Bonum Certa Men Certa

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft's Own Flaws and Against Google)

Chinese girl in beijing



Summary: Microsoft is transforming the debate from one which is centered on Microsoft's inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

"Blame someone else" is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people's PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):



We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it's (a) big and (b) getting bigger. And there's no reason, at present, to suspect that the trend will reverse, because nobody's doing anything that appears to -- in any significant way -- to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?


So, according to the above, it's safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It's not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.


Chuck Norris Botnet Karate-chops Routers Hard

If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.


Olympic skier Begg-Smith known as 'spam king'

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware - usually in the form of fake point generators - often comes into play. "Fake points generators that run on your PC promise free Microsoft points in return for your login details," Boyd explained. "Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake 'it works' messages on the videos promoting them [phishing tricks]," he added.


BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.


Obviously, people talk about the BSOD issue as one involving Microsoft's attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft's blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft's inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn't they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows' fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They're probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I'd say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn't be any 'unsupported' ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down -- most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn't capable of keeping up with the hackers or their threats.


In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft's own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say "allegedly" because the schools are denying it. From yesterday's news: "Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday." Here again is misplaced focus on people who exploited Microsoft's defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: "Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source."

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It's the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. "Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t," says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That's Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google's side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.


Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.


It's the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It's funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Recent Techrights' Posts

In Malawi, Windows Down to 10%, GNU/Linux Growing
it's not a small country
[Meme] Featuritis
Newer is not always better
Ireland Last to Report Election Results
Daniel Pocock's involvement in Australian politics goes back to his university days
Never Sleeps, Never Slumbers
We're going to try to improve not just in quantity but also in quality
EPO Has Gotten So Bad That Workers Need to Ask to be Allocated a Desk (at Work)
Wow!!!! An “allocated workplace”!!
 
The Corruption of Open Source Initiative (OSI), a Front Group of Microsoft and GAFAM, Openwashing Proprietary Things and Even Plagiarism, GPL Violations
Stefano Maffulli (and Microsoft's staff that works with him) basically profits from anti-FOSS
"AI" Tech Bubble
How much "hype quotient" does this whole "hey hi" (AI) thing have left in it?
Links 13/06/2024: Science, Politics, and Gemini
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 12, 2024
IRC logs for Wednesday, June 12, 2024
Gemini Links 12/06/2024: The Rodent Revolution and Adding Twisty Puzzles
Links for the day
Links 12/06/2024: Ukraine War Updates and Many Patents Being Subjected to Squashing Bounties
Links for the day
[Meme] The Purpose of Life is to Find a Desk
dogs have desks
Tux Machines Parties Going Well Do Far
Cross-posted from Tux Machines
In Many Countries, Both Large and Small, Vista 11 is Losing Market Share (Despite New PCs Coming Preloaded With It)
One need not even consider large nations in isolation
By "Going Public" the Raspberry Pi Ensures It'll No Longer Serve the Public
It'll be owned and controlled by whatever people wish to control it
Dave Wreski Also Plays the Bot Game (Chatbot) at LinuxSecurity to Fake 'Articles' About "Linux"
How much longer can they fool search engines (SEO) and readers?
[Meme] Indisputable Success
MICROSOFT buys shares of MICROSOFT
Links 12/06/2024: 'Hey Hi' (AI) Bubble Imploding Already, Danish Media Threatens to Sue OpenAI
Links for the day
Links 11/06/2024: Floods in Germany and Brazil, Political Violence
Links for the day
Gemini Links 12/06/2024: Sketching Plants, OpenBSD Pubnix
Links for the day
"2025 the year of Linux on the Desktop"
Charlie Stross quote
In Bahrain, Historically Low on GNU/Linux Adoption, Things Change for the Better
They have some people who understand Free software
Daniel Pocock Received Twice as Many Votes as Andreas Tille (Debian Project Leader After 2024 Election)
From the media yesterday...
Debian is Built by Hundreds of Volunteers and 524 Irish People Voted for Daniel Pocock
524 in that area went to the polling station to vote Daniel Pocock (Ind)
[Meme] RMS is 'Too Old', Says Company Run by a Person 5 Years His Junior (Ginni Rometty) and 10 Years His Junior (Arvind Krishna)
Never again?
[Meme] Women in Computer Science
Grace Hopper, Ada Lovelace etc.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 11, 2024
IRC logs for Tuesday, June 11, 2024
Togo: GNU/Linux Growing Fast This Year, Now Measured at 6%
Sending Bill Gates with a suitcase to bribe African officials isn't enough anymore
Free Software Projects Need to Chase Away Men Who Attack Women Rather Than The Women Who Complain
A just society holds people accountable rather than covers up such blunders
Improving the Image of Women in Free Software by Hiring and Promoting the Proficient Ones
Million's shaman background isn't the problem, or even the superstitious ghost-chasing. The problem is that she has absolutely no background in Free software.
They Say Cash is King
People who value their freedom will pay with cash any time they can
'Team Microsoft' Wants to Leverage Our Popularity as a Weapon Against Us
In the past 2 days we published 64 articles and served over a million HTTP/S requests
[Meme] Microsoft Has Enough of Its Own Problems (Layoffs Abundant), It Won't Rescue IBM or Canonical
"It's OK, we're partners"
Know Your Allies, Know Your Enemies
The answer to censorship attempts is more speech, not less speech
Debian is Back to Taking Money From Microsoft, the Company That's Attacking Linux From the Inside
If Debian fails to understand what's wrong with it, that's a problem
Ghana: Windows Down From 97% to Just 15%
The doors are closing on Windows
Links 11/06/2024: Practice of Retaliatory Layoffs at Microsoft
Links for the day
Gemini Links 11/06/2024: GMID 2.0.5 and More
Links for the day
The United States Will Cut Off or Cull Firefox
It is only a matter of time
[Meme] Firefox Is Not an Alternative to Google, Only to Chrome (and It Has Become Proprietary or OSPS Like Chromium)
The illusion of remaining "choice" on the Web
No, the World Wide Web Isn't Open (and Hasn't Been for Years)
It's proprietary all the way now
The War on Free Software Reporters - Part VII - Groupthink, Censorship Demands, and Ultimatums
There's a lot of groupthink in the Free software community
Microsoft Told Us That LLMs Were a Boon for Azure and 'Clown Computing', But the Thousands of Layoffs This Month Prove That It Was a Lie All Along
Azure is collapsing
Why We Post Statistics About the Usage of Operating Systems Worldwide
We're hoping to see GNU/Linux at over 10% (on desktops/laptops) some time in the coming years
Winning Defamation Cases is Incredibly Difficult (for Plaintiffs), Even in the United States and the United Kingdom
SLAPP should always backfire
In Kuwait, Microsoft's Windows Fell From 97% to Just 15%
According to statCounter
GNU/Linux in Philippines Climbs to New Levels
This is an all-time high
Links 11/06/2024: Windows Outcry and Climate News
Links for the day
Tux Machines Was Always a Women-Run Site (the Real Voices of GNU/Linux, Not Political Props in Corporate Events)
Corporate "diversity" is more of a marketing/PR gimmick than real, genuine diversity
Macao: GNU/Linux Desktop/Laptop Operating System Market Share Rising Close to 7%
GNU/Linux Rises to Record High in Macao
FSF is Now 50% Female, Unlike Red Hat (Which Moaned About Lack of "Diversity" at FSF)
Isn't the hypocrisy just astounding?
Since COVID-19 Lockdowns Windows Fell From Almost 50% to Just 10% in Loas
According to statCounter
[Meme] Quantity Says Nothing About Worth, Value, or Quality
People will generally gravitate towards things of quality and reputation
Microsoft's Windows in Gabon: From 20% 'Market Share' Down to Around 10% in a Few Months
Gabon is not a small country
Meanwhile at canonical.com
Canonical knows exactly what Ubuntu users want
[Meme] Microsoft (and the NSA) Will Never Forget
The user trying to permanently disable 'recall'
Windows Falls Below 20% in United Arab Emirates This Month
According to statCounter
"Windows 11's Recall AI, known to take snapshots and recordings of user computers regularly, including key presses, was discovered to store all its information in an unencrypted local folder."
"You can copy the data from another user's "recall" folder as another user."
Fedora Week of Diversity (FWD) 2024 Outsourced to Proprietary Spyware of GAFAM
Need to use proprietary software to participate
IRC Proceedings: Monday, June 10, 2024
IRC logs for Monday, June 10, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Clown Computing is Better For...
Clown: they said clown computing enhances security
One in a Thousand Voters Chose to Vote Daniel Pocock (as First Preference)
He got about 4 times more votes than what had him win FSFE elections
Daniel Pocock on Good Performance in His EU Election Campaign: Thanking the voters of Midlands-North-West, Ireland
Reprinted with permission from Daniel Pocock
The 'IT Industry' is Already in Ruins
The "powers that be" do not want the "hoi polloi" to possess skills and systems
Microsoft's Windows is Sliding Away Into Minority Platform Territories, Even in Rich Countries With Affluent Computer Users
We seem to be striking a nerve at Microsoft every time we say this
Self-Hosting Should be Taught and Embraced, Outsourcing Creates More Problems (or Risks) Than It Solves
One can control one's destiny...