Bonum Certa Men Certa

Microsoft's Latest Security Failures on the Web



Summary: Windows malware, Trojans and worms on the wire blamed on poor infrastructure of IIS

"Can Microsoft help government agencies improve IT security?"



That's the question asked here (a Windows-oriented Web site), right after a Microsoft veteran managed to become the Cyber Security Czar in the United States. But Microsoft has an appalling record when it comes to security. Even on the Web, where Windows is a minority, Microsoft servers tend to get compromised. Last week we wrote about the IIS flaw which had made headlines since around Christmas. "Flaw in Microsoft’s IIS Enables Malware Execution," says this one source, whereas Microsoft's side of the story can be seen too [1, 2]. Microsoft insists that only particular configurations leave the servers vulnerable. But still, why should they be left vulnerable? The question is not how seriously vulnerable those servers are made but why they were made vulnerable in the first place. Shoddy design and coding perhaps?

Here is one of Microsoft's vital Web sites going offline for over a week!

As we reported last month, Microsoft's volume licensing websites were yanked offline for over a week while the software giant tweaked its service in a move to "improve the licensing management experience" for the firm's users.


There's also this in the news:



An aggressive spear phishing email campaign inviting recipients to “apply a new set of settings” to their mailboxes because of a recent “security upgrade” of their mailing service.


To be fair, phishing is not a Windows problem, but repositories in GNU/Linux usually establish a web of trust that leaves malicious intervention outside. Microsoft has a lot to learn from UNIX and Linux (UAC being a recent example).

"It puts the Linux phenomenon and the Unix phenomenon at the top of the list."

--Steve Ballmer, 2001

Comments

Recent Techrights' Posts

There's Nothing "Funny" About Attacking Free Speech and Software Freedom
persistent focus on the principal issues is very important
GNU/Linux Adoption in Africa, a Passageway Towards Freedom From Neo-Colonialism
Digi(tal)-Colonialism and/or Techolonialism are a thing. Can Africa flee the trap?
 
Links 06/12/2023: Many More December Layoffs
Links for the day
IRC Proceedings: Tuesday, December 05, 2023
IRC logs for Tuesday, December 05, 2023
PipeWire 1.0: Linux audio comes of age
Once upon a time, serious audio users like musicians and audio engineers had real trouble with Linux
This is How 'Linux' Foundation Presents Linux to the World
Right now it even picks Windows over Linux in some cases
Links 05/12/2023: Microsoft's Chatbot as Health Hazard
Links for the day
Professor Eben Moglen Explained How Software Patent Threats Had Changed Around 2014 (Alice Case) and What Would Happen Till 2025
clip aged reasonably well
CNN Contributes to Demolition of the Open Web
Reprinted with permission from Ryan Farmer
Eben Moglen on Encryption and Anonymity
The alternate net we need, and how we can build it ourselves
Yet More Microsofters Inside the Board of Mozilla (Which Has Just Outsourced Firefox Development to Microsoft's Proprietary Prison)
Do you want a browser controlled (and spied on) by such a company?
IRC Proceedings: Monday, December 04, 2023
IRC logs for Monday, December 04, 2023
GNU/Linux Now Exceeds 3.6% Market Share on Desktops/Laptops, According to statCounter
things have changed for Windows in China
Over at Tux Machines...
GNU/Linux news
Links 05/12/2023: Debt Brake in Germany and Layoffs at Condé Nast (Reddit, Wired, Ars Technica and More)
Links for the day
[Meme] Social Control Media Giants Shaping Debates on BSDs and GNU/Linux
listening to random people in Social Control Media
Reddit (Condé Nast), Which Has Another Round of Layoffs This Month, Incited People Against GNU/Linux Users (Divide and Rule, It's 2003 All Over Again!)
Does somebody (perhaps a third party) fan the flames?
Who Will Hold the Open Source Initiative (OSI) Accountable for Taking Bribes From Microsoft and Selling Out to Enable/Endorse Massive Copyright Infringement?
it does Microsoft advocacy
Using Gemini to Moan About Linux and Spread .NET
Toxic, acidic post in Gemini
Web Monopolist, Google, 'Pulls a Microsoft' by Hijacking/Overriding the Name of Competitor and Alternative to the Web
Gulag 'hijacking' 'Gemini'
Links 04/12/2023: Mass Layoffs at Spotify (Debt, Losses, Bubble) Once Again
Links for the day
ChatGPT Hype/Vapourware (and 'Bing') Has Failed, Google Maintains Dominance in Search
a growing mountain of debt and crises
[Meme] Every Real Paralegal Knows This
how copyright law works
Forging IRC Logs and Impersonating Professors: the Lengths to Which Anti-Free Software Militants Would Go
Impersonating people in IRC, too
IRC Proceedings: Sunday, December 03, 2023
IRC logs for Sunday, December 03, 2023
GNU/Linux Popularity Surging, So Why Did MakeUseOf Quit Covering It About 10 Days Ago?
It's particularly sad because some of the best articles about GNU/Linux came from that site, both technical articles and advocacy-centric pieces
Links 04/12/2023: COVID-19 Data Misused Again, Anti-Consumerism Activism
Links for the day