Microsoft is ‘open’ like BP is ‘green’ (openwashing follows greenwashing tactics)
Summary: Microsoft’s charm offensives against Free/libre software are proving to be rather effective, despite them involving a gross distortion of facts and exploitation of corruptible elements in the corporate media
SIX days ago we published a series of six articles which are listed in order below:
The issue discussed in part 1 receives a lot of media attention, even from corporate media (in this case, GOP-leaning media). To quote one such report: “The feature we’re concerned with is called Secure Boot, and it’s designed to protect you: The installed OS becomes locked to the hardware itself, and if any other OS attempts to interfere (like a low-level malware app for example) then the system simply won’t start up. OEMs were ordered to make Secure Boot optional with Windows 8 but it looks like they are going to be given the opportunity to make it mandatory in Windows 10.”
“Microsoft is pretending to be Open Source because of new policies that require procuring Open Source software, e.g. in India.”What the corporate media gets wrong is the part about security. It’s not “designed to protect you”. In fact, much of the recent press coverage serves to show that UEFI reduces security in many cases. Some media sites/conglomerates such as IDG already explained (last year) how it can be used for remotely bricking PCs (pretty much at hardware level). We have covered several examples over the past 3 years, so evidence continues to mount. IDG’s Microsoft booster Andy Patrizio wrote: “I suspect if you are smart enough to use Linux, you are smart enough to shut off Secure Boot in the UEFI.”
That’s not an excuse. It also perpetuate myths about GNU/Linux being “hard to use”. “Still,” he continues, “it’s a PR hit for Microsoft, a company that has been earning a lot of goodwill lately.”
That’s utter nonsense as well. As pointed out in part 6 above, Microsoft just manipulates the media (or relies on boosters like Patrizio) to make it seem as though it changed its attitude. As we’ve pointed out in 3 recent articles, there are changes in tendering processes worldwide. Microsoft is pretending to be Open Source because of new policies that require procuring Open Source software, e.g. in India. Yesterday KV Kurmanath planted a Microsoft puff piece in The Hindu Business Line, relaying the bogus narrative of Microsoft as “Open Source”. People must react and counter these lies or else Microsoft will become indistinguishable from Free/libre software, based on a reality-distorting campaign. Microsoft already pretends that Windows, its common carrier, is 'Open Source' or something along these lines. █
Send this to a friend
“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”
–Jim Allchin, Microsoft
Summary: Amid highly misleading security-centric reports that rely on Microsoft’s bogus number of vulnerabilities (Microsoft already admitted hiding many of them) Techrights presents recent news about Windows ‘security’
WINDOWS is not a secure operating system. It’s not intended to be, either (Microsoft's actions show that security is not the goal). One cannot ever patch NSA back doors safely. When these are patched, it’s already too late and newer back doors remain in tact or are being added. Trusting Microsoft to secure Windows is misunderstanding the goal of Windows (‘privileged’ access) and as Stuxnet serves to remind us, the real owners of Windows are spy agencies, not people who use Windows (renting it from Microsoft in exchange for payments). See this new report titled “Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS”. It says that “[w]hile most of the attention this Patch Tuesday has been focused on the FREAK encryption vulnerability, Microsoft’s latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet.” So they hadn’t fixed it for so long and finally decided to do something about it? Knowing that espionage agencies were exploiting holes and taking control of PCs that have Windows installed? Wake up and smell the coffee. These actions speak volumes.
Adding insult to injury, last week we learned that “Microsoft RE-BORK[ED] Windows 7 patch after reboot loop horror”. To quote the report itself: “Reports are emerging that a twice-issued Microsoft Windows 7 patch is still causing pain for users, with some claiming the fix is triggering continuous reboots.
“The patch was first issued as KB2949927 and withdrawn in October due to system faults, before being re-released this week as KB3033929.”
So our conclusion is that even when Microsoft offers so-called ‘patches’ or ‘security’ there are negative consequences which are too risky to accept. For more information see this article titled “Problems reported with Microsoft patch KB 3002657, warning issued on KB 3046049″. A lot of people are still using Windows XP, which receives no patches at all. Some genius, eh?
Some Web sites are now claiming that the NSA and fellow espionage operations have been largely responsible for the SSL hole someone dubbed “FREAK”. Of course, despite media spin and a clear Microsoft role (perhaps inside knowledge becoming public), the flaw affects Windows as well (all versions) and Microsoft failed to properly address the problem when it was already known (advertised as public knowledge). “The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators,” according to one British news site/magazine which focused on security. CBS covered this only after it had been wrongly spun as a Linux and Apple issue. “Microsoft was late with the announcement so that the press could focus on Android and iOS and make it look like their problem,” said iophk. Microsoft took many weeks to do anything, which gave enough time for passwords to be intercepted and for entire networks to be compromised. So again we are being reminded that Microsoft just doesn’t take security seriously. While some reports try to frame Windows as most secure because Microsoft hides many flaws and games the numbers to make the competition look bad, anyone with experience in this area ought to see that Microsoft’s encryption was always bogus, and very much by design! Here is another brand-new example of Microsoft ‘security’ in action: “Microsoft is scrambling to block a fraudulent HTTPS certificate that was issued for one of the company’s Windows Live Web addresses lest it be used by attackers to mount convincing man-in-the-middle attacks.”
Soon enough, based on some observers, Microsoft Windows-running “PC will become slower as it will serve the updates to another client.”
It is a peer-to-peer approach that externalises cost and liability. Is Microsoft really trusting this to work better given the above reports about man-in-the-middle attacks and fraudulent HTTPS certificates? Platforms with back doors cannot ever be relied on for serving security to other systems. It’s a collective compromise. Botmasters will love it!
Our last piece of relevant news deals with Pwn2Own. The headline says that “security [is] still a myth on Windows PCs” [via] and that it took just one day to crack Windows. To quote: “Day one of the 2015 Pwn2Own hacking contest in Vancouver, Canada, saw big wins for contestants and headaches for software makers: competing teams successfully exploited fresh vulnerabilities in Adobe Flash and Reader, Microsoft’s Windows and Internet Explorer, and Mozilla’s Firefox, to hijack PCs.”
Was it Firefox on Windows as so often is the case? Not even Tor is secure on Windows. █
Send this to a friend
Summary: Shifting focus to the root problem, which is neither Lenovo nor its laptops but the non-free programs installed on hardware
WHEN it was revealed that governments had constructed Stuxnet to sabotage computers almost all reporters refused to call out Windows, despite Stuxnet being exclusive to Windows. The same is happening right now in relation to Superfish. We posted links to a lot of articles about it (see our daily links for about a dozen) and none of them bothered reporting the fact that only clients of Microsoft (the NSA’s ally) were affected. Having watched dozens of articles about it we can say that almost not a single article emphasised that it only affects Windows. Lenovo says it didn’t know about it and given the shadowy background of Superfish (its CEO came from the surveillance complex) it’s possible that Lenovo was tricked or bribed into installing this back door.
“Lenovo’s ThinkPads, which originally came from IBM, are famously GNU/Linux-friendly.”The CBS-owned ZDNet has Microsoft booster Mary Branscombe spinning that Superfish scandal to even imply that people should “love Windows”. Well, at least she points out that it’s a Windows issue, albeit that’s not her intention (she is just a Microsoft mouthpiece seeking to divert blame).
Robert Pogson responded to Branscombe by stating:
I recommend everyone switch to GNU/Linux. It’s easy. Demand your local retailers sell them. Shop online for a GNU/Linux PC. Heck, install it yourself. Heck, you can even get that other OS to start the process. I recommend Debian GNU/Linux, software that works for you, not some corporation with the morality of a snake. The beauty of it is that the licence you get with the downloads includes the right to examine, modify and distribute the software, so you can cut out all that third-party crapware, if there were any. Debian doesn’t bother attaching crapware to PCs it doesn’t sell…
It’s not just that. Windows, with or without crapware, has back doors. GNU/Linux hasn’t. Free software is essential for those who pursue real computer security, as opposed to so-called ‘national security’.
Here is the statement that the FSF has just made about it (hours ago):
Security experts have discovered a highly threatening vulnerability in software preinstalled on some Windows computers manufactured by Lenovo through January 2015. Extreme negligence on the part of Lenovo and unscrupulous programming by its adware partner Superfish seem to have caused the vulnerability.
The FSF does point out that it’s a “Windows computers” issue. Well, there is no such thing as “Windows computers”, as such computers can have Windows wiped and GNU/Linux installed instead. Lenovo’s ThinkPads, which originally came from IBM, are famously GNU/Linux-friendly. █
Send this to a friend
Discussions revolve around brands, not objectivity
Summary: The bogus ‘debate’ about bugs, where built-in bugs (like wiretapping, bugging, and back doors in proprietary software) are conveniently overlooked
DESPITE acknowledging that Free software is more secure than proprietary software, Veracode recently turned opportunistic. It was using bugs with "branding" to promote itself and it wasn’t alone.
“FOSS has some bugs, whereas proprietary software is a bug.”Several opportunistic firms, including Black Duck, are appearing in the press again, exploiting “branding” of few bugs in FOSS to sell proprietary stuff. Veracode is again doing it and Black Duck’s latest FUD piece is resurfacing yet again, as very recently noted by us after its placement had been pushed by IDG — an extensive network which gives this proprietary firm a platform as author on FOSS matters. “Black Duck Software presents 5 tips for a secure enterprise relationship with open source,” says IDG, but since when is Black Duck an authority in the area? It’s a proprietary software firm.
FOSS has some bugs, whereas proprietary software is a bug. It’s bugging. We recently wrote about Outlook being ousted as a surveillance platform and amid revelations about the NSA’s spying on EU Parliament Outlook (the ‘app’) is reportedly banned. To quote a British report: “The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports.
“The Parliament’s IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate email passwords if it was used.”
Nevertheless, the jingoistic Microsoft Peter (Peter Bright) tries to paint Microsoft as “cool” while it is “shutting down a[nother] competitor” as a source put it to us, citing this article:
Microsoft on Wednesday confirmed its purchase of mobile calendar app Sunrise.
This will immediately become a PRISM-included surveillance app. Reading reports about it helps show that the security issue is proprietary software, especially Microsoft’s (the NSA’s top ally). It oughtn’t be so shocking that Black Duck, which is strongly connected to Microsoft, would hastily and repeatedly overlook Microsoft’s ill effect on software, turning software into bugs, wiretapping everyone. █
Send this to a friend
Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden’s NSA leaks
THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.
As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).
“Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).”Dan Goodin, who typically spends his ‘journalism’ career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It’s a major one, no doubt; But no name, no “branding”…
In Goodin’s own words:
Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.
The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.
The significant part is in the second paragraph above (“took Microsoft more than 12 months to fix”). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the ‘magic’ of proprietary software. Is the NSA now ‘done’ cracking all the world’s networks that have Windows in them? Is it now ‘safe’ to finally close this back door?
Microsoft Windows is an utter joke when it comes to security, as Microsoft’s own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea’s network. Those who knowingly used an operating system with back doors can’t blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.
Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin’s former employer puts it:
What happens six months from now, on 14 July? That’s the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system’s maker.
The article states that many servers will basically be left with permanent back doors. Many of them contain customers’ (or patients’) data.
As Robert Pogson put it, “Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…”
He concludes correctly: “Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable.”
Yes, even bugs with special names, logos, and “branding” — those that the corporate media loves to hype up. █
Send this to a friend
Summary: Parasites that take advantage of public panic and lack of comprehension are occupying paper space, as usual
LAST WEEK we wrote about the overblown threat called/dubbed “GHOST” (all capital letters) by the company seeking to make money from it despite being only the third to discover it and knowing it was not much of a big deal. We have not yet heard about any major exploit, which pretty much can be said about the OpenSSL bug as well (this one too was discovered by two entities before a Microsoft-connected firm irresponsibly publicised it, giving it a name and a logo to sell its own services and spread FOSS-hostile FUD for many months to come). What unifies the GLibC and OpenSSL bugs is that they got “brand recognition” very quickly. It was like a marketing campaign rather than a non-alarmist discussion about security — something that non-technical/technically-illiterate journalists would surely fail at.
“As more stories are published in the media about big “hacks” (cracks) against large corporations we can’t help but feel that the media neglects to mention that Microsoft Windows — not OpenSSL or Bash, let alone GLibC — is usually to blame.”Days ago we saw the most FOSS-hostile IDG Web site becoming a platform of Black Duck, a Microsoft-connected firm that sells proprietary software by spreading and accentuating fear of FOSS. The article at hand uses bugs with “branding” to spook FOSS users while Black Duck, paying to publish this self-promotional press release on the same day, is still pretending to be an authority in FOSS.
The bugs with “branding” were also exploited by Veracode in this article (on the same day) and as Eric Lorenzo pointed out: “If businesses don’t update legacy software, often they will will have bugs fixed in later versions! Shock!”
“I wonder what percentage of businesses are using obsolete Windows without updates,” he added.
As more stories are published in the media about big “hacks” (cracks) against large corporations we can’t help but feel that the media neglects to mention that Microsoft Windows — not OpenSSL or Bash, let alone GLibC — is usually to blame. It not only sports back doors but is also badly designed and won't patch known critical holes. It is basically designed to be not secure.
When it comes to reporting on computer security, the corporate press has almost zero legitimacy. All it knows is brands and it is eager to promote corporate partners that piggyback those brands (like “heartbleed”) or stories (Anthem, Sony, etc.), claiming to be experts and offering remedies other than patches which were already issued and are free to apply by all. █
Send this to a friend
Giving names to bugs to make them sound scary
Summary: Even the company that bombarded the media with its “GHOST” nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat
TWO days ago we wrote about the self-promotional FUD campaign from Qualys, noting that it had been blown out of proportion, as intended all along by Qualys (which even gave it the name “GHOST” and paid for expensive press releases in corporate news). A Red Hat employee reveals that even Qualys itself realised that its pet PR/marketing charade, “GHOST”, is not much of a risk.
He said that “the people at Qualys that worked hard to hype GHOST into a doomsday bug had to admit that most software calling the gethostbyname function couldn’t be forced to exploit the bug. As they say themselves (from “the Qualys Security Advisory team”):
“Here is a list of potential targets that we investigated (they all call gethostbyname, one way or another), but to the best of our knowledge, the buffer overflow cannot be triggered in any of them:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.”
“To put things in perspective see this [discussion],” he added. It’s LWN refuting Dan Goodin, the anti-GNU/Linux ‘security’ rhetoric person from Condé Nast (we took note of his coverage the other day).
“But as always,” added the guy from Red Hat, “the truth isn’t that clickbaiting…
“It was a bug. It has been fixed. But it wasn’t that simple to exploit. Patches are available and as it seems no one got hurt.” █
Send this to a friend
Ghostwriting a Qualys horror story for maximal FUD (fear, uncertainty, and doubt)
Summary: Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed
THERE IS something to be said about the “top” news regarding GNU/Linux. It’s not really news. The so-called “GHOST” publicity stunt needn’t be repeated by FOSS sites. It is about a bug which was patched two years ago, but some sites overlook this important fact and stick lots of spooky logos, playing right into the hands of Qualys, an insecurity firm (making money from lack of security or perception of insecurity).
We have watches the ‘news’ unfolding over the past day and a half and now is a good time to explain what we deal with. The so-called “GHOST” (all capital letters!) bug is old. Qualys is going two years ago into bugfixes, giving a name to the bugfixes, then making plenty of noise (all over the news right now). Qualys does not look like a proxy of Microsoft or other GNU/Linux foes, but it is self-serving. Insecurity firms like Qualys probably learned that giving a name to a bug in GNU (SJVN mistakenly calls it “Linux”, but so do many others) would give more publicity and people will pay attention to brands and logos rather than to substance. Just before Christmas an insecurity firm tried to do that with "Grinch" and it turned out to be a farce. SJVN says that this old “vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.”
Well, it was patched back in 2013. Use of names for marketing is what makes it “news”; the opportunists even prepared a PRESS RELEASE and pushed it into ‘big’ sites like CNN. It has marketing written all over it, just like “Heartbleed” that had strong Microsoft connections behind the disclosure. It is sad that Linux sites fall for this. Phoronix copies the press release as though it’s reliable rather than self-promotional. Michael Larabel writes: “The latest high-profile security vulnerability affecting Linux systems us within Glibc, the GNU C Library.”
It is not “latest”, it is 2 years old. Larabel says that “Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.”
OK, so it’s not news. FOSS Force cites SJVN to amplify the scare and other FOSS sites are playing along as though this is top news. It oughtn’t be. It is already widely patched (maybe requiring a reboot), so let’s patch and move on (unless it was already patched upstream/downstream years ago). IDG has already published at least three articles about it [1, 2], including one from Swapnil Bhartiya, who is not too alarmist to his credit. He noted that “there was a patch released back on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However it was not considered to be a security risk and thus major Linux distributions that offer long term support and get security updates remained vulnerable, including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.”
It affects very specific versions, mostly long-term support releases that already have reliable patches available. It should be clear that some headlines such as this or that clarify the limited scope of impact (not bad reporting) unlike the alarmist trolls.
What Techrights generally found was that early coverage came from so-called ‘security’ sites or blogs of insecurity firms that try to sell their services (e.g. [1, 2, 3]). These set the tone for many.
The response to this bug is proportional to the perceived danger (e.g. due to media hype), not the severity of the bug. Some security news sites [1, 2] focus on names and logos while facts remain only a side issue. This so-called “ghost” nonsense (some lines of code basically) was fixed 2 years ago and as the blog post “long term support considered harmful” explains it: “In theory, somebody at glibc should have noticed that fixing a buffer flow in a function that parses network data has security implications. That doesn’t always happen, however, for many reasons. Sometimes the assessment isn’t made; sometimes the assessment fails to consider all possible exploit strategies. Security bugs are “silently” fixed frequently enough (without evil intentions) that we should consider them a fact of life and deal with them accordingly.”
Some of the worst kind of coverage we found came from The Register with its flamebait headlines (scary headlines for maximum effect) and the troll Brian Fagioli. They are only some among many who are using the name to come up with puns and FUD. Jim Finkle is back to his GNU/Linux-hostile ‘reporting’, bringing this to the corporate media (there is some in the UK also) and LWN quickly cited the GNU/Linux-hostile Dan Goodin. He called “Highly critical” a bug that was patched two years ago.
Debunking some of the latest security FUD we had Fedora Magazine which stated “don’t be [worried], on supported Fedora versions.”
For unsupported version there is a lot more than this one bug that one needs to worry about.
Apple fans were quick to take advantage of the news, despite the fact that Apple is leaving systems vulnerable for many months, knowingly (like Microsoft does, until Google steps in).
See, with proprietary systems one knows for a fact that there is no security. With GNU/Linux is an open question and it depends on what measures one takes to keep it secure. For Apple and Microsoft security is not at all the goal; back doors and unpatched flaws are not really as “interesting” and important for them to patch as helping spying agencies. Google is not at fault here, Google just saw that Apple and Microsoft had no plans to plug serious holes — a patch evidently wasn’t going to be made ready before the public finds out about it, owing to Google. Apple chooses to blame Google; same as Microsoft. They should only blame themselves both for the bugs and for negligence after the bugs were highlighted to them. There is no room here for properly comparing GNU/Linux (Free/libre) to OS X or Windows (proprietary) because evidence clearly shows that the latter are not interested in security and not pursuing security when it is trivially possible.
What we find curious amid the latest FUD campaign is that Apple back/bug doors are not as widely publicised as a GNU bug that was patched 2 years ago and mostly affects LTS systems (which already have patches available). “Nothing I can think of,” said a reader of ours about this media hype, “but the LTS model followed by RHEL and Ubuntu have different goals and purposes than the short, fast development cycle like OpenBSD.”
Nobody is forced to use an LTS release and those who choose it must be aware of the potential risk.
Regarding the other FUD that flooded the press in recent weeks, targeting for the most part Google and Android, our reader XFaCE wrote the following:
I assume you want to write about that new Android vulnerability. Basically I can see the narrative being pushed through three points
- Microsoft supported Windows XP/7/etc. for years, why doesn’t Google support old Android versions
- Google told Microsoft about a very old bug in their software, so they are hypocritical
- Heartbleed bug was fixed way back for 4.1.1
For the last point, it’s a bullshit comparison because
a) 4.1.1 was one point release where upgrading to 4.1.2 fixed the issue (it was already fixed back when 4.1.2 was released)
b) The fix was one file, as evident by XDA members patched it themselves on phones manufacturers refused to upgrade to 4.1.2 SOURCE: http://forum.xda-developers.com/showthread.php?t=2712916
c) As shown by the link, a lot of manufacturers DIDN’T update certain 4.1.1 devices to 4.1.2, hence proving Google’s point. The fix there was SIMPLE, but the OEMs didn’t bother to do it
With Webview, not only is webview involved, but so is the webkit rendering engine, so the fix for all those previously releases is much more complicated
As for the second point, Google did catch it, with KitKat, and furthermore made KitKat supported on more low-end devices so theoretically older 512mb or less devices could be updated
For example, HTC said (when Jelly Bean 4.1 came out) that they would not update any device with 512 mb of RAM (SOURCE: http://www.cnet.com/news/htc-one-v-and-desire-c-will-never-get-jelly-bean/ ), so naturally when KitKat came out, they updated those devices because the OS officially was designed for such low ram devices
“Later this year, the entry-level smartphone the HTC Desire 500, should also be seeing the KitKat update. However, the One X, One X+, One S, and One V will be left in the dust and will be receiving no more official updates from HTC.”
So the OEMs are at fault for not upgrading the devices, not Google, which leads to point 1 – Google doesn’t control the Android OEMs like Microsoft does OEM pay Microsoft for the support whereby Microsoft controls all updates, Google doesn’t get paid or have the agreemeent in that way
OEMs like HTC could easily fix this by porting Kitkat to those devices, but they won’t cause they want you to buy a new HTC phone or whatever phone brand
Techrights did not cover that (except in daily links) because it should be self-evident that free-of-charge Android upgrades make it inhernetly different from proprietary software and keeping up to data typically ensures security. A lot of the analogies (Android and Windows) were inherently flawed and the FUD rather shallow. █
Send this to a friend
« Previous entries Next Page » Next Page »