Bonum Certa Men Certa

Government Shoots Itself in the Foot by Letting Microsoft Control Insecurity Departments

Rooster



Summary: President Obama puts a fox in change of the hen house with yet another appointment of Microsoft for security; Microsoft helps malware writers

THE United States government is not engineered for security because it hires "security" people from the very same company that causes a lot of the problems. The DHS is already affected and Obama pondered making Scott Charney, head of Microsoft's cybersecurity division, the US cybersecurity czar. Eventually he picked another person from Microsoft for this job (also in [1, 2, 3, 4]):



The White House is naming a former Microsoft and eBay executive as the government's new cyber security coordinator. Former Bush administration official Howard Schmidt will lead the effort to shore up the country's computer networks.


More here:

Obama names former Microsoft exec new U.S. cybersecurity czar



President Obama this morning named a new U.S. cybersecurity coordinator: Howard Schmidt, a longtime computer security specialist who has worked as an executive for companies including Microsoft and eBay, and as a security adviser to the administration of George W. Bush.


How shameful. We have already explained why this is a mistake and when poor decisions are made in the future it may be possible to blame them on bias. One reader of ours wrote in relation to this news: "If they already have the technical knowledge, then why haven't they made a computer that can't be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?

Also in yesterday's news we now find:

Microsoft AV advice may aid attackers, researcher warns

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.


Microsoft shows malware writers where to hide

In a document published on its support site, Microsoft suggests that users do not need to scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. "These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking," the Vole said.


Microsoft accused of helping virus writers [via]

Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC.

In an article published on Microsoft's Support site the company claims it's safe to exclude certain file types from virus scans because "they are not at risk of infection". Microsoft claims ignoring these files will help improve scanning performance and avoid unnecessary conflicts.


Yes, Microsoft does not seem to have a clue about security.

Microsoft's influence in the United States government is increasing and this is becoming a matter of national security. They spread that so-called "Microsoft religion" to areas that are mostly UNIX- and Linux-based. They ignore many decades of good practices.

"It is no exaggeration to say that the national security is€ also implicated by the efforts of hackers to break into€ computing networks. Computers, including many running Windows€ operating systems, are used throughout the United States€ Department of Defense and by the armed forces of the United€ States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



Comments

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news for the past day
This Saturday It's Gonna be 3.5 Years* Since Russia Invaded Ukraine. No Microsoft Protests Against Microsoft Having Provided Russia With Services.
Companies do not have consistent policies and enforcement of "corporate values" is somewhat of an egg salad
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants
Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
 
Soon It'll be Autumn, Time to Repair Things
Where they don't charge an arm and a leg
Doing Our Best to Cover Software Patents When the Mainstream Media Does Not
Even the FSF has its limits
Gemini Links 23/08/2025: August Questions and Network Solutions
Links for the day
IRC Proceedings: Friday, August 22, 2025
IRC logs for Friday, August 22, 2025
Microsoft Has Issues in Guyana
It's not just Guyana
About 25% of the "Linux" News/Results in Google News Today Are LLM Slop, Almost 20% From the Same Rogue Operators of Slopfarms
Google, which tries to market itself as an LLM giant, apparently fails to understand what's wrong with it
Harassing People on Holiday
There are "no-go areas"; but that assumes all laws firms have ethical standards
The Great, Undeniable Value of Paper Trail, Not Purely Digital Systems
Suppose you have nothing but bits on someone else's computer and "word of mouth"...
The Company Behind Ars Technica, Reddit and Wired Caught Publishing LLM Slop (It Also Admits It Now)
Condé Nast busted
Links 22/08/2025: Lagrange 1.18.8, Wired Magazine and Business Insider Caught Resorting to LLM Slop
Links for the day
Links 22/08/2025: Cisco Layoffs, LA Times Says "AI Hype is Fading Fast"
Links for the day
Gemini Links 22/08/2025: K for Kentucky and Caddy Versus LLM Slopbots
Links for the day
The "End Software Patents" Initiative of the FSF Explains "WHY [to] ABOLISH SOFTWARE PATENTS"
We hope to cover patent-related issues more and more as the big anniversary of the FSF approaches
Freenode Sniffing
The grown-ups left the building
The Only Thing Worse Than Misinformation is Misinformation Sold to Everyone as "Intelligence"
Misplaced trust is worse than none at all
The Register MS Now Openly Admits LLM Hype Does Damage, But It's Also Being Paid to Participate in the LLM Hype (With Paid 'Articles' and 'Webcasts' for Paying Advertisers)
The Register MS gets paid to do this
End of the Smartphone Era? No.
Maybe the media should focus on producing accurate, factual news
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 21, 2025
IRC logs for Thursday, August 21, 2025
Enshittification of Airports, Airlines, and Airplanes
If people are willing to tolerate standard declines and enshittification (nowadays sold as "pivot to AI" or "replaced by AI" or "AI layoffs") they will pay for it some other way
Latest Is Not Greatest: The Case of "Foldable" Tech
don't be shamed into abandoning old things just because the "fashion industry" of Apple and Samsung tells you to
Airlines and Their Tricks That Only Work in the 'Digital Age'
People sceptical of the direction technology has taken are not "Luddites"
Open Source Initiative (OSI), Which Became a Propaganda Front of Microsoft and "Hey Hi" (Hype, Misnomer), Wants You to Forget These Scandals
A lot of these issues won't be set aside until there's a resolution
The Culture of Overnight Coding
An industry-wise push-back is needed
Windows Down to New Lows in Guinea Bissau and Many Countries Around It
If Android is accounted for, Windows is down to about 10%
Gemini Links 21/08/2025: Modern Dating, Debian 13, and Apache
Links for the day
Microsoft Has Had About 10 Waves of Mass Layoffs So Far This Year (Not Two as Mainstream Media and Slopfarms Endlessly Claim)
Notice how the MSM (Mainstream Media) never mentions the debt of Microsoft. It is a conscious, deliberate decision.
Links 21/08/2025: Covid Cases on the Rise, "Social Media Trolls", Russia's Attacks Intensify
Links for the day
Gemini Links 21/08/2025: The Attraction of Back Alleys, Initramfs, and BSD ISPs
Links for the day
Links 21/08/2025: Stephanie Shirley Dies and "Groklaw Domain Hijacked?"
Links for the day
Search in 2025 (Age of DDoS Attacks Under the Guise of "AI" "Innovation")
One common concern when things go "live" is that any random bot out there can execute queries, pumping up RAM and CPU usage, as happened when we used MediaWiki and WordPress
Using Slop for Images Does Not Make Your Site Look Advanced or Witty, It Just Makes Your Whole Work Look Like Presumed Plagiarism
Lazy slobs and Serial Sloppers use the guise/excuse of "AI" to plagiarise and spam the Web
Financing of the "Hey Hi" (AI) Bubble by Those Who Profit From Planetary Destruction (Global Warming)
It's about personal gain, too
Richard Stallman Will Speak in Ethereum Cypherpunk Congress
it's good to see that the FSF pays considerable respect to it founder, who is moreover invited to speak at events
(At Least) Second Wave of Mass Layoffs in Microsoft This Month
This is not the first time this month that Microsoft has mass layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 20, 2025
IRC logs for Wednesday, August 20, 2025