Bonum Certa Men Certa
Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

Recent Techrights' Posts

Amended Input From Software Freedom Institute for EU Consultation on Free Software
"On 3 February 2026 Software Freedom Institute lodged a submission with the European Commission's inquiry into Open Digital Ecosystems"
Nadella's Mindless PR Spam Ahead of the Layoffs 'Snowball' (Adding Up Batches) Turning Into an Avalanche
Based on recent observations, the more puff pieces we see about Nadella, the closer we get to Microsoft "pulling the trigger" on mass layoffs
When Happens to Red Hat If (or When) IBM Collapses
IBM is in flux because its CFO is now implicated in what seems like accounting fraud
With an IBM Company Down Over 75% After Apparent Accounting Fraud the IBM Insiders Want Answers From James Krabanaugh
He has no technical qualifications
A "horrible week (hebdomada horribilis?) for the Solicitors Regulation Authority" (SRA)
The SRA is part of the SLAPP problem
EPO's Central Staff Committee (CSC) on EPO Social Dialogue
They've refrained from mentioning the industrial actions
The Register MS is Promoting Ponzi Scheme for Financial Fraud/Accounting Fraud Company, The Register MS Gets Paid to Do This
Published 6 hours ago
IBM's Kyndryl Managed to Fall to Less Than a Quarter of Its Past Year's High
Imagine IBM falling to $75
Links 10/02/2026: Media Freedom Feels Dead in Hong Kong and Grammys, Superbowl Becoming Politics
Links for the day
 
Gemini Links 11/02/2026: Terminator Trilogy and Lagrange in the Apple App Store
Links for the day
Links 11/02/2026: Fentanylware (CheeTok) for ICE, Jimmy Lai Shows Journalism Became 'Crime' in Hong Kong
Links for the day
With Firefox Measured at 2% in the United Kingdom Time is Running Out for Web Site Support for Gecko/Servo Users
The open Web is rapidly dying while Mozilla celebrates and champions slop
Lawsuit reactions: EFF behaviour reveals zombification, censorship
Reprinted with permission from Daniel Pocock
Links 11/02/2026: $700 Billion Slop Bill, Social Control Media Under Political Fire for Deliberate Health Harms
Links for the day
Mobbing at the European Patent Office (EPO) - Part VI - Attacks on Staff and Attacks on the Law Merit Another New Series
new series coming shortly
IBM's Financial Engineering (Accounting Fraud) Shell, Kyndryl Holdings Inc, is Insolvent
If this was done by the very same people who still run IBM, can we expect any better from "Sugar Daddy" IBM?
2026 a Very Productive Year and We Have Many Big Stories to Tell
maybe we'll produce 8,000 new articles/pages by year's end
Clownflare is in Trouble as Its Debt More Than Doubled in Less Than a Year, Expect Further Enshittification
Clownflare isn't free
After the Next Wave of Microsoft Layoffs Washington State Could be #1 for US Layoffs
Microsoft Corp shares were down yesterday
EPO's Local Staff Committee The Hague (LSCTH): The EPO is Generally “Managed by Excel” (Microsoft)
The current management has basically defined corruption to be "success"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 10, 2026
IRC logs for Tuesday, February 10, 2026
Google Still Helping the Slop Pyramid Scheme, Encouraging Plagiarism Too
Google is a plagiarism company and it wants public solidarity for plagiarism by LLMs
Gemini Links 10/02/2026: "The Luminous Dead", Matrix, and Containers
Links for the day
Kyndryl CFO Harsh Chugh Comes From IBM (17+ Years)
Who would want such a position?
IBM RAs (or PIPs) in London, England?
They try to keep the lid on it
International Buybacks Machines
Will the current US administration/regime look into IBM's accounting or only its mini me's?
IBM Could be the Next Kyndryl, a Dinosaur With Accounting Fraud
Many shareholders (or even pension funds) are taking a big hit today
Ian Murdock Died in San Francisco 10 Years Ago. Cops Led to His Death.
10 years ago Ian Murdock died after cops had messed him up
US/Europe divergence: health & safety, criminality & Debian harassment culture: Open Digital Ecosystems submission F33370170
Reprinted with permission from Daniel Pocock
Links 10/02/2026: Splinternets and "Meta Goes to Trial in a New Mexico Child Safety Case"
Links for the day
Russia and China Best Off Without GAFAM
What if they abandoned GAFAM?
Will Finns Put Out the Online Cigarettes?
More people recognise that the child porn site formerly known as "Twitter" and Cheeto/Pooh-tin controlled TikTok are no longer trustworthy
As the US Economy Sags Microsoft Layoffs Carry on (Now in Larger Waves Like 15,000 Per Season or 30,000+ Per Year)
They try to avoid "negative" topics
GNU/Linux at 3.99% in Australia
now that Australians can no longer keep Vista 10
Microsoft Windows Falling
analytics.usa.gov Shows Rapid Erosion of Windows Market Share Since 'End of 10' (Vista 10)
Microsoft Windows Hits All-Time Low in The Netherlands in 2026
Europe needs to rid itself or wean itself off GAFAM
SRA: SLAPPs From Russian War Criminals and American Men Who Strangle Women Are Acceptable
The SRA, by inaction, is complicit in this
The Solicitors Regulation Authority (SRA) Delusion - Part IV - Machos in Charge of the House (and System), Even If the Faces Are Female (Optics)
basically a Windows/Microsoft (US) shop
From Weber Shandwick (Microsoft PR) to Brett Wilson LLP (Hired Gun of the Serial Strangler of Microsoft)
they basically tried to charge me a lot of money for a PR project of someone who strangled women
The Solicitors Regulation Authority (SRA) is Not a Regulator, It's Part of the Litigation "Industry" in the UK (They Overlap Each Other)
Does nothing except talk about SLAPPs
Brett Wilson LLP Seems to Have Done for Roberto Foa What It Did a Year Earlier for the Serial Strangler from Microsoft
Repeat abusers (of the legal system) will misuse it as long as regulators do nothing
In Finland, Microsoft Falls Behind Yandex (Russia)
Bing has had many layoffs in recent years
Security More Advanced in Geminispace Than on the Web (Bloat)
For real security, use Geminispace capsules, not Web sites
Slop at Microsoft is a Miserable Failure, Now Microsoft Takes the "Vista Route" (Paying People to Say Good Things About It)
This is brainwash, it's meant to delay the implosion of the bubble
Rumours About February 2026 Microsoft Layoffs: Silent Layoffs or 30,000 Culled Tomorrow
Sooner or later (and soon) Microsoft will need to say something and file some WARN notifications
GNU/Linux at 12% in Guam, Based on statCounter (Compared to 2-3% a Year Ago)
Guam's "uptick" in GNU/Linux usage started weeks after "end of 10"
Where We Stand With the Winter Series
We'll need to protect names and sources
Fighting Slop With the Public Domain (and Why Slopfarms Perish Faster Than New Ones Appear)
We can combat the nonsense by producing more human-made works until the slop bubble implodes
After Employee Reviews at IBM Staff Expects Another Large Wave of PIPs and "RAs" (Layoffs)
From what we can see in the "public Web"
Gemini Links 10/02/2026: "The Last Messiah", Discord for Adults
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 09, 2026
IRC logs for Monday, February 09, 2026
Is Europe Abandoning Digital Opium?
GAFAM-controlled social control media
Mobbing at the European Patent Office (EPO) - Part V - Strongest Strike Under António Campinos
SUEPO Munich is also reminding people of the threat of PIPs
Microslop is Slop, Slop is Considered "Quality"
no wonder Microsoft's stuff breaks down so often
thelayoff.com Deletes On-Topic Discussions (Layoffs) While Leaving in Tact Pro-Corporate Trolling Made by LLMs (Slop)
Who at thelayoff.com deems spam made by LLMs (slop) to be on-topic and unworthy of zapping, whereas actually on-topic and authentic threads get routinely deleted?
Gemini Links 09/02/2026: Great Salt Lake Ecological Observatory and Offpunk 3.0 "A Community is Born" Release
Links for the day
Links 09/02/2026: Mass Plagiarism and Pollution/FakeCoin Company Nvidia Contacted Anna’s Archives, Narges Mohammadi Gets Second Prison Sentence
Links for the day
GNU/Linux May Have Grown to 7% in Equatorial Guinea
Has there been some kind of mass migration there or is this just noise in the data?
Links 09/02/2026: Russia Intentionally Killing Civilians, Jimmy Lai Effectively Sentenced for Life for Publishing News
Links for the day
Microsoft Competitions, Addictions, and Popularity Contests Are Not Going to Help Perl, They'll Waste Everybody's Time and Give Microsoft More Control Over Its Competition
Microsoft does not like Perl
A Can of WORMS - Part IV - They Would Even Attack RMS for Criticising Autocrats (Saying This is "Politics")
Conforming to society's perceived expectations isn't how effective activism can ever be done or was ever done in the recent past
Gemini Links 09/02/2026: The Exploration Myth and Making JavaScript Fun
Links for the day
EPO Outrage and Maintaining the Pressure
A vending machine does not fall over after a first push
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 08, 2026
IRC logs for Sunday, February 08, 2026
"Low Performer" and "Underperformer" as Harmful Misnomers That Damage a Company's Reputation
Misnomers need to be avoided or called out