sure that neither company’s software contains any sort of spy tools.
To ensure that SAP and Apple products aren’t vulnerable to spying, Russia suggested last Tuesday that the companies give Russia access to their source code, Reuters reports.
Send this to a friend
Built with elegance, concealed with compilers
Summary: Recalling the times when even Microsoft staff spoke about secret government collaborations and back doors
China and Russia are currently moving away from Windows (GNU/Linux to be imminently installed on all government machines) — a point which we are going to focus on later today because truths about security and privacy rapidly come out, revealing the clear advantage of Free — as in freedom/libre — software. China and Russia must be motivated by advice of security gurus (of which they have plenty) and the secret services; it’s not about anti-American sentiments but about national sovereignty, especially now that we know about espionage and attacks on companies like Huawei (breached by the NSA, with proof provided).
On numerous occasions in the past we highlighted Microsoft’s relationship with the NSA, going about 7 years back. Many of Microsoft’s back doors are there by design; they need not involve slow patches, hidden patches, malware (e.g. CIPAV) or even warrants for physical access (COFFE). Microsoft is like the world’s leading back doors specialist, and it needn’t even require that people upload their data to some so-called ‘cloud’ services which tempt the gullible (low-hanging fruit). Surely Microsoft understands that it is losing business because people understand what it does now; it’s not due to misconceptions; quite the contrary; businesses and governments finally realise what was true all along. Remember Stuxnet?
Microsoft’s Scott Charney, a professional liar with agenda and big salary (people would happy lie for the type of money he receives), is trying hard along with Smith (lawyer who lies or deceives by omission) to deny Microsoft book doors, but as the following new article explains, the admissions from Microsoft itself are already out there and they cannot be retracted:
Scott Charney, of Microsoft’s Trustworthy Computing, said the government has “never” asked for a backdoor in Microsoft products. Yet a former engineer working on BitLocker claimed the government does ask, but those requests are “informal.”
Four of Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu, China, were raided as part of an official government investigation. Microsoft China spokeswoman Joan Li confirmed that Investigators of the State Administration for Industry and Commerce were investigating the company and Microsoft would “actively cooperate”’ with the Chinese government. The South China Morning Post reported that the investigation may involve antitrust matters.
Yet in September 2013, The New York Times reported the NSA worked with Microsoft “officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. Microsoft asserted that it had merely complied with ‘lawful demands’ of the government, and in some cases, the collaboration was clearly coerced.”
Mashable followed up these claims by asking the FBI if it had ever asked for backdoors in Microsoft products. Although the feds denied it, Peter Biddle, the head of the engineering team working on BitLocker in 2005, claimed that the government makes “informal requests” for backdoors. Allegedly after making claims about “going dark,” the FBI “informally” asked Microsoft for a backdoor in BitLocker.
A request for a backdoor, whether informal or not, is still a request for a backdoor. That’s quite a bit different than the government having “never done that,” but perhaps the feds didn’t request backdoor access directly from Charney?
Over the years we have covered several more examples. Whenever Microsoft makes claims about collaborations with government surveillance pay careful attention not to what Microsoft is saying but what Microsoft refuses to say. The same goes for Apple. They embrace carefully-worded non-denying ‘denials’. When everyone sees through the lies they will both pay for it dearly, and perhaps go bankrupt owing to the network effect. █
Send this to a friend
« Previous entries Next Page » Next Page »