Summary: The latest inexcusable security problems in Windows (affecting software as old as one decade) and how Microsoft pushes additional control mechanisms (restrictions) via Windows Update

"Unpatched IE bug exploited in targeted attacks," reports The Register and what's truly mystifying is that Microsoft refuses to end support of old Web browser versions, whose lifetime is partly caused by Microsoft's misuse of web standards:

Unknown attackers have been targeting a previously unknown vulnerability in Internet Explorer to take control of machines running the Microsoft browser, security watchers warned on Wednesday.

The exploits were hosted on a page of an unidentified website that had been breached without the owner's knowledge, according to antivirus provider Symantec, which discovered the attacks a few days ago. The perpetrators then sent emails that lured a select group of people in targeted organizations to the booby-trapped page, causing those who used IE versions 6 and 7 to be infected with a backdoor trojan.

This causes expensive havoc that everyone must pay for (not just Internet Explorer users because costs are collectively covered). SJVN has valid reasons to complain:

God help us: Internet Explorer 6 Lives On

Please, please, just let Internet Explorer 6 die. It was an awful browser even in its day, 2001. The only reason it became popular was that Microsoft got away with illegally beating Netscape into the ground. Unfortunately, many corporate developers created crude, IE 6-specific Web applications that we’re stuck with to this very day. And, now thanks to Browsium’s UniBrows, we may be stuck with for many more years to come.

UniBrows will let users run IE6 within IE8. Yes, that’s right; people will be able to keep running IE 6 for years to come.

All these security problems may also allow Microsoft to sell the 'medicine' and take even more control over people's PCs (e.g. flagging which applications are "good" and "bad" and sometimes flagging controversial ones as "bad" too, as is currently the case with an application that demonstrates wireless-imposed vulnerability in large sites). In order to push this control mechanism into Windows even more rapidly Microsoft may be exploiting anti-competitive advantage, based on this new article that says "Microsoft Security Essentials now offered via Windows Update":

We're big fans of Microsoft Security Essentials -- it's lightweight, free, and offers malware protection that's every bit as good as (if not better than) more recognized names like Norton and McAfee (quit giggling, DS regulars...). Today, Microsoft has begun offering Security Essentials as an optional install via Windows Update.

Based on the comments, this is not entirely new. It does not make it any more justified, though. Just as a bogus threat (alarmist calls) of "cyberwar" is used by authorities to gain power and take more control over the Internet, Microsoft may be using security problems in its own software to take greater (and remote) control over it. It's already similar with Apple, but its customers are more willing to accept servitude, with hardly even resistance or protest.

For computing one controls, Free software is an essential ingredient. Transparency breeds trust. ⬆