Bonum Certa Men Certa

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft's Own Flaws and Against Google)

Chinese girl in beijing



Summary: Microsoft is transforming the debate from one which is centered on Microsoft's inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

"Blame someone else" is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people's PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):



We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it's (a) big and (b) getting bigger. And there's no reason, at present, to suspect that the trend will reverse, because nobody's doing anything that appears to -- in any significant way -- to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?


So, according to the above, it's safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It's not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.


Chuck Norris Botnet Karate-chops Routers Hard

If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.


Olympic skier Begg-Smith known as 'spam king'

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware - usually in the form of fake point generators - often comes into play. "Fake points generators that run on your PC promise free Microsoft points in return for your login details," Boyd explained. "Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake 'it works' messages on the videos promoting them [phishing tricks]," he added.


BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.


Obviously, people talk about the BSOD issue as one involving Microsoft's attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft's blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft's inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn't they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows' fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They're probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I'd say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn't be any 'unsupported' ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down -- most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn't capable of keeping up with the hackers or their threats.


In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft's own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say "allegedly" because the schools are denying it. From yesterday's news: "Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday." Here again is misplaced focus on people who exploited Microsoft's defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: "Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source."

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It's the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. "Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t," says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That's Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google's side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.


Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.


It's the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It's funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Recent Techrights' Posts

How Software Patents Were Viewed or Their General Status Changed Over Time
A rough summary
Nothing that Microsoft Lunduke claims or says can be trusted
Nothing that Microsoft Lunduke claims of says can be trusted
Datamation, Where I Used to Publish Articles, Appears to Have Been Sold to TechnologyAdvice Only to Become a Slopfarm
I'd prefer to not associate with that site anymore
 
Red Hat is Ignoring the Free Software Community, It's a "Fortune 1000" Vendor
Red Hat's blog also participates a lot in promoting of Wall Street's latest pump-and-dump "AI" scheme
Advocacy of Software Freedom Changed, LUGs Became Less Relevant
The way we see it, support groups like LUGs sort of outlived their usefulness when it became easier to install GNU/Linux
Free Software Foundation Party Has Begun
We shall be focusing a lot on software patents today
Former Head of the Federal Trade Commission (FTC) Lina Khan Knows Whatever Microsoft Touches Will Die
Just like Skype (as recently as months ago) [...] When Microsoft grabs things, or when it buys things, it almost never ends well
Slopwatch: Fake Articles About LibreOffice in Austria and Wine 10.16
very short
Links 04/10/2025: "attempted Coup" Noted in Facebook, Russia Kills Journalists via Drones
Links for the day
Gemini Links 04/10/2025: Anesthesia and Baudpunk
Links for the day
Links 04/10/2025: "Privacy Harm Is Harm", Criticism Outlawed in US
Links for the day
Garmin Uses Linux for Some of the Garmin Products, Now It's Sued by Strava Using Software Patents
Software patents should never have been granted in the first place
Richard Stallman Will Give a Talk in Sweden in 6 Days
Dr. Stallman, despite his battle with cancer is still alive and mentally sharp
FSF Turns 40
We'll be focusing on patent-related topics this weekend
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 03, 2025
IRC logs for Friday, October 03, 2025
Gemini Links 04/10/2025: Distro Hopping and "Part Time"
Links for the day
We Are Turning 19 in One Month, FSF Turns 40 in 3 Hours (CET)
For our anniversary next month we still have no concrete plans
Patent Docs (or PatentDocs) Learned the Wrong Lessons From the Death of TypePad
Had they gone ahead with an SSG, they'd become a lot more future-proof
USPTO Patent Bubble Already Imploding, After Decades of Artificial Inflation, Entire Offices Close for Good
we can deduce that financial pressures (lack of "demand" for monopolies) play a role
TikTok is Not Harmless (Being CheeTok in the US Will Advance Orange Agenda)
Social control media isn't "fun and games"; it's a digital weapon that lets hostile groups or nations infiltrate others, then turn them against themselves
Andy Farnell and Helen Plews Explain What "Modern" Tech Does to Old People
Imposing terrible tech "religion" on people is not helping them
Tomorrow the Free Software Foundation (FSF) Turns 40 and Its Web Site is Still Slow Due to DDoS by LLM Slop Bots
For an advocacy group, uptime is important (for its message to remain accessible)
Slopwatch: Google News as a Firehose of LLM Slop About "Linux"
Google News is really bad
Links 03/10/2025: "NPR’s Economics Lessons Come With Neoliberal Spin" and Canada Post at Risk
Links for the day
Gemini Links 03/10/2025: Panic Attacks and Food Adulteration
Links for the day
Links 03/10/2025: Lawyers Caught Using LLM Slop Explain Why They Did It, LibreSSL 4.1.1 and 4.0.1 Released
Links for the day
FSF Board Grew 50% Since Last Year, Has New President, Turns 40 in Two Days
It's a good move for the FSF and - by extension - for software freedom
Links 03/10/2025: Conflicts, Death of TypePad, and TikTok/CheeTok Gives a Boost to Far Right Groups in Europe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 02, 2025
IRC logs for Thursday, October 02, 2025
Slopwatch: Linux Journal, Google News, and LinuxSecurity
They carry on polluting the Web with fake articles
Gemini Links 02/10/2025: Kubernetes With FreeBSD and robots.txt
Links for the day
Links 02/10/2025: 'Open' 'AI' Resorting to Gimmicks and Fake Funding, Europe’s ‘Drone Wall’ Discussed
Links for the day
Links 02/10/2025: Brave Passes 100M Users Milestone, Kodak Selling Its Own Film Again
Links for the day
Michael “Monty” Widenius: It Started in 1983 With Richard Stallman (RMS)
The other co-founder of MySQL is a bit notorious for confronting RMS rather viciously
su lisa && rm -rf /home/ibm/power
Novell was ruined by another person from IBM, Ronald Hovsepian
A Record Demand at Microsoft: Demand to Cancel
What we're witnessing is a very ungraceful destruction of XBox
Microsoft is Losing Europe
Hence all the "support" and "discount" offers that are limited to Europe
The Free Software Foundation Starts Fund-raising for 40th Anniversary
New pop-up 2-3 days ahead of the 40th anniversary event
Systemd Breaks Networking in Debian and Microsoft Staff Rushes to Make Face-Saving Excuses in LWN
Microsoft's bluca is already there in the comments, his Microsoft money pays for LWN to let him leave comments early
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 01, 2025
IRC logs for Wednesday, October 01, 2025
What the End of XBox Will Look Like: a Fiery Crash
XBox is the next Skype. It won't last much longer. Expect many more layoffs.
Richard Stallman is Going to Finland to Give a Talk Next Thursday
A day later he speaks in Sweden
Gemini Links 02/10/2025: SMTP Pipelining and End of ROOPHLOCH 2025
Links for the day