10.13.09

Gemini version available ♊︎

Vista 7 Gets Royal (Patch) Treatment, Windows XP in Court for “Spyware” Behaviour

Posted in Courtroom, Microsoft, Security, Vista 7, Windows at 11:15 am by Dr. Roy Schestowitz

Windows XP wallpaper style

Summary: Many security issues in Vista 7, Windows XP has Microsoft sued for behaving like malicious software

SEVERAL days ago we wrote about Vista 7 being left insecure. Given all that has happened in the past year (c.f. links at the bottom), this should not be surprising and SJVN has just written a short article claiming that Vista 7 suffers from “unimproved security”.

When it comes to security and Windows 7, it’s just more of the same old, same old.

This point really came home to me when I was looking over all the patches that Microsoft will delivering tomorrow in what may be the largest Patch Tuesday ever. Microsoft “will ship a total of 13 updates next week, eight of them pegged “critical,” the highest threat ranking in its four-step scoring system, beating the previous record of 12 updates shipped in February 2007 and again in October 2008.”Of these 13, five are for Windows 7.

That’s Tuesday, that’s today.

Microsoft claims 5 patches for Vista 7, but as experience suggests, Microsoft lies about these numbers. It is not obliged to adhere to the same reporting standards as Free software.

Many people will continue using Windows XP when 7 comes out, but XP is permanently insecure since Microsoft refuses to patch it. And to make matters worse, based on this report, Microsoft is still stuck in court having been sued for XP being spyware, which it is (for more than one reason).

The plaintiffs allege that Microsoft improperly distributed the Windows Genuine Advantage tool, without proper consent from users, in a manner normally reserved for “high priority” security updates. WGA, as it’s known, tests to see if a copy of Windows is valid and delivers warnings if it doesn’t pass. Microsoft’s Automatic Update system lets users opt in to receive fixes and patches for the operating system.

That’s a lie or an embellishment at the very least. Microsoft overrides those settings. Even if the user requests that updates shall not be pushed through, Windows settings are totally ignored. Users have shown this for years.

On Vista 7 security problems:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. Yuhong Bao said,

    October 13, 2009 at 1:56 pm

    Gravatar

    “Microsoft claims 5 patches for Vista 7, but as experience suggests, Microsoft lies about these numbers. It is not obliged to adhere to the same reporting standards as Free software.”
    Yep, it is not as simple as comparing numbers.
    “Many people will continue using Windows XP when 7 comes out, but XP is permanently insecure since Microsoft refuses to patch it.”
    Not completely, you should see my comments on the linked article, which talks about this in more detail.

    Roy Schestowitz Reply:
    October 13th, 2009 at 2:10 pm

    Disablement is not a fix though.

    Yuhong Bao Reply:
    October 13th, 2009 at 4:17 pm

    Of course not, even MS claimed that it was only a workaround. MS released the fix for this SMB2 flaw today, and it is MS09-050. I was mostly commenting on the lack of XP and 2000 patches for MS09-048, saying it is that it is only this particular patch that don’t have a version for Win2000 or WinXP. MS has not in general stopped patching Win2000 or WinXP and will not until the extended support ends.

    Roy Schestowitz Reply:
    October 13th, 2009 at 4:24 pm

    Patching does not equate to quality patching. The half-hearted maintenance is causing trouble to all of us who share the Internet (systemic cost).

    Yuhong Bao Reply:
    October 13th, 2009 at 5:06 pm

    Note in this particular case however that the vulnerablities MS is not patching are only DoS vulnerablities that in theory only affects the machine attacked. There is a Remote Code Execution vulnerablity in the bulletin, but it only affects Vista and Server 2008, not XP or Server 2003. If you want more info, you should read the bulletin:
    http://www.microsoft.com/technet/security/Bulletin/ms09-048.mspx

DecorWhat Else is New

  1. Standard Life (Phoenix Group Holdings): Three Weeks to Merely Start Investigating Pension Fraud (and Only After Repeated Reminders From the Fraud's Victims)

    As the phonecall above hopefully shows (or further elucidates), Standard Life leaves customers in a Kafkaesque situation, bouncing them from one person to another person without actually progressing on a fraud investigation

  2. Standard Life Paper Mills in Edinburgh

    Standard Life is issuing official-looking financial papers for companies that then use that paperwork to embezzle staff

  3. Pension Fraud Investigation Not a High Priority in Standard Life (Phoenix Group Holdings)

    The 'Open Source' company where I worked for nearly 12 years embezzled its staff; despite knowing that employees were subjected to fraud in Standard Life's name, it doesn't seem like Standard Life has bothered to investigate (it has been a fortnight already; no progress is reported by management at Standard Life)

  4. Links 20/03/2023: Tails 5.11 and EasyOS 5.1.1

    Links for the day

  5. Links 20/03/2023: Amazon Linux 2023 and Linux Kernel 6.3 RC3

    Links for the day

  6. IRC Proceedings: Sunday, March 19, 2023

    IRC logs for Sunday, March 19, 2023

  7. An Update on Sirius 'Open Source' Pensiongate: It's Looking Worse Than Ever

    It's starting to look more and more like pension providers in the UK, including some very major and large ones, are aiding criminals who steal money from their workers under the guise of "pensions"

  8. Services and Users TRApped in Telescreen-Running Apps

    TRApp, term that lends its name to this article, is short for "Telescreen-Running App". It sounds just like "trap". Any similarity is not purely coincidental.

  9. Links 19/03/2023: Release of Libreboot 20230319 and NATO Expanding

    Links for the day

  10. Great Things Brewing

    We've been very busy behind the scenes this past week; we expect some good publications ahead

  11. Links 19/03/2023: LLVM 16.0.0 and EasyOS Kirkstone 5.1 Releases

    Links for the day

  12. IRC Proceedings: Saturday, March 18, 2023

    IRC logs for Saturday, March 18, 2023

  13. Links 18/03/2023: Many HowTos, Several New Releases

    Links for the day

  14. Links 18/03/2023: Tor Browser 12.0.4 and Politics

    Links for the day

  15. Links 18/03/2023: Docker is Deleting Free Software Organisations

    Links for the day

  16. IRC Proceedings: Friday, March 17, 2023

    IRC logs for Friday, March 17, 2023

  17. New Talk: Richard Stallman Explains His Problem With Rust (Trademark Restrictions), Openwashing (Including Linux Kernel), Machine Learning, and the JavaScript Trap

    Richard Stallman's talk is now available above (skip to 18:20 to get to the talk; the volume was improved over time, corrected at the sender's end)

  18. Links 17/03/2023: CentOS Newsletter and News About 'Mr. UNIX' Ken Thompson Hopping on GNU/Linux

    Links for the day

  19. The European Patent Office's Central Staff Committee Explains the Situation at the EPO to the 'Yes Men' of António Campinos (Who is Stacking All the Panels)

    The EPO’s management is lying to staff (even right to their faces!) and it is actively obstructing attempts to step back into compliance with the law; elected staff representatives have produced detailed documents that explain the nature of some of the problems they’re facing

  20. Links 17/03/2023: Linux 6.2.7 and LibreSSL 3.7.1 Released

    Links for the day

  21. GNU/Linux in Honduras: 10% Market Share? (Updated)

    As per the latest statistics

  22. Links 17/03/2023: Update on John Deere’s Ongoing GPL Violations and PyTorch 2.0

    Links for the day

  23. IRC Proceedings: Thursday, March 16, 2023

    IRC logs for Thursday, March 16, 2023

  24. RMS: A Tour of Malicious Software, With a Typical Cell Phone as Example

    Tonight in Europe or this afternoon in America Richard M. Stallman (RMS), who turned 70 yesterday, gives a talk

  25. Skyfall for Sirius 'Open Source': A Second Pension Provider Starts to Investigate Serious (Sirius) Abuses

    Further to yesterday's update on Sirius ‘Open Source’ and its “Pensiongate” we can gladly report some progress following escalation to management; this is about tech and “Open Source” employees facing abuse at work, even subjected to crimes

  26. NOW: Pensions Lying, Obstructing and Gaslighting Clients After Months of Lies, Delays, and Cover-up (Amid Pension Fraud)

    The “Pensiongate” of Sirius ‘Open Source’ (the company which embezzled/robbed many workers for years) helps reveal the awful state of British pension providers, which are in effect enabling the embezzlement to carry on while lying to their clients

  27. Links 16/03/2023: War Escalations and More

    Links for the day

  28. Links 16/03/2023: OpenSSH 9.3 Released and WordPress 6.2 Release Candidate 2, Lapdock News

    Links for the day

  29. IRC Proceedings: Wednesday, March 15, 2023

    IRC logs for Wednesday, March 15, 2023

  30. Links 16/03/2023: OpenSSL 3.1 Released, 10,000 More Staff Cut in Facebook, and Windows Loses 10% in Speed

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts