Bonum Certa Men Certa

FUD Alert: Microsoft's Jeff Jones Aims His Lying Pistol at Firefox (Updated)

More lies reveal new fears

Jim Powers wrote to point out this bit from Glyn Moody:

So, Microsoft refers to a report that just happens to be written by one of its employees, but without mentioning that fact.


This isn't exactly new (Matt Asay pointed this out a couple of days ago), but it connects nicely to our observation that Microsoft uses its internal people and various hired 'analysts' to deceive the public. More on that in a moment, but first, here's Asay's take.

It's a convenient fiction that buying everything from one vendor makes life easier. It may make installation and integration between programs easier, but that ease leads to single points of failure. Hijacking a browser is nice, but using the browser to dig deep into the OS, to have that hijacking facilitated by a too-close tie between the browser and the OS? Even better.


For reasons that were briefly mentioned a couple of days ago, Microsoft likes to hide its patches (or simply not patch at all) in order to keep up appearance. There are some recent examples of this, e.g.:

1. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


2. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


Then, consider the invalidity of patch count.

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Only days ago, the weaknesses of Internet Explorer security were mentioned in the following article.

When Didier Stevens recently took a closer look at some Internet Explorer malware that he had found, something surprised him somwehat. He discovered that the IE-targeted malware had been obfuscated with null-bytes (0x00) and when run against VirusTotal, he found that fewer than half of the products identified the sample as malware (15 of 32). When all null-bytes were removed, the chances of successful detection improved, though not as much as would normally be expected (25 of 32 detections).


Going further back you'll find that IE7 has already been the victim of quite a lot of "critical" flaws (the highest level of severity, which compromises the operating system remotely, with or without user intervention). Examples include:

1. Code posted for Internet Explorer attack

"This type of vulnerability has been very popular with malicious attacks in the past, and we expect to see its usage increase substantially, now that exploit code is publicly available," security vendor Websense. warned in a note published Monday.


2. Microsoft probes possible IE 7 phishing hole

The vulnerability relates to the message IE displays when Web page loading is aborted, Raff wrote. An attacker can rig the message by creating a malicious link. The message will offer a link to retry loading the page; hitting it brings up the attacker's page, but showing an arbitrary Web address, he wrote.


3. Critical IE Graphics Flaw Resurfaces

It's bad enough when crooks exploit bugs to ruin a home computer, but the consequences of a successful attack can be much worse. A substitute teacher in Norwich, Connecticut, found that out when a computer she was using in her classroom suddenly started showing pornographic pop-up ads to everyone in the class. She now faces up to 40 years in prison after being convicted of willfully showing her students the images. A security expert hired by her defense, however, says he found malicious software on the PC.


4. Monthly Microsoft Patch Hides Tricky IE 7 Download

Opinion: Microsoft used the January 2007 security update to induce users to try Internet Explorer 7.0 whether they wanted to or not. But after discovering they had been involuntarily upgraded to the new browser, they next found that application incompatibility effectively cut them off from the Internet.


5. Attack code out for 'critical' Windows flaw

All recent versions of Windows are vulnerable when all recent versions of IE, including IE 7, are in use, according to Microsoft.


6. IE7 'critical update' causes headaches for managed desktop environments

As many organisations may not feel compelled to turn off automatic updates, they should be prepared to face this is issue when Internet Explorer 7 is downloaded and installed automatically.


7. IE 7 bugs abound

"But browser testers may already be at risk, according to security researcher Tom Ferris. Late Tuesday, Ferris released details of a potential security flaw in IE 7. An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system, Ferris said in an advisory on his Web site. Microsoft had no immediate comment on Ferris' alert."


8. Information disclosure bug blights IE7 release

The flaw stems from error in the handling of redirections for URLs with the "mhtml:" URI handler. Security notification firm Secunia reports that the same bug was discovered six months ago in IE6 but remains unresolved.


9. IE Used to Launch Instant Messaging and Questionable Clicks

First of all, you need to visit an infection site using Internet Explorer - this exploit doesn't work in Firefox, for example.


10. IE Exploit Could Soon Be Used By 10,000-plus Sites

First reported by Florida-based Sunbelt Software Tuesday, the bug has already been used to compromise PCs and load them with scores of adware and spyware programs, as well as other malicious code. Users surfing with IE 6 and earlier can be infected simply by viewing the wrong site.


11. Russian sites using new IE bug to install spyware

This is the second unpatched flaw found in IE over the past week. On Sept. 14, researchers posted code that could be used to exploit a different vulnerability in a multimedia component of the Web browser. Microsoft is still investigating that flaw and is not saying whether it too will be patched next month.


12. Seen in the wild: Zero Day exploit being used to infect PCs

The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. It is currently on and off again at a number of sites.

Security researchers at Microsoft have been informed.


13. Attack code targets new IE hole

Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.


Then, come to consider some comparisons, e.g.:

1. Which Is Safer: Internet Explorer 7 or Firefox 2.0

In the SmartWare test, Microsoft's Internet Explorer 7 blocked 690 known phishing sites, or 66.35 percent of the total. In contrast, Firefox blocked 78.85 percent when using a local antiphishing database and 81.54 percent when using the online database.


2. Firefox Still Tops IE for Browser Security

"Mozilla is forthcoming about vulnerabilities," Levy said, whereas "it takes Microsoft far longer to acknowledge vulnerability."

How much longer? "In the last reporting period, the second half of last year, Microsoft had acknowledged 13 vulnerabilities. We've now revised it to 31. The difference is that now Microsoft has acknowledged these vulnerabilities."

[...]

"Mozilla can turn around on a dime," Levy said. "Open-source programmers can recognize a problem and patch it in days or weeks."

And as for Microsoft?

"If a vulnerability is reported to Microsoft, Microsoft doesn't acknowledge it for at least a month or two. There's always a certain lag between knowing about a bug and acknowledging it," Levy said.


Other recent articles state that Firefox may have its weak points, but often they are the result of attempts to mimic IE functionality on Windows, which means that the fragile layer is the operating system, not just the Web browser. On operating systems security, consider the following articles from the past year:



The great value of GNU/Linux is something that Microsoft itself cannot deny. In fact, it wasn't long ago that it was 'caught' praising it. Microsoft's campus is full of Linux devices that the company is happy with.

What the press statement didn't mention is that Aruba mobility controllers run the Linux operating system which Microsoft has aggressively targeted as being inferior to Windows as part of its "Get the Facts" marketing campaign.

[...]

Pandey's appraisal of Aruba's technology is in stark contrast to Microsoft's "Get the Facts" rhetoric which places Windows as a more secure, and higher-performing choice over Linux.


Let's not forget that for many years, Microsoft has run its Web sites behind the Akamai clusters that are all GNU/Linux. As evidence, consider this recent blog post that contains a screenshot.

Microsoft has also bought companies whose entire infrastructure is based on GNU/Linux and Free software. Examples include the recent acquisition of Newsvine:

The funny thing is, The site is hosted on Debian Linux...


There is also the $6 billion acquisition of aQuantive:

This month's announcement by Microsoft to acquire digital marketing services firm aQuantive has revealed little on how the companies will integrate their IT, but inside information indicates the deal may be Redmond's largest commitment to free software.

[...]

Whether the businesses are complementary or not, Microsoft's integration work will no doubt involve a lot of open source software used by aQuantive.

Information available from Atlas' Web site indicates the Internet software company employs extensive use of open source software including Linux, Apache, MySQL, and Solaris.

Software engineers at Atlas' Raleigh office do client/server development in C and C++, software maintenance and "scripting", and developing and maintaining custom reporting capabilities.


Remember Hotmail, which ran a BSD for several years after Microsoft had acquired it? There are many more examples, but they would make this post extremely long.

”While Microsoft controls the media, buys the media, and even buys voices on the Internet, nobody can be trusted.“As promised, returning to the original point of this post, Microsoft can deny the truth all it wants, but we ought to judge things for ourselves. While Microsoft controls the media, buys the media, and even buys voices on the Internet, nobody can be trusted. The antitrust exhibit known as "Effective Evangelism" [PDF] shows that Microsoft has for a long time intended to hire analyst whose output only appears to be independent. One need only look a month back for a live demonstration.

Going a year into the past, Redmond Kool-Aid seems likely to have played a role in another story which turned out to be an anti-Firefox lie. It did a lot of damage even after it was called a lie, by admission of the claim's own so-called 'hacker'. More information here.

Lately, I read the headline: "Open Source browser Firefox is so critically flawed that it is impossible to fix, according to two hackers." Further on, in the ZDNet article I read: "The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding onto the bugs."

Since that sounds suspicious, I decided to start searching for connections with MS. Easy enough, here it is...


So, as you can see, the anti-Mozilla Firefox crusade has roots in the past. It remains to be seen how the media will respond to Microsoft's latest attempt to spread Firefox FUD.

Update: A Mozilla senior, who is also a former Microsoft employee, spills the beans on Microsoft and reveals more information about the deception mentioned above.

This is a small subset of all the vulnerabilities, because the vulnerabilities that are found through the QA process and the vulnerabilities that are found by the security folks they engage as contractors to perform penetration testing are fixed in service packs and major updates. For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


Recent Techrights' Posts

UKIP TV (GBNoise) Covers Challengers to UKIP Nigel, Daniel Pocock Mentioned
Way to get noticed
This Bubble is Bursting, Piecewise
It's nice to see Wall Street getting some reality checks
Can We Finally All Agree That UEFI 'Secure Boot' is a Sham That Harms Security and Gives Microsoft Remote Control Over All PCs and Servers (Even Those That Don't Run Any Microsoft Software)?
Cui bono?
 
Links 19/07/2026: People in China Are Buying Feelings and 404 Media Has Third Anniversary
Links for the day
Gemini Links 19/07/2026: Camping, Health, and Hardware
Links for the day
The State of Slopfarms
Slopfarms or LLM slopfarms are a menace and a problem on the Web
GNU/Linux Rising to 6% in Brunei
seventh in the world for GDP (PPP) per capita
Free Software is Like an 'Activist Movement'
People who argue strongly in favour of something (even very good things) will attract the wrath of those whom they oppose
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 18, 2026
IRC logs for Saturday, July 18, 2026
Links 18/07/2026: Chinese State Media Depicting Neighbours as Monkeys, US "Stocks Sink on Anxiety About Tech and Hey Hi (AI) Spending"
Links for the day
Gemini Links 18/07/2026: "Business Idiots Everywhere", "The Siren Song of DePIN", and Entering Geminispace
Links for the day
GNU/Linux in Lithuanian Desktops/Laptops Climbs to 8%, the Global Average
For its own national security it would be wise to abandon Windows
It's Not About XBox, Microsoft is Already Firing Hundreds of People Who Do "Security [sic] Engineering" [sic]
The official reason/excuse/lie told is something about slop, but no sane person would buy it (not even insiders who are impacted)
Bolivian People Adopt GNU/Linux (They Have a Domestic Distro Too, PluriOS)
Notice Windows falling to an all-time low
No Technical People Write About UK Parliamentary Elections
Almost none of them work in the media, which seems to favour parrots, slop, or parrots that use slop
"But Stallman is Scaring Away Women..."
Such dishonest projections (projection tactics) needs to be called out and refuted
First Female Debian Project Leader (DPL) Affirms Low Profile and Inferior Status of Women in GAFAM
3 months ago Sruthi Chandran was elected as Debian Project Leader (DPL) for a period of 12 months
After 5 Years Vista 11 Still Adopted Less Than Its Predecessor (Orphaned, End of Life Since Last Year)
Notice Windows going down to 40%
We Don't Depend on Google (or Search Engines in General)
there's a lesson here and it extends beyond sites
Only "Torvaldos" (Linus Torvalds) Can Use the F-Word, CoC Does Not Apply to the Enforcer, and Richard Stallman Punished for Using the Other F-Word ("Freedom")
"Linus Torvalds tells AI haters to fork off"
Explaining the Culture of Bulletin Board-Style Chat
Only desperate detractors would try to present something (cherry-picked) from IRC as some sort of official statement for Techrights
Independent, But Not Fringe
"Daniel Pocock is an Independent Candidate."
In Free Software, Nobody Gets Fired
Way to own one's code and project
PIP-Styled Mass Layoffs Allegedly Coming to Microsoft by 12 August 2026
Microsoft has been doing "silent layoffs" (PIPs and more) for quite some time
Daniel Pocock's Candidacy (Election of Member of Parliament) Mentioned in BBC and Over a Dozen News Sites Since Yesterday
Funnily enough, albeit not surprisingly, the same people who attack Pocock also attack us
Links 18/07/2026: Spotify Uses Slop Song Descriptions, "San Francisco Demands Removal of Nudify Apps"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 17, 2026
IRC logs for Friday, July 17, 2026
Gemini Links 18/07/2026: A Manifesto by The Dissident, Shokz Headphones, and Gemini Tinylog Reader (GTL)
Links for the day
IBM Already Tentatively Down for Next Week (Monday) After Its Worst-Ever Week
What a week for IBM!
Daniel Pocock as Independent Candidate, Now in The London Standard
"Daniel Pocock is an independent candidate."
Links 17/07/2026: Protests Erupt Throughout Ukraine and Anthropic Caught Secretly Spying on Users
Links for the day
Gemini Links 17/07/2026: "Silence Doesn't Mean Abandoned", Revisiting PalmOS in 2026
Links for the day
Andy Burnham as National Leader Would be Excellent for Techrights
Burnham has envisioned a British "centre of power" (or gravity) that moves northwards, isn't concentrated in the southeast anymore
Farage Out, Daniel Pocock in?
Can Pocock beat his previous voting record?
Layoffs at Microsoft Are Massive, Go Under the Radar for the Most Part
Microsoft is in a really bad shape
One Heck of a Week for IBM, the 'Grandpa' of 'High-Tech', International Business Machines Corporation (NYSE:IBM) Under Investigation by Bronstein, Gewirtz & Grossman, LLC
If IBM gets busted or might be busted, will the CEO jump, get pushed, or be arrested?
In Defence of Courts' Privacy Policies
If you want friends, go offline. Meet real people and share real experiences.
Why I Quit Academic Career (or Academia) Nearly 15 Years Ago
I am told by people who stayed that it has only gotten worse
“Why Open Source Misses the Point of Free Software”
As Dr. Richard Stallman once put it
GNU/Linux Grows at the Expense of Microsoft Windows in Croatia, Now Close to 8%
Croatia has been mentioned a lot lately in relation to EPO "lobbying" (vote-rigging)
27-Year IBM Veteran on IBM: "Worse than the Titanic and Perhaps Just Like Madoff, Enron, etc."
several comments we saw today envisioned the CEO of IBM in an orange suit (in US prison)
EPO "Cocaine Communication Manager" - Part XV - Nazi-Like Thinking at the European Patent Office (EPO) Not a Thing of the Past
antisemitism inside the EPO
Daniel Pocock Running for Office Again, Clacton-on-Sea By-election
By-election - code name "Pocock-on-Sea"
ServiceNow/ServiceLine and Slop at the EPO is Becoming a Health Risk to Staff
PD44 has historically been the oppressor at the EPO
IBM Can Burn Pensioners to Appease Wall Street and Protect the Billionaire CEO With His Humongous Bonuses
Its stock it set to open 2.82% in the red
IBM SHAREHOLDER INVESTIGATION: Potential Securities Claims Involving International Business Machines (IBM)
there's a risk of criminal action against executives
Tux Machines Moving Onwards and Upwards
"...tasks expand to fill the time available"
The Register MS is Publishing Spam for Gartner Group to Spread Hype About "AI", Mentioned 30 Times in the Paid (Fake) Article
One sure thing is, the so-called 'tech media' is profoundly compromised by American corporations
"Market Share" of GNU/Linux Nearly Trebled in Cambodia This Month
GNU/Linux is still measured at 8% by statCounter
GitHub is Dying (Traffic Down Despite Bots and Slop), Microsoft Will Eventually Cull it - Just Like XBox - to Limit the Losses
Do not stay on GitHub (Microsoft) under the false assumption that it is "free hosting" or will always be around
Teaser: Daniel Pocock is About to Go Mainstream Again
Stay tuned, Pocock has something in store
Microsoft Has Just Been Sued Over Layoffs
If the rumours are true, there is yet another wave of layoffs at Microsoft
Richard Stallman Always Cautioned, Upfront, That His Political Views Were Wholly Separate From His Scientific Work or GNU
Notice that he already spoke a lot about politics
Links 17/07/2026: Microsoft is Cutting OneDrive Coverage, Larry Ellison Sued by Paramount Investor
Links for the day
Nichirei and Asahi Beer Need to Take Cyberattacks as Hint of Opportunity to Move to Free Software
Windows TCO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 16, 2026
IRC logs for Thursday, July 16, 2026
Gemini Links 17/07/2026: Sunlight in the Clouds, Techno-Therapy, and Sloppifying Original Text
Links for the day