“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
Summary: Windows is not designed to be secure and Microsoft is not even trying to make it secure when advised on how to make it so
YESTERDAY we wrote about the latest extensive evidence that Skype is a spy. Microsoft knows damn well that it is being used to spy on people, but it does not bother hardening the proprietary software program or even fix critical bugs that facilitate wiretapping (e.g. through weak encryption). Security is simply not the goal.
“Security is simply not the goal.”Today we learn that the NSA, which Microsoft tells about flaws before even fixing them (hence providing the NSA with back door access), sure is enjoying access to the latest version of Windows even if it is fully patched and up to date. For several months now Microsoft just didn’t bother patching the holes. Google, which banned Windows for internal use but remains negatively affected by Google users who are on Windows-running PCs, shows Microsoft a serious flaw (local back door) in the very latest Windows. Microsoft just simply does nothing for three months (except showing the NSA, as usual), whereupon Google increases pressure on Microsoft: [via]
Google has made public the details of a security vulnerability in Windows 8.1 a mere 90 days after disclosing it to Microsoft, sparking debate over the wisdom of the online giant’s Project Zero security initiative.
The bug, which was privately reported to Microsoft in September, can potentially allow a logged-in user to execute code on Windows 8.1 machines with administrator privileges.
What we learn from this is that Google tried responsible disclosure, as was the case when the OpenSSL flaw was discovered by Google, well before a Microsoft-connected firm gave it a name, a logo, and very irresponsibly sent out the word, even before OpenSSL’s own site was patched.
Google waited patiently for months, but Microsoft is simply not interested in the security of Windows. Those who are using Windows are not able to patch the flaw themselves because it is proprietary software. It serves to show why every company — not just individual — should shun Windows where security is a priority (it’s a top priority everywhere). Sony is being severely hit by a doxing problem that reportedly started with cracking of Microsoft Windows. █
Send this to a friend
Windows is yesterday’s problem
Summary: Even the most Microsoft-friendly Web surveys (where Windows-oriented sites are grossly overrepresented) show a sharp decline in Windows usage and gains are attributed to Chromebooks
IN THIS GNU- and Linux-dominated world (except in desktops/laptops) we need not write so often about the demise of Windows. In fact, we have not been doing that for months. Windows is rotting on its own while platforms like RHEL and Android thrive.
“Windows is rotting on its own while platforms like RHEL and Android thrive.”Watch how Microsoft spins the latest figures that demonstrate the collapse of Windows, even on desktops/laptops. As one blogger put it, “I woke up today, on the first day of January, and read Mechatotoro’s post about the jaw-dropping December 2014 market share statistics for Windows 8*.
“While the optimistic Winbeta site claims the market share loss is due to the traction gained by Windows 10, I doubt it.”
That is complete nonsense. Vista 8 was probably the worst-performing version of Windows since the 1980s (adoption rates worse than Vista) and the next vaporuware (Vista 10) started 20 months ago and is still not released. To say that Windows usage is declining because of some experimental build is simply delusional, but then again, these are Microsoft boosters we’re talking about. Their loyalty to Microsoft transcends logic and facts. The boosters cannot shoot the messenger either because Net Applications is closely connected to Microsoft. Therein lies the great irony.
One blogger has complained the the press (e.g. the Wintel-friendly corporate media) is not covering this major finding:
December Was a Disaster for Windows 8.x…Why Aren’t We Hearing about It?
Windows 8 and 8.1 combined seemed to have lost a whooping 7.07% market share! They went down from 18.65% in November to 11.58% in December. That is something! Why aren’t we hearing about this in all the (pro-Windows) tech sites??
For those who wonder what has been gaining at Windows’ expense (other than mobile devices where Android reigns supreme), “Data reveals Chrome OS might have been a roaring success in December”. To quote this report: “Stats published earlier today by analytics company NetApplications suggests that Google’s operating system, Chrome OS, might have a bumper month thanks possibly to Christmas sales.
“Data compiled for the month of December 2014 shows that Windows 7, Windows 8 and Windows 8.1 suffered significant dips while Windows XP and OSes classified as “Other” have increased significantly.”
We too bought a Chromebook, but we installed GNU/Linux on it. Chromebooks are significantly cheaper than ‘fat’ laptops with Windows, so no wonder Microsoft is so nervous and afraid of Google. █
Send this to a friend
“Influential writer Esther Dyson (pictured here in 2008) popularized the term “vaporware” in her November 1983 issue of RELease 1.0.” — Wikipedia on vaporware (image originally posted to Flickr by eirikso)
Summary: Microsoft’s Windows-powered services are failing and Windows gets bricked by Microsoft patches, whereupon we are seeing yet more of Microsoft’s vapourware tactics (focusing in imaginary, non-existent versions of Windows)
A few days ago Windows showed why it is widely recognised as a piece of trash. Even Microsoft cannot manage it as Microsoft Azure failure got reported. All it’s good for is mass surveillance by the NSA. At the same time we learned about the latest Vista 8 failure. When not promoting Microsoft at the expense of Linux Microsoft’s booster Gavin Clarke wrote about Microsoft bricking Windows: [via]
Patch early and patch often is the advice of security professionals when it comes to software updates.
After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software’s maker?
Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft’s latest botch job.
On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.
Vista 8 is such an utter mess (worse than Vista) that the editor of InfoWorld at IDG, Eric Knorr, decided to start advertising Microsoft vapourware. Shame on IDG and Knorr. As we showed before, Microsoft had started Vista 8 vapourware half a year before Vista 7 was even released. This was done through known Microsoft boosters. Gavin Clarke was the first. █
“In the face of strong competition, Evangelism’s focus may shift immediately to the next version of the same technology, however. Indeed, Phase 1 (Evangelism Starts) for version x+1 may start as soon as this Final Release of version X.”
–Microsoft, internal document
Send this to a friend
Lack of demand
Summary: The software bully which manipulates its financial reports is said to be unable to sell the latest Windows and a new Microsoft product running this version of Windows is axed before arrival
Microsoft’s criminal behaviour does not work quite so well in hardware, where bribes are harder to get budget for (unlike with software, which can be copied infinitely). Microsoft was already forced to kill many products and divisions and it has many famous failures in hardware, including Kin, Windows Mobile, and Xbox (which lost money). Now we learn that Microsoft has ditched yet another product. This article uses promotional language which fails to explain what a colossal failure Surface has been (the big table as well as the tablets with the same brand name).
Based on other reports like this one from ZDNet (citing the Microsoft-funded Net Applications), right after China banned Vista 8 and various countries/businesses rejected it for technical reasons:
Net Applications has found that Windows 8.x actually lost user share in June 2014, while Windows 7 has really been the operating system to gain from XP’s end of support.
This is not good for Microsoft’s financial bottom line. It’s also embarrassing because it shows systematic pushback.
Another ZDNet report says that Microsoft enables XP to still receive patches (a month ago IDG reported inaction from XP users). The NSA is going to benefit from this as more PCs have lots of back doors piling up. The NSA flags GNU/Linux users (or people who read GNU/Linux sites) for extra surveillance, based on leaked source code. Those who want security (e.g. Russia, China, Korea) will surely move to GNU/Linux very soon. █
Send this to a friend
Summary: Back door in all versions of Windows (for Internet Explorer has been embedded deep inside Windows to suppress browser competition) worries governments around the world, including those behind NSA and GCHQ
IT HAS long been known that Microsoft and the NSA work together and share information about back doors, voluntary or involuntary. Any government that still uses Windows is leaving itself vulnerable to espionage and sabotage like Stuxnet. It’s a strange mystery that many governments still have Windows in their networks. Technically it makes no sense and strategically it’s suicidal.
A few days ago we learned about a permanent back door in Windows XP. To quote one site: “Microsoft reported an alarming security flaw exposed by security farm FireEye, Inc. that affects all versions of Internet Explorer from 6 to 11. Though the newer versions of Windows operating systems will be patched in a couple of weeks, Windows XP users should be worried. Windows XP support was discontinued by Microsoft from April 8, 2014 and it is not going to get any more security patches.”
“Even when a flaw in OpenSSL was found and reported it had already been patched by all the major GNU/Linux distributions. It hadn’t yet been patched by Microsoft and Apple.”Feds are genuinely concerned about this based on the Canadian and the US corporate press, not just because Microsoft will leave Windows XP vulnerable but because at present every version of Windows is vulnerable and there is no fix. Since it’s proprietary software, nobody other than Microsoft can create a fix, either.
This latest back door shows that moving to GNU/Linux makes the most sense. Even when a flaw in OpenSSL was found and reported it had already been patched by all the major GNU/Linux distributions. It hadn’t yet been patched by Microsoft and Apple.
For those who think that Vista 8 (or 8.1) is going to offer some kind protection, mind this unfavourable new analysis. To quote just one bit: “Before shutting down, I manually told it to check for updates. It found one. The description says “Windows 8.1 Update”, and the accompanying text says the stuff about you must install this update to ensure that your computer can continue to receive future updates. So, was my HP updated or not? According to the test described by Microsoft, it was; but according to the Windows Update that is waiting to install, it was not.
“Which is correct? Beats me. How do you tell for sure? Beats me.”
Windows is a mess and this mess is filled with back doors. No government anywhere (not even the US government) should rely on it. The world is moving on and it’s time to move with it. GNU/Linux is the secure option. █
Send this to a friend
GNU/Linux is rapidly gaining, partly because of Microsoft’s mistakes
Summary: Reports about new Microsoft-funded propaganda are easily serving as yet more proof that Windows and other Microsoft software ought to be abandoned
EVERY YEAR we are told the same lies. The propaganda is coordinated by Microsoft-funded entities like IDC and the Business Software Alliance (BSA). We tackled this propaganda year after year, also noting that IDG (the parent of IDC) helps disseminate the propaganda in the corporate press. It’s disgusting and it really ought to stop. It’s like the classic routine of rogue think tanks.
Glyn Moody has done a good job tackling the propaganda in two blogs. One of them was his Open Enterprise blog (ironically hosted by IDG), where he wrote: “As those make clear, we are talking here about Windows malware, found on purchased PCs, Web sites, in P2P downloads and CDs bought on the street. Moreover, it’s evident the infected software is proprietary, paid-for software. Why do we know that? Well, for the simple reason that nobody pirates open source software, because it’s always free of charge, by definition. So Microsoft’s report is about closed-source code, running on Windows.
“This means that IDC/Microsoft’s disturbingly high figure of $500 billion for 2014 is not so much the projected worldwide cost for enterprises of using pirated software, as the cost of running non-free programs on Windows. Most of that $500 billion could be saved – pretty much at a stroke – simply by switching to free software. ”
Glyn Moody also wrote about it in TechDirt (very large audience), under the headline “Microsoft-Sponsored Study Says Problems Caused By Using Windows Software Will Cost Businesses $500 Billion In 2014″ (similar to the other headline he chose). To quote his arguments: “Although the report doesn’t say so explicitly, we are clearly dealing with Windows systems here — computers are referred to throughout as “PCs,” never as Macs, and some of the malware is named as “Win32/Enosch.A, Win32/Sality.AT, Win32/Pramro.F,” which attack Windows systems exclusively. We can also be pretty sure that none of the infected programs was open source. Why? Because pirating software that is already freely available makes no sense — and is certainly unlikely to be as profitable as offering black market versions of costly closed-source programs.
“Putting this information together — in order to “Get The Facts” as Microsoft always liked to say — we arrive at the interesting conclusion that the use of commercial closed-source programs running on Microsoft Windows will cost businesses around $500 billion in 2014 alone because of the wasted time, lost data and reputational damage that will result from associated malware infections.”
Moody did a good job breaking down the arguments, so we need not do this again (we do this every year). Instead, let’s look at the situation Microsoft is in.
Yesterday and the day before that we wrote about the rise of Chromebooks, which led to a massive campaign of FUD and AstroTurfing from Microsoft. It’s always the same. Moody links to this article from the British press [via], stating that “London Council Dumping Windows For Chromebooks To Save £400,000″ (this was later covered in ). There’s no denying the fact that Vista 8 is driving many enterprises away from Windows and Vista 8.1 won’t change much, based on SJVN’s analysis that says: “By this time next year we’ll know if Microsoft has managed to reclaim its users’ and vendors’ mind-share, or if we really are seeing the end of the PC computing market in favor of a mobile, cloud-based computing paradigm.”
A state with 70 million people is now moving to GNU/Linux , so it’s rather clear where we’re heading. “Microsoft finally admits defeat,” says a Microsoft-friendly site  regarding the future Windows 8 update and based on numerous reports, Microsoft now drops the price of Windows to 0 for some device types . “Apple already made the move to free-of-charge operating systems,” explains iophk. “Between that and FOSS, the OS has become a commodity. This is good, without charging, Microsoft cannot give kickbacks or similar financial incentives, at least not for much longer.”
You really know that Microsoft is deep in trouble when even its peripheral PR, such as Microsoft Peter , projects worry about the number of XP users (people who still use a version of Windows from 2001). Rupert Murdoch’s WSJ quotes US figures and says  that “[a]bout 95% of the 211,000 ATMs owned by financial institutions, run some version of XP. But some of those machines run on a unique version Microsoft will support until 2016, according to a Department of Homeland Security memo sent in March. Independent companies, such as gas stations, own another 210,000.”
Many of them will move to Linux. Even Rupert Murdoch’s company, despite being anti-Google, is dumping Microsoft for Google. Interesting times. █
Related/contextual items from the news:
Microsoft has more reasons to worry about Linux. After reports that an Indian state switched from Windows XP to Linux, now a UK-based organization is ditching Windows and going for Linux-based Chromebooks. The London Borough of Barking and Dagenham is going the open source way as it shifts away from Windows XP desktops in favor of 2,000 Samsung 303Cs Chromebooks for employees and 300 Chromeboxes for reception desks and shared work areas across the borough.
The Indian State of Tamil Nadu will solve its Windows XP problem by adopting Linux.
Tamil Nadu is home to over 70 million people and its capital city is Chennai, a hub for India’s business process outsourcing industry second only to Bangalore.
Send this to a friend
So boycott UEFI
Summary: The latest experiences with UEFI (reported by one who is experienced with UEFI) suggest that a boycott of UEFI is still justified
AS we pointed out before, UEFI ‘secure’ boot is actually a mechanism for reducing security, enabling remote entities to take control of one’s hardware or destroy it ‘IBM style’ (IBM works with the NSA on self-destroying hardware). Even the NSA recognises this ability. In addition, UEFI makes it harder for people to explore operating systems other than those which have NSA back doors.
Several days ago Jamie Watson reported  that he had purchased a computer saddled with the notoriously unwanted Vista 8. He said he was getting it “ready for Linux” and days later he reported on his findings, having had many issues with UEFI before (the UEFI Forum contacted him as part of well-coordinated attempts to change perceptions). His opinion on UEFI is hardly changed. He calls UEFI “a royal pain” after trying almost a dozen distributions with it (over the course of nearly 2 years). He said: “For those who might not be personally familiar with UEFI boot yet, and especially for those who might be familiar with only one UEFI boot implementation, I’m going to include some more details here to explain and illustrate why it is, for me, such a pain.”
Intel and Microsoft are making it very hard to dodge back doors, surveillance, etc. in pursuit and in favour of freedom. It’s time to dodge Microsoft and Intel and it’s time to seriously just boycott any hardware that comes with UEFI. █
Related/contextual items from the news:
One of the large retail chains here in Switzerland has a low-priced product range that it calls “M-Budget”, which includes everything from groceries to housewares to computers, and pretty much anything else you can think of.
As I was walking past one of its shops on Saturday, I saw that it was offering an HP Compaq laptop for 333 Swiss Francs (about £225/€272/$370), and that is so low for the Swiss market that I couldn’t resist.
But as for UEFI: what a royal pain. For those who might not be personally familiar with UEFI boot yet, and especially for those who might be familiar with only one UEFI boot implementation, I’m going to include some more details here to explain and illustrate why it is, for me, such a pain.
The UEFI BIOS boot configuration is made up of two basic parts — a list of boot objects, and a sequence in which they should be attempted. When you get a new Windows 8 system, there is usually only one “real” item in the list, that being the Windows 8 Bootloader.
There will probably also be some other “pseudo” items or “generic” items in the list which allow for CD/DVD and USB boot, for example. The boot sequence on the a new Windows 8 system will contain the Windows Boot item first, and then perhaps some or all of the pseudo/generic boot items.
This is the first place I saw something unexpected in this UEFI BIOS, because there were items included in the default sequence which don’t even exist in the list of boot objects. Weird.
When you install another bootable operating system, such as Linux, it will add an item to the boot object list for itself, and that item will be placed at the front of the boot sequence list.
Send this to a friend
Summary: Microsoft’s Windows booster, Mr. Thurrott, is admitting that Windows is a “messy product”
Paul Thurrott is one of the best known boosters of Microsoft. He has been the company’s best known Windows supporter (probably bar none) since decades ago. He rarely complains about Windows and he habitually throws FUD at Linux in exchange for payments. This is not being objective; it’s being self-serving.
Since Vista 8 is such a horrible disaster (some boosters like Thurrott still actively deny this) there is now a point of break-down of sorts. As Ryan, a former Microsoft MVP, put it in our IRC channels the other day: “Even Paul Thurrott is now admitting there are problems.”
To quote Thurrott’s analysis, titled “What the Heck is Happening to Windows?”
When critics described Windows 8.1 as a step backwards, I disagreed: Responding to customer complaints is never wrong, I argued, and the new version of the OS made it more acceptable on the many different types of PCs and devices on which Windows now runs. With Update 1, however, I’m beginning to question the validity of this new direction, and am now wondering whether Microsoft has simply fallen into an all-too-familiar trap of trying to please everyone, and creating a product that is ultimately not ideal for anyone.
If you look back over the decades at the many high-level complaints that have been leveled at Windows, one in particular sticks out: Unlike Mac OS, in particular, Windows has always attempted to satisfy every possible customer need, and as such it often provides multiple ways to accomplish the same thing. The result is a messy product, if you will, one that lacks the singular vision that is typically associated with the Mac and Apple’s other products.
As one person put it in Diaspora: “I saw this posted at Hacker News, and figured, “Oh, another Apple / Google / Linux fanboy kicking Microsoft while it’s down”.
“No. This is Paul Thurrott. He’s a long time Microsoft booster, some have said shill. And he’s clearly got some major questions over the future of the OS if not the company.” █
Send this to a friend
« Previous entries Next Page » Next Page »