Windows Security Failures Watch

Dr. Roy Schestowitz

2009-07-14 11:28:53 UTC
Modified: 2009-07-14 11:28:53 UTC

Modern warfare need not be nuclear

Summary: From international zombie wars to domestic issues caused by the use of Microsoft Windows

LAST YEAR we showed that roughly 320,000,000 Windows PCs were believed to be zombie PCs. This is not amusing. Similar independent estimates are not far off and they include sources/names like Vint Cerf.

With sheer numbers of hijacked (or available-for-hijack) computers, high-bandwidth botnets grow very massive and prevalent. As SJVN puts it, Windows is now being used as a weapon "of mass destruction" in cyberspace.

Windows of mass destruction

[...]

For most of this week, prominent Web sites in both South Korea and the United States have been being bombarded by DDoS (Distributed Denial of Service) attacks. At times, these assaults have knocked out multiple major sites. North Korea has been taking the blame for these attacks, but no one has any proof yet. What we do know is that the weapon that's doing this damage is compromised Windows PCs.

In light of these serious security failures, one blogger claims that it “sucks to be a Windows User.” What about those who are affected by the use of Windows by others?

Linux Today shares this article about a Kentucky incident where Windows was the cause/culprit. As one reader points out, comments on the article bring up GNU/Linux because taxpayers -- not Microsoft -- usually pay for the damages.

Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks.

How about this new confession from Microsoft?

You've all spoken up loud on the reports of Windows installing updates automatically when told not to.

Microsoft has issued an acknowledgment of the reports, if not an actual response to them. They say they are investigating the reports, and with problems like this one, which appears to be sporadic at best, it can take a while to tell for sure exactly what's going on.

Can Microsoft blame people for fearing Windows Update and thus rejecting security patches? The company has itself to blame too (incompetent engineering combined with poor quality control). ⬆

"It is no exaggeration to say that the national security is€ also implicated by the efforts of hackers to break into€ computing networks. Computers, including many running Windows€ operating systems, are used throughout the United States€ Department of Defense and by the armed forces of the United€ States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft

UEFI 9/11 Aftermath - Part III: Mr. 'Secure Boot' (Shim) and His Fake 'Holiday' (Sending My Wife and I Threatening E-mails on 9/11): despite being on holiday, according to him, he finds time to instruct lawyers to contact my wife
Ron Wyden: Microsoft Should be Held Accountable for Security Breaches (He Has Said This for Years Already, It Never Happens): Negative media coverage isn't a fine and it does nothing to compensate Microsoft's billions of victims
The Mind of the 'Hulk Hogan of UEFI': in a nutshell
A Day After "UEFI 9/11": UEFI Secure Boot Bypass: In the news today (right now), as published in the past few hours
Links 12/09/2025: Slop Code as Liability, Microsoft Outlook Down for Many: Links for the day
It's Still Not to Late to Turn Off "Secure Boot": If people reboot their PC or server today, and it relies on "Secure Boot" on Sept. 12 or later, then depending on the firmware there may be trouble ahead
Links 12/09/2025: Shira Perlmutter is Back, “Software Per Se” Patent Rejections in In re McFadden: Links for the day
Slopwatch: Linux Plagiarism, Slopfarms Still Infesting Google News, Many Images Are Fake: Google is promoting plagiarism
"This Morning Might Turn Out to be an Interesting One for System Admins Who Haven't Updated Their Devices' Secure Boot Certificate" (If They Reboot): Who asked for this anyway?
Gemini Links 12/09/2025: Metric System, Dumping Windows, and Software Architecture is Dead: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, September 11, 2025: IRC logs for Thursday, September 11, 2025
Microsoft Admits the Workers Have Lost Trust (Endless Layoffs, 12-13 Rounds of Layoffs This Year), So Now It's Trotting out Its Peter Bright-Like Media Prop Jordan Novet: What they don't want people to pay attention to right now
Links 11/09/2025: Windows TCO and Russian Drones Invading Poland (EU/NATO): Links for the day
Gemini Links 11/09/2025: xkcd, misfin, and Alhena 5.3.2: Links for the day
Repetition of Last Summer (Microsoft Breaking Dual-Boot Systems): UEFI 9/11 is about to kick in
UEFI 'Secure Boot' Boiling Frogs (Cannot Turn Off 'Secure Boot'): "MSI laptop is locked on Secure Boot and doesn't allow me to turn it off"
UEFI 9/11 Aftermath - Part IV: The 'Hulk Hogan of UEFI' and His 'Hideout' Holiday (Retreat From Reality): Let's keep an eye on what matters
UEFI 9/11 Aftermath - Part II: "The SecureBoot Thing Got Out of Hand.": The next few weeks might be... interesting
UEFI 9/11 Aftermath - Part I: "I Believe This Affects Thousands of Devices... Because Multiple Devices I Checked, Whether Client or Server [...] Affected.": Most people aren't even aware that this is happening or about to happen
The UEFI 9/11 - Part X - An Outline of the Series About Microsoft Sabotaging GNU/Linux (With Ramifications to Unfold Online in Coming Weeks as People Reboot): Today is UEFI 9/11 (9/11/2025)
Culture of silence: Ubisoft harassment convictions, Mozilla, Sylvestre Ledru & Debian make no comment: Reprinted with permission from Daniel Pocock
Disable 'Secure Boot' (If It Lets You): it doesn't put you in control
Links 11/09/2025: "Hey Hi" Ponzi Schemes at Oracle (Unpaid Contracts) and Cindy Cohn is Leaving the EFF: Links for the day
Longtime Red Hat Staff: Maybe Just Disable 'Secure Boot': A refreshing take from Adam Williamson
Gemini Links 11/09/2025: Playdate Console, Dichotomy between the Real and the Digital: Links for the day
A Dozen Observations About "UEFI 9/11" Deflections: What we are expected to see, tentatively
The Microsoft AstroTurfing and Microsoft-Led Blame-Shifting Tactics Are Ahead of Us: Of course it has nothing to do with security, it's about control, i.e. them controlling everything
Celebrating Assassination is Bad Because It Legitimises Assassination of the People You Like, Too: Condoning or even celebrating political assassinations is bad optics (and taste)
The World's Richest Ponzi Scheme (Faking Value Using Net Waste): The higher they go the harder they fall
We Could Dual-Boot Back in the 1990s, Why Has This Become So Difficult?: And prone to breakage
Being Conditioned to Accept Unreliable Computer Systems That Fail With Black Screen of Death (BSoD): Welcome to 2025
Slopwatch: Google News is Still Promoting Many Fake Articles About "Linux", in Effect Rewarding Misinformation and Plagiarism: things continue to deteriorate
New Series: The Coup Against GNU/Linux Has Begun: today, this year in particular, we shall also focus on Secure Boot, which is sold based on a lie and tortures many computer user
New Paper on "BYOVD, but in firmware. Signed UEFI shells, vulnerable modules offer new paths for Secure Boot bypasses.": One might say digital "security theatre"
Links 11/09/2025: Oracle Layoffs, Drunk Pilots in Japan Airlines, US-Korea Tensions Grow: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 10, 2025: IRC logs for Wednesday, September 10, 2025
Xubuntu Site Compromised: Let's hope it is not a security breach
Links 10/09/2025: Retaliation at Facebook and Microsoft Reveals Almost 100 Security Holes: Links for the day
Gemini Links 10/09/2025: Annihilation of Self, The Future Eaters, and Leaving Academia: Links for the day
They Say That People Are Afraid of or Worried About "Hey Hi", But the Worriers Should be the Fools Who Invested in It: At the end of the day nobody should worry more than those who invested their money in this bubble
Harassment evidence: franceinfo's Clara Lainé report on Ubisoft prosecution: Reprinted with permission from Daniel Pocock
Links 10/09/2025: Microsoft Layoffs in "RTO" Clothing and Windows TCO, GitHub TCO: Links for the day
Blaming Everything on China: TikTok works for China. GAFAM works for fascists.
People Get Tired of "Hey Hi" (AI), Unlike the Subservient Money-Obsessed Media That Gets Paid to Pretend This Bubble Still Matters: "crash will be way bigger than dot.com burst in 90s. and that was Internet, actually transformative technology, not this expensive AI toy with direct dependency on the energy input which is not scalable"
Brett Wilson LLP Accepts That the Serial Strangler From Microsoft Filed a Case That Also Implicates My Wife (Everything is Connected): They used to pretend that there were two separate cases
10 Reasons to Disable (or Enable) UEFI Secure Boot: Tomorrow the "trusted corporation" Microsoft will see a certificate expire
Gemini Links 10/09/2025: Hospital and Large Feeds: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 09, 2025: IRC logs for Tuesday, September 09, 2025
The Bluewashing of Red Hat is Being Completed, Many Staff Understand They'll be Made Redundant: Jim AllowHurst (Whitehurst) is meanwhile promoting Microsoft's agenda from within other companies
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers): Mozilla is not leftist

Windows Security Failures Watch

Windows of mass destruction

Recent Techrights' Posts