Bonum Certa Men Certa

Kaspersky Slams Windows for Insecurity, Microsoft Delivers Bad Patches and Leaves Windows Exposed

Eugene Kaspersky



Summary: Security guru Eugene Kaspersky has harsh words for Microsoft, which still fails to secure its platform and even patch software without breaking it

IT HAS been another tough week for Windows, which simply cannot be secured, not even with 'snake oil' software that's called "anti-virus" (unless the placebo effect counts).



A few months ago we wrote about Microsoft being allowed into Ford cars. There are already security concerns about that at Ford. They worry about Windows/WiFi in the car getting hijacked.

“Sadly, we live in a world where Microsoft pressures journalists to misreport incidents.”We wish to discuss for a moment an interesting phenomenon. When a car breaks down (let us say a Toyota), the news will say a Toyota car is having issues, it won't say that cars in general have issues. That's because the market is full of choices. Yes, choices, diversity, not "fragmentation" as Microsoft would probably put it. If "Windows" is embedded in PCs, then Windows can become interchangeable and synonymous with "computing". Then, people would not realise what's really wrong and that they also have better choices. Sadly, we live in a world where Microsoft pressures journalists to misreport incidents. Taken from a long discussion we've had by E-mails for a few days now, consider the fact that we have documented examples where journalists received mail from Microsoft's PR agencies (e.g. W-E) to tell them off and ask them to change articles about Windows security. The Inquirer is good in that regard because without much reluctance it spilled the beans when that happened. We have given articles from them where content was being tempered by Microsoft PR agencies, whose job was to spin the vulnerabilities in Vista.

Reporters who are contacted because they describe Windows security problems as just "computer problems" often cite the "popularity" myth of Windows as the cause. It's PR. Given the widespread use of GNU/Linux in servers and devices everywhere, people should struggle to reason about lack of cracking as related to "popularity". Windows is not popular by the way, it's just ubiquitous*. Moreover, Microsoft commissions and manufactures its own 'studies' where it hides flaws and reports bogus numbers. There are many examples to that effect.

Here is what Eugene Kaspersky said about Windows earlier this month:

Security chief Eugene Kaspersky has launched a scathing attack on Microsoft's security record.

[...]


There are already some new examples of Microsoft's poor patching. Last week Microsoft delivered broken/rogue security patches and later admitted the problem which had the following effect:

Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

The admission was the second in the past two days from Microsoft's Office team of a gaffe involving a recent security update.


How does Microsoft break languages while fixing a security problem? One might remark that this implies poor software design.

Speaking of Office, this area is in a state of transition in an economy where people use Free software or access software in the form of a service. Don Reisinger, typically a troll/baiter who writes bizarre reversals of truths at CNET, explains some of the issues and Microsoft resorts to more AstroTurfing by offering money to those who create "viral Office 2010 videos" for YouTube.

Want a chance to win $10,000 for your small Seattle business or start-up? The Greater Seattle Chamber of Commerce and Microsoft have partnered up in a contest for making videos about Office 2010.


In case it sounds familiar, it should. Microsoft also hires people to post comments favourable to Windows in social networking sites.

Anyway, going back to the subject of insecurity, someone writes a guest post at ZDNet about "the cadence of Microsoft security patches" and ECT notes that Windows is already vulnerable again, as usual.

The expected batch of patches wasn't the only thing Windows users got with Microsoft's latest Patch Tuesday update. The set of fixes was accompanied by a warning about an unpatched zero-day exploit for Internet Explorer.


All that Microsoft can offer is a workaround:

Microsoft has revised their advisory for the newest IE 0Day vulnerability to note that working exploit code is now available and that they are aware of "targeted attacks attempting to use this vulnerability." They have also created "Microsoft Fix it" links to disable and re-enable the vulnerable software components.


The Inquirer wrote:

The flaw in Internet Exploder versions 6 and 7 allows an attacker to take control of a victim's computer.


Internet Explorer was the cause of a lot of damage earlier this year [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. In 4 countries, authorities recommended that citizens abandon Internet Explorer. ____ * It's more about reminding reporters that people choose to buy a computer, they don't choose to buy Windows. Calling Windows "popular" is like calling cockroaches "popular" because there are many of them out there. It ought to be one of those things that people should train themselves to avoid saying because Windows is not "popular".

Recent Techrights' Posts

Pushing Nonsense Using the Brand "Linux"
the trademark "Linux" might already lack potency
In China, statCounter Seeing Windows Vista 11 as Falling 2.5% This Month Relative to Other Versions of Windows (Vista 7 Grows Its Gap Over "11")
Vista 7 is bigger!
Wine Took the Bait (Mono), Soon Starts the Microsoft Circus With the Banhammer
large companies are exercising more control over the thing/s they claim to "donate" to
This is Not a Sustainable Way to Run Microsoft
This is a downward spiral
 
Sites Writing Fake News About Linux Using LLMs (Microsoft Hype That Promotes Misinformation)
RMS recently called these "bullshit machines"
Gemini Links 15/09/2024: MINIbase and Pocket Reform Experience
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 14, 2024
IRC logs for Saturday, September 14, 2024
[Meme] The Prosecutor and Prosecuted, the Community and Businessmen (Red Hat)
"Social justice is not a corporate slogan or identity politics"
Dr. Richard M. Stallman (RMS) Explains Why So-called 'Cryptocurrencies' Suck and Why GNU Taler is Better
"I've never used cryptocurrency. There were things I found disappointing and worrisome..."
Links 14/09/2024: Verizon's 5,000 Layoffs and China's 'Runaway' Pension Age
Links for the day
Gemini Links 14/09/2024: Comparing Costs and Being "Tamed"
Links for the day
Links 14/09/2024: Science, War, and Politics
Links for the day
Transcript (and Correction) of Dirk Hohndel's Interview With Linus Torvalds in 2014
A lot of things have deteriorated since then
Microsoft Asia President Ahmed Mazhari Leaves the Company
Even everything they say about Mazhari is just "prepared" quotes from Microsoft itself
Contrary to What Microsoft Claims, Teams Were Cut Yesterday, XBox Sales Have Collapsed, Layoffs Announced at 3AM (in the Morning)
There is actually a lot of media coverage about this, unlike prior waves of layoffs at Microsoft
Last Month Dr. Richard M. Stallman (RMS) Explained Why You Should Delete GitHub
RMS explained why
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 13, 2024
IRC logs for Friday, September 13, 2024
Gemini Links 14/09/2024: LoRa, ROOPHLOCH, and Crafting a Programming Language
Links for the day
[Video] Why Hurd and MINIX (or BSD) Didn't Get Ahead of Linux?
We've converted the video into WebM to make it more accessible
Dr. Richard M. Stallman (RMS) Explains That a Free/Libre Program Running on Somebody Else's Server (e.g. Clown Computing) Leads to Freedom Deficit
"when you are doing your computing you must not entrust that to somebody else's server because users including you should have control over their own computing but you can never have control over what somebody else's server does because somebody else installs software in that computer and configures it and thus decides what computing it is going to do."
ircII Has Turned 35
Don't listen to people who say IRC is "dead"
[Meme] Code of Conduct in WINE
irritate productive developers...
Number of Gemini Capsules Rising Closer to 4,100, Certificate Authority "Let's Encrypt" Down to 1.1%
Some time soon the Certificate Authority "Let's Encrypt" will probably fall below 1%
Richard M. Stallman Explains Why the Web Becoming a Pile of Proprietary JavaScript Programs (Not Pages to Render) Does Harm to Web Users
"The web was designed to let users control how that data would be rendered but businesses didn't like that."
[Meme] From Checked by Three Examiners to Gone (Granted) in 3 Seconds!
twice as many monopolies with 10% less staff
EPO Staff Representatives Explain the Latest Corruption at the EPO in a New Paper
Owing to corrupt management the EPO has resorted to corporate crime or organised crime designed to benefit large corporations. Who will pay the price? Everybody else in Europe.
Links 13/09/2024: Crackdowns on Bloggers, Deepfakes, Internet Archive‘s Wayback Machine Now in Google Search
Links for the day
RedMonk: September the Month of the Mouth of Redmond (Still)
the usual storyline, i.e. what's not controlled by Microsoft's proprietary GitHub simply does not exist
Links 13/09/2024: Disinformation in Focus, End of Presidential Debates (Trump Accepts It Hurts Him)
Links for the day
Mono as a Double-Purpose Trojan Horse Inside Wine
And now they can oust founders and top contributor with a CoC
This is How Bad Things Have Become at Microsoft
We're seeing nearly 80 reports in English about those layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 12, 2024
IRC logs for Thursday, September 12, 2024
Links 13/09/2024: Recorded Future Bought by MasterCard, Bits of Freedom Turns 25
Links for the day
Gemini Links 13/09/2024: Towards Aristocratic Personal Computing, Technology and Privac
Links for the day
Once Again, Mass Layoffs at Microsoft (Just Like Every Month This Year)
Reporting and articles trickling in (in recent hours)
Rumour: Layoffs in IBM Consulting Today
IBM has had many layoffs lately