EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


The Microsoft Botnet Goes Bonkers and ATMs Running Windows Spew Out Cash

Posted in GNU/Linux, Security, Vista 10, Vista 7, Windows at 5:06 am by Dr. Roy Schestowitz

“Mission-critical” and “Windows” are not possible to mention in the same sentence

Manchester Airport

Summary: The terrible security (by design) of Microsoft Windows is causing all sorts of very serious and collectively expensive issues

NOW that Rianne and I are back from vacation (Manchester Airport is shown above) we are amused to see even Dan Goodin, a selective basher of Free software, covering this latest blunder from Microsoft (affecting Vista 7). Sosumi dropped this pointer last night in the #techrights IRC channel and since then the word has been spreading rather quickly. Dan Goodin finally writes about the Microsoft Windows botnet (Windows Update, for a change) and Microsoft rushes to do ‘damage control’ by going after journalists. To quote Goodin:

“Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn’t correctly implemented.

“We incorrectly published a test update and are in the process of removing it,” a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.”

Yeah, whatever. It’s hard to refute something like that, but it may as well be a lie. It would be hard to prove what actually happened unless someone from the inside (like a whistleblower) got contacted. It’s all secretive and proprietary. Here is what the British media (Goodin’s former employer) wrote: “The Register poked Microsoft about the issue, and a spokesman told us: “We incorrectly published a test update and are in the process of removing it.”

“How that sort of thing happens, though, we’re not totally clear on. The bizarre update has certainly confused a load of Windows users, who hit the support forums in search of answers.

“Beginning with Windows 10, Microsoft has begun touting a new strategy of “Windows as a service,” where updates are continuous and automatic, and only enterprise customers are given the option of refusing them.”

When the Microsoft botnet (commandeered by the NSA and not just Microsoft, which grants the NSA access) goes awry we should all be reminded of the importance of software freedom. Windows Update, with automatic invocation in particular, is a truly terrible thing (even in Free software). Not only state-sanction spies but crackers too can exploit it, through back doors for example.

The monopolist knows that people are increasingly worried about all this remote control-like functionality. Microsoft Peter now comments [1] on mass surveillance (even on keystrokes) in Vista 10 after Microsoft admitted that mass surveillance is very much intentional, not a glitch. People inside Microsoft told me that it’s only getting worse (at development stages) and bound to get worse by the next release of Windows.

In other news, proprietary Windows and proprietary RAR now facilitate remote access by secret agencies (see this discussion). To quote Net Security: “A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed.”

The press hardly covered this. Instead it got obsessed with “XOR DDOS”. Weak passwords are to blame, not GNU/Linux, but all the headlines name “Linux”. There are finally some decent articles about it, not FUD from Microsoft boosters and insecurity firms (looking to sell their services).

Another bit of FUD came from The Inquirer last week (mentioned in our daily links). The Inquirer changed the headline after falsely accusing/blaming Linux, merely because the acronym XFS was mentioned (purely Windows in this case, not related to the Linux file system). Here are some articles about it [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]. In short, lots of ATMs are being exploited not because of Linux but because they don’t use Linux. This is because of Windows. What kind of company STILL uses Windows in ATMs and banking in general? This is a platform of botnets and back doors, it’s simply unfit for purpose. Guess who pays the price for clueless technologists who put Windows in banks (which can receive bailout from taxpayers)? Just imagine where we would be if airplanes ran Windows…

Related/contextual items from the news:

  1. Microsoft reaffirms privacy commitment, but Windows will keep collecting data

    The second category is personalization data, the things Windows—and especially Cortana—knows regarding what your handwriting looks like, what your voice sounds like, which sports teams you follow, and so on. Nothing is changing here. Microsoft says that users are in control, but our own testing suggests that the situation is murkier. Even when set to use the most private settings, there is unexpected communication between Windows 10 and Microsoft. We continue to advocate settings that are both clearer and stricter in their effect.


Microsoft Technology Crashes Financial Markets, Again

Posted in Microsoft, Security at 9:02 am by Dr. Roy Schestowitz

Microsoft stack is a mutual fund’s assured destruction

SunGard and Microsoft

Summary: SunGard, which is a Microsoft shop, is clearly failing to provide what it calls mission-ciriticaal [sic] solutions

IT HAS been an exceptionally long time since we last heard from or wrote about the London Stock Exchange (LSE) [1, 2, 3, 4, 5] because now that it runs a lot of Free software, including GNU/Linux at the very core, it is so stable that the architecture is not newsworthy. It’s uneventful. There are, however, some who still insist on using Windows in mission-critical systems. They are paying a high price for this, first at acquisition and later when things go awry, repeatedly even.

Not only the LSE moved to GNU/Linux (dumping Microsoft after many severe problems and a huge bill). Wall Street is famously GNU/Linux-powered after many years with UNIX (it never relied on Windows), but there are private firms that rely on Microsoft and they have just paid a very high price for that. “Bank of New York Mellon Corp.,” says the Wall Street media, “is still working to provide closing prices for certain mutual funds and exchange-traded funds after a technology used to generate net asset values broke down on Monday.”

“Computer Glitch rocks the Mutual Fund Industry,” wrote to us a reader, pointing to more articles about the collateral impact (it’s disrupting the market as a whole). “There’ll be no mention of the Microsoft connection,” he noted. So far he has been right. Nobody calls out Windows. Here is Microsoft’s page about the “Microsoft and SunGard Alliance”. To quote parts of it: “As is demonstrated by the IntelliMatch Operational Control Windows 8, SunGard is innovating utilizing Microsoft technology to ubild mission-ciriticaal [sic] solutions for the global financial services community”

Yes, mission-ciriticaal [sic] (not our typo) is what it’s really for. They can’t even deal with English, so how about real-time systems with trillions of transactions? Based on Google’s cache, the page has contained this typo for quite some time. SunGard is a joke and it relies on Microsoft’s amateurish software.

Having looked for stronger evidence of Windows being the cause, a reader told us, sarcastically: “If it wasn’t Windows they would be singing it to the rafters. On the other hand maybe it was a pretext to shutdown trading as the market was in the middle of another panic selling. Remember when a whole days trades was ‘lost’ on the NY stock exchange. The computers recovered just at the end of day trading.”

“There are many reasons why no firm should ever use Windows, as Stuxnet serves to remind anyone who is still wilfully ignorant. This is especially true for financial firms, law firms, politicians, and journalists.”There are many reasons why no firm should ever use Windows, as Stuxnet serves to remind anyone who is still wilfully ignorant. This is especially true for financial firms, law firms, politicians, and journalists. They don’t need to be “foreign” to be targetted, they just need to be viewed as “hostile” towards some of those who are presently in Power. The government wishes to meddle and disrupt opposition or risk to Power. That’s a universal problem.

The author at TechDirt [1], as well as others [2], neglect to mention right now that CIPAV, which the FBI turns out have used to disrupt journalists based on the explosive revelations below, specifically targets Microsoft Windows, a platform with back doors.

Related/contextual items from the news:

  1. AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story

    Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story…

  2. Associated Press sues FBI over fake news story

    The Associated Press filed a lawsuit (PDF) this morning, demanding the FBI hand over information about its use of fake news stories. The case stems from a 2007 incident regarding a bomb threat at a school. The FBI created a fake news story with an Associated Press byline, then e-mailed it to a suspect to plant malware on his computer.

    The AP sent a Freedom of Information Act request to the FBI last year seeking documents related to the 2014 sting. It also seeks to know how many times the FBI has used such a ruse since 2000. The FBI responded to the AP saying it could take two years or more to gather the information requested. Unsatisfied with the response, the Associated Press has taken the matter to court.


Sabine Pfeiler and Otto Seidl Should Take Note as Russia — Like China — is in the Process of Banning Microsoft Windows for Security Reasons

Posted in GNU/Linux, Security, Vista 10, Windows at 6:53 am by Dr. Roy Schestowitz

Strapping NSA back doors onto Munich oughtn’t be an option

Sabine Pfeiler

Summary: A look at a strange suggestion, signed by Sabine Pfeiler (above) and Otto Seidl, who suggest going back to Microsoft which is basically a spyware company now

THE enormous long-term cost of Microsoft Windows, deferred and inevitably incurred due to blackmail and espionage (possibly more expensive then dealing with script kiddies/crackers alone), was detailed in the previous post. No nation other than the US (not even other Five Eyes nations) should procure proprietary software from the United States. Britain has just repeated this error [1] and some Microsoft fans in Germany apparently want to revert back to making this error, having already undone this error (dumping proprietary software, including Microsoft, in Munich).

We wish to start with some rather exciting news. Thankfully enough, Russia is now following China’s footsteps and may ban Vista 10 (China also banned Office in government, not just Vista 8, recognising that it’s a collective Trojan horse from the NSA). Last year or the year before that Russia had already taken first steps towards banning Windows by banning x86 in government (Wintel) and days ago it went further. Citing Russian media, Linux Veda writes: “The vice speaker of Russia’s State Duma, Nikolai Levichev, has written to Prime Minister Dmitry Medvedev asking for the Russian government to ban the use of Windows 10 amongst Russian civil servants. Levichev is concerned that Microsoft may allow US agencies to access data collected from Russian officials.”

Based on countless leaks from the NSA (many mention Russia by name), the above is undoubtedly being done. To think otherwise would be willful ignorance. Germany too is a target (political and industrial espionage), as recently demonstrated by Wikileaks, not just Snowden’s leaks and subsequent unattributed leaks.

It then leads us to our main topic, which is bogus stories from Microsoft propaganda sites, distorting the stories that were originally published in Germany about a week ago. We have a misleading headline about just two people, making them sound like the whole city of Munich. These people are Sabine Pfeiler and Otto Seidl.

Microsoft propaganda sites will latch onto anything and anyone, as they have been doing for years, never leaving Munich alone because it has become an embarrassment to Microsoft and a winning example/trophy for GNU/Linux on the desktop. What Microsoft does in Munich right now is definitely not sitting on its hands and accepting defeat. There is lobbying that is difficult for outsiders to see, but evidence occasionally comes out, as we have shown here over the years (we wrote dozens of articles about this). Partner companies, not just moles or lobbyists, are involved in this. Munich is constantly under attack.

A European reader of ours helped us understand what is happening in Munich right now. “Two ‘softers,” he said, is what it boils down to. “Annoying that they get any press at all. [...] it does look like only two ‘softers and not two independent people. More can be done to bring up the games that Microsoft continues to play against competitors, especially FOSS. Too many are falling for that “another chance” tactic, one that’s been used every few years for decades.”

We tried to find out more, for instance anything suspicious in the professional background of the troublemakers. Microsoft recently blackmailed members of the British Parliament, as it had previously done in Norway and other places (if you do what we say, we’ll do this thing for your area, but if you don’t, we’ll punish you). There are plenty of bribes and blackmail examples; Microsoft is full of those.

Our reader tracked down the original PDF. It is signed by these two people:

Sabine Pfeiler, Stadtrat
Otto Seidl, Stadtrat

“Your German is certainly better than mine,” said the reader, “but there are probably these two. They’re both in office through 2020. The main argument that the laptops have no programs for text editing, Skype, Office etc does not hold water. LibreOffice and even nasty ol’ unsafe Skype are available for GNU/Linux on x86, though the latter has not been approved by the IT dept there. But the Tech Republic article does say they are using Intel processors and that LibreOffice is on them.

“Seidl had in 2014 defended LiMux against mayor Dieter Reiter and Josef Schmid. However, I think that something is fishy, but cannot find anything with just a cursory search.”

“Microsoft just remotely modifies Vista 10 and won’t explain how, why, and when.”Vista 10 is an unacceptable risk, especially for government, and German has been more strict than most nations about digital control over its computing (even UEFI 'secure boot' is verboten). Vista 10 can add back doors, bug doors, delete files, add files etc. and it won’t even tell the user. We covered this the other day, noting that RMS (Richard Stallman) was right all along. This is why Microsoft will consider doing almost anything (even blackmail and bribes) to get its way here, enabling the Trojan horse to slip inside the whole of Germany. The NSA would certainly like for this to happen.

According to Manish Singh, “[i]f you’re having trouble deciphering what exactly Microsoft is bundling in Windows 10 updates, it is not your fault. Moreover, it is about to get worse. Microsoft has confirmed that it might choose to not offer a detailed changelog with new Windows 10 updates.”

Microsoft just remotely modifies Vista 10 and won’t explain how, why, and when. It is virtually as though one’s own computer is rented or leased. Even the British media took note. Simon Sharwood spoke to Microsoft and then reported that “Microsoft has explained its policy about how much information it will offer on the content of Cumulative Updates to Windows 10.”

Remember that for most users it will be impossible to even deny automatic updates. Microsoft Peter, not only Microsoft sceptics, reminds us right now that Microsoft has no plans to tell us what’s in Windows patches. Vista 10 already has back doors (and worse, it turns networks into botnets), but the point is, additional ones can be added at any time, silently. What would happen at times of war? Germany simply mustn’t consider going back to Windows and more cities should now follow Munich’s lead, maybe adopting much of the same Free software that Munich developed over the years.

Have politicians actually been following what’s happening right now? BND collusion with the NSA makes it simpler to blackmail German politicians, this we know for sure…

Related/contextual items from the news:

  1. UK government signs new deal with Oracle

    The UK’s Crown Commercial Service (CCS) yesterday revealed that it would be teaming up with software giant Oracle, in a three-year partnership which will see the two collaborate to deliver services to public sector bodies including the National Health Service (NHS).

    Just weeks after the government announced that it would be cutting back on its use of Oracle software, the new deal instead extends the existing agreement signed in 2012 and aims to bring new cost-saving solutions. The CCS has promised the that the signing of the Oracle memorandum of understanding (MoU) will “deliver additional savings for the taxpayer.”

Microsoft Windows Leads to Espionage and Blackmail: Latest Examples

Posted in Microsoft, Security, Windows at 6:00 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Another news overview, detailing high-profile examples of high-cost Windows deployments (including the cost of litigation and settlement)

THE “IRS hack [is] far larger than first thought,” according to this new report. It’s no secret that the IRS is a Microsoft Windows shop (which was warned about security breaches as far back as 6 years ago), so it makes one wonder if Windows was to blame here, as in the OPM breach, the Sony breach, and most recently the Ashley Madison breach (not to mention Stuxnet in Iran). Based on our information, all these high-profile breaches one way or another involve Microsoft reliance. The corporate media failed to call out Windows, but a little bit of research often helps boil it down to Microsoft’s NSA-accessible (through back doors) platforms.

“The parent company can now be sued into bankruptcy. It’s the (hidden) high cost of Windows.”Below is a new story which shows how Argentina targets [1] a large number of dissidents for surveillance using a fake “confidential document [that] was intended to infect a Windows computer.” GNU/Linux users needn’t worry about such things. Then of course there is the latest high-profile breach, the one affecting tens of millions of members of Ashley Madison (including almost ten thousand members of the military, including high-ranked ones), some of whom are suing [2] (what’s the price of a failed marriage or blackmail?). The parent company can now be sued into bankruptcy. It’s the (hidden) high cost of Windows. According to [3], “Security Was An Afterthought” at Ashley Madison. Well, that’s quite evident. Ashley Madison is hardly even hiding it (DMCA rampage is not a substitute) and it has been made ever more obvious by the fact that they were using Microsoft Windows.

Microsoft and security are mutually exclusive, unlike Microsoft and insecurity. No secure application can be mounted on top of a base with back doors. It ought to be crystal clear after Snowden’s many revelations.

Related/contextual items from the news:

  1. Inside the Spyware Campaign Against Argentine Troublemakers

    Alberto Nisman, the Argentine prosecutor known for doggedly investigating a 1994 Buenos Aires bombing, was targeted by invasive spy software downloaded onto his cellular phone shortly before his mysterious death. The software masqueraded as a confidential document and was intended to infect a Windows computer.

  2. Canadians are suing Ashley Madison because a lack of prophylactic protection

    A BRACE OF LAW FIRMS ARE BEHIND A class action lawsuit against Ashley Madison because it did not do enough to protect personal and private information.

    The class action case, from two Canadian law firms, argues that the hookup stations failed users by not protecting their information and for not deleting it after a fee had been paid to ensure its deletion. It seeks $578m.

    According to the New York Post the lawyers want some satisfaction for a cluster of punters who are currently wearing outraged expressions and regretting joining a site that does what it does in the way that it does it.

  3. ‘Security Was An Afterthought,’ Hacked Ashley Madison Emails Show

    It’s already clear that, despite handling very sensitive data, Ashley Madison did not have the best security. Hackers managed to obtain everything from source code to customer data to internal documents, and the attackers behind the breach, who call themselves the Impact Team, made a mockery of the company’s defenses in an interview.


Ashley Madison Disaster Apparently the Fault of Microsoft Windows

Posted in Microsoft, Security, Windows at 6:50 am by Dr. Roy Schestowitz

What kind of company uses Windows for security?!

Hilton Manchester

Summary: New reports serve to show that Ashley Madison’s data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It’s quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).

Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it’s Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

“Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people.”According to this report, the leak “included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company” (hello Microsoft!).

“According to security experts, including Krebs,” wrote Gordon in IRC, “it’s definitely a legit dump” and there are articles that explain why. “The database dump,” to quote this one report, “appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.”

Ashley Madison’s owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It’s that same dumb mentality that leads some politicians to demands of back doors only for the “Good Guys” (them).

Related/contextual items from the news:

  1. Remember How The DMCA ‘Stopped’ The Release Of Ashley Madison Cheaters Data? About That…

    And… it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people — journalists, security researchers, blackmailers and just generally curious folks — have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.

  2. Data from hack of Ashley Madison cheater site dumped online [Updated]

    Gigabytes worth of data taken during last month’s hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn’t include full payment card numbers or billing addresses.


    “We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” they wrote in an e-mail to Ars. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive


The Huge, Collateral Cost of Microsoft’s Collusion With Five Eyes Espionage Agencies

Posted in Microsoft, Security, Windows at 4:51 pm by Dr. Roy Schestowitz

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), April 2015

Summary: Microsoft Windows continues to be inherently insecure, at the very least because Microsoft worked to make intrusion possible by shady agencies that operate outside the law (much like cyber gangs)

IT IS no secret that Microsoft works closely with the NSA and other Five Eyes agencies. It is also no secret that Stuxnet was developed by those agencies and targets Microsoft Windows. After it had targeted Iran it sort of ‘spilled out’ and caused many billions in damages all around the world (we covered examples). Having gotten out of hand, Microsoft’s back doors for espionage agencies were soon exploited also by the “bad guys” (not that espionage agencies can be described as “good guys”). There is no substitute for absolute, scientifically-verifiable security and strong encryption. People who sell “Golden Key” dreams are non-technical war-loving liars. Based on this new article (Dan Goodin finally targets Microsoft for a change, having repeatedly bashed just Free software), a new Windows “exploit is reminiscent of those used to unleash Stuxnet worm.” To quote Goodin: “The vulnerability is reminiscent of a critical flaw exploited around 2008 by an NSA-tied hacking group dubbed Equation Group and later by the creators of the Stuxnet computer worm that disrupted Iran’s nuclear program. The vulnerability—which resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in—allowed the attackers to unleash a powerful computer worm that spread from computer to computer each time they interacted with a malicious drive.”

“GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.”Any design that lets a USB device trigger commands at such high levels is a design that’s clearly not designed by security professionals. Many other issues tied to this design have been reported for over a decade and Microsoft is not fixing it. According to last year’s explosive report, titled “N.S.A. Devises Radio Pathway Into Computers”, the NSA “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers.”

The media may go on about how Microsoft no longer delivering security patches is an issue, but as Microsoft tells the NSA about holes before patching them, what difference does it make? All versions of Windows, no matter how up to date they are, are vulnerable. It’s not an accident. “Both Microsoft and HP were insistent companies that hadn’t refreshed [Windows Server 2003] after 14 July,” said the report, “are exposing themselves to all sorts of security attacks, and that up-to-date patches and firmware are needed.”

No, their first mistake is that they use Windows anything (never mind Windows Server, irrespective of the version too). Windows is not designed to be secure. It has back doors and front doors. GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.

“The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.”

CIO David Wennergren, Department of Defense (October 2009)


The Delusion of Privacy and Security in Vista 10 Instantaneously Debunked Even in the Media, Despite Microsoft’s PR Efforts

Posted in Microsoft, Security at 9:17 am by Dr. Roy Schestowitz

“[W]e’re not going to have products that are much more successful than Vista has been.”

Steve Ballmer

Summary: The media continues to mock Vista 10 ‘features’ (and by extension Microsoft) for their gross privacy violations while Microsoft boosters try to create an illusion that Microsoft wants to improve security, despite creating back doors for rogue government agencies

BASED on some of the very latest Web statistics, the adoption rate of Vista 10 is very poor, especially when one considers the cost. Vista 10 surprised many people when it was served to the public (final release) with all the surveillance built in, as if every user (or buyer) is a beta tester of Microsoft, expected to endlessly send input to Microsoft for debugging purposes (even keystrokes!). What started with some blogs and privacy groups ranting about Vista 10 is now a major story in much of the media.

“You know that Vista 10 is broken when people (both developers and non-developers) desperately try to ‘fix’ it, as is widely reported in the media right now.”WND, a GOP-centric site, complains about Vista 10 and goes with the headline “Windows 10 spies on emails, images, credit cards, more”. Linux Veda says that “Microsoft are abusing their users and we could do with a useful tool to restrict this.”

You know that Vista 10 is broken when people (both developers and non-developers) desperately try to ‘fix’ it, as is widely reported in the media right now. Some people reportedly abandon it (to go back to older Windows or upgrade to GNU/Linux). Since Vista 10 is proprietary software, there is no way to fix it or even ensure it does not send personal data to Microsoft (silently, with or without encryption). One can only hope, especially when adjusting settings using Microsoft’s own handles.

Twitter’s Microsoft spam (paid for by Microsoft) now reaches shamelessly high levels, for they append “sponsored” Microsoft propaganda even to hashtag pages, calling it “top news” and linking to Bing shortcuts, posted by Microsoft’s professional buddies. We have already complained about how Twitter was helping Microsoft promote Vista 10 (these two companies have been working together for a long time [1, 2, 3, 4, 5]).

Much of Microsoft’s ‘damage control’ (notably in Twitter) is just linking to articles which suggest ‘fixes’, as if privacy in Vista 10 can be easily sorted out. The ToryGraph says that “Microsoft is collecting user account information, credit card details and passwords,” but then goes gentle/soft on Microsoft. An article by Steven J. Vaughan-Nichols refers to those concerned about privacy violations in Vista 10 as “paranoid”. TechRadar, which so often delivers Microsoft spin, tries to advise readers, not by telling them to steer away from Vista 10 but rather to ‘fix’ it. A better article came from Andrew Orlowski, who called Vista 10 “a clumsy, 3GB keylogger.” In his article titled “Microsoft vacates moral high ground for the data slurpers’ cesspit” (showing if not emphasising Microsoft’s hypocritical attacks on Google) Orlowski wrote: “A funny thing happened while I was reinstalling Windows 8 over Windows 10 yesterday morning. There in front of me, halfway through the installation process, were two full, clear pages of privacy toggles. Every toggle was set to not send private information to Microsoft, or anyone else.

“Microsoft has turned users of Windows into useds, or products.”“In addition, Windows 8 created a local user account by default – and didn’t demand I maintain a constant, umbilical connection to Microsoft’s servers. Windows 8 was configured for maximum privacy. Now compare this to the indiscriminate data slurp that Microsoft calls Windows 10. It’s basically a clumsy, 3GB keylogger.

“It’s often said that with data protection and privacy, we’re like lobsters: we don’t notice the water getting warmer and warmer, until we’re boiled alive. So it’s been with Windows. Windows 8.1 didn’t show you clear choices or screens with privacy toggles anymore, but invited you to agree to either “Express Settings” for privacy (wow: cool, convenient) or “Customise” them (there be monsters). It respected your local user account, but then bullied you into switching to the umbilical when you accessed the Store. Windows 10 makes the Customise option so small it looks like the trademark notice, and even then, the defaults are set to send everything to Microsoft, and only allow you to control the data slurp partially. Local user accounts are so buggy in Windows 10 that you’ll probably switch to always-being-slurped anyway.”

“It’s time we owned our own data,” says this new article, quoting what it called a “Silicon Valley truism.”

“If you’re not paying, you’re the product” is the truism. Microsoft has turned users of Windows into useds, or products. Microsoft is intensifying its relationship with the NSA while many other companies try to distance themselves from the NSA. Microsoft does not strive to offer security at all, despite its empty claims to the contrary (like a show trial involving data in Ireland). IDG's Microsoft boosters and Microsoft staff (Microsoft MVP J. Peter Bruzzese in this particular case) prop up the illusion of Microsoft as advocate of “security”, but it is just Microsoft marketing shrewdly disguised as “articles”, or Microsoft MVPs acting like external staff (watch this Microsoft advocacy site having a go too). Vista 10 ought to end any pretense that Microsoft cares about security.

Remember that Microsoft did not fix a serious Windows flaw for 3 months, despite Google urging Microsoft to fix it. The above ‘articles’ (from Microsoft mouthpieces) are just part of the publicity stunt. Microsoft is not bothering to fix critical flaws that it knows about and tells the NSA about (essentially giving back door access to all versions of Windows, as usual). Vista 10 takes all this to unprecedented new levels and lets spies track Windows users in real time (even their keystrokes!). It also harvests passwords, including encryption keys (supposedly for 'recovery').


Free Software is Commercial

Posted in Free/Libre Software, FUD, Security at 4:04 am by Dr. Roy Schestowitz

“There’s no company called Linux, there’s barely a Linux road map. Yet Linux sort of springs organically from the earth. And it had, you know, the characteristics of communism that people love so very, very much about it. That is, it’s free.”

Steve Ballmer, Microsoft’s CEO at the time

Summary: Corporate media helps stigmatise Free/Open Source software as unsuitable for commercial use and once again it uses the ‘security’ card

SEVERAL days ago in our daily links we includes two articles that used the term “commercial software” (to mean proprietary software). Both cited Synopsys. It is amazing that even in 2015 there are some capable of making this error, maybe intentionally. Commercial software just means software that is used commercially. A lot of it is Free/Open Source software (the corporate media prefers the term “Open Source” to avoid discussion about the F word, “freedom”).

“Commercial software just means software that is used commercially.”Yesterday we found yet another headline which repeats the same formula (as if they all received the same memo), calling proprietary software “commercial software”, thereby reinforcing the false dichotomy and the stigma of Free software. “Looking at our Java defect density data through the lens of OWASP Top 10,” says Synopsys, “we observe that commercial software is significantly more secure than open source software.”

Another article from yesterday reminded us that Free software takes security very seriously and top/leading Free software projects are widely regarded (even by Coverity) as more secure than proprietary counterparts. Oddly enough, Synopsys links to a “Coverity Scan Open Source Report 2014″, not 2015, and the report is behind walled gardens, so it is hard to check if these headlines tell the whole story or just part of it. The analysis itself is done by proprietary software, whose methods are basically a secret. Go figure…

We recently saw some very gross distortions where security issues in proprietary software got framed as a Free software issues. As we have repeatedly demonstrated and stressed over the past years and a half, there seems to be a campaign of FUD, ‘branding’, and logos (the latest being targeted at Android/MMS) whose goal is to create or cement a damaging stereotype while always ignoring back doors and even front doors in proprietary software (now out in the open because of the British Prime Minister and the ringleader of the FBI).

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts