Bonum Certa Men Certa

Another Reason to Avoid Mono: Security

"At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic]."

--Miguel de Icaza



For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.



Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.


Also in the news today is this alarming issue of 7 "critical" flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.




Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what's left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what's left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF's recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____ 1) "EFF Wins Protection for Security Researchers" (2007)

2) "Vista's Security Rendered Completely Useless by New Exploit" (2008) "... a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista..." "... the work is a major breakthrough and there is very little that Microsoft can do to fix the problems..."

3) "This Bug Man Is a Pest" (2008) "...His syllabus is partly a veiled attack on McAfee, Symantec and their ilk, whose $100 consumer products he sees as mostly useless. If college students can beat these antivirus programs, he argues, what good are they for the people and businesses spending nearly $5 billion a year on them? ..."

4) "USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius" (2007)




For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft's security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Recent Techrights' Posts

Who Next After IBM? (Bubbles Don't Last Forever)
the demise of companies with "ai" in their name/domain
GNU/Linux Estimated at 8% "Market Share" Today (in statCounter)
Days ago it said 7.1%, then 7.3% or 7.4%
IBM Stock Collapses and It's Only the Beginning
Will GAFAM soon follow and will any executives be arrested for the accounting fraud insiders have long cautioned about?
 
Like Kyndryl, Multiple Securities Fraud Investigations Into IBM
Remember what happened to Kyndryl
How Long Before GNU/Linux is Measured at 20% in Chad?
The main way to get people to adopt Vista 11 is to sell them a new PCs and in poor countries it happens a lot less
Making Techrights Faster Down Under (Australia and New Zealand)
there's more to life than speed
Strikes at the EPO Approved for the Rest of the Year, "€1,3 Billion Taken From Staff Income"
Intensity can be revised and increased over time
Focusing on What We Really Ought to Focus on
Today we'll focus mostly on EPO affairs
Violence is Not a Joke
"Police say Widdecombe killing was targeted but motive remains unclear"
How to Properly Measure the Performance of a Patent Office
A "contribution from staff [which] is published by SUEPO Munich."
EPO "Cocaine Communication Manager" - Part XIV - "Not One of Us" (How the Group Dubbed by EPO Insiders "Alicante Mafia" Pushes Out Talent, Replacing It With Friends)
misuses the EPO's budget like it is a fountain of money for his friends
LibreTech Collective Abandons Microsoft GitHub and All Other Proprietary Software
Each time a project eliminates control by a hostile party it stands to gain
Links 15/07/2026: US Regime "Cuts Two Utah National Monuments by More Than 90%", "Hormuz is Less Crucial Than It Was"
Links for the day
Gemini Links 15/07/2026: Old Computer Challenge, "Trial by Fire", LLM Slop Destroying Companies
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 14, 2026
IRC logs for Tuesday, July 14, 2026
Heshan de Silva-Weeramuni Becomes Program Manager at the Free Software Foundation (FSF)
Heshan's addition means that the FSF is growing after a solid financial year (best in years)
Michael McMahon Explains Distributed Denial of Service (DDoS) Attacks on the Free Software Foundation (FSF)
The real solution is a curb on botnets. A mitigation strategy, however, would involve going static.
Matters of Public Safety
"Police say Ann Widdecombe killed in 'targeted attack' as motive investigated"
The Register MS and Its Promotional Microsoft Content
It's not too hard to see what the business model of The Register MS is
IBM: From $306 to $212 in 7 Days, IBM Won't Go Up More Than 50% to Where It Was at 'Peak Vapourware'
There's a limit to how much or how long a company can fake its performance and its potential [...] Early this morning a few insiders ("traders") cashed in on their "pump-n-dump"
Red Hat Staff Needs to Start Looking for the Next Job
Workers can conveniently lie or deny it to themselves, but waves of PIPs ("silent layoffs") will sweep over more and more units or teams as the company runs out of money to play with
IBM the Next Bear Stearns
IBM cannot recover if all it has to show is vapourware
I'll Be Extremely Difficult for Microsoft to Sell Any XBox Consoles Now
Microsoft understands this
How Software Freedom Would Benefit Everybody
A society that denies control by greedy companies would do a disservice to monopolies and improve all services to citizens
Links 14/07/2026: Harsh But Also Fair Criticism of Hey Hi (AI) Slop, 'Open' AI Shuts Down Its Own Products as Funds Run Out
Links for the day
Gemini Links 14/07/2026: Old CD Binder and AWK
Links for the day
In Defence of Physical Tickets
Tickets are not some "app" and not some "code" on some "screen"
Microsoft Layoffs Not Limited to XBox (False Narrative in the Mainstream Media)
Microsoft is becoming less relevant and workforce reductions won't end any time soon
Links 14/07/2026: Plagiarism Spun as "Training", Zelensky Announces Leadership Shuffle
Links for the day
The Register MS Has Just Published "AI" Webspam That Mentions "AI" 54 Times. It Was Paid to Do This.
Who pays for all this "AI" hype or "buzz"?
Gemini Links 14/07/2026: Self-Advocacy Online; "The Internet Is Dead: How the Web Lost Its Human Soul"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 13, 2026
IRC logs for Monday, July 13, 2026
Modern Technology Harms Women More Than Men (Because the 'Tech Bros' Who Dominate STEM Have a Poor View of Women)
“Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.”
Internet Relay Chat Trolls Are Not Expressing Opinions, They Are Saboteurs
For the record
Links 14/07/2026: "The Freedom of Information Act Is in Serious Trouble"; Irish Datacenters Use Up Almost 25% of Total Energy
Links for the day
The Register MS: "AI" Puff Pieces for Sale, Not Journalism at All, Just "Webspam"
The Register MS isn't the sole culprit
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 12, 2026
IRC logs for Sunday, July 12, 2026
How We Do Techrights (and What's Changing Next Week)
Many former news sites no longer yield much non-meaningless news (not anymore); there's a gap to be filled