EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.25.14

Taking Microsoft Windows Off the Grid for Damage to Businesses, the Internet, and Banking Systems

Posted in Microsoft, Security, Windows at 4:20 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Microsoft’s insecure-by-design software is causing massive damages (possibly trillions of dollars in damages to date) and yet the corporate press does not ask the right questions, let alone suggest a ban on Microsoft software

According to the New York Times and other news sites, “Staples Is Latest Retailer Hit by Hackers” because it was using Microsoft Windows. Well, other recent examples included UPS, which basically hurt millions of people because it let crooks have lots of credit card details. The TJ Maxx heist and other credit card heists were also the fault of Microsoft Windows, not GNU Bash or OpenSSL, among other bits of software that dominate the news in the context of security. It sure looks like Microsoft Windows is the target, not FOSS. There are hardly any stories at all about an apocalypse or any great damage caused by bugs in Bash or in OpenSSL. So go figure what the press is doing, in part because the OpenSSL bug has been hyped up by Microsoft partners at a very strategic time (same day as Windows XP support ending).

As Will Hill put it the other day, “Business Week Covers Up for Microsoft In Target Hack and Misses the Big Story”. Mr. Hill adds that “The US government covering up for Microsoft is not too surprising after learning about the HACIENDA program [2]. That’s a massive program where the US government has been cracking servers and ordinary around the world to serve as botnets. If everyone used software that was better then Microsoft’s intentionally weak garbage, GHCQ, NSA and other spooks would not be able to cover their tracks. Because of US government promotion of Microsoft and their combined incompetence, criminals around the world have it easy. NSA spying has put trillions of dollars in commerce at risk.”

Those botnets do even greater damage than what was done at Staples. They are taking down a lot of Web sites and fill the Internet with heaps of SPAM. To quote our reader, complaining about articles like these: “Somehow they manage to omit the key role of Windows yet again.” They must call out Windows.

Another new article was sent to us by a reader. It is titled “Computer users who damage national security could face jail” and it was published by a Bill Gates-sponsored newspaper. This reader of ours asked: “What about those that knowingly deploy Windows on machines connected to the Internet?”

Our sites are still under DDOS attack (for over a month ago). Tux Machines has been offline for several hours now after a DDOS attack from Windows botnets hit it.

Why are ISPs still permitting customers to connect to the Internet with Windows? When will ISPs or users face liability for the damage they cause? Some people have been trying to take down my sites for well over a month now and they have used Microsoft Windows as a weapon. Windows has weaponised back doors, so it should be banned already.

Speaking of takedowns, watch the latest commentary [1,2] about Microsoft breaking the law to take material and sites (or even entire networks) offline, despite them doing nothing illegal.

The corporate media should start directing some tough questions at Microsoft, not just its victims. The company should face massive fines for the damages it causes on the Web. Ultimately, its software should be banned until security — not insecurity (weaponised back doors) — is its goal.

Related/contextual items from the news:

  1. Takedown notices served by Microsoft to videos that ‘DO NOT’ infringe on anything

    Microsoft has gained immense popularity over its never-ending war on software piracy. However, this time, the company appears to have caused a bit of collateral damage. So who are the victims? A handful of prominent and highly acclaimed YouTube video bloggers.

  2. Microsoft Takes Down A Bunch Of Non-Infringing YouTube Videos Over People Posting Product Keys In Comments

    Oh, Microsoft. The company has now admitted that it ended up sending a bunch of DMCA takedown notices on non-infringing videos, all because someone had posted product keys in comments to those videos. To its credit, Microsoft has apologized and said that it has “taken steps to reinstate legitimate video content and are working towards a better solution to targeting stolen IP while respecting legitimate content.” That’s all well and good, but this seems like the kind of thing that they should have done long before issuing obviously bad takedowns. This is the kind of thing that happens when you have a tool like the DMCA notice-and-takedown provision that makes it just so damn easy to censor content. Those issuing the takedowns do little to nothing to make sure the content being removed actually infringes. They just use either automated means or someone rushing through the process with little review, sending off takedowns willy nilly with no real concern about how they might kill off perfectly legal content. It still boggles the mind that a basic notice-and-notice regime couldn’t suffice to handle situations like this. That and making sure that those issuing bogus DMCA notices receive some sort of real punishment to give them the incentive to stop sending bogus takedowns.

10.21.14

Criminal Microsoft is Censoring the Web and Breaks Laws to Do So; the Web Should Censor (Remove) Microsoft

Posted in Free/Libre Software, Microsoft, Security at 1:08 pm by Dr. Roy Schestowitz

Microsoft Windows is a weapon of (cyber) war

Land mine

Summary: Microsoft is still breaking the Internet using completely bogus takedown requests (an abuse of DMCA) and why Microsoft Windows, which contains weaponised back doors (shared with the NSA), should be banned from the Internet, not just from the Web

So Microsoft spreads its lies in the media again and one of the lies we hear too often is that Microsoft obeys the law and Free software is “hacking” (they mean cracking) and a tool of “pirates” or whatever the bogeyman du jour may be. Well, actually, the very opposite is true. Criminals use Microsoft Windows to bombard sites (as they have been doing against several of my Web sites — including Techrights — for well over a month now) and if justice was to be upheld, Microsoft Windows would be banned by ISPs. Microsoft is claiming that it is upholding the law but actually, in reality, it breaks the law; it is not even a veiled action. It’s very blatant and a serious violation of several laws. This is a valid claim at many levels and today we’ll assemble some relevant new evidence and patiently connect it. This post is relatively long, but it covers a lot of ground, so please bear with us and keep reading.

“With its bogus takedown requests, Microsoft has turned DMCA into more of a joke. It also shows how hostile Microsoft has become towards FOSS.”Chris Pirillo, a longtime proponent of Microsoft with deep links to the company (not just his MVP title), has just had a video censored by Microsoft. Yes, Microsoft has once again issued a bogus takedown request against Google, as it did before (repeatedly). Microsoft is a criminal company because here too there is illegal action being taken by Microsoft. These bogus takedown requests, as per DMCA, are clearly a violation of the law. Microsoft does not want to obey the law (it sees itself as above the law or exempt from the law), so law itself probably isn’t much of a deterrent. Here is a new report from Wired. It is titled “Microsoft Serves Takedown Notices to Videos Not Infringing on Anything” and it says:

Microsoft’s never-ending war on software piracy caused some collateral damage this week. The victims? A handful of prominent YouTube video bloggers.

The bloggers—including LockerGnome founder Chris Pirillo and FrugalTech host Bruce Naylor—took to Twitter on Tuesday, with the hashtag #Microstopped, to complain that they had received erroneous copyright infringement notices for videos that were often several years old. The notices were filed under the Digital Millennium Copyright Act, the U.S. law that seeks to control access to copyrighted material on the net.

The funny thing here here is that Pirillo is the target. How many people without the ability to protest publicly and loudly had the same thing done to them by Microsoft? We may never know. Censorship of evidence of censorship (e.g. channel bans) and other circular scenarios often kick in and become cynically applicable.

Pirillo would not sue Microsoft for breaking the law in this case because he is in Microsoft’s pocket, but will Google finally use the law against Microsoft? Enough is enough. Microsoft has done this to Google for years!

Microsoft’s censorship does not quite stop here. There is another new story which speaks about how Github will deal with takedown requests from now on. Remember that Microsoft censors GitHub this way, essentially damaging FOSS projects by altogether purging them.

GitHub explains its policy change as follows: “The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn’t make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.”

Mike Masnick said, “kudos to Github and its lawyers for recognizing that sometimes you have to let in a little legal risk for the good of the overall community.”

With its bogus takedown requests, Microsoft has turned DMCA into more of a joke. It also shows how hostile Microsoft has become towards FOSS.

Another new report from Wired says that “Conficker remains, six years later, the most widespread infection on the internet.” This report is titled “How Microsoft Appointed Itself Sheriff of the Internet” and it explains how in the midst of Internet chaos, caused by Microsoft Windows having back doors, Microsoft just decided to hijack a huge portion of the Internet, breaking it altogether (a lot of UNIX/Linux-based systems affected, including millions of services being down for days). This was an unbelievable and probably unprecedented abuse by Microsoft. A judge got bamboozled and Microsoft fooled the press into distracting from its serious abuses against No-IP. There ought to have been a massive lawsuit. As the author Robert McMillan explains: “For the past 15 years, Durrer has worked as the CEO of a small internet service provider called No-IP. Based on Reno, Nevada, the 16-person company offers a special kind of Domain Name System service, or DNS, for consumers and small businesses, letting them reliably connect to computers whose IP addresses happen to change from time to time. It’s used by geeks obsessed with online security, fretful parents monitoring nanny cams in their toddler’s bedrooms, and retailers who want remote access to their cash registers. But it’s also used by criminals as a way of maintaining malicious networks of hacked computers across the internet, even if the cops try to bring them down.”

It was actually Microsoft that took them down. Microsoft is a criminal company and it used its own abuses as an excuse to break other people’s network. Here we are talking about the company that cannot even patch its systems to stop zombie PCs (with back doors that enabled them becoming zombies). Here again we have Microsoft failing to patch Windows and instead breaking it:

Microsoft has withdrawn an update released this past Tuesday due to user reports of system reboots after installation.

The update released as described in Microsoft Security Advisory 2949927 added SHA-2 hash algorithm signing and verification for Windows 7 and Windows Server 2008 R2. It was one of three proactive security feature updates released on Tuesday in addition to the eight patches of Windows and Office.

Microsoft makes it impossible to close the latest back door which it already told the NSA about, so people with Windows on their PC will be unable to boot or simply stay ‘infected’ with the latest back door. It’s all binary, so there is nothing they can do; they can’t even apply their own patch. As another source put it: “Microsoft has pulled one of the updates from its most recent Patch Tuesday release and recommends anyone who downloaded the fix should uninstall it.

“The update added support for the SHA-2 signing and verification functionality to Windows 7 and Windows Server 2008 R2 machines with the intent of improving security over the more vulnerable SHA-1 hashing algorithm.”

Microsoft Windows is simply unfit for use. Techrights, for example, has been under DDOS attack for over a month now. We know the offending machines. They all are Microsoft Windows PCs that got hijacked (from many different countries). The total number of IP addresses banned in the latest DDOS purge (so far today) is nearly 2,000. That’s a lot of Microsoft Windows zombies (with over 1200 IPs banned in just half a day). When will this operating system be banned by ISPs for facilitating DDOS attacks? How many Web sites can withstand attacks from so many zombies PCs and for how long? This is indirectly Microsoft’s fault, not just the attacker’s (the botmaster’s) fault because Windows does what it was designed to do; it has back doors. It can be commandeered remotely. This is clearly incompatible with the Internet.

Free software does not have such issues, but distributions that make their source code freely available to anyone can at least be checked for back doors, perhaps with the exception of binary Red Hat distributions like RHEL, which may have some back doors since around the start of the millennium, i.e. the same time Microsoft Windows got them (reportedly 1999), based on an IDG report and one from Beta News that said at the time: “It appears that Microsoft Windows is not the only operating system on the market that has a backdoor for those users who know the magic words. While Red Hat officials downplayed its seriousness, a team at Internet Security Systems, Inc. reports the security hole allows an intruder to access and modify files on systems running the most recent version of Red Hat Linux.”

Speaking of Red Hat, we are saddened to see it taking a stance of silence on the whole systemd issue. Red Hat is very much complicit in it, but it refuses to say anything. In fact, criticism of systemd is now being treated almost as taboo in Debian mailing lists because systemd‘s creator has shrewdly personified the issue and made it political, eliminating any chance to have truly technical debates about systemd. Personally, I worry the most about the number of bugs it would introduce, opening the door for exploitation. It replaces too many mature components. Microsoft’s propaganda network 1105 Media keeps spreading negative articles about FOSS because of such feuds (the systemd fued), so we don’t wish to feed this fire right here. Well, at least not right now.

Incidentally, also on the subject of security, here is a good new article titled “Enough! Stop hyping every new security threat” (especially against FOSS).

The author explains that “now it has reached a fever pitch, with proactive marketing of individual exploits with supercool names — Shellshock, Heartbleed, Sandworm — some of which even have logos.”

“Logos for malware,” he asks, “Really?” Microsoft partners did the logo work to help demonise FOSS and stir up a debate about FOSS security as a whole (because of one single bug!). There have hardly been any stories (i.e. evidence) that the Bash bug and OpenSSL bug resulted in some disaster or meltdown.

The bottom line is, proprietary software such as Windows has back doors and causes stormy weather on the Web (DDOS attacks). It’s Microsoft Windows that should be taken down as part of takedown requests, not innocent videos, whole networks (like No-IP) and FOSS code (GitHub) that Microsoft maliciously and deceivingly (against the law) calls offending and tries to take down.

09.22.14

Home Depot Confirmed a Victim of Microsoft’s Bad Security, Microsoft Lays Off Security-Related Staff

Posted in GNU/Linux, Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Summary: News reports circulate showing that Home Depot was knowingly careless with its Windows dependency while Microsoft lays off staff focused on security

Microsoft is not a company that cares about security. It seems to care about the security state (i.e. surveillance), which is why it makes its products so easy to infiltrate (by the “Good Guys”). As we showed before, Microsoft’s layoffs focus in part on security-related staff, or staff that’s associated with security state type of stuff (restricting operation of computers, back doors, etc.).

Microsoft uses secrecy as a weapon against fear-induced exodus because layoffs are company-wide and it's not about Nokia but about parts of the company which Microsoft would rather keep secret. To quote one source:

In a statement sent to Channelnomics sister-site CRN UK, Microsoft said the staff reductions in the latest round have been “spread across many business units and many different countries”, but did not go into specifics as to where it is swinging the ax.

“Trustworthy Computing group” is one of the affected units, based on Seattle-based press. Reportedly, according to this press (heavily biased in Microsoft’s favour), the group was “folding into other units”. It’s a clever and rather classic way to disguise layoffs (like the term “reorg”). “A spokesman confirmed that an unspecified number of jobs are being eliminated from the Trustworthy Computing group as part of the changes,” said the report that we cited last week. So by “folding into other units” he basically meant “layoffs”.

It is rather amazing that given all that is known, some businesses and even governments continue to procure and/or purchase more stuff from Microsoft. It’s worse than irresponsible, it’s suicidal. Ask Home Depot why it should not be using Windows anymore. According to reports such as [1], this retailer faces a massive security breach and it’s all the fault of Windows. Staff knew about it and also ignored the issues. It makes it both
irresponsible and suicidal. The company’s name is now tarnished.

Increasingly here in the UK I see businesses that move to Free software and GNU/Linux, usually for security reasons, not just cost savings (the migration itself can be pricey). Some months ago staff at Ryman (a large UK chain) told me that they had moved from Windows to Ubuntu GNU/Linux due to virus infections.

Now that Microsoft is eliminating security jobs people will hopefully realise that Windows security is not improving. It’s only going to get worse. Time to move to GNU/Linux…

Related/contextual items from the news:

  1. Home Depot ignored security warnings for years, employees say

    Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by the New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.

08.27.14

FUD Against Google and FOSS Security Amid Microsoft Windows Security Blunders

Posted in FUD, GNU/Linux, Google, Microsoft, Security at 4:07 am by Dr. Roy Schestowitz

Summary: In the age of widespread fraud due to Microsoft Windows with its back doors there is an attempt to shift focus to already-fixed flaws/deficiencies in competitors of Microsoft

A Microsoft Windows (exclusively) infection is having a colossal impact on businesses right now, but corporate press coverage fails to name Windows [1, 2, 3], not to mention any possibility of blaming it. The name of an operating system is only mentioned for negative news when it’s not Windows. This is typical and it matches a pattern we have covered her under the “call out Windows” banner. IDG, the liars’ den, put it like this:

The Target data breach was one of the largest in recent memory, resulting in tens of millions of credit and debit cards being compromised. In the last couple of weeks, SuperValu said that at least 180 of its stores had been hit by a data breach and earlier this week UPS said 51 of it UPS Store locations had been hit.

We wrote about this last week because Windows was not being named, despite it being a critical part of this scenario. Instead, there was deflection to FOSS. It helped distract from Windows, which is insecure by design. It is an architectural problem because since 15 years ago, by some estimates, Windows has been a back doors carrier (for the NSA). Here is one British writer complaining about the approach Microsoft takes to composition as well:

In August last year, one-time-sysadmin and now SciFi author Charles Stross declared Microsoft Word ”a tyrant of the imagination” and bemoaned its use in the publishing world.

“Major publishers have been browbeaten into believing that Word is the sine qua non of document production systems,” he wrote. “And they expect me to integrate myself into a Word-centric workflow, even though it’s an inappropriate, damaging, and laborious tool for the job. It is, quite simply, unavoidable.”

To make matters worse, it facilitates surveillance and sabotage, as more stories from last years served to show (Snowden Files at the Guardian for instance). For security reasons Germany and Russia have moved back to typewriters; we can assume they were using Office and Windows beforehand.

Trust the spinners of Microsoft to create and disseminate some “Heartbleed” FUD, an OpenSSL bug that Microsoft likes to hype up and use to generalise so as to create an illusion that FOSS is inherently less secure. This has become Microsoft’s main propaganda against FOSS, based on just one single bug. The FUD started on the day that XP support (patches) came to an end; this timing is unlikely to be a coincidence for reasons we outlined before.

Jason Thompson writes an offensive piece titled “After Heartbleed, Is Open Source More Trouble Than It’s Worth?”

It starts with the following important disclosure:

Jason Thompson, formerly of Q1 Labs, is the vice president of worldwide marketing at SSH Communications Security.

Marketing for proprietary software (for Windows)? This is the type of thing we saw last week when issues in proprietary VPN software were unfairly blamed on OpenSSL. As we pointed out last week, there is also an attack on Android security (usually rogue apps at to blame) and then there is the recent security FUD against Android from former employees of Microsoft. Mind this new article which highlights Microsoft’s hypocrisy:

The Biggest Problem with the Windows Store: Scams Everywhere

Windows 8′s “Windows Store” is a great idea, but unfortunately, it’s a disaster. It’s full of scam apps, designed to trick you into buying an app you don’t need.

Our friends over at the How-To Geek recently wrote a great piece about the biggest problem with the Windows Store, and how Microsoft has apparently done nothing to address it (despite claiming they would over a year ago). For example, here’s what happens if you search for VLC, a popular free video player

Microsoft is creating some new FUD against Google at the moment and Google has responded as follows:

In Worldwide Partner Conference 2014, Microsoft Corporation (NASDAQ:MSFT) claimed that more than seven hundred and eighty five customers have switched to Microsoft Corporation (NASDAQ:MSFT)’s Office 365 from Google Inc (NASDAQ:GOOGL)’s Apps. Microsoft didn’t give any proofs for this claim, but shown a slide having the names of the pronounced customers who made the switch. Google Inc (NASDAQ:GOOGL) immediately started investigating this claim and has recently come up with a response. According to Google Inc (NASDAQ:GOOGL), 5,000+ companies sign up for Google Apps on a daily basis and thousands of these companies switch from Microsoft. In a Forbes article, Ben Kepes mentioned Google’s response and said that it was already expected that Google will come up with a befitting response on Microsoft’s claims.

Microsoft is a malicious, criminal company. Its ability to manipulate the press into writing negative stories about the competition is quite flabbergasting. Microsoft’s key strategy right now is badmouthing the competition. AstroTurf and press manipulation is how that's done, as we showed in the previous post.

08.22.14

UPS Burned by Microsoft Windows, Gives Away Massive Number of Credit Card Details

Posted in FUD, Microsoft, Security at 4:21 pm by Dr. Roy Schestowitz

TJ Maxx all over again?

Boycott against UPS

Summary: UPS is the latest victim of Microsoft’s shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software

A boycott against UPS, based on my bitter experiences, is nothing too prejudiced. Their system does not work well. That’s an understatement actually. It’s dysfunctional. In fact, it’s an utter mess. I wasn’t the only one who was utterly screwed, reputedly, and made deeply upset by them. I tried to accomplish something so simple and spent a huge amount of time achieving nearly nothing. They are badly coordinated and their system is crap. They’re using an utterly flawed system, especially when it comes to exchanges with clients, including financial exchanges. Last year I was upset enough to produce some memes like the following:

UPS

Now it turns out that UPS was foolish enough to be using Microsoft Windows. Consequently, in many countries (not just one) it got “infected with credit card stealing malware” and customers are going to pay dearly (customers, not UPS):

Grocery shoppers nationwide probably had credit card data stolen

Coast-to-coast: Albertsons, Acme Markets, Jewel-Osco and more were hit.
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.

“Windows, again,” says our reader. “See the annotations in the update…”

Notice how the Microsoft-friendly Condé Nast fails to even name Microsoft. Total cover-up, maybe misreporting. Disgusting. It’s like naming an issue in some car model, stating that it is chronic, dangerous and widespread, but still not naming the car maker or the model. Recall also the biggest credit card-stealing incidents in recent history; it is almost always due to Microsoft and Windows.

There is a bunch of reports circulating right now which blame an OpenSSL bug (that Microsoft likes to hype up) for patients’ data compromise.

A reader of ours who lectures on computer security explains: “The real problem was that, as seen in other articles, they used a VPN in place of real security. Oh, and the VPN was closed source, not OpenVPN.”

“This is no surprise as when given internal access to any computer network, it is virtually a 100% success rate at breaking into systems and furthering access,” says one report.

“They admit to having no security for their services and relying on a VPN to provide the illusion of security,” our reader explains. “They also misuse the marketing term ’0-day’.”

Anything to keep the term “Heartbleed” in headlines, creating a FOSS scare…

You can count on the likes of Condé Nast covering Microsoft-induced disaster without mentioning Mirosoft at all while at the same time shouting “Heartbleed” from the rooftops, as Condé Nast so regularly does.

08.18.14

Gartner Group Advocates Using Defective Software With Back Doors

Posted in Microsoft, Security, Windows at 4:01 am by Dr. Roy Schestowitz

Summary: Despite strong evidence that Microsoft has been complicit in illegal surveillance, Gartner continues to recommend the use of Windows and other espionage-ready Microsoft software

One might think that the Gartner Group paid attention to revelations about Microsoft complicity and active collaboration with the NSA’s crimes. Apparently, however, being a rogue marketing operation (disguised PR), Gartner is seemingly unable to learn what a lot of the public (and CIOs, CTOs etc.) already know. Let’s face it. Bill Gates’ ‘investments’ in Gartner and Microsoft’s payments to this marketing (‘analyst’) firm did not fail to cloud its judgment. In world of Gartner, even though Vista 8 is a total disaster and the future of Windows is quite uncertain, the only choice one has is between versions of Windows, not between operating systems. To Gartner, anything other than Windows is not even an option. Back doors are here to stay and defects too are “necessary evil”, apparently.

Why is it that so many people continue to treat Gartner with respect? Any morsel of credibility should have been long gone, even by checking who subsidises this firm. It’s like a think tank or a collective lobbying group (for its corporate client who seek to sell, not to buy); that’s not what analysts are supposed to do.

John C. Dvorak published this column the other day, highlighting the fact that Windows is defective and remains defective even decades down the line. He wrote: “You would think that after 30 years of Windows, many of the obvious and consistent flaws would be fixed. Are they unfixable? Or are the people at Microsoft who can fix them uninterested?

“There is a belief within the tech community that Microsoft lost control of Windows years ago as the company turned over personnel—including the programmers who actually knew the base code of Windows itself. It has long since become what people call spaghetti code—a tangle impossible to unravel. Every patch has to be run through a regimen of tests to see if anything breaks. One thing is fixed and soon something else does not work right.”

Incidentally, see this new report about Microsoft bricking Windows with the latest patches. To quote:

Since Patch Tuesday this past week, Microsoft has been receiving reports of severe system errors caused by one or more of the updates.

Yes, that’s Microsoft ‘quality’. This spaghetti code is impossible to manage, apparently. Simon Phipps, the OSI’s President, also wrote quite recently for “Linux Voice. He wrote about Microsoft’s inherently defective software, inadvertently echoing some of Dvorak’s observations:

The action law enforcement services have taken against the GameOver-Zeus malware syndicate is great news for a change. In the UK, this was communicated with typical tabloid alarmism, framed as “two weeks to save the world” instead of “unusually effective action by law enforcement”. As a result, UK publications have been posting self-preservation information for their readers.

This is a Windows-only issue and since Microsoft does facilitate back doors (bug doors to be precise), Microsoft deserves at least some of the blame here. As Phipps concludes:

So actually it’s somewhat appropriate to blame Windows versions prior to Windows 8 for being vulnerable to many viruses which exploited bugs in this way. The existence of the vulnerability was a conscious choice and a marketing decision; in OS/2, which had no legacy to accommodate, the ring 0 separation was enforced.

Yes, Windows also offers a larger attack “surface” because of its wide adoption, and yes, there are other exploit mechanisms. But this tolerated technical vulnerability is the root cause of a large number of exploits. So while it’s true that malware authors are directly to blame for malware, there’s also a culpability for Microsoft that can’t be ignored.

For Gartner to be advocating the use of such rubbish spaghetti code (in binary form) is worse than incompetent; it’s utterly irresponsible. Why will any serious CIO or CTO ever listen to Gartner again?

Based on publicly-available evidence, even BIOS cracks require Windows. To give “BULLDOZER” as an example: “The technique supports any desktop PC system that contains at least one PCI connector (slot) and uses Microsoft Windows 9x, 2000, 2003 server, XP, or Vista. The PCI slot is required for the BULLDOZER hardware implant installation.”

To give “DEITYBOUNCE” as an example: “DEITYBOUNCE supports multiprocessor systems with RAID hardware and Microsoft Windows 2000, XP, and 2003 Server.”

No wonder China and Russia are banning x86 and/or Microsoft Windows. It’s not because they’re “anti-American” but because Microsoft Windows and some US-made hardware are anti-users. In Germany, for example, ‘secure’ boot was banned for similar reasons. Perhaps they have not been taking Garner’s advice then. In Munich, Gartner notably tried to derail (with words) the migration to GNU/Linux, as we demonstrated some years ago.

08.06.14

Symantec Deserves a Ban in China for Not Reporting US Government Back Doors

Posted in Microsoft, Security, Windows at 10:29 am by Dr. Roy Schestowitz

Tick the box to ban

Symantec logo

Summary: Symantec, a Windows insecurity firm, is miserably trying to divert attention away from reports about distrust that led to a ban in China

According to many reports this week [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], China does not trust some US- and Russia-based companies to take care of ‘security’ in China. It’s about time.

Reports focus on two firms, but another one is seemingly affected (Symantec). While Kaspersky (which we occasionally mention here) does not deny the claims, Symantec does strike back and “Says its Products are Still Allowed in China”. This is a cleverly-worded denial. Some products are definitely banned, but the “Security software developer Symantec Corporation denied its software has been banned in China.” Symantec merely says or emphasises that not everything is banned.

Just to be more specific: “It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government.”

Kaspersky is hyping up security threats at the moment and Symantec is trying hard to dodge the negative publicity because trust is fundamental to their sales. Symantec, which has strong Microsoft connections and disdain for FOSS, should not be trusted if China does not trust Microsoft (we already know how China feels about the ‘new’ Microsoft). To quote an IDG report:

Symantec and Kaspersky Lab have become the latest tech firms to be kicked off the Chinese Government’s approved list, according to an unconfirmed report in the country’s media.

The People’s Daily newspaper broke the news at the weekend in a report that claimed that local supplies including Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising would from now on be the preferred software for antivirus duties.

The news seems to have surprised both firms, which have until now have been approved suppliers for desktop security.

Symantec has been overlooking government back doors such as the ones Microsoft puts in place and lets the US government know about. This is an older debate which made a comeback amid NSA leaks (other antivirus makers seemingly exempt government malware and such, e.g. Stuxnet). Here is Wall Street’s press coverage:

That’s a lesson that Microsoft and Symantec are learning right now. An antivirus company from Silicon Valley, Symantec competes in China against local favorites like Beijing-based Qihoo 360 Technology. According to reports by Bloomberg News and the Chinese media, China has instructed government departments to stop buying antivirus software by Symantec and its Moscow-based rival, Kaspersky Lab. Symantec software has backdoors that could allow outside access, according to an order from the Public Security Ministry. Not coincidentally, Qihoo’s New York-traded shares rose 2.7 percent yesterday, following reports of the move against Symantec and Kapersky.

Well, good for them. After being cracked by the NSA they need to secure their systems by better identifying possible moles (in the software sense).

Dan Goodin, who typically slams FOSS over security issues (less severe than in proprietary software), finally writes about Microsoft’s best known back doors that it tells the NSA about (Goodin does not mention the NSA connection):

There’s a trivial way for drive-by exploit developers to bypass the security sandbox in almost all versions of Internet Explorer, and Microsoft says it has no immediate plans to fix it, according to researchers from Hewlett-Packard.

The exploit technique, laid out in a blog post published Thursday, significantly lowers the bar for attacks that surreptitiously install malware on end-user computers. Sandboxes like those included in IE and Google Chrome effectively require attackers to devise two exploits, one that pierces the sandbox and the other that targets a flaw in some other part of the browser. Having a reliable way to clear the first hurdle drastically lessens the burden of developing sophisticated attacks.

What can Symantec do to stop this other than suggest abandoning Windows (its bread and butter)? Symantec must have known about back doors in the form of IE vulnerabilities, but did it properly protect China from it? No, Symantec makes money from the prevalence of Windows and the company’s management is deeply connected to Microsoft’s.

07.31.14

Is Microsoft Being Raided Not Just for Anti-Competitive Reasons but for Bribes and Back Doors?

Posted in Apple, Fraud, Microsoft, Security at 2:21 pm by Dr. Roy Schestowitz

Great Wall of China

Summary: News about raids in Microsoft China mostly lacking when it comes to background, context, and information about Microsoft’s crimes in China

THE WORLD is moving away from Microsoft. It starts with countries like China, which makes its own hardware (as well as much of the world’s), and then there’s Russia, which abandoned x86 (Wintel) and will make its own chips on which only GNU/Linux will neatly fit. We covered all that earlier this year and it’s clearly not just rhetoric; these things are already happening as the wheels are in motion. Microsoft is desperate to keep up with the changes, but Wintel is like an order of magnitude more expensive than Linux with ARM. It’s game over. Android is dominating many areas, along with its derivatives or other Linux-based operating systems.

The other day there was plenty of press coverage (e.g. [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) about Microsoft being raided by Chinese authorities. “Chinese regulators swarm Microsoft offices over antitrust concerns,” said some headlines (focusing on competition issues, not back doors), but most reports were a lot more vague with claims [1, 2, 3] ranging from nationalism to concerns about Office tie-up. The plutocrats’ media tried to blame it on China and make the Chinese government look irrational (watch what Microsoft boosters say, another one that’s Gates-washing it, and ludicrous claims that “China steps up the arms race in the digital cold war”). The English-speaking Chinese press says that 4 Microsoft offices were visited in the raid. One summary says that “[r]egulators claim Office, Windows illegally tied” while mostly, instead of speaking about recent success stories with Linux, including Android, the article looks backwards and says: “While there have been several attempts to get Chinese punters to switch to Linux – including Red Flag Linux and the unimaginatively named China Operating System – none have been particularly successful at shaking off Windows’ dominance.”

Now, remember that Microsoft was raided in other countries before (e.g. Hungary) and in 2013 the “US probe[d] Microsoft China bribery claim”, as we covered at the time. There is a criminal element to Microsoft’s conduct in China. One of our readers asked, “pressing for more bribes, discounts and backdoors?” Watch China demonised in Western media for protecting itself from espionage (terms like “Microsoft Chinese burn riddle” don’t help).

As Charlie Demerjian reminded us a short while ago, Microsoft is now extorting Windows users:

Microsoft decided to extort Windows 7 users too

Not content to blow both feet off with a shotgun, Microsoft is going for the kneecaps now by blackmailing it’s customers. If you are still dumb enough to use Windows, you are about have your wallet shaken down by Microsoft in a familiar yet still unwelcome way.

We don’t feel the need to sugarcoat this much because the company’s behavior is so blatant and uncaring it is almost staggering. Worse yet the victims, that would be almost all Windows users, have only themselves to blame because the pattern has been well laid out for years now. Microsoft has been unapologetically blackmailing users for years, anyone who bought one of their products in the last few years should have known better.

China has an issue like this; even in the UK the NHS has faced similar issues and is constantly being pressured by Microsoft, as we showed some weeks ago. Office (online) and Windows (the platform for Office on the desktop) are both banned by the Chinese government now.

Leading Chinese media, the New York Times (trend-setting in the US) and BBC (trend-setting in the UK) covered this and have ended coverage by now, so we saw no urgency to point out the news immediately (unlike some bloggers), only to add some background information which has been omitted by the media. A year after Microsoft came under investigation in the US (over allegations that had bribed Chinese officials) it got a visit from Feds, so what is the likelihood that these raids are at least partly related to criminal activity? Microsoft bribery in China is nothing new; it’s how Microsoft does business and the investigation dealt with numerous countries in which Microsoft was alleged to have bribed officials. The BBC says:

Microsoft has confirmed that officials from China’s State Administration for Industry and Commerce – the body responsible for enforcing business laws – have visited some of its offices.

It sounds like bribes would fall under this category. This comes amid shrinkage of Microsoft’s presence in China:

Microsoft Corp’s biggest reduction in company history could cost China more than 1,000 jobs, analysts warned on Friday.

Apple too is laying off employees, 200 people in fact, so let’s not treat Microsoft alone as the problem. Moreover, based on today’s (and yesterday’s) news [1-7], Russia may be close to banning or kicking out Apple and SAP, due to the fact that their software is secret (proprietary) and thus cannot be trusted.

Related/contextual items from the news:

  1. Russia wants Apple and SAP to prove that their software isn’t used for spying
  2. Russia: Apple, SAP to share source codes to combat spying

    Russia has suggested that IT-giants Apple and SAP disclose their source codes to Russian state specialists in order to clear up information security issues after the chain of spy scandals undermined trust in foreign products.

  3. Russia Wants Apple and SAP’s Source Code to Check Spying Activities
  4. Quick Note: Russia Requests Apple, SAP’s Source Code to Prevent Spying

    Russia has made a bold request for both Apple and SAP’s source code to make sure that neither company’s software contains any sort of spy tools.

  5. Russia Asks Source Codes from Apple, SAP
  6. Russia wants Apple and SAP to prove that their software isn’t used for spying
  7. Sorry Russia, Apple and SAP aren’t revealing their source code

    To ensure that SAP and Apple products aren’t vulnerable to spying, Russia suggested last Tuesday that the companies give Russia access to their source code, Reuters reports.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts