Bonum Certa Men Certa

Kaspersky Slams Windows for Insecurity, Microsoft Delivers Bad Patches and Leaves Windows Exposed

Eugene Kaspersky



Summary: Security guru Eugene Kaspersky has harsh words for Microsoft, which still fails to secure its platform and even patch software without breaking it

IT HAS been another tough week for Windows, which simply cannot be secured, not even with 'snake oil' software that's called "anti-virus" (unless the placebo effect counts).



A few months ago we wrote about Microsoft being allowed into Ford cars. There are already security concerns about that at Ford. They worry about Windows/WiFi in the car getting hijacked.

“Sadly, we live in a world where Microsoft pressures journalists to misreport incidents.”We wish to discuss for a moment an interesting phenomenon. When a car breaks down (let us say a Toyota), the news will say a Toyota car is having issues, it won't say that cars in general have issues. That's because the market is full of choices. Yes, choices, diversity, not "fragmentation" as Microsoft would probably put it. If "Windows" is embedded in PCs, then Windows can become interchangeable and synonymous with "computing". Then, people would not realise what's really wrong and that they also have better choices. Sadly, we live in a world where Microsoft pressures journalists to misreport incidents. Taken from a long discussion we've had by E-mails for a few days now, consider the fact that we have documented examples where journalists received mail from Microsoft's PR agencies (e.g. W-E) to tell them off and ask them to change articles about Windows security. The Inquirer is good in that regard because without much reluctance it spilled the beans when that happened. We have given articles from them where content was being tempered by Microsoft PR agencies, whose job was to spin the vulnerabilities in Vista.

Reporters who are contacted because they describe Windows security problems as just "computer problems" often cite the "popularity" myth of Windows as the cause. It's PR. Given the widespread use of GNU/Linux in servers and devices everywhere, people should struggle to reason about lack of cracking as related to "popularity". Windows is not popular by the way, it's just ubiquitous*. Moreover, Microsoft commissions and manufactures its own 'studies' where it hides flaws and reports bogus numbers. There are many examples to that effect.

Here is what Eugene Kaspersky said about Windows earlier this month:

Security chief Eugene Kaspersky has launched a scathing attack on Microsoft's security record.

[...]


There are already some new examples of Microsoft's poor patching. Last week Microsoft delivered broken/rogue security patches and later admitted the problem which had the following effect:

Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

The admission was the second in the past two days from Microsoft's Office team of a gaffe involving a recent security update.


How does Microsoft break languages while fixing a security problem? One might remark that this implies poor software design.

Speaking of Office, this area is in a state of transition in an economy where people use Free software or access software in the form of a service. Don Reisinger, typically a troll/baiter who writes bizarre reversals of truths at CNET, explains some of the issues and Microsoft resorts to more AstroTurfing by offering money to those who create "viral Office 2010 videos" for YouTube.

Want a chance to win $10,000 for your small Seattle business or start-up? The Greater Seattle Chamber of Commerce and Microsoft have partnered up in a contest for making videos about Office 2010.


In case it sounds familiar, it should. Microsoft also hires people to post comments favourable to Windows in social networking sites.

Anyway, going back to the subject of insecurity, someone writes a guest post at ZDNet about "the cadence of Microsoft security patches" and ECT notes that Windows is already vulnerable again, as usual.

The expected batch of patches wasn't the only thing Windows users got with Microsoft's latest Patch Tuesday update. The set of fixes was accompanied by a warning about an unpatched zero-day exploit for Internet Explorer.


All that Microsoft can offer is a workaround:

Microsoft has revised their advisory for the newest IE 0Day vulnerability to note that working exploit code is now available and that they are aware of "targeted attacks attempting to use this vulnerability." They have also created "Microsoft Fix it" links to disable and re-enable the vulnerable software components.


The Inquirer wrote:

The flaw in Internet Exploder versions 6 and 7 allows an attacker to take control of a victim's computer.


Internet Explorer was the cause of a lot of damage earlier this year [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. In 4 countries, authorities recommended that citizens abandon Internet Explorer. ____ * It's more about reminding reporters that people choose to buy a computer, they don't choose to buy Windows. Calling Windows "popular" is like calling cockroaches "popular" because there are many of them out there. It ought to be one of those things that people should train themselves to avoid saying because Windows is not "popular".

Recent Techrights' Posts

The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025
Genini Links 05/09/2025: Community, ROOPHLOCH, and PITkit
Links for the day
Links 05/09/2025: Vaccine Sceptics Poison the Well, Two Exploited Vulnerabilities Patched in Android
Links for the day
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place
Gemini Links 04/09/2025: Means of Production and Rusting Out
Links for the day
Links 04/09/2025: Science, Hardware, and Eyes on China
Links for the day
Gemini Links 04/09/2025: Digital Minimalism and Social Control Media
Links for the day
IBM's GNU/Linux Divestment, Based on Hard But Anecdotal Evidence (IBM Fails to Recognise How Much Money It Made and Can Still Make From "Linux")
Love us or hate us, a lot of what we've been saying about Red Hat under IBM turns out to be rather accurate
Links 04/09/2025: Massive Microsoft Staff Cuts (Barely Reported), "Strange Conspiracy Theory Is Reportedly Spreading Inside OpenAI"
Links for the day
Activists Can Win, But Keep an Eye on the Ball and on the Trophy
GitHub is dying, it was a loss-making trap, not free hosting
Gemini Links 04/09/2025: Katrina Remembered, Distracted Driving, and Virtual Economics
Links for the day
At This Point It's No Longer Matthew Garrett But People Who Fund Matthew Garrett (or Companies That Fund His SLAPPs Against My Wife and I)
The only thing worse than misogynists are misogynists who fail to respect other people's right to go on holiday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 03, 2025
IRC logs for Wednesday, September 03, 2025
The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
The term "Serious Harm" is legally meaningful here
GNOME Unfit for Diversity and Inclusion
GNOME's leadership is using "bad words"
Brodie Robertson Addressing the Recently-Discovered Comments
Most people probably knew nothing about this until he wrote a response
Red Hat QA Team "Had Shrunk by Half Over the Past Year." (After IBM Divestment)
If Red Hat's workforce is being moved to the East, then RHEL can become a national security problem
Slopwatch: "Open Source" and "Linux" News Faked, Made by Bots and Entered Into Google News
Spam combined with slop about "Linux" has entered Google News