04.18.14

Microsoft is Leaving Windows — Including Vista 8.1 — Vulnerable to Non-Government Crackers, Not Only to NSA

Posted in Microsoft, Security, Windows at 6:39 am by Dr. Roy Schestowitz

Install the latest back doors or be left vulnerable to crackers other than the NSA

Summary: Microsoft makes it ever more evident that securing users of Windows is not at all a priority, and perhaps not even a desire

MICROSOFT WILL never brag about it to the public (only to the government), but Windows, including Vista 8, contains back doors for the NSA. While FOSS developers work hard to ensure security of their programs, with Microsoft any such concerns are irrelevant because security is not even a goal.

It was rather amusing to see this report which says “Microsoft TechNet blog makes clear that Windows 8.1 will not be patched; users must get Windows 8.1 Update if they want security patches” (the report is titled “Microsoft confirms it’s dropping Windows 8.1 support” and it was published by the Microsoft-affiliated IDG).

But wait, it gets worse than abandonment of users and NSA back doors. According to this: “If you still have XP and use Microsoft Security Essentials you will have problems today.. You will get errors relating to MsMpEng.exe when trying to go into windows and windows will slow down to a crawl mimicking a virus.. You need to boot into safe mode and disable the Microsoft Antimalware Service in your services then boot into your normal profile and uninstall the program.”

“Microsoft makes shutdown of their meaningless “security” application cripple XP,” wrote Will Hill. “I’m surprised that I have not gotten any calls about this. Oh yeah, no one is at work yet. I don’t think the treatment planning computers use this, but I’m going to sent a heads up.”

So Microsoft goes further in making Windows XP users less secure from non-government crackers. Wonderful! █

Permalink Leave Your Comment      Send this to a friend

04.11.14

Microsoft: Let’s Talk About Heartbleed® (Reported by Our ‘Former’ Security Chief) While the World Migrates From XP to GNU/Linux

Posted in FUD, GNU/Linux, Microsoft, Windows at 8:43 am by Dr. Roy Schestowitz

Summary: Government the only likely entity to exploit Heartbleed®, but Microsoft and its peripheral PR apparatus try to scare everyone away from GNU/Linux

A LOT of concerned people, including large businesses, are moving to GNU/Linux for improved security right now (I am aware of some businesses but cannot name them), bearing in mind that Windows XP is no longer secure even in Microsoft’s eyes. Microsoft put back doors in Windows (for governments), so when even Microsoft claims something to be not secure, then it should be ever more alarming.

We are still seeing many articles about migration from Windows XP to GNU/Linux, not just in blogs of GNU/Linux advocates [1,2,3] but also in Microsoft-friendly news sites [4], widely-distributed publications like The Economist [5] (typically GNU/Linux-hostile or just ignoring GNU/Linux), GNU/Linux-oriented sites [6,7], and the Linux Foundation [8]. There are other general news sites [9-12] that cover this (suggesting GNU/Linux as a replacement for XP) and on the other hand there are those in the GNU/Linux world who are apathetic about it [13]. The common theme, however, is rather clear. People are being advised to explore GNU/Linux and jump off the treadmill of Windows ‘upgrades’. Microsoft must be worried. There are many confirmatory indicators of this worry — ones that we covered before.

We recently saw a lot of FUD over GNU/Linux security coming from Microsoft-linked sources, basically inciting/creating unnecessary panic by twisting facts and never mentioning Microsoft’s security issues (some are there by design, like NSA back doors or even FBI entry points).

Someone who worked for the FBI (worse than the NSA by some criteria) and then Microsoft (the back doors partner of the NSA) then revealed Heartbleed®, on the very same date that Windows XP is officially dead. What’s the likelihood that this was a coincidence? Microsoft’s ‘former’ security chief sure helped distract from stuff like the articles about moving to GNU/Linux for security. If it was a stunt, then it sure worked like a charm.

Heartbleed® does not seem like the work of secret agencies [14], but it sure helps them a lot [15], undermining activism [16] and Free software [17], as well as security in Apple and Microsoft products (they use OpenSSL too and they still have no patches, unlike GNU/Linux distributions). Pay attention to how Microsoft boosters like Miguel de Icaza twist this to look like a problem only for GNU/Linux. Microsoft propagandist and partner Tony Bradley (he works with Microsoft) plants some FOSS-hostile articles to that effect [18] as well. Microsoft must be having a day field with its PR/propaganda agents. As we expected, Microsoft partners now spread articles full of FUD — stuff which was published in a timely fashion by a Microsoft-linked firm, exactly upon Windows XP EOL. Watch some timely new revisionism (PR) from Microsoft Peter, using false claims (changing history) to push people to ‘upgrade’ from XP to Vista 8. This is not journalism; it’s advertising from a Microsoft booster who infiltrated a news site. Many sites are still affected by Heartbleed®, but reports from Microsoft-friendly journalists (who were behind some of the previous security smears against GNU/Linux) exaggerate the numbers. At my job, for example, no Web site was found to be affected by Heartbleed® (one can check this online [19]). The main source of danger right now is government spies [20,21] (or government crackers). Those who understand the technical details [20] even guess that government actors may have played a role in putting the bug there [22]. The FSF responded by highlighting the fact that proprietary system have back doors by design [23] (the FSF says “Microsoft are even sharing bugs with others like the NSA without fixing them”) and other GNU/Linux-oriented sites did cover the incident, but not with an excessive sense of panic [24-29], unlike Gates-funded papers [30].

To summarise, what we are dealing with here is an incident where the firm of Microsoft’s ‘former’ security chief shares bugs with the whole world irresponsibly (many sites had not been secured by that time in which his firm decided to release details, exactly when XP hits EOL). And having checked customers’ systems overnight, I found that nothing was affected by this OpenSSL bug. Irresponsible reporting from Microsoft-friendly journalists (with history) claims — falsely — that 2/3 of the Web is affected. Talk about appalling FUD. Wow!

One sure thing is, Chromebook sales are not going to be stopped by it, not even by Microsoft's attack ads (hypocritical FUD is now central to Microsoft’s official strategy and there is no hiding it). █

Related/contextual items from the news:

1. Good News And Bad News Depending On Whether Or Not You Enslave People To Wintel

2. OEMs Aren’t Going To Replace XP With GNU/Linux. Real People Have To Do That

3. What To Do With XP PCs

   If you think you can’t do without XP, think again. I have not touched an XP machine or any other OS from M$ for years now because all my PCs run GNU/Linux. If you think you can’t do without some application that only runs on XP or any other OS from M$, think again. Many millions of users of GNU/Linux don’t have those problems that M$ causes: malware, spyware, re-re-reboots, and lock-in.

4. Windows XP’s Demise Will Help Linux Leapfrog Mac OS X 10.9

   Linux is frequently touted as one of the most successful open-source projects ever. Since its release in the 90s, the versatile OS has gradually become more popular with users. With a 1.49% market share, Linux is now rated the third-most popular PC operating system after Windows and Mac OS X operating systems.

5. End of the road for Windows XP

   But to what? For those determined to stay in the Microsoft camp, forget Windows 8 or 8.1. Not only do they demand too much in the way of hardware, both have been been written off as a debacle as bad as the Windows Vista disaster. With their touch-based design, they require users to do things differently from the way they are familiar with. Microsoft is now hurrying out Windows 9 in a bid to pre-empt a mass migration to Linux or Macintosh.

6. A Beginners Guide for XP Users to Switch to Linux

   Microsoft has ended its support for Windows XP and most of you might not even care but for some of you who do care and understand the complications involved in using a discontinued piece of software, you are in for a change. You can either install already outdated Windows 7, no one’s favourite Windows 8 or you can join the elite group of Linux users by installing on of the many available flavours of Linux.

7. Windows XP and the Changing Calculus of Technology Choice

   One reason technology choices are so difficult is technology is always a work in progress; your one choice has lasting consequences since the technology rarely ever lives on its own, and most good technology is never done — that is unless you’re Windows XP. As most of us know, Microsoft today is turning off support for Windows XP. That means that roughly 30 percent of all Windows users will cease to get security updates and other ongoing maintenance. Since hackers disproportionately target Windows products, this is a big deal.

8. Replace the Retiring Windows XP with Linux

9. Windows XP orphaned: 1/3 of computer users vulnerable

   RMS is the guru of computing freedom, and a great source. He started the “hack” movement as an outsider inside MIT during the Vietnam protesting era, and founded both the GNU software movement and the Free S/W Foundation. He seems (to me) to be highly-influenced by socialist ideals.

10. Forget About Windows XP, Tranform Your Linux Mint in Windows 7

    In this case, Linux Mint 16 is the perfect candidate for a Windows 7 look-alike transformation and the Windows7 Pack (Cinnamon+ GTK3/2) theme works like a charm. You will have to move the files manually in the appropriate folders, but the themes should be easy to activate.

11. Open Source Alternatives For Windows XP

    To simplify the downloading and installing, collections of these many software components, called “distributions“, are available ready for users to download and start using straight away.

12. Windows XP Alternatives: Six Linux Distros to Replace Microsoft’s Ageing OS

    On Tuesday, Microsoft finally end support for one of its most successful operating systems, the 13-year-old Windows XP. Owing to this, there will no longer be any official security updates and bug fixes from the company, meaning those who continue to use the OS will be left vulnerable to security threats.

13. Why I don’t care about the end of Windows XP

    Frankly, I’ve never liked Windows XP. I found the interface to be an eyesore way back when it was first released and using it never improved the experience. I’m very glad to see that it’s going away finally, it’s demise has been been long overdue. I’m rather surprised that it has hung on this long, given that it was never all that anyway. It’s almost become like some sort of a disease you can’t quite get rid of, it just goes on and on and on.

14. Heartbleed coder: bug in OpenSSL was an honest mistake

    The Heartbleed bug in OpenSSL wasn’t placed there deliberately, according to the coder responsible for the mistake.

15. The Real Threat From The Heartbleed Security Flaw Is The NSA

    “The best guess is that the only ones exploiting this bug are spy agencies, if anyone at all.”

16. Why the Web Needs Perfect Forward Secrecy More Than Ever

17. LibreOffice 4.2.3 arrives with Heartbleed fix

18. Is open source to blame for the Heartbleed bug?

19. Test Sites for Heartbleed OpenSSL Vulnerability

20. Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

21. heartbleed vs malloc.conf

22. Heartbleed

    At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

23. Free Software Foundation statement on Heartbleed vulnerability

24. FOSS Community Hustles to Fix Gaping Heartbleed Flaw

25. Fedora status on “Heartbleed”

26. Fedora releases openssl security updates

27. The Internet Goes Nuts with OpenSSL Bug Today, Linux Systems Were Fixed Yesterday

28. How to find out if your server is affected from Openssl Heartbleed vulnerability (CVE-2014-0160) and how to fix that

29. Heartbeat SSL Flaw Puts Linux Distros at Risk

30. Heartbleed: Hundreds of thousands of servers at risk from catastrophic bug

31. Google jumps on Windows XP’s demise with Chromebook for business offer

    GOOGLE HAS BEEN QUICK to jump on the demise of Windows XP, and is looking to persuade businesses still running the operating system to buy Google Chromebooks instead.

Permalink Leave Your Comment      Send this to a friend

Replicating the Destruction of Dual Boot (GNU/Linux) by Microsoft-Friendly UEFI Implementations

Posted in Antitrust, Hardware, Microsoft, Windows at 7:51 am by Dr. Roy Schestowitz

Summary: Reports of “loss of Linux dual-booting” due to Windows Update are investigated further; FSF award to Garrett faces opposition

IT WAS recently reported in Reddit that UEFI was used by Microsoft Windows to wipe out GNU/Linux. Windows Update rendered GNU/Linux unbootable and allegedly turned ‘secure’ boot on to achieve this.

According to this new analysis from Jamie the UEFI explorer, it’s not an isolated incident. He starts by stating: “I can finally report that yes, there is a problem — but it’s generally not as serious as has been reported.” He also writes: “While I found that I was able to ‘fix’ the loss of Linux dual-booting on both of my systems, I am NOT trying to say that everyone who has posted claims about dual-boot being ‘destroyed’ by Windows Update is wrong. I certainly have enough experience with UEFI boot configuration to know that all sorts of strange things are possible, and it may well be that some systems, with some configurations, really do get more seriously damaged by Windows Update than mine have. One very obvious example might be that the Linux items could get deleted from the boot object list. If that happened you would have to use efibootmgr to put them back again.”

But who would know how to do this and how many people would just turn away from GNU/Linux at this stage? This is why UEFI should face a boycott and antitrust complaints against Microsoft get bolstered. I wholeheartedly disgree with FSF for giving Garrett an award. This can be a PR disaster waiting to happen, a bit like Miguel de Icaza and Theo de Raadt and getting such an award before their FSF bashing. Apparently I am not alone in disagreeing with the FSF; Sam Varghese expressed similar concerns, having opposed ‘secure’ boot for quite some time along with many others. He writes: “The Free Software Foundation has given an annual award this year for work that enslaves people to the demands of Microsoft – something that flies in the face of all that the organisation has stood for since its founding.”

This has indeed been a bizarre move and it can help weaken existing complaints (in Europe) over Microsoft’s UEFI tricks. █

Permalink Leave Your Comment      Send this to a friend

04.08.14

Press Advocates Migration From Windows XP to GNU/Linux, But Not Strongly Enough

Posted in GNU/Linux, Microsoft, Windows at 10:47 am by Dr. Roy Schestowitz

Windows aging

Summary: The corporate press mentions the end of Windows XP (no more support) but rarely does it mention GNU/Linux; a migration to Free/libre software is simpler than commonly believed

THE apparent distraction efforts aside, today is the last day for Windows XP as a live operating system. In light of that serious event (relevant to many because Windows XP is still widely used), some articles don’t even mention GNU/Linux at all (see the comments, readers are not easily misled) and some provide only scarce coverage for remedies like Robolinux [1], despite an expensive press release [2,3] which was disseminated in various sites. We found only one article about Robolinux (there may be more, but they are not going ‘on the radar’).

This is rather disappointing. There are orders of magnitude (in terms of numbers) more articles about the Heartbleed® stunt (from Microsoft’s ‘former’ security chief) than about GNU/Linux as the logical route for computers that still run Windows XP. Users of these computers can use Wine or even the improved (but proprietary) versions of software that incorporates Wine. Inside a company they can rely on remotely-accessed application servers running Windows for troublesome applications, with rdesktop/vnc for remote access from GNU/Linux desktop (that’s what one can do at the worst scenarios) and Steven J. Vaughan-Nichols (SJVN) shows how trivially it’s done (very visual).

What we are hoping to find is that more people follow advice which recommends at least mentions migration to GNU/Linux now that Windows XP is unsupported [4-9] (there ought to be be more coverage like this). Putting the derogatory phrase aside, right now there is a big opportunity for GNU/Linux on the desktop [10], and not just because of Chrome OS (which is a GNU/Linux distribution but not a freedom-respecting one). People can now swap a PC running Windows XP with a shiny new Chromebook for just $99 and there are many options when it comes to Chromebooks [11]. Whatever people choose, they need to escape the trap of PRISM (mass surveillance) and proprietary software. BSD too is an option. █

Related/contextual items from the news:

1. Robolinux 7.4.2 Distro Can Keep Windows XP Running Inside Forever Without Viruses or Malware

   Robolinux, a fast and easy to used Linux distribution based on Debian, has just received another major update, raising the version number to 7.4.2.

2. Solution for 500 Million Windows XP Users Who Do Not Upgrade to 7 or 8

3. Solution for 500 Million Windows XP Users Who Do Not Upgrade to 7 or 8

   Robolinux, founded in 2011, invented and has released “Revolutionary Stealth VM” so you can run Windows XP or 7 inside all Linux Mint OS Editions or all Ubuntu Versions and Derivatives Virus Free for as long as you want to without the need for Microsoft security updates or anti virus anti malware software.

4. The end of Windows XP: Is it time to give Linux a try?

   This week, Microsoft ends free support for Windows XP, cutting off the supply of security updates and bug fixes to anyone unwilling to pay the $200 per desktop fee MS is asking for extended support.

   XP machines aren’t just going to explode at midnight on 8th April but with hackers and malware authors already comfortable with the antiquated OS, it won’t be long before some new exploit is discovered that will never be fixed. In short, if you value security then it makes sense to stop using XP.

5. For HTPC folks, XBMC recommends an upgrade from Windows XP to Linux

   It’s doubtful there are many people out there at this point that don’t already know that support for Windows XP will come to an end tomorrow, April 8th. Despite that, a number of individuals and businesses will continue to run the operating system.

   This doesn’t likely apply to those maintaining an HTPC, as this tends to be a more geek-savvy set, but no doubt a few are out there. For those users, XBMC has passed its judgment, and the verdict is Linux.

6. Why so much fuss over Windows XP’s expiry?

   Other than Windows, users and companies could look at Linux versions that run many Internet servers and those in companies. GNU/Linux is also at the foundation of Google Inc’s Android mobile OS.

   Linux distributions include Ubuntu, Linux Mint, Elementary, Zorin and Lububtu. Ubuntu 12.04, for instance, comes pre-installed with the LibreOffice suite—a Microsoft Office equivalent. However, migrating applications from Windows XP to a non-Windows (read Linux) platform is easier said than done. But then, Linux distributions are free.

7. Microsoft XP users can turn to Linux as alternative

   Microsoft’s decision to stop providing technical support for Windows XP after Tuesday has caused a great deal of confusion and consternation among the millions who still use the trusty old operating system. I’ve opined that there’s no reason to ditch Windows XP, which will continue to work as it always has, and that you can safeguard its security by installing a good antivirus/antimalware program.

   However, there is another solution that is faster and more secure than Windows XP – or any other version of Windows. It’s Linux, the long-suffering stepchild of the PC industry.

8. Linux to the rescue! Windows XP support discontinued today

   Today, as Microsoft discontinues support for Windows XP, a 12 year old operating system, users all over the world find themselves with only a few options to choose from as they move on. It’s not surprising that Microsoft encourages users to migrate to Windows 8.1, but of course, there are other alternatives. The best one by far is Linux. With over 100 distributions, Linux not only offers flexibility, but also reliability and support.

9. Death of Window XP Is a Golden Opportunity for Linux

   Microsoft’s Windows XP dies on April 8, and I will not be among those who mourn its loss. The sad part about the death of XP is that those who still run it might not even realize that their operating system is now dead.

10. Will it ever be the year of the Linux Desktop?

    It used to be a rallying cry, then it turned into speculation and finally it became a joke: That the next year, or the one after that, or very soon at least, would be “the year of the Linux desktop”. Even the meaning of the term has changed a bit, depending on the time and the publication. Maybe it means the year when Linux will be a majority operating system on desktop computers. Maybe it means that Linux accounts for a significantly increased share of the market.

    [...]

    But as I have been using Linux in the past several years, it has increasingly occurred to me: We’re at a point where we have a large number of incredibly polished distributions available. You can run a Linux system for a standard user without barely ever touching the terminal. There’s a wealth of software, both applications and games available, most hardware works without any worry, and the days of manually editing xorg.conf, our old best friend, are pretty much gone.

11. Samsung Chromebook 2 set to square off against Intel-powered Chrome OS devices

Permalink Leave Your Comment      Send this to a friend

04.05.14

As the World Moves to GNU/Linux Propaganda From Microsoft-funded Proxies Claims Opposite of What Microsoft Intended

Posted in Deception, GNU/Linux, Microsoft, Vista 8, Windows at 9:39 am by Dr. Roy Schestowitz

GNU/Linux is rapidly gaining, partly because of Microsoft’s mistakes

Summary: Reports about new Microsoft-funded propaganda are easily serving as yet more proof that Windows and other Microsoft software ought to be abandoned

EVERY YEAR we are told the same lies. The propaganda is coordinated by Microsoft-funded entities like IDC and the Business Software Alliance (BSA). We tackled this propaganda year after year, also noting that IDG (the parent of IDC) helps disseminate the propaganda in the corporate press. It’s disgusting and it really ought to stop. It’s like the classic routine of rogue think tanks.

Glyn Moody has done a good job tackling the propaganda in two blogs. One of them was his Open Enterprise blog (ironically hosted by IDG), where he wrote: “As those make clear, we are talking here about Windows malware, found on purchased PCs, Web sites, in P2P downloads and CDs bought on the street. Moreover, it’s evident the infected software is proprietary, paid-for software. Why do we know that? Well, for the simple reason that nobody pirates open source software, because it’s always free of charge, by definition. So Microsoft’s report is about closed-source code, running on Windows.

“This means that IDC/Microsoft’s disturbingly high figure of $500 billion for 2014 is not so much the projected worldwide cost for enterprises of using pirated software, as the cost of running non-free programs on Windows. Most of that $500 billion could be saved – pretty much at a stroke – simply by switching to free software. ”

Glyn Moody also wrote about it in TechDirt (very large audience), under the headline “Microsoft-Sponsored Study Says Problems Caused By Using Windows Software Will Cost Businesses $500 Billion In 2014″ (similar to the other headline he chose). To quote his arguments: “Although the report doesn’t say so explicitly, we are clearly dealing with Windows systems here — computers are referred to throughout as “PCs,” never as Macs, and some of the malware is named as “Win32/Enosch.A, Win32/Sality.AT, Win32/Pramro.F,” which attack Windows systems exclusively. We can also be pretty sure that none of the infected programs was open source. Why? Because pirating software that is already freely available makes no sense — and is certainly unlikely to be as profitable as offering black market versions of costly closed-source programs.

“Putting this information together — in order to “Get The Facts” as Microsoft always liked to say — we arrive at the interesting conclusion that the use of commercial closed-source programs running on Microsoft Windows will cost businesses around $500 billion in 2014 alone because of the wasted time, lost data and reputational damage that will result from associated malware infections.”

Moody did a good job breaking down the arguments, so we need not do this again (we do this every year). Instead, let’s look at the situation Microsoft is in.

Yesterday and the day before that we wrote about the rise of Chromebooks, which led to a massive campaign of FUD and AstroTurfing from Microsoft. It’s always the same. Moody links to this article from the British press [via], stating that “London Council Dumping Windows For Chromebooks To Save £400,000″ (this was later covered in [1]). There’s no denying the fact that Vista 8 is driving many enterprises away from Windows and Vista 8.1 won’t change much, based on SJVN’s analysis that says: “By this time next year we’ll know if Microsoft has managed to reclaim its users’ and vendors’ mind-share, or if we really are seeing the end of the PC computing market in favor of a mobile, cloud-based computing paradigm.”

A state with 70 million people is now moving to GNU/Linux [2], so it’s rather clear where we’re heading. “Microsoft finally admits defeat,” says a Microsoft-friendly site [3] regarding the future Windows 8 update and based on numerous reports, Microsoft now drops the price of Windows to 0 for some device types [4]. “Apple already made the move to free-of-charge operating systems,” explains iophk. “Between that and FOSS, the OS has become a commodity. This is good, without charging, Microsoft cannot give kickbacks or similar financial incentives, at least not for much longer.”

You really know that Microsoft is deep in trouble when even its peripheral PR, such as Microsoft Peter [5], projects worry about the number of XP users (people who still use a version of Windows from 2001). Rupert Murdoch’s WSJ quotes US figures and says [6] that “[a]bout 95% of the 211,000 ATMs owned by financial institutions, run some version of XP. But some of those machines run on a unique version Microsoft will support until 2016, according to a Department of Homeland Security memo sent in March. Independent companies, such as gas stations, own another 210,000.”

Many of them will move to Linux. Even Rupert Murdoch’s company, despite being anti-Google, is dumping Microsoft for Google. Interesting times. █

Related/contextual items from the news:

1. London borough drops Windows, goes with Chromebooks, saves around £400,000

   Microsoft has more reasons to worry about Linux. After reports that an Indian state switched from Windows XP to Linux, now a UK-based organization is ditching Windows and going for Linux-based Chromebooks. The London Borough of Barking and Dagenham is going the open source way as it shifts away from Windows XP desktops in favor of 2,000 Samsung 303Cs Chromebooks for employees and 300 Chromeboxes for reception desks and shared work areas across the borough.

2. Tamil Nadu’s XP migration plan: Go Linux like a BOSS

   The Indian State of Tamil Nadu will solve its Windows XP problem by adopting Linux.

   Tamil Nadu is home to over 70 million people and its capital city is Chennai, a hub for India’s business process outsourcing industry second only to Bangalore.

3. Microsoft finally admits defeat, will bring Start menu back in future Windows 8 update

4. Will free Windows make Microsoft bleed to death?

5. One week before its end of life, 28 percent of Web users are still on Windows XP

6. Windows XP: Old Platforms Die Hard, Security Risks Live On

Permalink Leave Your Comment      Send this to a friend

04.02.14

Red Hat Should Keep Its Distance From NSA Facilitator Microsoft

Posted in Microsoft, Red Hat, Security, Windows at 6:27 am by Dr. Roy Schestowitz

Summary: Criticism of Red Hat’s increasing proximity to some of the very same bits of proprietary software which are accompanied by back doors (for the NSA)

THE DANGERS of Microsoft are very real, as a former foe of Microsoft, Novell, helped prove. Five years ago Red Hat consented to playing an active part in Microsoft VM hosts, despite knowing (even back then) about Microsoft’s relationship with the NSA, which meant that VMs running RHEL would be accessible (to the NSA) from the back door, Microsoft Windows.

There are many back doors in Windows and therefore in Hyper-V, which sits on top of Windows (back doors further down the stack). Microsoft tells the NSA about these back doors. To give the latest example of back doors, see this new report [2] which says: “Nearly 30 days after reports of a zero-day flaw being exploited in the wild, Microsoft will finally patch this critical vulnerability.”

Relying on Microsoft for technology means that one should also expect and accept back doors. A reader showed us this new article, claiming that “Mono [is] infecting Android,” but it’s not just Android. Even Red Hat is now making such mistakes, in addition to hiring from Microsoft for management of virtualisation. Based on [2,3], Red Hat now accommodates Microsoft .NET applications, despite them being proprietary and potential back doors. A week or so ago some speculated that Microsoft might buy Red Hat (one day) [4,5] and yesterday we found the article “Why Microsoft Will Pick Off Red Hat” (logic of investors, not technical people).

Microsoft is now knowingly abandoning hundreds of millions of Windows users, leaving them with permanent back doors [6,7], so why should Red Hat trust Microsoft .NET applications or anything that comes from Microsoft, including Hyper-V? Articles like [8-10] remind us that in GNU/Linux the main flaw is human error (not changing default passwords or not applying patches, which Red Hat is making easier to apply without any downtime [11]).

The bottom line is, Red Hat’s relationship with the NSA withstanding, it oughtn’t connect too much to Microsoft components like .NET and Hyper-V because these constitute back doors that jeopardise security of GNU/Linux users. █

Related/contextual items from the news:

1. Microsoft to Fix an Internet Explorer Zero-Day Flaw

2. Red Hat Adds Microsoft .NET to Its OpenShift PaaS

3. A Red Hat stunner: ‘Miccosoft .NET apps on OpenShift’ Yes, you read correctly

   On Wednesday, Working with Uhuru Software, Red Hat is now incorporate a rival Microsoft product – .NET – to its three-year-old OpenShift platform-as-a-service. Really? Red Hat even published a blog to explain what’s going on to those who might find the concept a bit unbelievable.

   Chris Morgan, the OpenShift Partner Ecosystem Technical Director for Red Hat, wrote the blog – and even he acknowledged the incredulity of it all that something from Microsoft, which for years has been an enemy of Red Hat, Linux and Open Source, would be incorporated into OpenShift.

4. An Indecent Proposal: Microsoft and Red Hat?

5. Reviews, Indecent Proposal, and Ubuntu Graduation

   Today brings two new reviews. Jesse Smith reviews Linux Mint Debian Edition 201403 in today’s Distrowatch Weekly and Jamie Watson posts his latest hands-on. Steven J. Vaughan-Nichols says folks don’t care about operating systems anymore. Matt Hartley has a few suggestions for those ready to graduate from Ubuntu. All this and more in tonight’s Linux news review.

   Jesse Smith tested the latest LMDE in this week’s Distrowatch Weekly. He found a few bugs but Smith says it “lives up to its description” of having “rough edges.” With all its “nasty surprises” Smith suggests folks just stick with the Ubuntu-based version of Mint. But see his full review for all the details.

6. Perspective: Microsoft risks security reputation ruin by retiring XP

   A decade ago, Microsoft kicked off SDL, or Security Development Lifecycle, a now-widely-adopted process designed to bake security into software, and began building what has become an unmatched reputation in how a vendor writes more secure code, keeps customers informed about security issues, and backs that up with regular patches.

7. Positive Feedback: M$ Uses XP To Publish The Insecurity Of Using That Other OS

8. Flaws In People And Their Software

9. Red Hat Risk Reflex (The Linux Security Flaw That Isn’t)

   News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a ‘major security problem’ has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that “GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification… An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid.” In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it’s all Linux’s fault. Or is it?

10. Linux Bugs, Bugs Everywhere

    “We are seeing a lot of crypto bugs surfacing lately because these libraries are suddenly getting a lot of review thanks to Snowden’s revelations,” suggested blogger Chris Traver. “I think one has to separate the crypto bugs from others because they are occurring in a different context. “From what I have read about gnutls, though, it seems to me that this is probably the tip of the iceberg.”

11. Introducing kpatch: Dynamic Kernel Patching

    In upstream development news, the kernel team here at Red Hat has been working on a dynamic kernel patching project called kpatch for several months. At long last, the project has reached a point where we feel it’s ready for a wider audience and are very excited to announce that we’ve released the kpatch code under GPLv2.

Permalink Leave Your Comment      Send this to a friend

Campaign of Intimidation Against GNU/Linux, Courtesy of US Patent Law

Posted in Dell, GNU/Linux, Microsoft, Windows, Wine at 3:29 am by Dr. Roy Schestowitz

Long-sighted FUD strategy

Summary: Commentary about Microsoft’s attempts to make GNU/Linux look like it’s its own property, thanks in part to broken patent law in the United States

YEARS AGO, shortly after Novell and Microsoft revealed that they had signed a patent deal that involved Wine, we hypothetised that Microsoft was perhaps trying to keep Wine under patent threats. Amusingly enough, “Chinese People Try To Patent Wine On ARM,” according to Phoronix. One must wonder how Microsoft feels about it.

For those who think that Microsoft has finished extorting companies, look no further than this Dell deal where “[t]he companies did not provide specific information on which products the agreement will apply to” (or how much — if anything at all — gets paid).

We long ago called for a boycott of Dell, immediately after Microsoft pretty much took this dying company under its wing. Appropriately enough, Muktware is now contradicting its own report (which we criticised) in the comments, insisting that maybe a few pennies are paid to Microsoft by Dell (or nothing at all) and that this is more of a publicity stunt, trying to make Chrome OS and Android seem expensive and dangerous. At the time we also wrote about Verizon joining OIN and other factions of the Linux world, demonstrating that unlike Dell, many companies are now taking a stand for GNU/Linux, not against it (as Dell did). █

Permalink Leave Your Comment      Send this to a friend

03.27.14

Microsoft’s Sabotage With UEFI ‘Secure’ Boot Continues, Time for Major Legal Actions From GNU/Linux Users and Vendors

Posted in GNU/Linux, Microsoft, Vista 9, Windows at 5:28 am by Dr. Roy Schestowitz

Microsoft is trying to hammer the competition

Summary: Vista 8 is reportedly including interception of GRUB as part of the update process, in the name of ‘security’ of course; Microsoft also offers money for people not to embrace GNU/Linux

EARLIER this year we published the post "When Microsoft Deletes Windows and GNU/Linux" and it was about UEFI — the appalling ‘innovation’ which does nothing beneficial for Linux. On the same month we showed that "Microsoft Remotely Deletes Free/Open Source Software From Windows". Almost exactly one year ago we called for antitrust action, noting that "Microsoft's Vista 8 Deletes Competition" (with UEFI), so there is clearly a pattern here. We have accumulated evidence over time. In 2010 we showed that "Microsoft Continues to Sabotage GNU/Linux Installations Using 'Updates'" and it seems to be happening again.

Last night Susan Linton noted that someone found “Windows update deleted his GRUB boot loader and turned on secure boot”.

This is clearly technical sabotage, not increasing security. It is only increasing Microsoft’s financial security, by means of sabotage. In the name of “security” many tyrants take extreme actions, not just in computing. Here is another take on the report from Reddit: “He claims that after the Windows System Update GRUB 2 was removed, and UEFI booting was set to “secure boot” which it wasn’t prior to the update. During the update, Windows 8 mentioned “there is a security problem with your computer” that needed to be “fixed”.”

Here is a report predating it, this time from a Romanian news site: “A user who was dual-booting Xubuntu and Windows 8 has reported that one of the latest updates for Windows 8 has actually deleted the GRUB and switched UEFI to secure boot.

“Linux users are not strangers to the problems caused by dual-booting. It’s a well-known fact that if you install Windows on a PC or laptop that already has a Linux operating system it will delete the boot loader. It can be fixed easily, but the GRUB, for example, recognizes Windows operating systems and integrates them so that the user is not affected.

“A Linux and Windows 8 user has reported on Reddit that one of the updates performed by Microsoft’s operating system deleted the GRUB boot loader and set UEFI to secure boot. Moreover, after he restored GRUB2 (which is done pretty easily, as illustrated in our tutorial) now there are three entries besides the Linux one.”

If this true (which it most likely is, based on comments), then Microsoft will surely try to pretend it’s just an accident. Plausible deniability is Microsoft’s similarity to the CIA. Violence trumps moral values.

The same site says that “Microsoft’s Website Thinks That All Linux Systems Are Windows 8.1″ (unlikely to be happening by accident, probably by design).

Perhaps what we are witnessing here is a serial criminal, Microsoft, trying quite aggressively to promote Vista 8 because large companies move to GNU/Linux rather than Vista 8 when they abandon Windows XP. According to this other new report, “Microsoft has dished out a $100 on-the-spot discount to make you switch on over to a new operating system.” Guess which one?

So now there are subsidies (or bribes) too. Typical Microsoft, And when these don’t work they resort to FUD and media infiltration.

Microsoft should not be allowed to get away with this. There should be lawsuits and antitrust actions. Don’t believe that because Microsoft changed its public face/mask (CEO) it actually changed its way or its real leadership (behind the scenes). The company has a long track record of abusive behaviour and you cannot deal with thugs gently, you must react rather aggressively. █

Permalink A Single Comment      Send this to a friend