Bonum Certa Men Certa

Return of Charney's Lunacy and Latest BBC Propaganda: Microsoft Will Save the World From Insecure “Computers”

Security diagram



Summary: Microsoft's Charney, whom the monopolist hired from the US DOJ (U.S. Department of Justice), is getting a lobby boost from incompetent press; a quick look at Microsoft's very distinct security failures as of late

HERE they go again. Microsoft spin is being used repeatedly to describe the cause of great trouble (Microsoft) as an heroic rescuer and what better platform to distribute this spin than the MSBBC, which a lot of people perceive as trustworthy even though it's run by many former managers of Microsoft UK. The type of spin we see here is akin to the recent Russian spin [1, 2] (Microsoft as a friends of NGOs rather than the enemy) and going back almost a couple of years we find a more similar example in Conficker. Microsoft was not only a cause but also the party which benefited financially from Conficker; in order to spin it all, Microsoft pretended that it was hunting down the 'real' culprit and offered a generous bounty. The mainstream press fell for it and then used Conficker to portray Microsoft is the defender against "computer viruses". Here is some of our old Conficker coverage:





It was only last month that we saw Microsoft claiming credit for failing in security. Are journalists really so genuinely incapable of thinking? Why is spin being put in print so often? Why is the MSBBC, which British taxpayers pay for, playing along with this PR lunacy? It takes a lot of nerve to take this latest post from Microsoft's lobbying blog (written by someone whom Microsoft hired from the government) and turn it into a widely damned article which is titled "Sick PCs should be banned from the net says Microsoft". To quote some bits:

Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.

The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team.

[...]

Networks can consist of a few hundred to a few thousand Windows machines. However, some can contain millions of PCs.


It may seem like they call out Windows, but the article as a whole is just a platform for Microsoft's Charney to push forward his crazy plan of charging taxpayers to make up for Microsoft's negligence [1, 2, 3, 4, 5, 6, 7, 8, 9]. While BBC got all the flak, there are other British articles on the same subject (e.g. [1, 2]) and Pogson responded quite sarcastically:

Amen! That’s about 60% of PCs that should have GNU/Linux installed ASAP. That would really put a dent in spam and DDOS etc. We could direct out-going requests from zombies to http://goodbye-microsoft.com until they start showing better User-Agents. Would the zombie-masters start shipping false User-Agents? Sigh. Well. It was just a thought… I suppose M$ will prefer to sell a product that certifies a clean installation of their OS.


Simon Phipps was among those who slammed for the BBC for an awful article and Carlo Piana, a lawyer who favours software freedom and no software patents (yes, there are some good lawyers out there), chatted about it as follows:

Phipps: "Another lame BBC story about malware omits that it's pretty much all a Windows problem (& worse, hypes Microsoft)"

Piana: " but read: "There may be some who would say that MSFT shouldn't be on the internet until they get their own house in order"--Sophos"

Phipps: "I didn't feel that was a clear enough caveat to the general reader - just sounded snarky."

Piana: "yes, it was a poor example of journalism anyway and spinned too much in the wrong direction."

Last night in IRC, Chips B. Malroy wrote: "Let me explain why I am against this. It would impose a malware test on all computers before hooking up to the Internet, even those who do not have the security problems of Windows.

"Should we assume that the ISP's will do the 'test.' or will be be homeland security. Somebody has to scan your computer and this poses privacy problems as well. Since MS is admitting failure to protect computers (see first paragraph quoted) then MS should not be given this power."

"I have the perfect solution, just ban Windows," responded cubevector, "simple and effective :) "

"A plan from MS, after they already admit to not being able to protect users computers. Why should we trust them with this power? And you just know they will abuse it in an entirely monopolistic unethical way as well," Malroy expounded.

"[D]on't you think MS wants the power to scan your Linux computer for 'viruses' as well and shut you down too? Somehow, if MS got that power, I think they would have some sort of glitch and you and other Linux users would be banned from the internet."

cubevector replied by saying "my ISP runs Linux... kind of hard to ban Linux machines then" and Malroy ended by claiming; "We should be concerned with what MS does, they do it not as a courtesy but for a reason" (of course, they have shareholders).

"Canada Will Spend Peanuts on Cyber-Security" says this headline from Pogson, who resides in Canada just like cubevector. GNU/Linux seems to him like a good solution in this case:

If they really want to increase governmental security, they should plunk for GNU/Linux on desktop and server. The savings on licence fees will go a ways toward securing the system and that is way more than $3.5 million.


Glyn Moody has quickly crafted this wonderful response to Microsoft -- a blog post which he shrewdly titled "Dr Microsoft: Time to Be Struck Off" ("Doctor" because Microsoft/BBC calls some PCs "sick" rather than mention the operating system).

So, we're talking about computers "compromised with a bot": now, which ones might they be? Oh look, that would be almost exclusively Windows users. And why would that be? Because no matter how diligent users are in installing endless security updates to the Swiss cheese-like applications known as Windows, Internet Explorer and Microsoft Office, there are always more critical bugs that pop out of the proverbial digital woodwork to lay them open to attack and subversion.

[...]

For a researcher at Microsoft to attempt to avoid this inevitable conclusion by pushing the blame for this endless series of security lapses onto end users this way, and to suggest they, rather than Microsoft, should be thrown into the outer darkness. is beyond pathetic.


In other news relating to security, Slashdot is one among many Web sites that disappointingly blame Android for behaviour of applications which merely run on Android. Slashdot's own founder went with the headline "Many More Android Apps Leaking User Data" which is interesting because when it's "Windows apps" they say nothing about Windows; they usually just say something like "it's a bad app" or "malware" and assume the reader knows it's about Windows. Generally speaking, In the trade press, a Solaris bug is described as a "Solaris bug", a Linux flaw is described as a "Linux flaw", and a Windows virus is described as just a "computer virus". It's unjust as it is an unequal treatment which does not help buyers of computers understand the role of operating systems in security.

Only days ago we learned that Microsoft is issuing yet another emergency patch and the "flaw potentially affects millions of web applications and has been used in attacks already. The patch will fix the flaw in all versions of the .NET framework."

We wrote about this in [1, 2, 3, 4, 5]. It's an ASP.NET problem and here are some of the latest articles about it [1, 2, 3, 4, 5, 6, 7].

The Free software-hostile company [1, 2] known as Trend Micro is habitually mentioned in such articles right now and there are other security risks which only affect Windows even though writers neglect to say so (see [1, 2] for example). A Twitter.com flaw too turns out to be an Internet Explorer-only (and thus Windows-only) problem and few articles bothered to point this out. Here is one which did:

IE 'Twitter rolling' attack trivial to launch



[...]

An information disclosure threat in Microsoft's Internet Explorer affects all supported versions of the browser and, among other things, makes it trivial for attackers to force victims to post attacker-dictated messages on Twitter, a security researcher said this week.

The “Twitter-rolling” attack, which was first described last month, is the result of the way the browser parses CSS, or cascading style sheets, security researcher Chris Evans said. In an update posted on Wednesday, he demonstrated just how easy it is to exploit the flaw and said that “Microsoft have not stated when users of IE6, IE7, and IE8 will be afforded protection.”


How can Microsoft honestly pretend that all operating systems are equally unsecured. In recent weeks we have been hearing about Zeus affecting and infecting millions of Windows users [1, 2, 3, 4, 5] and over 80 people are now being arrested rather than the flaw/s they exploited being fixed. It does nothing to prevent other people from doing just what they did. Those arrests which are reported mostly in the UK [1, 2, 3] address the wrong issue by going after the exploiter rather than the negligent party which is responsible for making it all possible, whether by design or through negligence (it should not matter much). "Zeus Trojan Arrests Show Cybercriminals Getting More Vulnerable" says this one headline, but cybercrime should be solved by hardening software, not by calling the police. It just does not scale and it's extremely expensive (also to the public which covers these costs).

The damage can, at times, be much greater, especially if Windows flaws lead to nuclear warfare or famine. From India, where food is highly essential and less abundant than in other countries, we now learn that "Operations were shutdown for nearly 5 hours in "More" [food] retail outlets because of virus/bug/failure in Microsoft windows". The site says:

Apart from a large range of national brands, shoppers will also find a section called the Best of India, which is an assortment of unique products sourced from across India.


Well, too bad Windows flaws put that food out of reach for almost 5 hours, eh? This is the type of thing that can happen in all stores under conditions of war. It is far too risky to put one's weapons or food (human energy) in the hands of some overseas company with absolute control over the code. Bruce Schneier has finally gotten around to writing this long article about Stuxnet. He does not rule out the possibility that Stuxnet was crafted very much for a specific purpose.

Stuxnet was expensive to create. Estimates are that it took 8 to 10 people six months to write. There's also the lab setup--surely any organization that goes to all this trouble would test the thing before releasing it--and the intelligence gathering to know exactly how to target it. Additionally, zero-day exploits are valuable. They're hard to find, and they can only be used once. Whoever wrote Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.


For more information we shared about Stuxnet, see the links below. Who is Microsoft to label PCs "sick"?



Recent Techrights' Posts

Ireland Last to Report Election Results
Daniel Pocock's involvement in Australian politics goes back to his university days
Never Sleeps, Never Slumbers
We're going to try to improve not just in quantity but also in quality
EPO Has Gotten So Bad That Workers Need to Ask to be Allocated a Desk (at Work)
Wow!!!! An “allocated workplace”!!
 
Gemini Links 12/06/2024: The Rodent Revolution and Adding Twisty Puzzles
Links for the day
Links 12/06/2024: Ukraine War Updates and Many Patents Being Subjected to Squashing Bounties
Links for the day
[Meme] The Purpose of Life is to Find a Desk
dogs have desks
Tux Machines Parties Going Well Do Far
Cross-posted from Tux Machines
In Many Countries, Both Large and Small, Vista 11 is Losing Market Share (Despite New PCs Coming Preloaded With It)
One need not even consider large nations in isolation
By "Going Public" the Raspberry Pi Ensures It'll No Longer Serve the Public
It'll be owned and controlled by whatever people wish to control it
Dave Wreski Also Plays the Bot Game (Chatbot) at LinuxSecurity to Fake 'Articles' About "Linux"
How much longer can they fool search engines (SEO) and readers?
[Meme] Indisputable Success
MICROSOFT buys shares of MICROSOFT
Links 12/06/2024: 'Hey Hi' (AI) Bubble Imploding Already, Danish Media Threatens to Sue OpenAI
Links for the day
Links 11/06/2024: Floods in Germany and Brazil, Political Violence
Links for the day
Gemini Links 12/06/2024: Sketching Plants, OpenBSD Pubnix
Links for the day
"2025 the year of Linux on the Desktop"
Charlie Stross quote
In Bahrain, Historically Low on GNU/Linux Adoption, Things Change for the Better
They have some people who understand Free software
Daniel Pocock Received Twice as Many Votes as Andreas Tille (Debian Project Leader After 2024 Election)
From the media yesterday...
Debian is Built by Hundreds of Volunteers and 524 Irish People Voted for Daniel Pocock
524 in that area went to the polling station to vote Daniel Pocock (Ind)
[Meme] RMS is 'Too Old', Says Company Run by a Person 5 Years His Junior (Ginni Rometty) and 10 Years His Junior (Arvind Krishna)
Never again?
[Meme] Women in Computer Science
Grace Hopper, Ada Lovelace etc.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 11, 2024
IRC logs for Tuesday, June 11, 2024
Togo: GNU/Linux Growing Fast This Year, Now Measured at 6%
Sending Bill Gates with a suitcase to bribe African officials isn't enough anymore
Free Software Projects Need to Chase Away Men Who Attack Women Rather Than The Women Who Complain
A just society holds people accountable rather than covers up such blunders
Improving the Image of Women in Free Software by Hiring and Promoting the Proficient Ones
Million's shaman background isn't the problem, or even the superstitious ghost-chasing. The problem is that she has absolutely no background in Free software.
They Say Cash is King
People who value their freedom will pay with cash any time they can
'Team Microsoft' Wants to Leverage Our Popularity as a Weapon Against Us
In the past 2 days we published 64 articles and served over a million HTTP/S requests
[Meme] Microsoft Has Enough of Its Own Problems (Layoffs Abundant), It Won't Rescue IBM or Canonical
"It's OK, we're partners"
Know Your Allies, Know Your Enemies
The answer to censorship attempts is more speech, not less speech
Debian is Back to Taking Money From Microsoft, the Company That's Attacking Linux From the Inside
If Debian fails to understand what's wrong with it, that's a problem
Ghana: Windows Down From 97% to Just 15%
The doors are closing on Windows
Links 11/06/2024: Practice of Retaliatory Layoffs at Microsoft
Links for the day
Gemini Links 11/06/2024: GMID 2.0.5 and More
Links for the day
The United States Will Cut Off or Cull Firefox
It is only a matter of time
[Meme] Firefox Is Not an Alternative to Google, Only to Chrome (and It Has Become Proprietary or OSPS Like Chromium)
The illusion of remaining "choice" on the Web
No, the World Wide Web Isn't Open (and Hasn't Been for Years)
It's proprietary all the way now
The War on Free Software Reporters - Part VII - Groupthink, Censorship Demands, and Ultimatums
There's a lot of groupthink in the Free software community
Microsoft Told Us That LLMs Were a Boon for Azure and 'Clown Computing', But the Thousands of Layoffs This Month Prove That It Was a Lie All Along
Azure is collapsing
Why We Post Statistics About the Usage of Operating Systems Worldwide
We're hoping to see GNU/Linux at over 10% (on desktops/laptops) some time in the coming years
Winning Defamation Cases is Incredibly Difficult (for Plaintiffs), Even in the United States and the United Kingdom
SLAPP should always backfire
In Kuwait, Microsoft's Windows Fell From 97% to Just 15%
According to statCounter
GNU/Linux in Philippines Climbs to New Levels
This is an all-time high
Links 11/06/2024: Windows Outcry and Climate News
Links for the day
Tux Machines Was Always a Women-Run Site (the Real Voices of GNU/Linux, Not Political Props in Corporate Events)
Corporate "diversity" is more of a marketing/PR gimmick than real, genuine diversity
Macao: GNU/Linux Desktop/Laptop Operating System Market Share Rising Close to 7%
GNU/Linux Rises to Record High in Macao
FSF is Now 50% Female, Unlike Red Hat (Which Moaned About Lack of "Diversity" at FSF)
Isn't the hypocrisy just astounding?
Since COVID-19 Lockdowns Windows Fell From Almost 50% to Just 10% in Loas
According to statCounter
[Meme] Quantity Says Nothing About Worth, Value, or Quality
People will generally gravitate towards things of quality and reputation
Microsoft's Windows in Gabon: From 20% 'Market Share' Down to Around 10% in a Few Months
Gabon is not a small country
Meanwhile at canonical.com
Canonical knows exactly what Ubuntu users want
[Meme] Microsoft (and the NSA) Will Never Forget
The user trying to permanently disable 'recall'
Windows Falls Below 20% in United Arab Emirates This Month
According to statCounter
"Windows 11's Recall AI, known to take snapshots and recordings of user computers regularly, including key presses, was discovered to store all its information in an unencrypted local folder."
"You can copy the data from another user's "recall" folder as another user."
Fedora Week of Diversity (FWD) 2024 Outsourced to Proprietary Spyware of GAFAM
Need to use proprietary software to participate
IRC Proceedings: Monday, June 10, 2024
IRC logs for Monday, June 10, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Clown Computing is Better For...
Clown: they said clown computing enhances security
One in a Thousand Voters Chose to Vote Daniel Pocock (as First Preference)
He got about 4 times more votes than what had him win FSFE elections
Daniel Pocock on Good Performance in His EU Election Campaign: Thanking the voters of Midlands-North-West, Ireland
Reprinted with permission from Daniel Pocock
The 'IT Industry' is Already in Ruins
The "powers that be" do not want the "hoi polloi" to possess skills and systems
Microsoft's Windows is Sliding Away Into Minority Platform Territories, Even in Rich Countries With Affluent Computer Users
We seem to be striking a nerve at Microsoft every time we say this
Self-Hosting Should be Taught and Embraced, Outsourcing Creates More Problems (or Risks) Than It Solves
One can control one's destiny...
Links 10/06/2024: Homeownership and The Wall CGI
Links for the day
NotABug.org as Another Cautionary Tale About Outsourcing One'e Code-forge (Relying on Other Parties)
Not "bashing", just pointing out a pattern
Gemini Links 10/06/2024: Planning Gemini Hosting Service and Gemini Table Markup
Links for the day
Revisiting Albania and Neighbouring Countries Where Windows Took the Plunge
a region of Europe (and some of it part of the EU) where GNU/Linux has decent adoption
[Meme] Irish Politicians Who Offer G.A.F.A.M. a Tax Evasion Haven (for Legalised Bribery)
Still no data on Ireland
Featuritis as Threat to Computer Security
Featuritis explained
His Last Tweet (July 2017)
No report to the police, 'justice' by social control media
[Meme] All That Will be Left is a Mountain of Fake Patents and Kangaroo Courts to Enforce/Endorse These
Can the European Union afford apathy on this blunder?
EPO Insiders' Report on Repeal of the Conditions of Employment (CoE) for Interpreters and Award of contract for Healthcare Insurance Administration Services
the EU is too focused on Putin's Russia to even care about its own corruption
When Microsoft Started the Chatbot/LLM Hype ("Bing Chat") Google Had 98% of the Largest African Market, Now It Has nearly 100%
While we're not arguing that Google Search [sic] and Android will emancipate these people
OpenSSH Must be Taken Very Seriously and Not Left for Microsoft/NSA/GCHQ to Handle
No distro should leave such critical packages at the hands of fake security crackpots
Links 10/06/2024: Microsoft's Phil Spencer Asserts that Mass Layoffs Are Growth, Microsoft/Windows/HP Bricking PCs Via ProBook Firmware Updates
Links for the day
Mozilla Firefox Web Browser Fell below 2% in Brasil This Month
Browser Market Share Brazil
[Meme] Totally Microsoft
Even screenshots are "AI" now!
Signs of Trouble for Microsoft in Brasil: Vista 11 Down Sharply While GNU/Linux Grows
Brasil has a huge population, second only to USA in the Americas
[Meme] The 'S' in 'GCHQ' Stands for Security
And the "D" in Debian stands for defamation
Jacob Appelbaum wanted SFTP package uploads to Debian
Reprinted with permission from Daniel Pocock
Another Large Country Where Vista 11 Fell to Usage Levels No Better Than 16 Months Ago
converted to or replaced by GNU/Linux?
Why Microsoft is Grieving Deep Inside
Microsoft has no clear roadmap other than hype campaigns in Microsoft-sponsored sites
Birthday Over at Tux Machines...
It brings sadness only to jealous people
[Meme] Fake Security If When You Ask Microsoft If It is Safe to Boot Into Linux
Classic UEFI mindset
Gemini Protocol Turns 5 Exactly 10 Days From Now, Let's Encrypt CA Falls to 7.3% as Over 90% of Capsules Sign Their Own Certificates
Gemini Protocol officially turns 5 only 10 days from now
Links 09/06/2024: Facebook Enabling Online Fraud, Apple Already in Trouble for iOS 18 “Web Eraser” Tool
Links for the day
Microsoft as a Distant Third in Hong Kong
in Hong Kong, unlike in "proper" China, Google isn't blocked (yet)
United Kingdom: Microsoft Crashed Since 'Bing Chat' (LLM/Chatbot Hype), Google Search Rose Almost 3%
Contrary to what Microsoft-funded media wants people to think
Why IBM Bought Red Hat, According to Comments in thelayoff.com
From this past weekend
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 09, 2024
IRC logs for Sunday, June 09, 2024
Suicides Don't Move Cases Forward
The whole thing has only been a total waste of time for everyone, except the unemployed "Lobsta", who turned online harassment against perceived enemies into a hobby that Canadian taxpayers foot the bill for
Integrity Fail & Debian Social Contract
Reprinted with permission from Daniel Pocock