Bonum Certa Men Certa

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Recent Techrights' Posts

They Want You To Talk About Trump or 'The Other Bill' in Relation to Trafficking of Underage Girls for Sexual Exploitation
Just something we wanted to say...
How to Quadruple Your "Goodwill" Value and Grow Your (Wall) Street "Value" From $152B to $4000B Without Producing a Single Successful Product/Service
The longer it goes on for, the bigger the implosion will be
Staying Productive
Two very reputable institutions recently told us they now reckon Microsoft is somehow funding those SLAPPs against us
66 Countries Where More People Use iPhones (or iPads) Than Microsoft Windows, According to statCounter Data
a list of countries where iOS now exceeds Windows
Windows All-Time Lows, Android All-Time Highs in Kuwait
New lows for Windows can be found in many countries this month
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Some Cola Formulas Aren't Secret, But the Barrier is the Branding
That's the power of the channel/distribution, marketing, and brand recognition (accomplished through endless marketing)
 
FOSSY 2025 Conference Safety
The GAFAM-funded FOSSY 2025 is over
Microsoft's Favourite Pay-to-Say 'Analyst' Firm Has Just Collapsed
'Analysts' that helped propel Microsoft to fictional values akin to Ponzi schemes
Ask Google (Jeeves)
What does Google "know", not know, or would rather forget (or embellish)?
A Blow for Patent Ambitions of Bill Epsteingate
It's about money
Apple's iOS Bigger Than Microsoft Windows in Many Countries
This ought to alarm Microsoft
The Mainstream Media Talks About Spotify Share Price and Price Hikes, Not Its Debt Increasing by About 33% in Just 12 Months
Spotify isn't a company in good shape
New "US Editor for The Register" is 80% Microsoft and Windows
they typically just treat Microsoft like the "Holy Grail" of "IT"
Microsoft is Apparently Sending Gag Orders or NDAs to Staff That Got Laid Off (“We were told not to post on LinkedIn. Not to say anything.”)
The main lies we keep seeing
Richard M. Stallman Has Published AI Memos Since 1980 (45 Years Ago)
Back when the term AI actually meant something
Gemini Links 06/08/2025: BitTorrent and Feedly Bots
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 05, 2025
IRC logs for Tuesday, August 05, 2025
Openwashing Slop... Using Slop!
So get ready for "open" "hey hi" with its proprietary models to engage in openwashing, helped by serial sloppers who use the LLMs to produce fake 'articles'.
On "Tragedy of the Commons in the Production of Digital Artifacts"
There's a better way to do things. None of that should involve GAFAM.
Gemini Links 05/08/2025: Opel Zoo near Frankfurt and Alhena 5.2.5
Links for the day
The Inflammatory Influence of Social Control Media Giants
CPC's ByteDance says it's cool
Microsoft v Planet Earth
Is Microsoft profitable?
IRC Turns 37
Internet Relay Chat (short: IRC), which started in 1988, turns 37 this month
Shortly After a Microsofter Took Over The Register as Editor in Chief Microsoft Tim (Tim Anderson) is Back and It's Still Microsoft Propaganda, Sometimes Funded by Microsoft
Notice his focus
Stricter Enforcement of Worker Adjustment and Retraining Notification (WARN) Act is Sorely Needed
Who's keeping track anyway?
Calling Plagiarism "Intelligence" is Pure Genius, Brilliance!
One thing to "like" (or dislike) about LLMs is how they're falsely marketed using various buzzwords
Geminispace Promises Simplicity But Also Provides a "bunch of forums that get flood-filled by agitation against the very essence of Gemini itself"
claims of stagnation in Geminispace started because of a person who spent a long time agitating against GNU/Linux as well
Zimbabweans Aren't Into Windows or Microsoft
This cannot be good news for GAFAM
Microsoft's Washington Layoffs Aren't Everything, They're Definitely Not Happening in Just One State in the US
Washington is just more strict with WARN notices
Gemini Links 05/08/2025: Lagrange v1.18.6, No Stagnation in Geminispace, and Fake Coding (Slop)
Links for the day
The Register's Editor in Chief (Who Left for Google) Told Me "AI" Was a Bubble, But Now The Register Gets Paid to Participate in Inflating This Bubble
A lot of the online media is a scam
Introducing Mission:Libre and FreeXR (and BreakXR)
efforts that accompany the foundations put there by the Free Software Foundation in 1985
Slopwatch: WebProNews, LinuxSecurity, and Some Success Stories
Google News still has a slopfarm issue
Links 05/08/2025: Hey Hi (AI) Passing Fads and GAFAM "Embracing the Military"
Links for the day
Links 05/08/2025: Samsung and Microsoft Layoffs
Links for the day
Rumours of Mass Layoffs at Red Hat Next Week (August 11th, 2025)
The eleventh means next Monday
IBM is Shutting Down (Piecewise)
IBM is basically being liquidated
The Debian Language Police Department (PD)
"there has never been complaints about anyone that was offended by this -off package"
Tesla's Debt More Than Doubled in 2 Years and the Company Will Operate in the Red (at a Loss) Quite Soon
If your first-quarter net income is $409 million and you borrow billions from banks, plus interest to pay on those loans, then you're not far from returning to losses
When The Register MS Says "Linux Backdoor" It Actually Talks About Malware
The leading story in The Register US/MS this morning is Microsoft
Microsoft Windows Fell to 19% "Market Share" in Montenegro
Microsoft must be well aware of this trend
Why We Also Include Gopher Links in Our Gemini (Protocol) Links
There are still many people who use Gopher to relay their messages (like blog posts). They're mostly technical people.
Shouting is an Indication of a Lack of Convincing Argument
Beware what they are attempting to distract from
Mongolia: Microsoft Windows at All-Time Low
in 2009 when Windows was at 99.45% in Mongolia the company was "worth" less than 200 billion dollars
About a Quarter of Today's "linux" News in Google News Came From One Domain and It's a Slopfarm
Not kidding!
Gemini Links 05/08/2025: Zombie Threat and Switching to NixOS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, August 04, 2025
IRC logs for Monday, August 04, 2025
ChatGPT in Trouble
Watch out for the newer buzzwords
The Register MS Links to the Wrong statCounter Page
They link to older data
Dr. Andy Farnell Explains How Google Turned From "Librarian" Into "Oracle", Telling Us What to Think Instead of Where to Look
Google was always a lousy librarian
Microsoft Layoffs Continue in August 2025
If Microsoft is doing so well, how come about 10 rounds of layoffs in about 7 months in 2025?
Microsoft and Windows Have Many Back Doors, But LLM Slop Keep Claiming That Linux Has "Backdoor"
It's another example of LLM slop as FUD amplifier, via slopfarms as well
In Many Countries Vista 11 Adoption Stalled or Became Negative
Not just because people move to GNU/Linux
Microsofters' Lawyers Are Name-calling and Insulting Microsoft Critics, Even Their Spouses
How not to win arguments
Flagging or Tagging Slop That We Find Online
Right now we use ImageMagick
Links 04/08/2025: Very Bad Weather and Travel Restrictions in China
Links for the day
Gemini Links 04/08/2025: Misiamisia and Mobile Linux
Links for the day
Microsoft's Stock is Like a Religion, Microsoft Goes Into 'Hiding' (From Shareholders)
like a religious person or devout believer, the media just parrot anything Microsoft says
Links 04/08/2025: 80 Years Since Last Nuclear War, IPv6 in China
Links for the day
Groklaw Static Site Relaunches With New Theme, But Many Pages and All the Comments Are Missing
We suppose that's still a lot better than the site being offline, as it was for several months
"For Five decades; For freedoms; For all users" (Original EMACS Turns 50 Next Year)
Linus Benedict Torvalds was only 6 when EMACS started
In Spain, Microsoft's Search Engine Market Share Fell to 2%
16 years have passed since Bing was introduced
Protecting GNU/Linux-Centric Journalism From Serial Sloppers
Unoriginal slop is taking away traffic from the people who did all the real work
It Looks Like Managers at Oracle Now Use LLM Slop to Write Blog Posts
Did he cheat by prompting LLMs for mindless text "filler"?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, August 03, 2025
IRC logs for Sunday, August 03, 2025
Gemini Links 04/08/2025: Qubes OS and Curious crypto case of certificates (CCCC)
Links for the day