Bonum Certa Men Certa
Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

Recent Techrights' Posts

Machine-Generated Legal Documents, Over 2,000 Pages Sent to Us Today Alone
We now know that the papers we receive are produced using bots (algorithms)
2026 Microsoft Mass Layoffs in So-called 'AI' Datacentres, Why Doesn't the Mainstream Media Cover The News?
What does this tell us about the state of the media?
"Over 1,100 Law Firms Gone in Five Years" in the United Kingdom (UK) Alone
There are basically way too many lawyers (looking for "business", e.g. threats and lawfare) and not enough positions to fill
Microsoft FUD From Microsoft Site Helps Distract From Actual Microsoft Back Doors
Published on a Sunday
IBM is Killing Red Hat's Portfolio - Including Linux - to Prop Up Ponzi Scheme ("AI")
IBM is killing Red Hat
Gemini Links 02/03/2026: Weird Phone Calls, Small Phones, and Exploring Racket
Links for the day
 
IBM is Trying to Hide Mass Layoffs, Not Only With NDAs and 'Scripted' LinkedIn Posts
From what we can gather (screenshot above), today many people leave IBM and Red Hat
Richard Stallman is Giving a Public Talk This Week (Friday in Lucerne School of Computer Science and Information Technology)
His birthday is just around the corner.
Windows Falls to New Low in World's Largest Population (India)
Windows is now down to 7%
Never Miss a Good Opportunity to Shut Up and Drink Coffee
Threats come at a cost; each time you issue a threat you stigmatise yourself as a bully
Last Month Matthew Garrett Said Ridiculous Things After His Spouse Had Called Him a "Rapist", Now He's Trying to Take the Site Offline and Put My Family in Prison
The real issue of concern to him (and his alleged reputation) is the spouse and the matter is to be dealt with in America, not the UK
Reporting to Our Politicians/MPs the Failure of the SRA to Stop Hired Guns Who Help Americans (Men Who Attack Women and Nowadays Also Attack British Reporters)
About a month ago my wife wrote to politicians to get the ball rolling
The Topic Many People Don't Want to Talk or Write About
"DEI" is inherently about making racial and gender patterns better reflect society's
XBox is Virtually Dead Already, What Next Will Die at Microsoft?
Now that there are mass layoffs at Microsoft datacentres it is not premature to speculate about what dies after XBox
For the First Time, statCounter Measures Internet Explorer at 0.01% "Market Share"
What Microsoft replaced it with is just a Chrome clone with extra spyware
Was a Lot of "Windows" and "Unknown" in Iran Just GNU/Linux in Disguise?
more than 1 in 10 desktop/laptop requests is estimated to be GNU/Linux
"Here in the UK, GNU/Linux rose to all-time high at Windows' expense"
Will this entail Software Freedom as well? This depends on all of us
Links 02/03/2026: Claude Code Causes a Mexican Government Cyberattack, "London Repair Week" Noted
Links for the day
Don't Fall for "Top X Law Firms" in "Discipline Y", They Pay $Z to Get False Endorsement/s
It's a scheme, a scam, an elaborate fraud
More Publishers Have Turned From Slop Boosters Into Slop Sceptics and Critics
There's a "hidden cost" when one participates (for profit) in "pump and dump" schemes
TeX Live Has New Release, But Planet Debian Won't Tell You That
It 'unpersoned' the developer
LLM Slop Does Not Know People (It Knows Nothing) and Cannot Distinguish Between People. It's a Recipe for Disaster.
no way of knowing who's who
Free Software Foundation Needs to Become More Active in Europe to Avoid Impersonation by Microsoft-Sponsored Groups
So far we've hardly seen the FSF saying anything at all about the US president
Links 02/03/2026: "Not Envious of Billionaires" and Palantir SLAPPs "Swiss Magazine For Accurately Reporting That The Swiss Government Didn't Want Palantir"
Links for the day
There Has Never Been a Better Time to Quit Social Control Media
Those networks are selling something. And that something is not peace because peace does not sell "attention".
Microsoft Users Drowning in Slop, If They Complain Microsoft Censors Them
Like an authoritarian regime
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 01, 2026
IRC logs for Sunday, March 01, 2026
Speed of Sites Matters
Being easily accessible all the time matters to us
Dr. Andy Farnell on "Good Tech"
in the age of "rent everything" and "own nothing"
Gemini Links 01/03/2026: Simpler Software and Announcing OFFLFIRSOCH (OFFLine-FIRst SOftware CHallenge) 2026
Links for the day
EPO "Cocaine Communication Manager" - Part V - Jobs at the EPO for Those Connected to Cocaine Addicts (Skills Not Required)
EPO management is trying to shoot the messenger
Booz Allen Hamilton, the Former Employer of Edward Snowden (NSA Contractor), is Drowning in Debt
Can Supreme Leader Cheeto bail it out like he does slop companies?
On the Concept of "Protected Class" (or Race) at IBM
It's self-harming as in practice it imperils the company and harms the reputation/brand
The Mass Layoffs at Microsoft That Nobody in the "News Industry" Wants to Talk About (and TheLayoff.com Censored, Then It Censored the Evidence of the Censorship)
They basically cover up how they censored the news about Microsoft layoffs
Richard Stallman to Give at Least Three Talks in Switzerland, Starting This Week
No mention (yet) of the Bern talk
On Who 'Speaks for' Techrights
typically a case of misrepresenting the site
'FSFE' an Imposter in Europe, Paid by GAFAM to Represent GAFAM Interests
The Microsoft-sponsored 'FSFE', which violates the terms of use of its name, is causing confusion [...] formally-recognised institutions got tricked into thinking that the Microsoft-sponsored 'FSFE' is the FSF
Lots of Lies From the Slop Industry
The slop industry relies on fake news to give a notion or fake demand
Links 01/03/2026: American Plutocrats Buy American Media While American Constitution Shredded
Links for the day
Teaser: The Next Series About the SRA, Which Would be Just as Effective as It Is Right Now If It Had Zero Employees
the lapdog (of the "litigation industry") that is meant to be perceived as a watchdog
Solicitors Regulation Authority (SRA) Inaction and Incompetence - Part I - Introduction
The SRA is a sham. Many people know this already, but we want to document our own experiences with it.
Live Simply, Live Better
Life isn't about "collecting" possessions; it's about doing things that matter and accumulating knowledge so as to make better choices
Now That XBox is Pretty Much Dead and There Are Mass Layoffs at Microsoft
This means our predictions about Microsoft (and XBox) are "falling into place"
Gemini Links 01/03/2026: "In the Spirit of OFFLFIRSOCH" and "Delete Patreon"
Links for the day
ACM Lowers Its Standards for Age of Autocracy
IBM is more than happy to work with autocracies
The term FUD (fear, uncertainty, doubt) was created to describe IBM's tactics and IBM is doing it again
Rob Thomas or "RT"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 28, 2026
IRC logs for Saturday, February 28, 2026
Slop is Distraction
LibreWolf will never include any of this slop nonsense, no matter if toggled on or off
Cult inquiry: Parliament of Victoria, last chance to have your say
Reprinted with permission from Daniel Pocock
Internet Relay Chat (IRC) Turns 37.5
Can IRC reach age 75?
Gemini Links 28/02/2026: Loadbars 0.13.0, IME (Input Method Editor), and ColorColumn in Vim
Links for the day
Two EPO Strikes in March (Maybe More)
As per the SUEPO diary [...] We still have an ongoing series about the EPO, with several more series to start later
Why We Are Concerned About the SRA's Failure and What That Means to the Profession of Lawyers in the UK
Unregulated industries will lose their credibility as there is a threat of growing perception that they operate outside the law rather than practice law
Over 10,000 Pages/Articles Per Year?
Probably my most productive month, ever
Keeping Techrights Online 99.99% of the Time
Some time later this year we'll tell a very long story about how extremists attacked our webhosts
Richard Stallman, Founder of the Free Software Movement, Will be Giving Public Talk in Bern (Switzerland) in Less Than 12 Days
We are still doing a series about him and his talks
Still Lots of IBM Departures
It's not that we lack evidence of IBM layoffs. It's just that we have ample evidence of the press not doing its job (or barely existing anymore).
The Register MS Standards: Promote a Ponzi Scheme in Exchange of Money
Once upon a time it was a serious publisher. Months ago it was taken over by a Microsoft person.
Slopfarms' Demise Looks Like the Beginning of the End (Lowered Demand for Slop)
Slop about "Linux" has gotten hard to find this past week
Dr. Andy Farnell: Time to Pull the Plug?
insightful, as usual
Links 28/02/2026: "Tehran’s Two-Tiered Internet", "Internet Under Fire"
Links for the day
When an Entire News Site is About One Topic (and One Topic Only)
Tomorrow we start a new series for the new month
Links 28/02/2026: Bill Epsteingate Admits Sex With Young Girls, "Epstein Files Are the Horror That Keeps on Giving"
Links for the day
IBM: Where Companies Come to Perish
thelayoff.com is censoring stories
Tech Layoffs Are Not Because of Slop, They're an Effect of a Rotting Economy and Tech Giants Being Too Deep in Debt
Block is rapidly sinking in debt
The Slopfarms' Business Case (or Business Model) Never Existed and Nowadays, in 2026, They've Mostly Collapsed
Hopefully by year's end many slop suppliers will be offline and slopfarms that rely on them throw in the towel
March in London Today Against Slop's Harms to Society (and the Environment), Starting at 12:00 GMT at the Microsoft OpenAI Office
Today there is a protest in London (UK)
Microsoft Mass Layoffs Have Officially Resumed, Microsoft's Waggener Edstrom/Frank Shaw Lied
"The former employees say this was a mass layoff"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 27, 2026
IRC logs for Friday, February 27, 2026