01.08.09

Gemini version available ♊︎

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Dr. Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

DecorWhat Else is New


  1. Links 18/10/2021: Linux 5.15 RC6 and 7 New Stable Kernels

    Links for the day



  2. [Meme] The Austrian School of Friedrich Rude Liar

    With reference to the Austrian School, let’s consider the fact that Friedrich Rude Liar might in fact be standing to personally gain by plundering the EPO‘s staff by demonising them while helping Benoît Battistelli crush them



  3. IRC Proceedings: Sunday, October 17, 2021

    IRC logs for Sunday, October 17, 2021



  4. How (Simple Technical Steps) to Convince Yourself That DuckDuckGo is Just Spyware Connected to Microsoft, Falsely Advertised as 'Privacy'

    In recent days we published or republished some bits and pieces about what DuckDuckGo really is; the above reader dropped by to enlighten us and demonstrate just how easy it is to see what DuckDuckGo does even at the client side (with JavaScript); more people need to confront DuckDuckGo over this and warn colleagues/friends/family (there’s more here)



  5. Austria's Right-Wing Politicians Displaying Their Arrogance to EPO Examiners

    The EPO‘s current regime seems to be serving a money-hungry lobby of corrupt officials and pathological liars; tonight we focus on Austria



  6. [Meme] Friedrich Rödler's Increasingly Incomprehensible Debt Quagmire, Years Before EPO Money Was Trafficked Into the Stock Market

    As it turns out, numerous members of the Administrative Council of the EPO are abundantly corrupt and greedy; They falsely claim or selfishly pretend there’s a financial crisis and then moan about a "gap" that does not exist (unless one counts the illegal gambling, notably EPOTIF, which they approved), in turn recruiting or resorting to scabs that help improve ‘profit margins’



  7. The EPO’s Overseer/Overseen Collusion — Part XV: Et Tu Felix Austria…

    Prior to the Benoît Battistelli and António Campinos regime the EPO‘s hard-working staff was slandered by a corrupt Austrian official, Mr. Rödler



  8. Links 17/10/2021: Blender 2.93.5, Microsoft Bailouts

    Links for the day



  9. Links 17/10/2021: GhostBSD 21.10.16 and Mattermost 6.0

    Links for the day



  10. IRC Proceedings: Saturday, October 16, 2021

    IRC logs for Saturday, October 16, 2021



  11. [Meme] First Illegally Banning Strikes, Then Illegally Taking Over Courts

    The vision of Team Battistelli/Campinos is a hostile takeover of the entire patent system, not just patent offices like the EPO; they’d stop at nothing to get there



  12. Portuguese Network of Enablers

    Instead of serving Portuguese people or serving thousands of EPO workers (including many who are Portuguese) the delegation from Portugal served the network of Campinos



  13. In Picture: After Billions Spent on Marketing, With Vista 11 Hype and Vapourware, No Real Gains for Windows

    The very latest figures from Web usage show that it’s hardly even a blip on the radar; Windows continues bleeding to death, not only in servers



  14. [Meme] [Teaser] Double-Dipping Friedrich Rödler

    As we shall see tomorrow night, the EPO regime was supported by a fair share of corrupt officials inside the Administrative Council



  15. The EPO’s Overseer/Overseen Collusion — Part XIV: Battistelli's Iberian Facilitators - Portugal

    How illegal “Strike Regulations” and regressive ‘reforms’ at the EPO, empowering Benoît Battistelli to the detriment of the Rule of Law, were ushered in by António Campinos and by Portugal 5 years before Campinos took Battistelli’s seat (and power he had given himself)



  16. Links 16/10/2021: SparkyLinux Turns 10 and Sculpt OS 21.10

    Links for the day



  17. “Facebook Whistleblowers” Aside, It Has Been a Dying Platform for Years, and It's Mentally Perverting the Older Generation

    Guest post by Ryan, reprinted with permission



  18. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  19. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  20. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  21. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  22. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  23. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  24. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  25. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  26. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  27. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  28. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)



  29. [Meme] Protecting European Patent Courts From EPO 'Mafia'

    With flagrant disregard for court rulings (or workarounds to dodge actual compliance) it seems clear that today's EPO management is allergic to justice and to judges; European Patents perish at unprecedented levels in national European courts and it should be kept that way



  30. Links 15/10/2021: Pine64's New PinePhone Pro and Ubuntu 22.04 LTS Codename

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts