05.30.09

Microsoft Windows as Matter of National Insecurity

Posted in Microsoft, Security, Windows at 2:34 am by Dr. Roy Schestowitz

Lock

Summary: Security news roundup

THE United States military is repeatedly being invaded by crackers (example from December). This is caused by the use of Windows and the latest incident too alludes to the failure of anti-virus software, which gives clues away.

Anti-U.S. Hackers Infiltrate Army Servers

[...]

The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.

When foreign enemies enter your premises and access your data — especially in an age of modern warfare — this can be critical. As the following new article from The New York Times suggests, choice of software and its maintenance can determine winners or losers in a dispute or even war. Weapons become digital.

The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

[...]

“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”

Looking elsewhere in the news, Microsoft now acknowledges that its software is under attack and there is no patch available to fix this. Coverage includes:

The Register: Critical Windows vulnerability under attack, Microsoft warns

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.

Heise: Microsoft warns about critical DirectShow vulnerability

Microsoft has found a critical vulnerability in the DirectX library for Quicktime video playback, and it appears that the flaw is now being actively exploited. The software giant has issued a security advisory which contains quite detailed information about the vulnerability.

It is rather surprising that the Obama administration even considers Windows for its operations, especially gives that the army is moving from Windows to GNU/Linux (mostly Red Hat), for security reasons at the very least. Todd Bishop makes the following new claim:

Obama reforming online security

[...]

The government report (PDF) cites Microsoft repeatedly, but not in a bad way. Instead, it refers to testimony and research from the Redmond company to back up its contention that sweeping changes are needed in government coordination.

Given that Microsoft — with help from its front, the BSA — put its staff on top of the Department of Homeland Security [1, 2, 3], such an outcome should not be so shocking. In fact, given the lobbying and pressure Microsoft puts on the Democrats [1, 2, 3, 4, 5, 6, 7, 8], decisions that are driven by favours rather than rationale are only to be expected.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/05/30/national-insecurity-windows/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. Needs Sunlight said,

    May 30, 2009 at 6:56 am

    Gravatar

    Should be easy to trace. Any government purchases, especially for the military, have a paper trail in triplicate. The individuals involved in bringing MS products onto the military bases are going to be clearly documented so prosecution can begin any time really.

    Look at just a single Windows worm, conficker, which in its first months has done over 9.1 billion dollars in damage:

    http://www.tgdaily.com/content/view/42101/108/

    and it is still growing, even at Microsoft. The company itself still has infections, which puts a bullet in the myth that the company’s products can be secured if one “knows enough”

    http://www.networkworld.com/news/2009/052109-conficker-still-infecting-50000-pcs.html

    Even a teeny Windows worm like Slammer/Sapphire caused over a billion in cleanup.

    To add the personal factor to it, MS products have gotten shoved into hospitals and been causing major outages there on a frequent basis. Just for the sake of argument, if you say that there are 1500 hospitals with MS products and they go down twice each and one death results per outage, you have 3000 deaths.

    Deaths + Lost money = air strike

    We have the Internet’s equivalent of Osama bin Laden walking around on free foot: leader and a group costing tens of billions in unnecessary economic harm, plus thousands of direct and indirect deaths, per year all because of an ideology. Why is the military not even begining to move against the headquarters, the ringleaders or henchmen? Or is it a larger job requiring NATO to get involved? Or is this a case where the regional, unofficial militia need to rise to the occasion?

    That is not counting the economic harm caused by egregious, apparently intentional, failures in interoperability — even within the product line…

    Nor does it count the mafia style activities which keep the market from cleansing itself of these types.

    Get rid of MS products and tens of billions are saved immediately on just the malware problem. The savings easily cover the cost of any conversion or migration issues. The only loose end is finding a place in society for MSFTers so that they are not in a position to cause any more damage. Like an embezzler can’t work in accounting, a junky in a pharmacy and a pedo in daycare, MSFTers can’t stay in IT. The temptation for recidivism is too high as we see in Ohloh and other farces.

  2. Needs Sunlight said,

    May 30, 2009 at 7:37 am

    Gravatar

    For what it’s worth, the quick way to deal with the DirectX exploit is to stay with the established industry standard, OpenGL

    http://www.opengl.org/documentation/

    That includes watching out for traps like Picasa which use helper tools like Wine as vectors to spread DirectX vulnerabilities even to other platforms.

What Else is New


  1. GNU/Linux Users, Developers and Advocates Being Painted as Unruly and Rude by Corporate Media Looking to Undermine Software Freedom

    Corporate media, funded by companies that nonchalantly oppress people, would have us believe there's something wrong with people who reject corporate masters in their computing; reality, however, suggests that it is a wholly false narrative induced or cemented by endless repetition, so this framing ought to be rejected outright



  2. IRC Proceedings: Tuesday, August 03, 2021

    IRC logs for Tuesday, August 03, 2021



  3. The Free Software Community Needs Solidarity and Stronger Resistance Against Corporate Oligopolies With Their Overlapping Interests

    Linus Torvalds and Richard Stallman (RMS) do not have to be idolised ("cult of personalities") but they definitely need to be defended from a longstanding and ongoing corporate coup, which the corporations seek to justify using nicer-sounding terms like "security" (that's how they justify added complexity such as Rust) or "safe space" (they're collectively insulting the community as if only employees of monopolies can help combat bigotry)



  4. Links 4/8/2021: More IBM Downtimes and Firefox Losing Many Users

    Links for the day



  5. Links 3/8/2021: DeaDBeeF 1.8.8, CrossOver 21, AMD and Valve Hook Up for GNU/Linux Work

    Links for the day



  6. Links 3/8/2021: LibreOffice Autoupdater and Vulkan in X-Plane

    Links for the day



  7. How the News About 'Linux' Gets Manipulated to Spread FUD and Promote the Competition of GNU/Linux

    We quickly examine the sorts of news one gets from Google 'News' when searching for “Linux” and we conclude that real news is occluded or missing



  8. The EPO is Europe's Largest Scale Scam (by Far the Largest)

    In another fine instance of deja vu, the biggest scammers are warning everybody else about lesser “scammers”; one might be tempted to call this “projection tactics” or deflection (staring at the mirror) which helps churn/flood the "news" section with tons of recycled old fluff (they could certainly use a distraction right now)



  9. Links 3/8/2021: Raspberry Pi ‘WeatherClock’ and IPFire 2.27 - Core Update 159

    Links for the day



  10. IBM's Attack on the Community and on GPL/FSF is an Attack on Red Hat's Greatest Asset

    Ever since IBM bought Red Hat it has repeatedly attacked the FSF (in a malicious and personified fashion), looking for its own ‘copyright grab’ whilst outsourcing loads of code to proprietary software monopolisers who attack the GPL; by doing so, IBM is destroying the value of what it paid more than 30 billion dollars for (IBM is governed by pretentious fools, according to IBM insiders; they’ve already lost Red Hat’s longtime CEO and IBM’s new President), so it’s falling back on openwashing of IBM's proprietary software with help from the so-called ‘Linux’ Foundation



  11. Four Weeks of Non-Compliance: EPO Only Accepts Courts That It Rigs and Controls

    Compliance is for suckers, believes the “Mafia” which runs the EPO; it is not even responding (for three weeks!) to letters from the victims who won the cases; this is bad for Europe's image and it sets a dangerous precedent



  12. Seven Eleven: 11 is to 10 What 7 Was to Vista

    Microsoft is, as usual, aggressively manipulating/bribing the media (hyping up a shallow version inflation along with paid-for vapourware advertising) while strong-arming the market; there’s no other way they can compete anymore



  13. IRC Proceedings: Monday, August 02, 2021

    IRC logs for Monday, August 02, 2021



  14. Links 3/8/2021: Nitrux 1.5.1 and Gerbera Media Server 1.9.0

    Links for the day



  15. Links 2/8/2021: XEyes 1.2 and Fwupd 1.6.2 Released

    Links for the day



  16. Freenode is IRC... in Collapse

    Freenode is now down to just 13,194 online users, which makes it the 6th biggest IRC network. Months ago it was #1 with almost 6 times as many users as those below it. The graph above shows what the latest blunder has done (another massive drop in less than a week, with a poem and the all-time chart at the very bottom).



  17. Barrier and Synergy Can Work Together, Connecting Lots of Different Machines

    Barrier and Synergy can be configured to work properly in conjunction, though only provided different port numbers (non-default) are specified; in my current setup I have two computers to my right, working over Barrier, and two older ones on the left, working over Synergy; the video explains the setup and the underlying concepts



  18. Links 2/8/2021: Open Science in France and Zoom Pays to Settle Privacy Violations

    Links for the day



  19. It Almost Feels Like Battistelli Still Runs the EPO (by Extension/Proxy)

    The "Mafia" that destroyed the EPO is still being put in charge and is using the EPO for shameless self-promotion; it is never being held accountable, not even when courts demand remediatory action and staff seeks reparations



  20. [Meme] Vichyite Battistelli Committed Crimes and His Buddy António Snubs Courts That Confirm These Are Crimes

    Staff of the EPO is coming to realise (or reaching acceptance of the fact) that the spirit of Battistelli — not just people he left in charge of the EPO — dooms the Office and there’s no way out of this mess



  21. Links 2/8/2021: Linux 5.14 RC4 and 20% Growth in Steam

    Links for the day



  22. IRC Proceedings: Sunday, August 01, 2021

    IRC logs for Sunday, August 01, 2021



  23. Links 1/8/2021: LibreOffice 7.2 RC2 and Lakka 3.3

    Links for the day



  24. Was Microsoft Ever First in the Market?

    Confronting the false belief that Microsoft ever innovates anything of significance or is "first" in some market/s



  25. Links 1/8/2021: 4MLinux 37.0, IBM Fluff, and USMCA Update

    Links for the day



  26. Microsoft Knows That When Shareholders Realise Azure Has Failed the Whole Boat Will Sink

    The paranoia at Microsoft is well justified; they've been lying to shareholders to inflate share prices and they don't really deliver the goods, just false hopes and unfulfilled promises



  27. [Meme] Nobody and Nothing Harms Europe's Reputation Like the EPO Does

    Europe’s second-largest institution, the EPO, has caused severe harm/damage to Europe’s economy and reputation; its attacks on the courts and on justice itself (even on constitutions in the case of UPC — another attempt to override the law and introduce European software patents) won’t be easily forgotten; SUEPO has meanwhile (on Saturday, link at the bottom in German) reminded people that Benoît Battistelli and António Campinos have driven away the EPO’s most valuable workers or moral compass



  28. IRC Proceedings: Saturday, July 31, 2021

    IRC logs for Saturday, July 31, 2021



  29. [Meme] When it Comes to Server Share, Microsoft Azure is Minuscule (But Faking It)

    Don't believe the lies told by Microsoft's charlatans and frauds; Azure has been a total failure and that's why there are layoffs as well



  30. [Meme] Mozilla Has Turned From Technical to Marketing

    Way back, long before Mozilla and Firefox got hijacked by politics (turning Mozilla into a VPN reseller that lies about its stance on privacy), geeks were driving the company, not corporate lawyers and spying/marketing people


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts