Bonum Certa Men Certa

Government Shoots Itself in the Foot by Letting Microsoft Control Insecurity Departments

Rooster



Summary: President Obama puts a fox in change of the hen house with yet another appointment of Microsoft for security; Microsoft helps malware writers

THE United States government is not engineered for security because it hires "security" people from the very same company that causes a lot of the problems. The DHS is already affected and Obama pondered making Scott Charney, head of Microsoft's cybersecurity division, the US cybersecurity czar. Eventually he picked another person from Microsoft for this job (also in [1, 2, 3, 4]):



The White House is naming a former Microsoft and eBay executive as the government's new cyber security coordinator. Former Bush administration official Howard Schmidt will lead the effort to shore up the country's computer networks.


More here:

Obama names former Microsoft exec new U.S. cybersecurity czar



President Obama this morning named a new U.S. cybersecurity coordinator: Howard Schmidt, a longtime computer security specialist who has worked as an executive for companies including Microsoft and eBay, and as a security adviser to the administration of George W. Bush.


How shameful. We have already explained why this is a mistake and when poor decisions are made in the future it may be possible to blame them on bias. One reader of ours wrote in relation to this news: "If they already have the technical knowledge, then why haven't they made a computer that can't be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?

Also in yesterday's news we now find:

Microsoft AV advice may aid attackers, researcher warns

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.


Microsoft shows malware writers where to hide

In a document published on its support site, Microsoft suggests that users do not need to scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. "These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking," the Vole said.


Microsoft accused of helping virus writers [via]

Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC.

In an article published on Microsoft's Support site the company claims it's safe to exclude certain file types from virus scans because "they are not at risk of infection". Microsoft claims ignoring these files will help improve scanning performance and avoid unnecessary conflicts.


Yes, Microsoft does not seem to have a clue about security.

Microsoft's influence in the United States government is increasing and this is becoming a matter of national security. They spread that so-called "Microsoft religion" to areas that are mostly UNIX- and Linux-based. They ignore many decades of good practices.

"It is no exaggeration to say that the national security is€ also implicated by the efforts of hackers to break into€ computing networks. Computers, including many running Windows€ operating systems, are used throughout the United States€ Department of Defense and by the armed forces of the United€ States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



Comments

Recent Techrights' Posts

Microsoft's GitHub is Losing Traffic, Based on an Extensive Web Survey, and Its Future is Uncertain
Remember that Microsoft keeps close to its chest the operations and finances of GitHub (because it's embarrassing!)
[Meme] Shoestring Budget With Record Profits (Because Hundreds of Thousands of Fake European Patents Get Granted)
Record profits? EPO staff does not benefit!
 
Disputing the Achievements of IBM's CEO, Who Already Terminated Many Jobs at Red Hat (Which He Had Allegedly Suggested Buying)
Buying a company to gut it within about a year?
Links 14/10/2024: One Year Since Activision Blizzard Demolition 'Officially' Began and Amazon Corporate Layoffs Accelerate
Links for the day
Gemini Links 14/10/2024: Dabbling in GemText, Unit Testing
Links for the day
Links 14/10/2024: Keeping Multiple Blogs, Wrestling With Misinformation
Links for the day
[Meme] Class of Microsoft
"Everything started with Microsoft DOS!"
History Education and Rejecting Creation Myths
The creator of Linux isn't the creator of GNU/Linux
How to Follow Our Updates About EPO (or Everything Else for That Matter)
follow us via RSS feeds
EPO Administration: Wait Several Months or Until Next Year for Clarifications
"After the intranet announcements of 18 September and 27 September and recent emails from CIGNA concerning opting into the VECOZO network, colleagues have been contacting us with queries and requests for guidance."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 13, 2024
IRC logs for Sunday, October 13, 2024
Unrest at the European Patent Office as School Costs Eat Away the Income
"Letter to the administration on the Education Allowance - DISDH - German School"
Gemini Links 13/10/2024: ArcMenu, Emacs decide-mode, Midnight Pub Mass-Deletion Option
Links for the day
Links 13/10/2024: Science, Politics, and Some Gemini
Links for the day
Links 13/10/2024: Writing, Remembering John Wheeler, Voice Cloning
Links for the day
Certificate Authority Let's Encrypt Falls to 0.7% in Geminispace (It Was Around 12% Just 2 Years Ago and 7.5% This Past February)
Let's Encrypt is down again
Gemini Links 13/10/2024: Self-hosting Snac2 and Invasion of e-ink
Links for the day
SDxCentral, which the Linux Foundation Paid to Produce Marketing SPAM, Has Now Become Slop (LLM Spew) Disguised as 'Articles'
Google should delist it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 12, 2024
IRC logs for Saturday, October 12, 2024
Links 12/10/2024: More Site Blocking, China's Hostility, and Evan Gershkovich's Upcoming Book
Links for the day
"Security Advantages" Explained by a Scammy "Security" Site That Uses LLMs to Spew Out Garbage
destroying the Web by saturating it with "bullshit".
Links 12/10/2024: Boeing to Cut 17,000 Jobs, Medieval Sleeping Habits, Warning About Liquidweb
Links for the day
Links 12/10/2024: Health, Safety and Climate Concerns
Links for the day
Gemini Links 12/10/2024: Ensemble and Assembler
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
Links 12/10/2024: TikTok Layoffs and Risk of More Wars
Links for the day
IRC Proceedings: Friday, October 11, 2024
IRC logs for Friday, October 11, 2024