Bonum Certa Men Certa

Despite Security Lies and Security Failures, Microsoft Instructs Worldwide Cybersecurity Summit

Protect your money
Billions or trillions of dollars are lost or saved based on one's security



Summary: Microsoft is telling lies about the number of flaws in its software, it admits failing to secure its software (statistics indicate exacerbation), and yet, Scott 'Windows zombie tax' Charney gets to tell participants of the Worldwide Cybersecurity Summit what to do next

IN OUR most recent post about Windows insecurity news we showed that nothing is improving at Microsoft when it comes to security. It's only the messages (engagements with the public) that seemingly change. Last week we wrote about Microsoft pretending that it supports standards, which is an utter lie only PR can buy. Here is part of the PR where Microsoft joins Apple [1, 2, 3, 4, 5] in its attack on Flash, not just its attack on Theora, which we covered in:





Microsoft -- like Apple -- is being denounced for the hypocrite that it is:

MS criticises Adobe over security and performance. Physician, heal thyself!


Let's not forget that Microsoft does exactly the same thing as Adobe (only with limited platform support) whenever it markets Silver Lie. Microsoft went further than that when .NET toys got secretly injected into Firefox without permission, thus creating security and performance issues without users' consent.

Microsoft is also being somewhat hypocritical when it makes some statements as covered in the article "Adapt or die, Microsoft warns business".

Microsoft has failed to adapt to a connected world and a world of computing mobility. Now it has debt to repay.

Addressing the subject of security, Microsoft spreads lies with its secret patches, which probably mean that there are fake figures in this latest 'security' report where Microsoft is conveniently blaming "ISVs" for security problems in Windows. The 'Microsoft press' plays along with this talking point and other publications are trying to make it an excuse for expensive Microsoft "upgrades", which Microsoft urges/advocates using withdrawal of support. How ruthless and deceiving. Here is an example of Microsoft's tactics:

The bottom line comes down to this: if your company plans to stay with XP well into 2011 and you're still using IE6, you've got to upgrade that browser. Knowing that IE9 won't support XP, you can safely move to IE8 knowing it's the end of the line for IE on XP. Or, you can move to Firefox, Chrome, Safari, or Opera -- but a company that's still stuck on IE6 isn't likely to be that adventurous. The web developers of the world will be happy with anything that gets you off IE6.


It is a "bait and switch" manoeuvre in a sense. Microsoft did the same thing to Windows 2000 users some years ago, for no practical reasons except the profit motive.

Going back to the hidden patches scam, can anyone believe that Microsoft is patching with just two "critical" bulletins? For several years Microsoft has been hiding its flaws and patching them silently for vanity purposes.

Microsoft on Tuesday will issue two critical bulletins that will fix vulnerabilities in Windows and Office, which if exploited successfully, could allow a remote attacker to take control of the computer, the company said Thursday.


There were also some broken patches which needed to be re-released.

Let's consider this news in light of last week's reports, such as:



The allegations are so serious that Microsoft could not afford to keep quiet without a carefully-crafted piece of spin. Here are the latest excuses from Microsoft (it's the psychology of lying without technically lying):

Note that a policy such as this implies that Microsoft will not patch known, internally-discovered vulnerabilities if an externally-sourced vulnerability of the same or lesser severity is not available for the silent patch to piggyback on. They'll sit on it, and we won't know for how long because they don't document it.


Utter spin. Groklaw has just found this new article which nicely explains Microsoft's lies in this case:

#3 Tell the truth, misleadingly. The hardest lies to catch are those which aren't actually lies. You're telling the truth, but in a way that leaves a false impression. Technically, it's only a prevarication - about half a sin. A 1990 study of pathological liars in New York City found that those who could avoid follow-up questions were significantly more successful at their deceptions.


Microsoft has also added a formal statement to The Register's article on the subject (silent patching) because it received a lot of attention. Apologists of Microsoft also left comments trying to defend what Microsoft did there. It means it's extremely damaging.

“Microsoft's security record continues to be poor simply because Microsoft does not handle security issues properly, having for example ignored known flaws for 5 months until a disaster came.”In other insecurity news, SharePoint 2007 has a 0-day vulnerability (meaning that it's already under attack). Microsoft has confirmed this [1, 2] and only issued a "workaround" rather than a solution [1, 2, 3]. As this one blogger puts it, there is "no SharePoint fix" and it says nothing about Microsoft's hiding of patches and flaws (clustering them is possible if one wants to crunch the numbers). How many flaws does Microsoft patch in SharePoint silently? In this case, Microsoft had no choice but to publicise it (someone beat Microsoft to it).

Microsoft's security record continues to be poor simply because Microsoft does not handle security issues properly, having for example ignored known flaws for 5 months until a disaster came [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. That's just negligence [1, 2, 3].

As a result of such negligence, IDG reports that "Conficker found on 25% of enterprise Windows PCs," according to Microsoft.

Conficker was far and away the most prevalent threat found on Windows machines in the second half of 2009 in the enterprise, Microsoft says. The company's security tools cleaned the Conficker worm from one quarter of enterprise Windows machines.


"25% of enterprise Windows PCs" is a lot of computers. But then again, for several years now we have known that hundreds of millions of Windows zombies were out there waiting to be commandeered. Google says that fake antivirus software is 15 percent of all malware. That's what happens when Windows refuses to implement repositories like GNU/Linux does. GNU/Linux has had that for ages and it keeps it more bulletproof.

Going back to Microsoft's own figures, even Microsoft admits that it's getting worse for Windows in practical terms:

Microsoft Sees Infected PC Numbers Climbing



[...]

The numbers of PCs cleaned by Microsoft's anti-malware software worldwide during the second half of 2009 continued to trend upward, suggesting that more PCs are getting infected in total, according to the company's latest Security Intelligence Report (SIR).


More here.

It's interesting that even Microsoft admits that it's failing to tackle the problem it created (or helped create).

Microsoft's Charney, the former government (ish) person who wants charge Mac and GNU/Linux users for Microsoft to clean up its own mess [1, 2, 3, 4, 5, 6, 7] is now intervening in international affairs, based on this AP report:

"Lots of times, there's confusion in these treaty negotiations because of lack of clarity about which problems they're trying to solve," said Scott Charney, vice president of Microsoft Corp.'s Trustworthy Computing Group, before a speech at the Worldwide Cybersecurity Summit.

[...]

Charney, of Microsoft, believes cyber threats should be better differentiated. He proposes four categories: conventional computer crimes, military espionage, economic espionage and cyberwarfare. That approach, he argues, would make it easier to craft defenses and to discuss international solutions to each problem.


What is Microsoft doing in a Worldwide Cybersecurity Summit? And why does it tell the world how to address these issues that it itself helped create? Microsoft cannot even issue disclosures of its own flaws (because it lies pathologically), so why should anyone believe Charney and maybe implement his outrageous idea of taxing all computer/Internet users for damage caused by Windows botnets? Microsoft should be held liable for knowingly refusing to patch known flaws.

Comments

Recent Techrights' Posts

Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours
If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies')
Things must be getting really bad when lawyers act for raving antisemites
Another Site Bites the Dust: "Open Source For You" Becoming a Slopfarm (LLM Slop)
What a shame. Another dead site.
 
New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations
Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM
Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft
Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore
"I would not be surprised if we see a layoff every quarter this year."
We're Working to Make Full-Site Search Available
This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily')
Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society
another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025
IRC logs for Wednesday, April 23, 2025
Open Source Initiative (OSI) Promoting Microsoft and Proprietary Software Using Microsoft Operatives
Because nothing says "Open Source" like GPL violations facilitated by Microsoft
Links 23/04/2025: Crackdowns on Dissent, Palin Loses Libel Retrial Against New York Times
Links for the day
Links 23/04/2025: Hard Times and Digital Amnesia
Links for the day
The GNU/Linux Site Formerly Known as "linoxide.com" is Back... as an LLM Slopfarm!
Better for linoxide.com to go offline than to do this
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals)
Security as a term has mostly lost its meaning due to repeated misuse for many years
Richard Stallman to Speak in Oxford University Exactly a Day From Now
outsourced to GAFAM
Links 23/04/2025: "Hiding Corruption" and "The Cost of Defunding Harvard"
Links for the day
Microsoft 'Studies' Again? Leon Musolff is Writing Papers With Microsoft.
Even if one can see/find a link to "the study" (in the Bezos-controlled publication), most people won't look any further and just take everything at face value.
Towards GNU World Domination
The FSF led by Geoffrey S. Knauth with his friend Richard Stallman in the FSF's Board [...] Let's encourage people to adopt GNU/Linux. There has never been a better time.
statCounter Helps Visualise Just How Deep in Trouble Microsoft is (Especially in Africa)
Microsoft sabotaged efforts to connect Africans and equip them with GNU/Linux laptops
The Register is Using Linux-Hostile Clickbait in Articles of Linux Proponents
Don't be a "whore" to advertisers, team El Reg
Microsoft Windows in Cyprus Lacking a Future
Most people access the Web there from mobile
Matrix Has a Severe Problem With Illegal Images
If Matrix cannot get the CP problem under control, many projects and people will dump Matrix
Never Try to Justify Strangulation of Women (Not in the US and Not in the UK)
Joint post by Mrs. Rianne Schestowitz and Dr. Roy Schestowitz
Links 23/04/2025: Tesla Profits Plunge 71%, Intel Ready to Lay Off 20% of Staff, Microsoft and IBM Layoffs
Links for the day
Microsoft's Most Profound Issue is That People Moved to 'Mobile' and "App Stores" (Microsoft's Presence There is Negligible)
Expect a wild ride for Microsoft this year
Google News is Amplifying FUD and Lies About Linux (and OpenSSH/SSH) by Promoting Slopfarms With Machine-Generated FUD and Slop Images
Google should know better
Gemini Links 23/04/2025: Librarians, Anubis, and Refactoring a Gemini Capsule
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 22, 2025
IRC logs for Tuesday, April 22, 2025
Links 22/04/2025: Ending DEI Policies at Adobe, FTC Sues Uber
Links for the day
RMS is Done at KCL, Next Stop is Oxford
The message of RMS has long resonated well in India
US Government Already Bailing Out OpenAI/Microsoft With "Contracts", As Usual, Back Doors You Cannot Remove Becoming 'a Step Closer' on New PCs (Unless Everyone Acts ASAP)
The next "logical" step towards digital prisons
Microsoft Devises PR Stunts to Distract From Impending Mass Layoffs and Likely Bad Results Preceding Those Mass Layoffs
A "voluntary exit plan"
Gemini Links 22/04/2025: Deaths, HamsterCMS, and More
Links for the day
Links 22/04/2025: FTC v. Meta Trial and Google Remedies
Links for the day
In Turkey, Windows Down Rapidly While GNU/Linux Grows
Although Turkey is in NATO (but not the EU), it cannot quite trust computer systems controlled by the United States
GNOME, Microsoft, and GitHub: The Lack of Reporting on Abusive Colleagues Contributed to Profound Media Vacuum (or Blackout), Now Resorting to SLAPPs
This lack of morality/courage has helped enable further abuse, lining up more victims
Richard Stallman Has Updated His Article on Why "Free Software Is Even More Important Now"
Richard Stallman is about to give a talk here in the UK in a few hours
Microsoft Already Attacks the BSDs as Well (the E.E.E. Way, as Usual)
Bearers of bad news
The Open Source Initiative (OSI) is in Trouble, May Soon be Out of Business
Openwashing needs to end
Microsoft's Debt Grew Over 6 Billion Dollars in the Last Reporting Quarter (Before Inauguration), Expect Worse Next Week When 'Results' Are Disclosed and Mass Layoffs Resume
Microsoft is bleeding. It does not want people to notice.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 21, 2025
IRC logs for Monday, April 21, 2025
Richard Stallman Gives Public Talk in London in 7 Hours (Need to Register as Venue Limited to 150 Seats), Public Announcements Begin to Appear
These are not announced weeks or months in advance