01.08.09

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Dr. Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/01/08/cost-data-breaches/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

What Else is New


  1. Hardly Shocking and Not At All Surprising That Thugs Who Run the EPO Hired External Thugs to Help Them Oppress Aggrieved Staff

    With the EPO's management flooding the bank accounts of aggressive law firms (at our expense) we need to ask serious questions about how such a "Mafia" (what EPO staff calls the management) managed to metastasise inside Europe's second-largest institution and how to remove this "Mafia" as soon as possible (some arrests too are well overdue)



  2. [Meme] There Are No Elections in Mafia-Type Regimes; It's About Family and Friends...

    With no real concept or notion of "elections" (the so-called 'mafia' members choose their successors and colleagues) the EPO's patent examiners clearly need outside intervention, e.g. inquest by the EU authorities (the EPC died and maybe the EPO too; it's unregulated and it grants false patents that harm Europe because the courts don't function, either)



  3. Today's Linux Standing for the Opposite of What Linux Users Stand for

    The so-called 'Linux' Foundation or the "Corporate Linux Foundation" is alienating many of the original users of GNU/Linux and it still insults their intelligence; it's rewriting history, it still distorts the objectives, and before we know Linux will perish and lose momentum because all the excitement associated with the brand will fizzle away



  4. Links 14/6/2021: Kdenlive 21.04.2 and Raspberry Pi 400 Support in Linux

    Links for the day



  5. [Meme] EPO 'Lawfulness' as Crude Budget Wars

    A war of attrition against EPO staff won’t ensure justice is done; it’ll only increase the number of casualties and accomplish nothing good



  6. A Parade of 'Yes Men': EPO's Budget and Finance Committee as Rubber-stamper of the Dictatorship That Pays the Salary

    The lack of oversight at the EPO has long been apparent and it is becoming ever more problematic now that huge sums of money are passed by the EPO's management to law firms whose sole role is to fight against aggrieved EPO staff



  7. Links 14/6/2021: Linux 5.13 RC6, Psychonauts 2 for GNU/Linux

    Links for the day



  8. Conveniently Conflating Vaccination With the Surveillance Business of IBM/Linux Foundation

    The way some media handles COVID-19 can be described as self-serving, especially Microsoft-connected sites looking to make “Linux” sound bad (or like property of Microsoft); the video above discusses this past weekend’s media coverage about “Linux”



  9. [Meme] Microsoft Stooping Down Low in Search of Vapourware With a Superficial Version Bump

    Instead of trying to actually fix its broken (and self-breaking) operating system Microsoft has decided to sell mythology and false promises, as usual



  10. [Meme] Illegal Location, Illegal Methods (Haar ViCo)

    EPC denial is more lethal than anything which the the EPO says may merit 'urgency' (as if having discussions about patents will save lives)



  11. The 'Fixer' of António Campinos Taints G1/21 (ViCo Hearing)

    The meeting which is set to resume at the start of next month includes the 'Fixer' of António Campinos; what sense of impartiality might one expect?



  12. IRC Proceedings: Sunday, June 13, 2021

    IRC logs for Sunday, June 13, 2021



  13. Virtual Injustice -- Part 6: Best Buddies With António

    Benoît Battistelli, António Campinos, and the Hungarian link of the EPO



  14. Classic: Old EPO Strike

    2008 EPO video, predating the Benoît Battistelli EPO regime



  15. Links 13/6/2021: Linux 5.14 Work, Lots of Patent News

    Links for the day



  16. Update on Gemini, IPFS, and IRC

    "The video which was supposed to be a few minutes long ended up taking a lot longer, but it does cover a broad range of topics that are relevant and very recent (based on recent developments)."



  17. IRC Proceedings: Saturday, June 12, 2021

    IRC logs for Saturday, June 12, 2021



  18. Virtual Injustice -- Part 5: Benoît's “Friends” in Budapest

    "Battistelli went to considerable lengths to secure the support of the Hungarian delegation."



  19. Links 13/6/2021: KDE Frameworks 5.83.0 and helloSystem 0.5

    Links for the day



  20. The Story of Techrights, in Banners...

    A look back at site banners from 2006-2021; they help illuminate or show our changing focus over the years



  21. With KDE Plasma 5.22 Having Just Been Released It's Time to Give KDE a Try (or Move to GNU/Linux, Leveraging the Best Features of Any Operating System Out There)

    A quick recommendation of KDE based on a reasonably recent (but not latest) build; there's this myth about KDE being difficult and flaky, but for a number of decades it has been the most advanced desktop (on any operating system) and its developers managed to hide the complexity while offering users all the power they may want/need



  22. Open Letter to the FSF About Taking Control of the FSF's (and GNU's) IRC Channels

    The FSF should have seized the opportunity, in light of self-harming IRC infighting (instability and unpredictability), to create its own IRC network and then help this new (or "GNU") network flourish



  23. EU Already Captured by -- and Lying for -- Corrupt EPO Officials, Team UPC, and Lobbyists of Multinational Corporations

    12 pages of lies; is the European Parliament reduced to a mere marionette of corrupt officials who run the EPO into the ground?



  24. [Meme] Virtual Code of Conduct (ViCoC)

    Cheapening of basic concepts and principles like "right to be heard" or "access to justice" is an international trend; we need to push back in the direction of justice, not fake 'innovation' or 'tech' (where it clearly does not belong)



  25. IRC Proceedings: Friday, June 11, 2021

    IRC logs for Friday, June 11, 2021



  26. Virtual Injustice -- Part 4: Mihály Ficsor, the EPO's Hungarian “Fixer”

    One key operative of António Campinos, who is fiercely in favour of software patents, has quite a colourful past and background



  27. Conversation With Richard Stallman in Brazil, May 31st 2021

    At the end of last month Richard Stallman had a 2-hour (and beyond, considering some of the afterthoughts) conversation, which is now available online



  28. Links 11/6/2021: Nginx Rising and SteamPal Rumours

    Links for the day



  29. New Introduction at Gemini

    As part of ongoing improvements to our capsule we have a new introductory text, reproduced below



  30. Links 11/6/2021: A Torvalds COVID Rant and RISC-V Risk of Takeover

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts