Bonum Certa Men Certa

The Windows Security Theatre

Airport



Summary: Many security reports from The Register and little more of the rest

McAfee is far from a friend of Free software [1, 2] and its remedies for Windows may sometimes cause more harm than good. Here is a fresh new example of why this paradigm of sold-separately bolted-on security software simply does not work. To quote, "IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death."



One of our readers says that "admins use Knoppix to fix borked McAfee antivirus" and he points to this new example where someone suggests: "For servers with BSOD we have used knoppix live cd to move files from quarantine to original place..."

In other news, Microsoft is preparing patches for flaws that enable hijacking of Windows, probably remotely. These flaws are very serious. Some of them are already being actively exploited (without a solution available).

Microsoft on Tuesday plans to release updates patching three critical Windows security vulnerabilities, two of which are already under attack.


Attacks must always precede reaction in Microsoft's case.

Why might this happen? Well, maybe because, according to some more news, Microsoft has knowingly ignored a serious flaw for a year. It is so typical.

Microsoft knew of nasty IE bug a year before attacks



The disclosure comes as attacks targeting the MSVidCtl ActiveX control vulnerability have increased exponentially. On Monday, online ads distributed by through the Giant Realm network on popular gaming websites began including code that exploits the bug, according to security firm ScanSafe. The ads mean that anyone using IE to browse sites such as diii.net and incgamers.com are risk if they run the XP or 2003 versions of Windows and have not yet installed a quick fix.


We have already shown that Microsoft deliberately hides its flaws. Victims of this careless, selfish behaviour are all of us who receive spam from hundreds of millions of Windows zombies. To rephrase the news (The Register again), spam levels have returned to normal.

Victims may include more hospitals too, according to this last bit of news from The Register.

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a "massive DDoS" attack for the July 4 Independence Day holiday.


Hospitals are hit by Windows viruses on a very regular basis this year [1, 2, 3, 4] and according to this article from Sam Varghese Microsoft is profiteering from it.

How Microsoft benefits from Conficker



Microsoft experts were among consultants called in by the council - and they took home some of the €£1.2 million which the body paid out to get the problem resolved. Exactly how much was paid to the different consultants was not divulged.


In reference to some of these shocking figures, one of our readers asks, "What can be bought?" He uses Manchester as an example:

There was a recent article about the UK city of Manchester which just paid nearly $2.5 million in clean up for the Windows worm Conficker. That's one worm in one city.

If we take some numbers for the sake of argument and play with them, what could we buy with $2.5 million.

Say for the sake of argument that top developers (in several fields of computing) and UI designers cost $100,000 apiece including insurance, pensions, equipment and work space rental. That would provide for a team of 10 for 25 years, or a team of 25 for 10 years, etc.

So for a decade, for the same price, Manchester could work out a re-packaging of Fedora and some needed applications:

5 development engineers 5 deployement engineers 5 HCI specialists 10 half-time support 3 full-time support 2 managers / marketeers

The magnitude of the money lost pursuing the Windows ideology is mind-boggling.


Contrary to common belief (mind the interesting comments), Microsoft could really use some money which is made through its own incompetence. The reality of the matter is that Microsoft has faltered for years (even financially) and it now amasses some debt.

But going back to this subject of security, Heise reports show that Apple is no role model either, not with its proprietary, DRM-locked phones.

iPhone 3GS cracked



[...]

The Dev Team are well known for their free iPhone jailbreaking and unlocking tools (QuickPwn, PwnageTool, Yellowsn0W, etc.), however, they have yet to release a tool that's compatible with the 3GS and version 3.0 of the iPhone software.


Symbian faces challenges too. Symbian is still proprietary (in phases of transition).

Security on Symbian mobiles: Early signs of crumbling



[...]

At the recent Pwn2Own 2009 security contest, none of the competitors succeeded in hacking a Symbian mobile.


Free Software Magazine has a good new comic on that subject of security.

Comments

Recent Techrights' Posts

The Word About the Upcoming Talk by Richard Stallman - Scheduled for Friday This Week - Has Spread ("The Cost of Freedom," Lausanne, Switzerland)
So the word is spreading
 
Neuroscience of Consciousness Paper: Why Social Control Media and Proprietary Spyware Harm Your Health
"Software Freedom turns out to be good for your health"
Access to the Source Code of the Programs You're Using Matters (Even If You're Not a Coder and Cannot Fix Bugs)
Companies like Microsoft tell us that full access to all the code isn't important
Guardian Digital (linuxsecurity.com) Publishes Fake Articles About Linux and About (for) 'Linux' Foundation Openwashing
Brittany Day is at it again
Links 14/01/2025: LA Crisis and EU, UK Respond to "X.com" Threat From South African Oligarch
Links for the day
"AI Music" is Not Music and It's Hardly "AI" Either
Synthetic garbage is a solution in search of a problem
Webspam in BetaNews
Not only is it marketing SPAM
[Meme] 13 Years a Slave of Microsoft
Might makes right?
Gemini Links 14/01/2025: The Gemtext Print Hurdle and New Game: Fill!
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 13, 2025
IRC logs for Monday, January 13, 2025
Links 13/01/2025: Conflicts, Prisoner Exchange, and Homes on Fire
Links for the day
Angola: Microsoft Windows Falls Below 10%
Microsoft has a really bad 2024 in Africa
[Meme] Twitter ("X") Has Been Grooming Radicals Since 2022
Musk's very own "grooming gang"
[Meme] What Free Speech Ought to Mean
It does not sound like RMS suggests anything other than quitting social control media
Gemini Links 13/01/2025: RestFest, Yule, and Deedum
Links for the day
Modern Web Browsers as Web Censorship Software
We continue to recommend Geminispace
Two Weeks From Now Dr. Richard Stallman Speaks at The Summit of Future 2025 (India)
he will be giving a "Keynote Address" in India
Microsoft is Tight With Money: It's About the Salaries ('Cost' of the Workers)
a question of cost, not skill
Google Got People Sort of Addicted to Android So It Can Cash in (Services, App Store, Advertising) Decades Later
This is not software freedom
The Free Software Foundation Reaches 370k Dollars in Funding, Due Date is January 17th When Richard Stallman is Guest of Honour in Lausanne (Switzerland)
Even fellow board members seem unaware of it
Record Lows for Windows (Microsoft) in Botswana
The market share of Vista 11 is seen as going down
Preserving Deleted Articles About Bill Gates Talking Like a Drug Dealer About Computer Users
Now it's 2025. Different challenge.
Links 13/01/2025: Disinformation, Social Control Media Actively Promoting Nazism, and Catchup With Ukraine
Links for the day
Microsoft Front Group Starts the Year by Championing Underage (or Child) Labour
the fake 'FSF'
TPM Boosters Inside Debian (TPM Isn't About Security, It is About Control Over Users and Their Machines)
We're not rushing to any conclusions
Aaron Swartz Died 12 Years Ago After a Vicious Government Campaign to Stop Him
The Aaron Swartz story is a reminder of the importance of having verifiable/verified information out there for the general public to see
Links 13/01/2025: GitLab Enshittification and Minimalism and Efficiency with Gemini Protocol
Links for the day
Links 13/01/2025: Hardware, Health, and Conflicts
Links for the day
Chatbots Are Not Data-Driven, They're Human-Censored and Rely on Wage Slaves (and Sometimes Unpaid Volunteers)
This is the Microsoft wage slavery
Microsoft Appears to Have Fallen to Only 15% in Maldives
This is a problem for Microsoft
Rumours of IBM Canada Layoffs
We'll keep a vigilant eye on this
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 12, 2025
IRC logs for Sunday, January 12, 2025
Bots Covering Debian Releases
It would be quite safe to guess that chatbots were at least partly leveraged for that text
Gemini Links 12/01/2025: No Country For Old Men, Burned Homes, and "Planet P is Clean"
Links for the day
Slopwatch: Brittany Day and Brian Fagioli Are Still at It, Googlebombing "Linux" With LLM Slop (Taking Away Traffic From the Articles They're Plagiarising)
Some more sites that used to cover GNU/Linux have turned into slopfarms
Links 12/01/2025: Microsoft Admits It's Laying Off Staff Only Where Staff is "Expensive" (Race to the Bottom)
Links for the day
[Meme] Being High on Drugs Isn't Happiness (Likewise, Being a "Star" in Social Control Media is Temporary)
Many entities - or people - will regret telling everybody "follow me on Twitter"
[Meme] They Say That RMS Says the "F" Word (Freedom) Too Much...
About 32.7k US dollars are now left for the FSF to raise (in 6 days)
Links 12/01/2025: More Sanctions Against Russia, SCOTUS Signals Fentanylware (TikTok) Ban Will Stay
Links for the day
[Meme] A Jihad Against Servers the User Controls
We need to strive for and work towards greater control by users over "their" servers
Microsoft Azure-Only Bugs in "Linux" Can "Compromise the System."
From ubuntu.com and linux.org a few days ago
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 11, 2025
IRC logs for Saturday, January 11, 2025
Gemini Links 12/01/2025: DHL Express Does Not Deliver, Oddmuse Update
Links for the day