Summary: Personal and financial damage incurred due to security flaws in Windows

WE NO longer cover stories about the inherent insecurity of Microsoft Windows (it’s a repetitive issue), but sometimes we make the exception. According to this report which Slashdot has highlighted:

Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.

At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.

Guess what? Microsoft is unlikely to be held liable. Thus, the best solution is to just avoid its products. █

Summary: Why the weakest link is Microsoft Windows (which therefore should not be used for storing sensitive information), whereas Android is just the target of a lot of FUD this month

TECHRIGHTS targets and addresses FUD, but sometimes the FUD is already sufficiently debunked by others, so a citation would do. There is some new FUD about Android and we put many links about it in our daily summaries, notably those which cite Chris DiBona.

Matt Asay says: “In the case of Android, which is apparently a malware-maker’s dream, Google’s open-source programs manager Chris DiBona has already gone on the defensive, arguing: “Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS.”"

The short story is (for those who missed it), rogue applications that the users themselves have to foolishly install can do bad things. Surprise, surprise. These are not viruses, not even when the BBC uses this lie. If people want programs that spy on them and occasionally ask for more money, they can install Windows. Heck, many OEMs already install this malware whether the user wants it or not, due to secret bundling agreements.

In other headlines we find reports of Windows allowing intrusion into NASDAQ: [via "FBI Blames NASDAQ Hack on UnPatched Windows, Bad Firewalls"]

Forensic investigators found some PCs and servers with out-of-date software and uninstalled security patches, Reuters reported, including Microsoft Windows Server 2003. The stock exchange had also incorrectly configured some of its firewalls.

Microsoft ‘quality’ at work. Here is a warning about putting Microsoft in charge of people’s medical records (where leakage can have devastating effects on the public). Mr. Pogson has this to say:

In an attempt to persuade Australia to allow Australian government documents to be stored off-shore, M$, in a discussion paper wrote, “Any company with a presence in the United States of America (not just those with headquarters or subsidiaries in that country) may be legally required to respond to a valid demand from the United States Government for information the company retains custody over or controls, regardless of where the data is stored or the existence of any conflicting obligations under the laws of the country where the data is located”.

Only a few days ago we explained why governments should not do business with Microsoft (and other proprietary software vendors for that matter). █

Summary: A couple of new posts/articles about Microsoft Windows and what they teach us about this platform’s viability

THE PLATFORM which made “computer viruses” analogous and often synonymous with Windows viruses just keeps delivering and disappointing every time. According to this, the Windows kernel has unpatched flaws with exploits out there. To quote:

The Duqu malware used to steal sensitive data from manufacturers of industrial systems exploits at least one previously unknown vulnerability in the kernel of Microsoft Windows, Hungarian researchers said.

It is without great shock that we also learn why Windows can never be used reliably on a server, which — if compromised — makes is hard to diagnose the cause. To quote a new post:

Imagine if there were 50 PCs, 100, or more. I would be scared to look and see what other errors are occurring on other Windows 7 PCs in the company. Administrators have better things to do, than comb through useless log files. Way to go Microsoft, a quality operating system here with Windows 7. It’s no wonder Windows isn’t used for mission critical appliances, and GNU/Linux is instead. I’m not saying that GNU/Linux logs are the best, but they are pretty good and usually have information that I can use, to help pinpoint the error a little bit. GNU/Linux does not, and I repeat, does not have this amount of useless garbage in its logs like Windows does.

How long before Microsoft Jack appears at the scene to produce some promotional Microsoft comments in ZDNet UK? Usually it does not take long for Microsoft zealots like Jack to do this in that site.

A reader sent us some more links, one about the decline of Microsoft’s Web browser and another titled “Microsoft unlikely to patch Duqu kernel bug next week” (evidently).

“Time [for the] world to choose Linux,” concluded our reader. █

Summary: Deadly drones that depend on Windows become victims of intrusion and potentially control from the outside

DESPITE what Bristol might laughably claim, Microsoft is just about as bad as one can do for security and the monthly reminder (those numbers are fake by the way) should not be ignored. Patches aside, many news sites say that a Windows virus has hit the drone fleet of the US army. There’s a comforting thought, eh? With rockets on board, crackers can play war plane simulator with a real miniature (but well armed) plane. People have rightly started asking, why not just use Linux? One blogger writes: “Because the level of skill required to crack a Unix-like OS is much higher than that needed for a Microsoft OS. Further, properly configured Unix-like systems are much more robust than Microsoft systems. Were Military forces using properly configured and properly secured Unix or Linux systems we would not see items like these below being reported.

“”I just had a, “What were they thinking?!”, moment while reading this article at ars technica: Computer virus hits US Predator and Reaper drone fleet. First, it is not a “computer virus”, it is a Microsoft operating system virus. Second, using Microsoft operating systems for any critical Military computer systems is just wrong. I know the US Military has specifications for rugged computer systems that must be made in the USA. That makes sense. What does not make sense is the fact that the US Military will accept Microsoft operating systems on its critical, sensitive hardware at this date in time. That is like specifying a bank vault that can withstand a nearby nuclear blast, but allowing the builder to install a screen door for access to the vault. It is just a Bad Idea!”"

Here is another report about it. Wired says that “Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.”

Not so reassuring.

Drone issues such as this are just another reminder amongst other incidents that we mentioned before — incidents where the US military is put at risk because of Windows . To quote Microsoft’s Allchin, “It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

“Microsoft Appears to Have Blacklisted Oxford University” says another report, showing us what Microsoft “security” really is achieving:

Microsoft’s motives for action is unknown, Oxford’s semester is about to start

We received word from Oxford University in the UK today that Microsoft Corp. (MSFT) has blacklisted the campus for unknown reasons.

The reasons are actually known. Microsoft is too incompetent or arrogant to implement security properly. █

Summary: In the midst of Wikileaks drama we learn that an executions-savvy regime will benefit from Windows cracks

“Windooze insecurity puts Iranian dissidents in mortal danger,” states the subject line of an anonymous USENET post, quoting this article. “A Dutch CA called DigiNotar,” says the poster, “was hacked by Iranian hackers, likely with the intention of intercepting SSL traffic (Gmail, Facebook etc.) of Iranian activists and freedom fighters. I checked DigiNotar’s website and guess what operating system they’re using? You guessed it! WINDOOZE ASP.NET!!!

“So now Microsoft will have blood on its hands. Its insecure graphical-shell-pretending-to-be-an-operating-system is now possibly responsible for the deaths and prosecution of many Iranians!! [..] THIS COMPANY SHOULDN’T BE SPLIT UP, IT SHOULD BE SHUT DOWN”

“And as long as otherwise respectable companies insist on e-mailing me “slide shows” in the form of IrfanView .exe files because “it’s so user-friendly”, Windows will remain as secure as a wet paper bag.”
      –Richard RaskerA more moderate Dutch poster, Richard Rasker, wrote separately: “I guess we’ve all heard how a Dutch Certificate Authority by the name of Diginotar, formerly used by even the Dutch IRS authority and countless city councils, has screwed up severely, when their systems were breached by Iranian hackers, who managed to poison the world with many hundreds of bogus certificates. Then they screwed up even more by hushing up about the hack for months — a huge no-no in a world where trust is the highest good.

“And now it turns out that the screw-up has soared to even greater heights. In case you wondered what OS these people were using, here’s the answer:

http://webwereld.nl/nieuws/107833/fox-it–diginotar-gebruikte-niet-eens-virusscanner.html

“For those who don’t understand Dutch:

“Fox-IT: Diginotar didn’t even use a virusscaner

Fox IT has delivered a devastating verdict on Diginotar’s infrastructure. The company didn’t adhere to agreements and procedures. Even elementary security measures were totally absent.

These are the conclusions from an investigation by Fox IT into the security breach at Diginotar, as passed by Webwereld and NU.nl through a governmental source. It turns out that all operations were taking place from within one single Windows domain. This made it possible to gain access to the certificate administration from any work station; logging in to one’s work station was sufficient to get access to the systems. This is a mortal sin in the world of IT security. In addition, Diginotar was already aware of the abuse of its certificates as early as July.

No secure zones
Even when issuing certificates for government use, standard security rules were trodden underfoot. The government’s PKI computers operate from within a secure vault, and should never have been connected to Diginotar’s network. Yet even on those machines, investigators found evidence that connections had been made to the Windows domain.

…” [no virus scanner ... no proper logging ... no strong password enforcement ... inadequate intrusion detection ... hackers got & used administrator rights ... certificates chucked in an easily accessible database ... etcetera]

“Now I won’t say that this could never have happened in a Linux environment,” notes Rasker, “but for a screw-up of these truly epic proportions, Windows is the OS of choice — because it traditionally “makes things easy”, and because Windows users are traditionally not used to working with proper permissions, secure networks and strong passwords.

“And as long as otherwise respectable companies insist on e-mailing me “slide shows” in the form of IrfanView .exe files because “it’s so user-friendly”, Windows will remain as secure as a wet paper bag. QED.” █

Summary: Rise in Windows traffic on the Internet, but not the desirable type of traffic (RDP attacks)

Check out this piece of news: [via]

It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.

SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.

Bravo, Microsoft. █

Update: Incidentally, Nokia’s developer network has just been cracked. Based on some tests, the site runs Windows. Netcraft says it ran Windows, but it is now hiding behind Akamai (Linux). Some case sensitivity tests seem to confirm that It runs Windows.

Summary: Novell and Microsoft get special mentions for weaknesses in their proprietary software, which they wish to hide by hiding the source code

NOVELL is a proprietary software company whose software has gotten enough flaws to earn a Pwnie Award nomination. Thanks to our reader Tacone for bringing the following bit to our attention:

Remotely exploitable stack overflow in OpenSSH on Novell NetWare
Vendor: Novell

The ZDI advisory clearly stated that this is a remotely-exploitable stack overflow, but Novel claimed that it was only a denial of service attack and refused to patch it until ZDI dropped the details on their blog. You can’t argue with 0×41414141.

In other news, Windows has a rootkits epidemic again and this time Sony is not to blame:

Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.

Windows XP computers are infected with rootkits out of proportion to the operating system’s market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs.

While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines.

The Register meanwhile says that “Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer.”

We oughtn’t forget that Microsoft lies about those numbers.

“It’s funny that I almost never have to reboot, or even logout, when I update my Linux boxes,” remarks one GNU/Linux advocate. ‘Why is it that Windows can’t update a file that is open? Linux & other *nix’s have had this filesystem feature for longer than I can remember. Doesn’t Windows have any decent filesystem?”

Finally, spyware too seems to be part of Microsoft’s package:

Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned.

The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets.

How come nobody remarks on the privacy implications? Without privacy, security too can be compromised more easily. █

Summary: New reports about bad Windows security

ONE OF OUR readers said that “Vista/Windows 7 are remote rooted through bluetooth” according to a report which says that “Windows laptops are configured to … turn on Bluetooth when the computer’s wireless Internet component is active or searching for networks (which, for many machines, is all the time).” CNET is meanwhile naming Windows in relation to malware. It quotes/attributes this to Google:

The malware only affects computers running the Windows operating system, according to a post by Google engineer Matt Cutts. Systems can be tested by running a Web search for any word, he said.

At Google, not many people are using Windows and within a few years it is possible that almost nobody will use Windows. It sure seems like Android takes over not only phones (even at Apple’s expense) but also tablets. We provided new links earlier. █

Summary: Documents relating to ballistic missile defense and star wars leaked to crackers owing to Windows, allegedly

AN anonymous poster found this blog item (“DoD: 24,000 files swiped in March from military contractor systems”) which suggests that “Because they use Windooze about 24.000 (!) classified documents got stolen by foreign state-backed hackers. The documents included information on, among other things, JSF and the ballistic missile defense.

“If they’d used Linux this probably wouldn’t have happened. Congress needs to legislate a government ban on using Windows, as it’s unreliable and insecure BY DESIGN.”

Techrights wrote about the subject of Windows compromising many lives. It did so many times before, so to avoid repetition we’ll cite one of the earliest such posts and quote Jim Allchin of Microsoft as saying: “It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

Yes, well done, Microsoft.

In other news, this time referring to Hotmail:

Did Microsoft Just Admit Hotmail Is the Most Hijacked Service?

[...]

Dick Craddock, Group Program Manager, Hotmail, writes in a company blog, “We released this feature a few weeks ago. Initially, it only let you report Hotmail accounts that were compromised. But it worked really well – we got thousands of reports of compromised accounts.”

Those “thousands of reports of compromised accounts” apparently “worked really well”. Priceless. As we pointed out some years ago, Hotmail is a top source of SPAM. Security there is an absolute joke and no wonder companies choose Google over Microsoft for such services.

As Microsoft continues its steady decline (as discussed in last night's show) it will be remembered as the company which did not take security seriously. The costs of getting cracked were simply passed to the customer. █

“Our products just aren’t engineered for security.”

–Brian Valentine, Microsoft executive

(ODF | PDF | English/original)

Resumen: las debilidades de seguridad de Windows como una oportunidad para desinfectar ordenadores de la gente (la eliminación de los sistemas operativos propietarios).

El momento más adecuado para ‘convertir’ Los usuarios de Windows en usuarios de GNU/Linux, es cuando Windows los traiciona -lo que sucede a menudo-, por lo general con virus o malware. El Register dice[http://www.theregister.co.uk/2011/06/28/extreme_rootkit_removal_advice/] que Microsoft recomienda a los usuarios a instalar Windows en tales circunstancias:

Microsoft aconseja a los usuarios a re-instalar Windows si llegan a la mala suerte de ser atropellado por un rootkit, particularmente cruel.

El troyano Popureb amarra sus tentáculos tan profundo en el sistema operativo que la mejor opción es atacar nuclearmente a las máquinas en órbita para volver a su configuración original. Los archivos que no han sido copiados con seguridad se pierden en el proceso.

Como el Sr. Pogson señala[http://mrpogson.com/2011/06/28/if-you-have-to-reinstall-your-os-to-keep-your-pc-running-install-gnulinux/], esto es en realidad una valiosa oportunidad para adoptar GNU/Linux;

Si tiene que reinstalar el sistema operativo de su PC para que siga funcionando, considere la instalación de GNU/Linux para detener esta locura.

Esto se refiere a los consejos dados en relación con la defensa a principios de este mes[http://techrights.org/2011/06/14/gnu-linux-advocacy/]. █

Traducción hecha por Eduardo Landaveri, Administrator of the Spanish portal of Techrights.

Translation produced by Eduardo Landaveri, the administrator of the Spanish portal of Techrights.

Summary: Windows’ security weaknesses as a chance to sanitise people’s PCs (removing proprietary operating systems)

THE most suitable time to ‘convert’ Windows users into GNU/Linux users is when Windows betrays them, usually with viruses or malware. The Register says that Microsoft advises users to reinstall Windows in such a circumstance:

Microsoft is advising users to reinstall Windows if they happen to be unfortunate enough to get hit by a particularly vicious rootkit.

The Popureb Trojan sticks its tendrils so deep into the operating system that the best option is to nuke from orbit return machines to their original configuration. Any files that aren’t backed up will be lost in the process.

As Mr. pogson points out, this is actually a valuable opportunity to adopt GNU/Linux;

If you have to reinstall the OS of your PC to keep it running, consider installing GNU/Linux to stop the foolishness.

This relates to the advice given regarding advocacy earlier this month. █

Summary: The company which made viruses so abundant (and whose operating system is insecure by design) is using excuses and tricks to daemonise WebGL

WE HAVE seen it all before. Whether it was the case of not supporting ODF or even something like Ogg, Microsoft never blamed competitive reasons; it’s just not good for PR and the whole antitrust karma too would be impacted. See how Microsoft used security FUD to promote OOXML [1, 2]. It sure is amusing when Microsoft spinner Mr. Bright excuses Microsoft for avoiding WebGL by citing its talking points (headline says “Microsoft: no way to support WebGL and meet our security needs”). Truth be told, there is clearly more to it considering what’s done with Silverlight (hardware acceleration and Web integration, even with proprietary software).

For Microsoft it is not unusual to snub new standards and create its own proprietary extensions that require Windows with IE. It is no secret that even Microsoft’s Web developers write hacks especially for IE6 (and they detest IE for this reason, based on comments found in page source). Watch Microsoft’s booster Bott spotting a new “Microsoft security versus Microsoft Web” gaffe. Of course he is spinning this. It’s his job.

Microsoft makes shoddy Web products because it wants to turn the Web into a sandbox of lock-in, not interoperability. Instructions for this come from the top. █

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

–Bill Gates [PDF]

Summary: Another glaring reminder that the government is using proprietary software such as Windows to weaken opposition

We recently explained that the NSA likes a lot of Windows out there [1, 2, 3]. It is easy to intrude people’s PCs if those PCs run Windows. We also know that the FBI, for example, intrudes people's PCs if they run Windows and so something questionable. Behind Stuxnet, for example, was apparently the government's plot. A new article suggests that “one in four US hackers ‘is an FBI informer’”. So, which governments are still foolish enough to deploy Windows? The same goes for activists. ‘Cloud’ Computing is even worse because intrusion by those looking to abuse power becomes far easier. █

“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

–Jim Allchin, Microsoft

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

–Bill Gates [PDF]

Summary: Why Internet Explorer should be a candidate for exclusion if not banning, especially given that Microsoft knowingly ignores security problems that in turn pass the cost to society, collectively

Negligence is a matter of routine at Microsoft, but this is a subject we wrote about many times before (e.g. [1, 2, 3]), so we shall look at this from another angle today.

Microsoft desperately wants its Internet Explorer (IE) monoculture back. It uses many dirty tricks to get there and around my house there are many billboards promoting IE this year. It is not something that Mozilla, for example, can afford. But the reality is that Microsoft deliberate and well-understood negligence is costing everyone a lot of money. A couple of years ago a lot of businesses including Google got burned by users and/or staff that insisted on using IE. As a result, Google essentially banned Windows and the damage to the economy was great, not to mention the effect on national security (Wikileaks released cables related to this).

Only a monopoly can get away with it, but it does not escape scrutiny from the journalist who likes to expose Microsoft security problems:

Microsoft today downplayed the threat posed by an unpatched vulnerability in all versions of Internet Explorer (IE) that an Italian researchers has shown can be exploited to hijack people’s online identities.

The bug, which has been only discussed and not disclosed in detail, was part of an attack technique described by Rosario Valotta, who dubbed the tactic “cookiejacking,” a play on “clickjacking,” an exploit method first revealed in 2008.

At Microsoft they simply hide the vulnerabilities in order to pretend that these do not exist. By silently patching in addition to secrecy and evasion, Microsoft can also game the numbers and fraudulently claim that Windows is more secure. █

El software propietario es una guerra tecnológica

(ODF | PDF | English/original)

Resumen: Una débil admisión de Stuxnet ayuda a mostrar que el uso de Windows no garantiza el respeto a la seguridad nacional de otras naciones que los Estados Unidos.

“Veterano Oficial Superior de Defensa atrapado en cobertura de la participación los EE.UU. en Stuxnet” es el tipo de informe que estamos siempre esperando. Además, de exponer no sólo la penosa participación del gobierno en lo que respecta a la tecnología sino que también refuerza el peligro muy real de Windows y por relación todo el software propietario de Microsoft. Wired ha cubierto este informe especial[http://www.wired.com/threatlevel/2011/05/defense-department-stuxnet/]:

En “CodeWars: La Amenaza Cyber de los Estados Unidos”, la corresponsal de Melissa Lee pide a Lynn directa: “¿Los EE.UU. participan en modo alguno en el desarrollo de Stuxnet?”

La respuesta de Lynn es lo suficiente larga para que un espectador no atento puede ser que note que no responde a la pregunta.

“Los desafíos de Stuxnet, como ya lo he dicho, demuestra la dificultad de atribuir cualquier, cualquier atribución y es algo que todavía estamos viendo, es difícil entrar en cualquier tipo de comentario al respecto hasta que hayamos terminado nuestro examen, “Lynn responde.

“Pero señor, yo no le he preguntando si usted piensa que otro país estaba involucrado”, presional Lee. “Le estoy preguntando si los EE.UU. estuvo involucrado. Si el Departamento de Defensa estaba involucrado. ”

“Y esto no es algo que vamos a ser capaces de responder en este momento”, dice Lynn finalmente.

Para mayores antecedentes, véase también:

1. Langner Ralph dice malware de Windows Posiblemente Diseñado para descarrilar programa nuclear de Irán[http://techrights.org/2010/09/22/political-purposes-for-windows-worms/]
2. Los virus de Windows pueden tener una motivación política a veces[http://techrights.org/2010/07/27/siemens-in-iran/]
3. ¿Quién necesita Windows Puertas traseras cuando es tan inseguro?[http://techrights.org/2010/09/24/stuxnet-iran-theory/]
4. La inseguridad de Windows se convierte en una cuestión política[http://techrights.org/2010/09/28/wiretapping-and-windows-security/]
5. Windows, Stuxnet y lapidación pública[http://techrights.org/2010/10/02/iran-arrests-and-stuxnet/]
6. Stuxnet crece más allá de las infecciones Siemens-Windows[http://techrights.org/2010/08/09/stuxnet-siemens-and-zeus/]
7. BP ha abandonado ya Windows?[http://techrights.org/2010/07/25/platform-for-bp-alerting/]
8. Informes: Apple para la carga de (Seguridad) Actualizaciones[http://techrights.org/2010/07/26/charging-for-ios-updates/]
9. Los virus de Windows pueden tener una motivación política a veces[http://techrights.org/2010/07/27/siemens-in-iran/]
10. Nueva falla en Windows Facilita Más ataques DDoS[http://techrights.org/2010/07/27/shoddy-microsoft-windows/]
11. Siemens es malo para la industria, debido en parte a Microsoft[http://techrights.org/2010/07/21/crackers-crack-siemens/]
12. Problemas de seguridad de Microsoft en la prensa británica Vista, 7 y Vista no es una panacea[http://techrights.org/2010/08/16/all-versions-of-windows-affected/]
13. Negligencia de Microsoft en parches (las peores Entre todas las empresas) es la culpable de Stuxnet[http://techrights.org/2010/09/15/stuxnet-cause/]
14. Software de Microsoft: una prueba de Darwin para la incompetencia[http://techrights.org/2010/09/16/overspending-with-microsoft/]
15. Septiembre malo para la seguridad de Microsoft, Symantec rumores de Compra[http://techrights.org/2010/09/21/windows-botnets-thrive/]
16. Según Microsoft, Crédito por falta de seguridad[http://techrights.org/2010/09/28/credit-for-messing-up/]
17. Muchos Servidores Windows son Abandonados; Minnesota va en la dirección opuesta por Dar Microsoft Sus datos[http://techrights.org/2010/09/30/minnesota-deal-after-failures/]
18. Usuarios de Windows Aún bajo el ataque de Stuxnet, Halo, y Zeus[http://techrights.org/2010/10/05/stuxnet-and-nuclear-programs/]
19. La propaganda de seguridad de Microsoft: villanos se convierten en héroes[http://techrights.org/2010/10/18/microsoft-spin-security-analysis/]
20. Problemas de seguridad en IOS y Windows[http://techrights.org/2010/11/12/ios-and-windows-security-problems/]
21. Ojo de Seguridad: La propaganda de la BBC, rootkits, y Stuxnet en las instalaciones nucleares de Irán[http://techrights.org/2010/11/18/security-deja-vu/]
22. Ojo de Seguridad: ClamAV dice que Windows es un virus, Microsoft Compromisos Mac OS X, y Stuxnet se vuelve loco[http://techrights.org/2010/11/23/news-about-clamwin-and-more/]
23. Vulnerabilidad del Windows Nucleo en el núcleo de Acción de Gracias, la inseguridad usados para la vigilancia de nuevo[http://techrights.org/2010/11/27/tracking-web-trails-pretext/]
24. Cablegate revela el acceso del gobierno requirente de datos de Microsoft, Kill Switches[http://techrights.org/2010/12/13/cablegate-black-screens-of-death/]
25. El uso de Microsoft Windows Asesina[http://techrights.org/2011/01/06/dependence-on-software-master/]
26. Irán muestra el lado negativo de usar software propietario[http://techrights.org/2011/01/16/downside-of-windows/]
27. Blanqueo defectos inherentes Windows[http://techrights.org/2011/02/14/flaws-in-one-platform/]
28. Por motivos políticos Software Privativo[http://techrights.org/2011/02/16/political-suicide-by-windows/]
29. Cuando Windows Mata[http://techrights.org/2011/02/15/emergency-virus-downtime/]

Recuerde que la NSA (Agencia de Seguridad Nacional), que también proporcionó estadísticas Web favorables a Microsoft hace unos meses, recomendando Vista 7 [1[http://techrights.org/2011/05/20/more-fud-about-android/], 2[http://techrights.org/2011/05/14/linux-phobia-fest/], 3[http://techrights.org/2011/05/12/back-door-friendly-windows/]], en secreto, porque las puertas traseras son “libres”, como en forma gratuita, con todas las ediciones. Los vendidos de la NSA probablemente le recomendarán Vista 8[http://techrights.org/wiki/index.php/Vista_8_Reality_Log], así. Por desgracia para Microsoft y la NSA, Windows está perdiendo su punto de apoyo. Cringely escribe sobre como cae su uso[http://www.cringely.com/2011/05/steve-ballmers-nightmare/] en “La Pesadilla de Steve Ballmer”:

Ballmer confirmó en enero que la próxima versión de Windows tiene una versión para ser usada con procesadores ARM, que están instalados principalmente en los teléfonos inteligentes y computadoras de tableta. Se refuerza esta idea, más recientemente, por decirlo explícitamente Windows 8 es ejecutado en todas las plataformas de hardware de Microsoft es compatible actualmente con los teléfonos, llamando a la próxima versión de “Microsoft Windows la más riesgoso todavía.”

Ballmer está en lo correcto: Windows 8 la hacer o rompe para Microsoft.

Imagine un mundo donde todo el mundo utilice programas con código fuente que pueda ser auditados. Sin duda, haría que Microsoft y algunos de los engaños de la NSA imposible de ser mencionados por no decir mucho.

En las noticias de hoy nos encontramos con que “Corea del Norte [va] a tener su propio ordenador portátil[http://asia.cnet.com/crave/north-korea-to-have-its-own-laptops-62208860.htm]” y “sus ordenadores portátiles podrían estar ejecutando “Estrella Roja”, un sistema operativo basado en Linux desarrollado por los Nor-Coreanos. █

Translation produced by Eduardo Landaveri, the esteemed administrator of the Spanish portal of Techrights.

Summary: Rebuttal to security FUD from the Microsoft crowd amid attack on the US Energy Research Lab, which got cracked because of Windows

GOOGLE abandons Windows due to security reasons. It’s really quite simple. But if enough Microsoft people (e.g. former staff) manage to enter news sites, then “news” becomes just agenda-filled propaganda. That’s what happened in the BBC, which we call the MSBBC. Not too surprisingly, Microsoft's Bought Bot and MSBBC, which loves to post FUD about Android every time someone is able to do something to break it (we covered just one such example recently even though there are more), are at it again. In order to fight the perception that Windows is insecure by design (which it is, even by Microsoft’s own admission) they try to paint other platforms as “inseucre”, by improperly naming malware “virus” or something along those lines. This usually requires that the user should be actually be installing it (not drive-by), in which case the software is granted permission to do exactly what it was designed to do.

SJVN writes a rebuttal to the Bought Bot by noting that “One in fourteen Internet downloads is Windows malware” (not the same as viruses):

Yes. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use, “1 out of every 14 programs downloaded is later confirmed as malware.”

If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”

Window PCs has far, far more malware trouble than Macs, and I can’t resist mentioning that after in twenty-years of Linux, we’ve not seen a real-world example of Linux malware–not counting the Android malware mess. Ironically, these latest appalling Windows malware numbers are shared in a Microsoft blog about how well SmartScreen Application Reputation is working in IE9.

There is another new pattern of FUD at the moment, where a weakness that affects virtually all phone platforms is ascribed only to Android. Linux is winning, so it is becoming a prime target for FUD. One of our reader supplies this recent link on “Wild Android Growth”. It says that “100 million Android devices have been sold, more than Apple… 36 OEMs, 215 carriers, and 450K developers push Android/Linux, 310 different devices sold in 110 countries, 400K activations daily, 4.6 per second, 200K available applications exist, and 4.5 billion installations of applications have been done, an average of 45 per device.”

Suffice to say, there is also patent as well as copyright FUD against Android and it comes from someone whom Microsoft Florian has been repeatedly interacting with recently. He used to work for Microsoft. “I think it’s more likely not about press for himself for himself as for press on the issue,” writes Pamela Jones, “preparatory to more hijinks filing of bogo-complaints against a Microsoft competitor.” It’s like mercenaries galore.

In other news, “U.S. Energy Research Lab Still Recovering From Internet Explorer Exploit,” says this report:

The Department of Energy’s largest science and research lab in Tennessee is still recovering from a sophisticated attack from hackers intent on stealing information from the lab in early April.

The attack left the lab in a communications limbo for two days as technicians dealt with its aftermath.

“Most of the staff are back up, and the business functions are performing as usual,” said Barbara Penland, the Oak Ridge National Laboratory’s director of communications. “But as you can imagine, when we were trying to get everything back up in a hurry, there were some shortcuts taken, and now the IT folks are rebuilding things in the background, and building some things that will make us more secure.”

“US nuclear materials lab, Oak Ridge, and RSA done in by Windows and IE attack in April,” explains a contributor of ours. “The only common “Advanced Persistent Threat” shared by the two is Windows,” he adds, quoting:

To deal with the attack, Oak Ridge lab’s technicians had shut down access to its e-mail systems and some of its servers for more than 48 hours. They found that it was an attack that relied on a combination of social engineering and an unknown security hole in Microsoft’s Internet Explorer browser. … the attack is noteworthy because it was clearly an attempt to steal information from a facility that is at the heart of America’s materials, national security and energy research. …

The characteristics of the this latest attack also appear similar to those used in the widely-publicized SecurID phishing attack, which compromised the computer security company RSA’s widely-used product. In the RSA attack, a malicious Flash object in a scam Excel file was used to infect recipients’ computers with malicious computer code.

Incidentally, he add that “NSA tells people to buy Vista/Windows 7 or OSX instead of moving to free software. They probably justified the omission based on perceived OS prevalence but most of the measures recommended are useless and real security is easier to find in freedom than in jail.”

We wrote about the NSA issue quite recently [1, 2]. To the FBI, for example, malware is not a bad thing, it's just business as usual. To them, insecurity at the user level is an advantage. Security means “securing those in power from the population” when it comes to secret agencies. █

(ODF | PDF | English/original)

Resumen: Patrones de FUD (Miedo Incertidumbre y Duda) que han muerto en su mayoría están regresando a las noticias corporativas, por lo que rápidamente los refutamos de nuevo.

El número de vectores de ataque es cada vez mayor cuando se trata de Microsoft Windows. No tiene sentido negar el hecho de que muchos de los problemas de seguridad que tenemos hoy son causados por Windows. Lo que queda a los expertos para debatir es si la cuota de mercado es un factor.

Hay una comparación vieja de las plataformas basadas en criterios de seguridad y esto es un frasco de gusanos que no se ha abierto desde hace tiempo. Las GNU/Linux flamewars cuota de mercado, incluso las de GNU/Linux frente a Windows debate sobre la seguridad, no han hecho muchos titulares durante meses si no años. Con el Register haciendo algunos comentarios falsos y algunos otros sitios siguiendo su ejemplo, el debate aburrido se volvió a abrir, así que vamos a tratar muy rápidamente (sin puntos antes de repetir que cubrimos, con suerte).

Hace sólo unos días que hemos escrito acerca de la inseguridad de Vista 7[http://techrights.org/2011/05/13/back-door-friendly-windows_es/], anuncio una vez más algunos posts anteriores sobre el tema, tales como:

1. La ciberdelincuencia Aumenta y Vista 7 ya está abierto a Criminales[http://techrights.org/2009/01/01/vista-7-not-secure/]
2. Vista 7: Roto Antes de su Llegada[http://techrights.org/2009/02/01/windows-7-banned-insecure-uac/]
3. El Departamento de Seguridad Nacional ‘envenenado’ por parte de Microsoft, Vista 7 esta abierta a Secuestradores de nuevo[http://techrights.org/2009/03/12/phil-reitinger-in-dhs-vista7-awol/]
4. La Seguridad de Vista 7 “no puede ser arreglado. Es un problema de diseño.”[http://techrights.org/2009/04/23/vista-7-cannot-be-fixed/]
5. ¿Por qué Vista 7 Podría ser el sistema operativo menos seguro que nunca[http://techrights.org/2009/04/27/vista-7-least-secure-os/]
6. Periodistas Sugieren la prohibición de Microsoft Windows. Tal vez una demanda por los ataques DDoS[http://techrights.org/2009/08/09/ddos-attacks-and-microsoft/]
7. Vista 7 vulnerables a las últimas “Defectos Críticos”[http://techrights.org/2009/08/13/vista-7-rtm-was-vulnerable/]
8. Vista 7 Al parecer, afectado por varios de las más “críticas” fallos este mes[http://techrights.org/2009/09/09/flaw-paid-for-launch-parties/]
9. Razón # 1 para evitar la Vista 7: la inseguridad[http://techrights.org/2009/08/14/vista-7-insecurity/]
10. Vista 7 Hackeable Una vez más (casi una repetición mensual)[http://techrights.org/2009/10/09/vista-7-hijack-risk/]
11. Trend Micro: Vista 7 menos seguro que Vista[http://techrights.org/2009/12/11/vista-7-insecurity-2/]
12. Vista 7 menos seguro que sus predecesores? Remoto BSOD Ahora Posible![http://techrights.org/2009/09/08/vista-and-vista-7-bsod/]
13. Vista 7 inaceptable para las grandes empresas y Windows XP no es todavía seguro[http://techrights.org/2010/03/11/intel-and-win7/]

Groklaw señala que “Microsoft resta importancia a amenaza del error de Servidor[http://www.computerworld.com/s/article/9216602/Microsoft_downplays_Server_bug_threat_say_researchers]” al citar:

Microsoft está restando importancia a la amenaza planteada por uno de los tres errores que la empresa hoy parchó, dijo que los investigadores de seguridad.

La actualización en cuestión, MS11-035, los parches de una sola vulnerabilidad en WINS (Windows Internet Name Service), un componente en todas las ediciones compatibles de Windows Server, incluido Server 2003, 2008 y el R2 más reciente, Server 2008.

Los atacantes podrían explotar el bug WINS elaborando un paquete de datos maliciosos, a continuación, disparándole a un Servidor de Windows vulnerable.

Esta es una prueba más de la negligencia Microsoft [1[http://techrights.org/2009/11/13/microsoft-security-negligence/], 2[http://techrights.org/2009/11/16/microsoft-onecare-activex/], 3[http://techrights.org/2009/11/17/no-desire-to-secure/]].

Cuando una empresa no se ocupa de fallas conocidas, entonces no merece el respeto de ninguna empresa. Microsoft también miente sobre el número de defectos, porque esto ayuda a sus juegos de números y hacer que parezca como si Red Hat, por ejemplo, hace un sistema operativo menos seguro.

Hay un nuevo artículo[http://www.esecurityplanet.com/trends/article.php/3933491/article.htm] con un titular que se burla planteando una alegación como una pregunta. Pero se citan algunos mensajeros válidos, por ejemplo:

“Linux ha sido más ampliamente desplegado, que sin duda ha convertido en un destino más grande para los piratas informáticos en general”, dijo Charlie Belmer fundador y CEO de proveedor de seguridad Tecnologías de Golem. “Pero en términos de seguridad global sigue siendo muy superior a la de Windows.”

El Sr. Belmer tiene un punto, a diferencia de Ballmer.

Tony Bradley, quien ha estado defendiendo desde hace años en Microsoft IDG, está molesto por un artículo de su colega, Katherine, a quien le gusta GNU / Linux. Ella escribió sobre cuestiones relativas a las alegaciones de las puertas traseras para la NSA (Agencia de Seguridad Nacional) [http://techrights.org/2011/05/11/windows-vs-activists_es/] de nuevo hace unos días y el refuerzo de Microsoft está molesto por supuesto. Él admite que Vista 7 no es tan seguro. Es aún menos seguro que sus predecesores. Emprende la defensa de su argumento mal estructurado por señalar con el dedo en otra parte y la difusión de la “cuota de mercado del 1%” insulto hacia GNU/Linux. Hacia el final se convierte en el “pero” troll que parece justo. ¿Qué superficial y transparente!

En realidad, esto nos lleva a abordar la siguiente pieza de FUD que ha regresado. Algunas cifras que se presentan en este nuevo artículo[http://royal.pingdom.com/2011/05/12/the-top-20-strongholds-for-desktop-linux/] confirman lo que hemos dicho durante años:

Este cuadro refleja la relativa popularidad de Linux como sistema operativo de escritorio en cada país. Esto no significa que estos países tienen la mayoría de los usuarios de Linux en general (que es más difícil de estimar correctamente).

Statcounter mide cosas como referencias o sitios que entregan registros, lo que lleva a un sesgo estadístico. Privacidad es correlaciona con GNU/Linux uso. Pero de todos modos, la observación más importante que es que el mundo de habla Inglés NO está a la vista. Dile esto a todas las empresas de la “cuota de mercado[http://techrights.org/wiki/index.php/GNU/Linux_Market_Share]” Inglés-céntrica.

GNU/Linux no tiene una cuota de mercado del 1% sobre el escritorio. Esto podría ser cierto en los Estados Unidos, cuya población sólo representa alrededor del 5% de todo el mundo. está respaldada por las estadísticas no son tan infrecuentes e IDG empuja un montón de esta mentiras, es una empresa con sede en los EE.UU..

Como algunas personas con razón, se mostrarán este mes, hay un fuerte aumento en el uso de GNU/Linux (relativa) en Wikipedia hace poco (que aún está centrada en Inglés). Es evidente que hay algo que hacer. Mientras tanto, Google afirma que sólo el 20% de sus empleados usa de Windows y fundador de la compañía tiene palabras duras para Microsoft[http://www.networkworld.com/news/2011/051111-chrome-os-first-look.html?hpg1=bn]. Google prohibió Windows por razones de seguridad y su fundador, dijo que Windows es la “tortura” de los usuarios. Ha jugado muy bien. Como lo expresó el Sr. Pogson:

Sergey Brin, de Google fue citado diciendo que otros sistemas operativos e incluso usuarios de GNU/Linux torturan. Me gustaría tener GNU/Linux cualquier día, porque si usted no desea administrar que la maldita cosa sólo sigua funcionando. He creado máquinas que corrireon años sin una actualización. Otros han informado de que las máquinas olvidadas siguieron corriendo durante muchos años.

Ya existe un cierto control de daños de parte de los impulsores de Microsoft como Gralla, que niega la verdad[http://blogs.computerworld.com/18276/windows_is_not_torturing_users_despite_the_claim_of_googles_brin]. La gente no elige Windows, simplemente compran una computadora. Muchos se ponen a sí mismos en una tortura de malware y falta de fiabilidad.

En cuanto a mí, he utilizado la sesión de KDE mismo desde marzo (sin pantalla de inicio desde entonces). Es así como fiable GNU/Linux hoy en día. KDE4 se ha convertido en absolutamente fantástico.

Uno de los mejores sitios, Dedoimedo (es penalmente bajo-suscrito), tiene este nuevo Gran Linux Mapa Mundial[http://www.dedoimedo.com/computers/linux-world-map.html], que en lugar de las distribuciones de nombre (que en su mayoría a montar las piezas) demuestra lo que hace a los sistemas operativos libres. Como el autor dice lo siguiente:

Por supuesto, no podía yeso cada distribución de un solo tema o relacionados con Linux en el mapa, ya que el desorden esta preciosa obra de arte. Usted obtiene la distribución de edad y se obtiene nuevas distribuciones, se obtiene los grandes y pequeños, populares y oscuro, pero no todos ellos. Si cree que su distribución de Linux ha sido descuidado, no es por malicia, es simplemente la pura estética. Por último, como es natural, ya que se trata de un humor de expedición hasta la negrita, no debe tomar nada en serio, ni nombres, ni términos, ni formas, ni utilizar frases. Todo es buena diversión.

GNU/Linux es todavía listo para ganar en el escritorio si sólo tenemos paciencia. Google está haciendo algunos movimientos interesantes en este momento con las subvenciones. Bueno, a través de Skype, Microsoft -como siempre- probablemente hará la vida más difícil para los usuarios de GNU/Linux y teléfonos basados en Linux[http://www.zdnet.com/blog/microsoft/another-reason-microsoft-wants-skype-advertisers-advertisers-advertisers/9415] (y cualquier otro usuario del software propietario). Como Groklaw dijo, “esto significa que Skype será menos agradable para los usuarios y Microsoft llega a seguirnos la pista? Gracias, pero NO gracias”.

En otro contexto, argumentó Groklaw, “Cuando eso te sucede bastante a menudo, usted deja de usar software propietario.”

La primera página del sitio oficial de Ubuntu Web todavía muestra Skype. Esperamos que la modifique ya que promover software propietario nunca fue una idea brillante. █

Translation produced by Eduardo Landaveri, the esteemed administrator of the Spanish portal of Techrights.

Summary: Microsoft’s vanity about market share is being used as a distractor in face of allegations that its software is inherently shoddy

THE MONOPOLIST (poor Microsoft) loves blaming its illegally-earned market share on the desktop for security problems, but as we explained yesterday, this is a nonsensical argument and it is negligence [1, 2, 3] — not installed base — which makes software vulnerable. Vista 7 is not secure and even Microsoft’s fanbase is willing to admit this. And in Windows, the “latest hole will soon be patched after a decade of vulnerability,” says a blogger. It is not the first such example of belated patching. If Microsoft’s installed base is the reason exploitable errors can be found, why has it taken a decade? The matter of fact is, less auditing of code lowers the quality of the code. Developers can get away with terrible programming practices and security is assumed to be assured by secrecy, not peer review that requires full transparency. This explains not only why Microsoft software is not secure but also why it is of such low quality (which makes the coders embarrassed to show it). As mentioned briefly in the daily links, Microsoft Fog Computing turns out to be as unreliable as its desktop-side software:

Customers on BPOS in the US and worldwide were kicked off their hosted Exchange email systems, being unable to read, write, or access their messages. All users were affected – from down in the cubicle farm all the way up to the CEO’s corner office. The outages started Tuesday and came after weeks of the service slowly degrading.

In conclusion, secret code is shoddy code. Free code is high-quality code. The more a stack uses components like Linux and Apache, the more solid it is likely to be. Every day I write software that will be freely shared; the visibility of the code comes with a burden — the burden that the code should actually be decent and well tested, not “spaghetti” as Vista’s codebase was once referred to as. █

Summary: Patterns of FUD that has mostly died are returning to the corporate news, so we quickly rebut again

THE NUMBER of attack vectors is increasing when it comes to Microsoft Windows. There is no point denying the fact that a lot of the security problems we have today are caused by Windows. What remains for pundits to debate is whether market share is a factor.

There is that old comparison of platforms based on security criteria and this is a jar of worms that has not been opened in a while. GNU/Linux market share flamewars, even the GNU/Linux versus Windows security debate, have not made many headlines for months if not years. With The Register making some spurious remarks and some other sites following suit, the boring discussion is being reopened, so we’ll address it very quickly (without repeating points we covered before, hopefully).

It was only a few days ago that we wrote about Vista 7 insecurity, listing yet again some previous posts on the subject, such as:

1. Cybercrime Rises and Vista 7 is Already Open to Hijackers
2. Vista 7: Broken Apart Before Arrival
3. Department of Homeland Security ‘Poisoned’ by Microsoft; Vista 7 is Open to Hijackers Again
4. Vista 7 Security “Cannot be Fixed. It’s a Design Problem.”
5. Why Vista 7 Could be the Least Secure Operating System Ever
6. Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
7. Vista 7 Vulnerable to Latest “Critical” Flaws
8. Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
9. Reason #1 to Avoid Vista 7: Insecurity
10. Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)
11. Trend Micro: Vista 7 Less Secure Than Vista
12. Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!
13. Vista 7 Unacceptable for Large Businesses and Windows XP Still Not Secure

Groklaw points out that “Microsoft downplays Server bug threat” by quoting:

Microsoft is downplaying the threat posed by one of the three bugs the company patched today, said security researchers.

The update in question, MS11-035, patches a single vulnerability in WINS (Windows Internet Name Service), a component in every supported edition of Windows Server, including Server 2003, 2008 and the newest, Server 2008 R2.

Attackers could exploit the WINS bug by crafting a malicious data packet, then shooting it at a vulnerable Windows Server box.

This is yet more evidence of Microsoft negligence [1, 2, 3].

When a company does not address known flaws, then it deserves no respect and no business. Microsoft also lies about the number of flaws because this helps the company game the numbers and make it look as though Red Hat, for example, makes a less secure operating system.

There is this new article with a tease headline that poses an allegation as a question. But it does quote some valid messengers, e.g.:

“Linux has been more widely deployed, which has certainly made it a bigger target to hackers in general,” said Charlie Belmer founder and CEO of security vendor Golem Technologies. “But in terms of overall security it is still far superior to Windows.”

Mr. Belmer has a point, unlike Mr. Ballmer.

Tony Bradley, who has been defending Microsoft for years in IDG, is upset by an article from his colleague, Katherine, who likes GNU/Linux. She wrote about issues relating to allegations of NSA back doors a few days ago and the Microsoft booster is of course upset. He admits that Vista 7 is not so secure. It is even less secure than its predecessors. He then defends his poorly-structured contention by pointing fingers elsewhere and spreading the “1% market share” slur about GNU/Linux. Towards the end he becomes the “But” troll to seem fair. How shallow and transparent!

This actually leads us to addressing the next piece of FUD which has returned. Some numbers that are presented in this new article confirm what we have said for years:

This chart reflects the relative popularity of Linux as a desktop OS in each country. It doesn’t mean that these countries have the most Linux users overall (which is more difficult to estimate correctly).

Statcounter measures things like referrals or sites that hand over logs, leading to statistical bias. Privacy correlates with GNU/Linux use. But anyway, the more important observation to make is that the English-speaking world is nowhere in sight. Tell this to all the English-centric ‘market share’ companies.

GNU/Linux does not have a 1% market share on the desktop. This might be true in the United States, whose population only accounts for about 5% of the whole world. Statistics-backed lies are not so uncommon and IDG pushes a lot of this lie, being a US-based company.

As some people will rightly show this month, there is a sharp GNU/Linux usage increase (relative) in Wikipedia recently (it is still English-centric). There is clearly something going on. Meanwhile, Google claims that only 20% of its employees use Windows and the company’s founder has harsh words for Microsoft. Google banned Windows for security reasons and its founder said that Windows is “torturing” users. Well played. As Mr. Pogson put it:

Sergey Brin of Google was quoted as stating that other OS and even GNU/Linux tortures users. I would take GNU/Linux any day because if you don’t want to manage it the darned thing just keeps running. I have set up machines that ran years without an update. Others have reported that forgotten machines kept running for many years.

There is already some damage control from Microsoft boosters like Gralla, who denies the truth. People do not choose Windows, they just buy a computer. Many are brought into a torture of malware and unreliability.

Speaking for myself, I have used the very same KDE session since March (no login screen since then). That’s how reliable GNU/Linux is today. KDE4 has become absolutely fantastic.

One of the best sites around, Dedoimedo (it is criminally under-subscribed to), has this new Great Linux World Map, which rather than name distributions (which mostly assemble parts) shows just what makes up the free operating systems. As the author put it:

Of course, I could not plaster every single distribution or Linux-related item onto the map, as it would clutter this precious work of art. You get old distributions and you get new distributions, you get big ones and small ones, popular and obscure, but not all of them. If you feel your Linux distribution has been neglected, it’s not out of malice, it’s just pure aesthetics. Finally, naturally, since this is a bold expedition unto humor, you should not take anything seriously, neither names, nor terms, nor shapes, nor phrases used. It’s all jolly good fun.

GNU/Linux is still poised to win on the desktop if only we have patience. Google is making some interesting moves right now with subsidies. Well, using Skype, Microsoft will probably make life harder for GNU/Linux users and Linux-powered phones (and just about any other user of the proprietary software). As Groklaw put it, “this means Skype gets less pleasant for users and Microsoft gets to track us? Thanks, but no thanks.”

In another context, argued Groklaw, “When that happens to you often enough, you stop using proprietary software.”

The front page of the official Ubuntu Web site still sports Skype. They will hopefully amend that soon as advertising proprietary software was never a bright idea. █

(ODF | PDF | English/original)

Resumen: El nuevo sistema operativo de Microsoft Windows recibe elogios de los organismos -opresivos- secretos, pero una tarjeta de informe negativo sobre la seguridad real.

LAS ANTIFEATURES son totalmente gratuitas y vienen con todas las ediciones del sistema operativo que la NSA está recomendando[http://techrights.org/2011/05/11/windows-vs-activists_es/], por razones particulares. Sí, Vista 7 no es seguro como lo hemos demostrado en las entradas más antiguas, tales como:

1. La ciberdelincuencia Aumenta y Vista 7 ya está abierto a Criminales[http://techrights.org/2009/01/01/vista-7-not-secure/]
2. Vista 7: Roto Antes de su Llegada[http://techrights.org/2009/02/01/windows-7-banned-insecure-uac/]
3. El Departamento de Seguridad Nacional ‘envenenado’ por parte de Microsoft, Vista 7 esta abierta a Secuestradores de nuevo[http://techrights.org/2009/03/12/phil-reitinger-in-dhs-vista7-awol/]
4. La Seguridad de Vista 7 “no puede ser arreglado. Es un problema de diseño.”[http://techrights.org/2009/04/23/vista-7-cannot-be-fixed/]
5. ¿Por qué Vista 7 Podría ser el sistema operativo menos seguro que nunca[http://techrights.org/2009/04/27/vista-7-least-secure-os/]
6. Periodistas Sugieren la prohibición de Microsoft Windows. Tal vez una demanda por los ataques DDoS[http://techrights.org/2009/08/09/ddos-attacks-and-microsoft/]
7. Vista 7 vulnerables a las últimas “Defectos Críticos”[http://techrights.org/2009/08/13/vista-7-rtm-was-vulnerable/]
8. Vista 7 Al parecer, afectado por varios de las más “críticas” fallos este mes[http://techrights.org/2009/09/09/flaw-paid-for-launch-parties/]
9. Razón # 1 para evitar la Vista 7: la inseguridad[http://techrights.org/2009/08/14/vista-7-insecurity/]
10. Vista 7 Hackeable Una vez más (casi una repetición mensual)[http://techrights.org/2009/10/09/vista-7-hijack-risk/]
11. Trend Micro: Vista 7 menos seguro que Vista[http://techrights.org/2009/12/11/vista-7-insecurity-2/]
12. Vista 7 menos seguro que sus predecesores? Remoto BSOD Ahora Posible![http://techrights.org/2009/09/08/vista-and-vista-7-bsod/]
13. Vista 7 inaceptable para las grandes empresas y Windows XP no es todavía seguro[http://techrights.org/2010/03/11/intel-and-win7/]

Un sitio Web de Windows dice que en “Windows 7, la tasa de infección de malware sube, mientras que cae la de XP[http://www.winbeta.org/?q=news/windows-7s-malware-infection-rate-climbs-xps-falls]” (muchas gracias a Willie por el enlace). Para citar a:

Microsoft publicó hoy los datos mostrando que Windows 7 es la tasa de infección de malware ha aumentado en más del 30% durante el segundo semestre de 2010, mientras que la tasa de infección para Windows XP se ha reducido en más del 20%.

Como los informes de ComputerWorld, durante el segundo semestre de 2010, los datos muestran que de 32 bits de Windows 7 computadoras fueron infectadas a una tasa promedio de 4 equipos por cada 1.000, en comparación con 3 equipos por cada 1.000 que tuvieron lugar durante el primer semestre de 2010. Se trata de un aumento del 33% en la tasa de infección. Los que ejecutan Windows 7 64 bits había más posibilidades de evitar problemas con una tasa de infección de 2,5 PC por cada 1.000.

¿El sistema operativo más seguro? Que se lo digan a la NSA, que en realidad tiene razones para tratar la inseguridad como algo bueno. La propia seguridad del gobierno depende de su capacidad para mantener el ojo en los equipos de sus ciudadanos y sabemos que ese poder está siendo mal utilizado[http://techrights.org/2009/04/21/cipav-and-microsoft-windows/].

Katherine Noyes tiene este buen artículo nuevo sobre el tema[http://www.linuxinsider.com/story/The-Linux-vs-Windows-Security-Mystery-72433.html]. Cita el Sr. Robert en los lugares:

“La NSA (Agencia de Seguridad Nacional) recomienda Vista para seguridad en el hogar no es más que un reflejo de la realidad del monopolio en el espacio al por menor,” que ofrece blogger Robert Pogson. “En el probablemente tan sólo 2 a 3 por ciento de los usuarios de EE.UU. el uso de GNU/Linux, así que una recomendación es casi inútil.”

Los que son serios acerca de la seguridad “ya son conscientes de SELinux, un producto de la NSA”, agregó Pogson. “La NSA se limita a recomendar que la gente pase de XP, un sistema operativo pobre con escaso apoyo por M$. La gente que hace caso a ese consejo, probablemente ni siquiera saben GNU/Linux existe.”

Recomendar algo cuyo funcionamiento es un secreto es siempre una mala idea. Nadie puede saber lo que está realmente hay en él.

La conclusión es, Vista 7 NO ES SEGURO, pero la “seguridad” en la seguridad nacional significa casi lo contrario de lo que la gente asume que signifique. La seguridad nacional es acerca de entrometerse encubiertamente en la vida de las personas, es decir, violación de la seguridad, no reforzarla. Cualquiera que sea lo que la NSA diga, considere hacer lo contrario, si usted se preocupa por la libertad. █

“Las relaciones del Gobierno es una prueba de cómo usted maneja la frustración” ~ Anónimo

Translation produced by Eduardo Landaveri, the esteemed administrator of the Spanish portal of Techrights.