Bonum Certa Men Certa

Microsoft Claims Credit for Failing in Security

Servers rack - amateur



Summary: Latest security issues and systematic deception, mostly from Microsoft and its various boosters across the Web (giving credit to Microsoft after Microsoft messed up)

Gratis as in Lock-in



A FEW days ago we wrote about Microsoft's attempt at disconnecting the air supply from third-party AV vendors, at least in small businesses. This would only decrease security due to monoculture, decreased competition, and lack of incentive to improve. The funny thing here is that Microsoft sells a vulnerable operating system and then claims to be distributing "free of charge" (only to some people) what ought to have been a characteristic of the operating system, not an add-on. The spinners from Seattle call it a "free" anti-virus software and what's meant by free is not freedom. It's free as in gratis, with lock-in. It decreases one's personal freedom and also impedes freedom of choice. A better headline than "Free Anti-Virus Protection Spurs More Robust Options" would be "Free-of-charge Anti-Virus Pseudo-protection Depresses More Robust Options".



Watch the Indian press turning the whole thing into Vista 7 promotion: "IT major Microsoft has launched a campaign to help computer users identify threats to their systems and how their networks can be made secure using Original Windows 7 that now comes with the advantage of Microsoft Security Essentials."

So Microsoft wants to dump Security Essentials on the market (as expected by many people all along) and already we learn that "Scareware Apes Microsoft Security Essentials". Microsoft has always performed very poorly among the security products already available and well established. "Anti-virus systems get tested" says The Inquirer which gives the following details:

A NUMBER of the most common anti-virus security systems have had a beady eye passed over their effectiveness and fitness for purpose in an assessment.

The study, which was carried out by the Austrian AV Comparatives group, looked at twenty products from the main providers that volunteered to take part.

We do not know who if anyone refused, but AV Comparatives said that it had limited test subjects to no more than twenty and required that participants adhered to its undisclosed criteria.


"Over half of all apps have security holes," claims Veracode (which we mentioned in [1, 2]).

More than half of all software applications failed to meet an acceptable level of security, according to a study based on real-world code audits by application security firm Veracode.

Around 57 per cent of applications failed to pass muster when first submitted to Veracode’s cloud-based testing service. A similar 56 per cent of finance-related applications failed first testing by Veracode’s security audit. The quality of the code used in many business-critical banking and insurance operations was simply not up to snuff.


ASP.NET Under Attack, Spin



In security news, the other major issue last week was the Microsoft ASP.NET vulnerability, which we wrote about in [1, 2, 3, 4].

“Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?”The ASP.NET problem alarmed Microsoft a great deal and the PR spin strives to make Microsoft be seen as responsive. An advisory was quickly issued [1, 2, 3] because of bad publicity and because it was already being exploited (a demo existed). There is only a temporary fix, not a permanent one. There are third-party fixes.

So, once again Microsoft pays attention to flaws a tad too late and then scrambles to limit damage it could probably prevent. Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?

Just like in the case of Russian spin [1, 2], Microsoft is trying to make itself look like the saviour rather than the problem. Lee Pender of the Microsoft boosters is trying to make Microsoft look good by painting it as responsive and responsible. To quote: "Well, late last week, we got an update from a Microsoft spokesperson who wanted to tell us that Microsoft hasn't just buried its head in the sand on Stuxnet."

We wrote about Stuxnet in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14].

Microsoft-Police



Over in Australia, Microsoft is involving the police right now (funded by taxpayers) [1, 2, 3, 5]. It's about a computer scam that affects Microsoft.

Twitter and Fog Computing



The other day we wrote about the major problem Twitter.com was having. Half a million Twitter users are said to be affected by a Twitter worm and Slashdot discusses the matter before and after the patching. Here are "the names and faces behind the 'onMouseOver' Twitter worm attack". It's one of those risks of Fog Computing. Even a teenager turns out to have been smart enough to do it.

But later, some mischievous users of the site started using the exploit to make people "retweet" infected messages (when they hovered over a tweet with the code inserted) that they had not authorised.


The guy is Australian, so will the police get involved? Or does the Australian police get involved only to help Microsoft?

Recent Techrights' Posts

The Post Offices Have Turned Into Trash. They Swallow Packages and Only Spit Them Out If You Get Lucky.
Nom nom nom
Four Years of Videos (Self-Hosted, Not Social Control Multimedia)
Seeing how the "hey hi" (AI) hype spreads to GulagTube and ruins GulagTube, we're glad we need not worry about Google (Gulag) policing our "content" via supposedly 'free' (not really) platforms, such as GulagTube, the social control (multi)media "market leader"
We Already Know What Makes Techrights So Attractive to Online Abuse and Cybercrimes
Techrights helps explain how to dismantle the 'cancel culture' against Free software (it also names the key perpetrators)
Microsoft Controlling Apache by Proxy/ies
This is a broader attack on what "Open Source" actually means
In Case Undersea Cables Are Cut...
The issue has been somewhat of a taboo - mostly overlooked or entirely ignored at times of peace
 
Links 01/12/2024: 23andMe's DNA Bubble Imploded, Web Server Survey Shows Microsoft Nosediving
Links for the day
Vulture funds war-gaming Ireland loss of corporation tax revenue, Donald Trump
Reprinted with permission from Daniel Pocock
Gerry Hutch & Debian: suicide by Monk?
Reprinted with permission from Daniel Pocock
Gerry 'The Monk' Hutch: criminals vs geeks, multinationals vs Ireland
Reprinted with permission from Daniel Pocock
"Microsoft suffered the next largest loss, down by 634,406 sites (-3.24%)"
Microsoft is now in only 2 of the 5 tables; over time Microsoft slips out of visibility in more categories
[Meme] Hiding From Bullies Not the Solution
‘The only thing necessary for the triumph [of evil] is for good men to do nothing.’
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 30, 2024
IRC logs for Saturday, November 30, 2024
If You Support Free - is in Freedom/Libre - Software, Then Support the Free Software Foundation (FSF)
2024 was the most productive year so far
CNN's Front Page is About 250 Times Heavier Than Techrights' (Also Far Slower)
Those who value performance and users' experience will give bloat the boot
[Meme] What 'Social Justice Warrior' Has Come to Mean by 2024
People who have long called themselves "SJW" aren't exactly any of those things
Two Years Later Sirius Open Source is Basically Dead (With a Zombie Web Site)
1 day from now it's exactly 2 years since Rianne and I resigned
[Meme] The Internet is More Fragile Than They Are Willing to Admit
If your site ready for a war on pipes and cables?
IBM is More Than 60 Billion Dollars in Debt (Which It Cannot Pay Back)
IBM debt is growing
IBM and Microsoft Fake Headcount in Exactly the Same Way (While Mass Layoffs Persist and Real Revenue Falls, Not Just Compared to Inflation Rates)
They convert profits into fake 'growth' instead of cashing in (so debt continues to soar), in effect gaming the system based on misleading metrics
Daniel Pocock Moved Up Two Spots in the Political Battles
He has made a statement about it
Links 30/11/2024: Cable Cuts Under Investigation, America’s Cemeteries Are Rewilding, Panda Protection Money Misused
Links for the day
Understanding Irish general election 2024 results Dublin Bay South
Reprinted with permission from Daniel Pocock
Links 30/11/2024: Social Control Media Under Growing Scrutiny, Patent Propaganda Sites Still Promote a Fake Court (UPC)
Links for the day
Gemini Links 30/11/2024: SIGINT Foo and Hooking Up an Old Serial Terminal to a NetBSD Machine Over USB
Links for the day
Apache Software Foundation, Already Infiltrated by Microsoft for Well Over a Decade, Still Controlled by Proprietary Giants With Openwashing Agents
No wonder things get outsourced to Microsoft's proprietary prison (GitHub)
Tux Machines Turning Twenty a Half
Contact us if you want to join us and live not far from Manchester
Stable at Over 4% and 400+ Days' Uptime
Hopefully some time this weekend we'll find enough time to upload party photos (this site turning 18)
With a Month Left to Raise Money the Free Software Foundation (FSF) Has Already Raised 56,000 Dollars
December starts tomorrow
The Irish Have Voted, We'll Soon Know How Many Voted for a Debian Developer and Free Software Specialist
Dublin Bay South results
[Meme] The Word Security Has Been Redefined
"See what the media tells us?"
Proving Yet Again That Techrights Was Right About UEFI 'Secure Boot' All Along (Since 2012)
'Secure Boot' or 'secure' boot is about anything but security
[Meme] Growing Up and Becoming Sceptical
Social control media is a toxic weapon against what's true
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 29, 2024
IRC logs for Friday, November 29, 2024
Reporting Information and Facts at Times of War (and Information Wars), Dissent of Merit and Scepticism//Critical Skills Impermissible
The world is full of white-collar crime, so the more people report, the better
Links 30/11/2024: More Strongarming and Threats to Taiwan, Ananda Krishnan is Dead
Links for the day
Links 29/11/2024: Hike at Potato Creek and Best SSG
Links for the day
Energy shock: €17,000 circuit court claim, threat of judgment for fraudulent charges
Reprinted with permission from Daniel Pocock
Brigid Purcell (PBP): generation Z, unteachable children, how will they govern in ten years?
Reprinted with permission from Daniel Pocock
Links 29/11/2024: Smithfield Market in London Shutting Down, BRICS (China) Accused of Validating Undersea Cables Based on New Evidence
Links for the day
Fentanylware (TikTok) Just Doing Exactly What It Was Supposed to Do
A senior official at Romania's telecoms watchdog called for Fentanylware (TikTok) to be suspended
Links 29/11/2024: China Tensions and Big Bounties for Invalidation of Software Patents
Links for the day
Daniel Pocock Explains Why People Should Vote for Him Today (General Election 2024)
Polling day in Ireland
[Meme] Microsoft and Bill Gates Controlling Media Coverage
Cautionary tale
More Microsoft Corruption and Cover-ups
The key point here is that Microsoft is a corrupt company that bribes officials and breaks every law in the books, then lies about it, covers things up, even bribes publishers to participate in the cover-up
Microsoft Fired Hundreds of Workers Days Before Thanksgiving
Maybe it's time for Microsoft shareholders to reassess the true wealth and well-being of Microsoft as a company
Typical Microsoft Bully (Paid by Microsoft)
Some Microsoft staff doesn't know boundaries
Threats, Attacks on Women, and Other Tactics of Microsofters Will Always Backfire
California: An Epicentre of Psychosis Influenced by Silicon Valley?
Rejecting Fake Holidays
In the US, today is the day after Thanksgiving and nothing els
8GB Swiss Archive offered to Irish voters by Dáil candidate
Mr Pocock doesn't take orders from cyberbullies
Ireland Goes to Polls, Here's Daniel Pocock's Leaflet (Running as Independent in Dublin Bay South)
He seems to be the only geek running for Office
Daniel Pocock: Why you should follow my RSS or Atom feed, Irish elections, everybody wins
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 28, 2024
IRC logs for Thursday, November 28, 2024