Bonum Certa Men Certa
Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

Recent Techrights' Posts

It's Not a GAFAM World Anymore and There Are Far More Operating Systems Than Google's, Apple's, and Microsoft's
we're not getting the full picture of what's happening
Microsoft's XBox is Going Away Like Microsoft's Skype (Slowly But Surely, Then All at Once)
XBox is dying rapidly
Codecs and Software Patents - Part IV - Things Got So Bad That Some Laptop Sales Got Banned in the EU (Over Software Patents!)
If software patents lead to such severe outcomes, shouldn't the media pay closer attention to the problem?
 
Gemini Links 08/05/2026: Dissociated Pride and Prejudice, Smallnet Protocols Roundup
Links for the day
Links 08/05/2026: Slop Profiteer NVIDIA (and Circular Financing/Accounting Fraud Leader) May Be Liable for Mass Copyright Infringement, Kyndryl (IBM) Layoffs
Links for the day
Outgoing OSI Chief Was Paid by Microsoft to Advocate for GPL Violations (Using the OSI's Name). Now, Inside OIN, He Says GPL Violations Are 'Freedom'.
It seems like only compromised people can be "allowed" to run today's OSI
SLAPP Censorship - Part 70 Out of 200: Microsoft's Graveley Injunction Request 100% the Same as Garrett's (Pure 'Copy-paste', Not Even a Word or Single Character Changed!)
Not so funny at all
Over 97% of the 'Linux' Foundation's Budget Goes Not to Linux
There is a term for this: mission creep
Cloudflare is a Giant Pile of Debt, Now There Are Mass Layoffs and Media Coverage About This is Churnalism, Sometimes by Slopfarms (False Excuses)
If Cloudflare goes under, it'll be great news
NDAs as a Price Tag on Criticism (or Honest Expressions of Opinion)
What ever happened to accountability? Suppressed by reverse bribes (via NDAs)?
Internal Microsoft Communications Confirm: "Buyout" Offer Worse Than a Year's Salary and Microsoft Offers "Retirement" to Young People Who Cannot Retire
Does that sound like a good offer or marching orders?
Site Overhauls at Cybershow and at analognowhere.com (Less is More!)
They seem to be replacing the heavy PHP backend with static HTML pages
The Corrupt Lecture the Non-Corrupt - Part XVI - EPO Had Data Breaches, Covered Them Up, Now Lectures Staff That Didn't Do It and Didn't Cover It Up
Imagine what would happen to staff if (non-anonymously) blowing the whistle on management leaking and then covering up EPO data breaches
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 07, 2026
IRC logs for Thursday, May 07, 2026
Mass Layoffs at IBM's Kyndryl, Slop Won't Save Kyndryl
Kyndryl is a "done deal". It's done. It's finished.
Kyndryl Holdings Inc Falls Almost 15% in 2 Days, What Does That Tell Us About IBM?
The "Big Blue" 'shell game' isn't working
Companies That Say They Are "Hey Hi" (AI) Leaders Don't Really Do Well, They Have Mass Layoffs Because Hype and Storytelling Won't Live Up to Shareholders' Expectations
Microsoft's investment in slop is not going well
Gemini Links 07/05/2026: Unicode and "RSS 4 Noobs (Getting Started)"
Links for the day
During IBM's Annual Event/Bash IBM's Stock Fell to (Almost) Lowest Level in a Year, Insiders Explain "IBM is on the Brink of Collapse."
Anthropic - like IBM - pays the media for puff pieces, exaggerations, and obvious vapourware
Servers Became "Cloud", VR Became "Metaverse", Now Bots Become "Agents" (of Slop)
Changing the name of things won't prevent rejection, only delay the negative reaction some more
Links 07/05/2026: "The ‘Perfect Storm’ Hanging Over Britain’s Public Debt" and "Internet Shutdowns Spread in Africa"
Links for the day
OSI Partners With Microsoft to Help Pretend Proprietary (GitHub) 'Celebrates' Open Source
And a Microsoft operative announced this as well
Links 07/05/2026: "Most Vibe-coded (Slop) Tools Are Not for You" and "Prepare for the PCB Shortage"
Links for the day
SLAPP Censorship - Part 69 Out of 200: Microsoft's Graveley Strangles, Gets Arrested, Charged, Then Asks for Apology From Those Who Reported It by Recycling Garrett's Plea for Apology
Garrett realised that his "funny" lawsuit wasn't so funny anymore
Codecs and Software Patents - Part III - AOMedia Video 1 (AV1) and Antitrust Issues
As we'll show in later parts, this already results in bans of some hardware sales in Europe
The Corrupt Lecture the Non-Corrupt - Part XV - Talking About Responsibility and Accountability While Failing to Hold Themselves Accountable
what outlet is there for justice or for the Rule of Law?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 06, 2026
IRC logs for Wednesday, May 06, 2026
Gemini Links 07/05/2026: Dissociated Jekyll And Hyde, New Antenna 2.0.0
Links for the day
Google Slop Contains Serious Errors, Google Has Just Been Sued for 1.5 Million Dollars by One Victim of It
If he wins, the floodgates will open for millions of other people
Keeping Server Costs Under Control in Age of Zombie-Majority Net
The Web has become such a sordid mess not just due to chatbots and LLM bots
People Work for Microsoft Because They Fear No Other Company Would Hire Them
Why do people still work at Microsoft?
The Register MS Does "Microsoft Says", Fails to Accept XBox is Dying and Slop is a Failure
The real news today isn't some tweets from Microsoft
IBM Seems to be Imitating the European Patent Office's "Young Professionals" (YPs) With Client Innovation Center (CIC), Which is About Mass-Hiring Inexperienced People on Very Low Salaries (Sometimes Unlivable)
So the future of IBM now is college students without experiences?
IBM Spammers With LLM Slop Discourage Discussion About IBM Problems and Layoffs
they would likely not bother had those discussions not hurt IBM's management [...] There is a similar problem this year in IRC
The Register MS is All About MS After the Site Overhaul, Now They Are a Platform of "Microsoft Says"
They rewrite history for sponsors [...] Microsoft says. Hence, it must be true!
Pop the Slop Bubble, Don't Ask When It'll Pop or Expect Others to Pop It for You
It has all along been sold on a lie and it relied a great deal on corrupted (captured) media which played along with deliberate lies because it got paid to do this [...] The slop bubble is similar to the fake-coins bubble
SLAPP Censorship - Part 68 Out of 200: Based on Their Particulars of Claims, Microsoft's Graveley and Garrett Seem Like the Same Person (Exactly Same Words Used, Sloppily Recycled)
almost identical (even a description of who they are and how they feel)
The Operating Systems statCounter Cannot Identify or Classify
Is it possible that statCounter just cannot properly decipher and classify systems brought by and controlled by eastern Asia as opposed to Europe and North America?
Gartner Group Paid The Register MS. And Now The Register MS is a "Gartner Says" Rag.
Follow the money
IBM Allegedly Used Apptio to Target and Sack (RA) Productive or 'Expensive' Employees, Are Apptio Staff Now Subjected to Layoffs?
Apptio is one of several companies that IBM buys only to sink together with the IBM boat, RMS Watson
Gemini Links 06/05/2026: "Who Knows That You Blog?" and New Official Antenna by Michael Nordmeyer
Links for the day
Links 06/05/2026: Apple Accepts That It Misled People on Slop and Begins Blocking Software/Games Made With Slop
Links for the day
Microsoft's XBox Exodus Carries on: Corporate VP of Gaming Ecosystem Organization and Corporate VP of XBox Devices and Ecosystem Both Leave Microsoft
Don't expect what's left of the media to properly report the true scale of the XBox cuts and executive-level departures
Codecs and Software Patents - Part II - AV1 and HEVC Not Really Safe
We are, in effect, looking at a sort of cartel (like the one which came out of Germany with MP3)
The Corrupt Lecture the Non-Corrupt - Part XIV - Antisemitism Inside the EPO
A sensitive topic for the European Patent Office (EPO)
Gemini Links 06/05/2026: Childhood Memories, Intense People, and Natural Web Exploration
Links for the day
Links 06/05/2026: Narges Mohammadi in Critical Condition and Copyright Infringement Rampant in Reddit
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 05, 2026
IRC logs for Tuesday, May 05, 2026