01.09.08

Novell’s Privilege Escalation Vulnerability and the Microsoft Software Police

Posted in Asia, Deception, Free/Libre Software, FUD, Microsoft, Novell, Security, Windows at 11:02 pm by Dr. Roy Schestowitz

Admittedly, there is little or no news to see here. However, a few new articles do raise a point that leads to further discussion.

The number of vulnerabilities in Novell’s products gives cause for concern, but then again, no software is intrusion-proof. Here is one of the latest examples:

A vulnerability has been reported in Novell ZENworks Endpoint Security Management, which can be exploited by malicious, local users to gain escalated privileges.

There are some other recent examples such as this one.

On the following day, some reports appeared which reaffirm the fact that (free) open source software is indeed secure.

11 open-source projects certified as secure

[...]

Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.

It’s truly reassuring, but watch this (published yesterday):

Sounds familiar?

Question: When I tried to download OpenOffice, I got a warning from Windows that it was a security risk because it had no known publisher. Can you help? – H.N., Swansboro, N.C.

As you can see, there is discrimination, some of which may be deliberate. Less knowledgeable users can be intimidated by the warning and then back away. Similar accusations were made in the past by Firefox users who had been blocked in a variety of ways under the Windows platform.

It was only a week ago that we saw Microsoft using "security" as an excuse for disablement of important features. It once again used the security wand to support an anti-competitive agenda and later tried to deny this. There some good background reading to all of this. Consider the references below to be decent accompanying literature. Highlighted using bold fonts are fragments of interest.

Software Police

Have a look at this recent incident where Microsoft was accused of of becoming the “software police”.

Microsoft Corp. last week slammed the door on a free utility out of Australia that outflanked one of the company’s touted security features in Windows Vista, by having the program’s digital certificate revoked….

Linchpin Labs’ Atsiv utility, released July 20, used a signed driver to load other, unsigned code into the Vista kernel, according to U.S.- based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said
Whitehouse, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally signed code to be loaded into the operating system’s kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel — the heart of the operating system — with, among other things, rootkit cloaking technologies that hide malware from security software.

Patents Authorities

Now, consider the BSA as well. It is another form of proxy for Microsoft, as it has always been. It absorb people’s hate while making Microsoft seem like the ‘good cop’ among the pair. Watch how they lobby for patents.

A report published by an EU task force on intellectual property claims that small businesses benefit from a patent system, despite lacking almost any participation by the small business community.

Instead, the report, titled IPR (intellectual property rights) for competitiveness and innovation, was written up almost entirely by large corporations and the patent industry.

[...]

The report does note objections from the likes of patentfrei.de and Sun Microsystems, which were recorded at some length in the report. But this does not appear to have impacted the conclusion of the report in any way

[...]

Jean-Pierre Laisne, of ObjectWeb, an open source software community, said that he found the report useless: participants were told that all their contributions would be recorded but at the end only those of Business Software Alliance and Microsoft were used.

Here is another good (and recent) item about this pairing.

While there may have been the Enrons, Haliburtons, and other companies that members of We Are Change have to deal with, there are two main companies/groups that we have to deal with:

* Microsoft
* The Business Software Alliance

It’s a symbiotic relationship of sorts between the two. One is supposed to make sure that users have shelled out an arm and a leg for their copies of software, yet it is used by the other to blackmail these same users. For now though, let us focus on the Redmond, Washington software company. In Michael Moore’s Fahrenheit 9/11, there was a brief clip that allegedly showed a meeting of many companies who were talking about Iraq (second invasion of… at least it was implied to me anyway), and one of the names dropped: Microsoft.

Inflating Figures

Criminologists are notorious because of their affinity for practices where certain figures get overinflated. They use fear and exaggeration to change laws and call for radical action. In some cases, criminologists who speak on behalf for the software and music industry were forced to admit that they made up their figures. Case of point:

The figure represents 10 percent of software piracy losses in China in 2006, according to the Business Software Alliance.

Making Free Software ‘Illegal’

Watch some examples where bodies such as the BSA (it has equivalents with similar names in other countries) hurt Free software.

Example #1: Why open source has always deserved a census

Ever since we learned that the Canadian Alliance Against Software Theft doesn’t take into account open source software when it comes up with its annual piracy statistics, we stopped reporting their numbers. When you only look at proprietary shipments, you miss a great piece of the puzzle. We just don’t know how big a piece it is.

Example #2: Hypocrisy off the port bow!

Admiral Holleyman of the Bull Shit Association dares claim that our craft makes his skainsmates lose (that’s the opposite o’ win, for all ye spelling-retarded coppocias) $11 billion US dollars every year. Hoy-day! A flight of fancy I’ve ne’er seen before such bardleture came before me! Such presumptuous posy overflows my yellow bile. As if every man of the brotherhood would actually buy the programs he pirates! Bah! Next, I wager he’ll be so bloody daft to presume that blokes should actually read a license agreement, the likes o’ which have never been, and may yet never be enforced in full.

Example #3: Get free software and save a fortune

The report, South African Open Source Market, said allegations by large developers, led by Microsoft, and the Business Software Alliance, of piracy and copyright violations have cast a shadow over the legitimacy of free software.

Example #4: Legality of Fedora in production environment

Recently the appropriate laws in my country (Russia) have beens ignificantly toughened. Now the police can check for illegal software usage by their own initiative (without request from the owner). The tax inspection demands that software should be registered at accounts departments.

During such a checking, the user is obliged now to show all hardcopy license documents (with original signatures and stamps).

Example #5: What about selling free software

Gervase Markham, the Mozilla Foundation’s licensing officer, in an article in the Times Online, talks about being questioned by a northern UK Trading License Officer about giving away software.

The trading officer was concerned by a group that was burning the free Mozilla Browser on CDs and selling it.

Seen enough yet? It’s not a matter of incompatibility with the law; it’s a case of FUD, bullying, discrimination, and scare tactics. A lot of this is traced back to the BSA, whose chief funding source is Microsoft.

Crocodile Tears

Ironically, despite all these complaints about copyright infringement (they call it “piracy”, which Stallman would consider a propaganda term), Microsoft actually thrives thanks to non-paying users.

But the truth is that Microsoft is happy with the way Windows Vista piracy is evolving. Is there a catch to this? No. The fact of the matter is that Windows Vista has delivered a heavy blow to software counterfeiters. The reason for this is the new Windows Genuine Advantage security mechanism integrated into the operating system.

You may not notice this on the surface. On the surface, the Internet is crawling with Windows Vista cracks, hacks and workarounds. On the surface, every Windows Vista edition has been cracked and is available for download via peer-to-peer networks. But this is not the true extent of Windows Vista piracy.

At one stage, even a top Microsoft executive admitted this. The press caught a slip of the tongue last year.

Let us never forget the the ultimate aim is to have people dependent (or “addicted” to Windows, as Bill Gates himself would put it himself).

“Microsoft’s strategy of getting developing nations hooked on its software was clearly outlined by Bill Gates almost a decade ago,” said Con Zymaris, CEO of long-standing open source firm Cybersource.

Specifically, Bill Gates, citing China as an example, said:

“Although about 3 million computers get sold every year in China, but people don’t pay for the software,” he said. “Someday they will, though. As long as they are going to steal it, we want them to steal ours. They’ll get sort of addicted, and then we’ll somehow figure out how to collect sometime in the next decade.”[1]

One important reason for Microsoft’s great fear of GNU/Linux (Linux is among Microsoft’s #1 threats, if not the only #1 threat) is its effect on Microsoft’s pricing (tariff). From the Observer:

Microsoft seals its Windows and opens the door to Linux

Now comes the really interesting question. With Vista’s activation technology, Microsoft has the power to stamp out piracy everywhere. But will it choose to do so everywhere? After all, if folks in China or Thailand or Ethiopia have to pay for Vista, they won’t be able to run it because they won’t be able to afford the licence fee. In which case they may finally wake up to the attractions of free software such as Linux – and it’s easy to imagine what that will do to Microsoft’s plans for world domination.

It’s a delicious prospect: Microsoft impaling itself on the horns of a dilemma it has created for itself. Roll on Thursday.

Lobbying in the Philippines Again

Last month we gave some examples of Microsoft lobbying in the Philippines. Only days ago we wrote about OOXML lobbying in the country and subversion of the “Open Source” definition.

It would quite timely to point out that the BSA is hard at work in the Philippines where there’s great pressure on the government, whose citizens are urged to embrace Free software.

A FOSS Bill was seemingly intercepted by the BSA and its allies/funding entities last year. Here is a report about the hearing.

Listed for November 15th, the hearing by The Committee on Information and Communications Technology has invited comment from various stakeholders potentially affected by the bill, including community representatives as well as industry giants Microsoft and Oracle.

Here is another.

In his Nov. 21 column, Conrado Banal said I did not really author the bill “Free/Open Source Act of 2006″ now pending in Congress. And quoting the Business Software Alliance (BSA), he also derided the bill as a “prime model of confusion.”

Let me assure him that I authored the bill. My office worked on it for four months. It started with a suggestion from FOSS (free/open source software) advocates in the Computer Professionals Union (CPU). Modeled after the Brazil and Peru FOSS policies, it is the result of inputs from various geeks, techies and FOSS practitioners–from my two staff who happen to be competent IT professionals, IT lawyers in the UP College of Law, members of the Philippine Linux Users Group (PLUG), GNU/Linux guru and prime advocate Richard Stallman of the MIT-based Free Software Foundation, who personally e-mailed his very valuable comments. It also contains inputs from the government’s Commission on Information and Communications Technology and the International Open Source Network of the UNDP.

People are encouraged to remember what role the BSA serves. It doesn’t serve a role as much it is serves a company.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2008/01/09/security-police-bsa-microsoft-novelll/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Half the People in This Letter Are IBM Employees

    IBM seems to be continuing its war on the FSF because IBM wants to own everything (CentOS being ‘canned’ was just part of the plan)



  2. The OSI Song

    The sad demise of OSI, which has become little but a front group of proprietary software companies in pursuit of openwashing services (and outsourcing to proprietary disservices looking to eradicate copyleft)



  3. [Meme] OSI is Doing Just Fine

    So what if OSI is run by someone who raised money from Microsoft (to sell Microsoft a keynote slot in a copyleft event — the thing that Microsoft attacks through GitHub!) while funnelling the OSI's funds to a serial GPL violator?



  4. The OSI's Defunct Elections (Privacy Breach), Conflict of Interest (Nicholson), and Other Lingering Problems

    The above, together with an email from the OSI below, serves to show they’re re-running a bad election and — yet worse! — there appears to be a conflict of interest implicating the OSI’s sole member of staff!



  5. Links 30/7/2021: Audacity 3.0.3 and KD Chart 2.8.0

    Links for the day



  6. Links 29/7/2021: siduction 2021.2 and Xubuntu 21.10 Dev Update

    Links for the day



  7. GitHub is Racism

    Microsoft has the world's most racist code hosting repository; it wasn't like this when Microsoft took over as the racist policies were added to impress Donald Trump, who would later rig a procurement/tendering process to bail out Microsoft (10 billion dollars from the Pentagon, i.e. taxpayers)



  8. [Meme] António Lost His Power Over Patent Examiners

    Team Campinos at the EPO must be rather stressed at the moment; the people who do all the work can go on strike any time (or all the time, until/unless demands are met)



  9. European Patent Office is Going on Strike (or Strikes)

    The staff of the EPO is ready to strike like never before (dissatisfaction and outrage over 8 years of gross injustice, namely Battistelli's breach of fundamental rights, including the right to strike)



  10. Crying “Wolf!” About Systemd is Only Beneficial to IBM and Systemd Developers/Pushers

    Microsoft controls Systemd only to the extent that Systemd is controlled by GitHub, which is in turn controlled by Microsoft; But Systemd has long been on that proprietary platform (its developers don’t truly value software freedom) and this has long been a problem, even before Microsoft hijacked it for coercive power



  11. Links 29/7/2021: Mesa 21.2 RC3, FSF Responds to Microsoft's 'Hey Hi' Attack on Copyleft

    Links for the day



  12. IRC Proceedings: Wednesday, July 28, 2021

    IRC logs for Wednesday, July 28, 2021



  13. [Meme] No Crime Goes Unrewarded at the EPO

    It is more or less undeniable that from a legal and functional perspective the EPO is already defunct and is still perishing under a couple of Mafiosos whose sole interest is cover-up and grifting/plunder (of what’s left of the Office after almost 40 years of goodwill/reputation); the recent G 1/21 fiasco was just icing on the cake and the EU’s insistence on a patently unconstitutional UPC (more legal powers for chronic EPC violators) actually weakens unity in Europe (by discrediting the Union)



  14. [Meme] There's Always a Way (When Financial Results Are Not So Good...)

    Too many US ‘tech’ companies still lie to their investors. They choose financial engineering instead of real engineering.



  15. Links 28/7/2021: OPNsense 21.7 and MX Linux 21 Beta

    Links for the day



  16. The One Reason I Cannot Get 'Google News' (or Google) Completely Out of My Life

    Google has got almost a monopoly on (nearly) real-time news syndication; this is why, for our Daily Links at least, we still rely on Google News to a certain extent



  17. [Meme] When Sociopaths or Psychopaths Run Europe's Second-Largest Institution

    The EPO has a very profound issue because it is run (and ruined) by insecure thugs with inferiority complex, so they form cliques of friends of theirs instead of actually qualified people, in effect creating personality cults that laugh at the law and disregard any obligations to the institutions/staff they were entrusted to manage



  18. Links 28/7/2021: GCC 11.2 Released

    Links for the day



  19. Microsoft 'Loves' Linux So Much That It's Spreading FUD About It All Over the Media for 3 Days in a Row (So Far)

    The stubborn cult at Microsoft likes telling us all — especially officials and decision-makers — a bunch lies like, “we invest [some amount of money] in security” and “security is our goal”, but in reality the money is sunk into hiring (‘buying’) firms with “security” in their name, bribing publishers for mindless PR/platitudes that cast critics of Microsoft insecurity/ies as “fanatics”, “bashers”, “jealous”, “irrational” et cetera; finally, actual money goes into collaborations with the NSA on back doors, i.e. the exact opposite of security. The video above is a follow-up or sequel for something we meme-ified two days ago; we’ve since then included more examples (with editorial comments added to the links) in our News Roundups/Daily Links; Western media follows the same script we saw in Indian Web sites on Sunday and the objective is to paint Linux as “equally insecure” if not less secure than Windows. As already noted on Sunday, in a much longer video, the ‘Linux’ malware (it has nothing to do with Linux itself!) needs user intervention, neglect, or even sabotage to even get on the compromised systems in the first place. One can guess what situation or which incidents Microsoft is ever so eager to distract/deflect from…



  20. [Meme] EPO Asked to Comply With the Law and Correct Behaviour

    EPO staff wants reparations for monumental abuses, but the “Mafia” of Benoît Battistelli and António Campinos will never allow that to happen (we saw the same regarding the unlawful composition of internal courts)



  21. The Unfunny Joke That Microsoft Cares for 'Developer Rights'

    Microsoft propaganda urging software developers to find comfort in a prison of Microsoft (proprietary software monopoly) is a symptom of dying media, or thinly-veiled PR looking for a buck



  22. IRC Proceedings: Tuesday, July 27, 2021

    IRC logs for Tuesday, July 27, 2021



  23. Links 28/7/2021: PulseAudio 15.0 Released, World’s Slowest Raytracer

    Links for the day



  24. Links 27/7/2021: New Godot Engine Beta and a Call for Funding of GIMP

    Links for the day



  25. The EPO's 'News' Page Annotated

    From the above: Greenwashing; Offshoring; ViCo nonsense; Openwashing; Patents=space travel? Faking empathy; Patents as monopoly; ViCo whitewash; Constitutional hogwash; ViCo propaganda; Pinkwashing; Whitewashing GDPR violation; Self-praise; Exploiting pandemic for $; More openwashing; Protectionism; Outsourcing; Occupying the legal system; Grifting and PR; 'Legalising' EPC violations; More surveillance; Patents as sharing?; Patents as mere info? Lobbying by litigation firms; Proprietary/MS



  26. Playing With Fire: The Linux Foundation Associates the Linux Brand With Proprietary Software and GitHub (as Usual)

    Racist IBM is once again using or misusing the “Linux” brand (through the Linux Foundation) to promote racist Watson (which is also proprietary software); the ‘Linux’ Foundation is now revisionism as a service (not just in service of its own mythology, e.g. the operating system starting in 1991 rather than 1983)



  27. Links 27/7/2021: KDE Plasma 5.22.4, Libinput 1.19 to Include Hold Gestures

    Links for the day



  28. Recording Videos With Webcamoid on GNU/Linux

    A lot of people use OBS Studio or similarly high-profile Free software that's mostly designed for live streaming; but this video is a bit different as it takes a look at Webcamoid, which not many people even know about, explaining the current setup that's used to record pretty much every video we make



  29. Getting News and Updates Over Gemini (in General and for Techrights)

    Gemini (gemini://) is very well suited for 'consumption' of news; the hardest part is getting past the simple fact that not every article needs to have pictures in it and syndication (for updates) isn't done through social control media



  30. IRC Proceedings: Monday, July 26, 2021

    IRC logs for Monday, July 26, 2021


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts