12.23.09

Gemini version available ♊︎

Government Shoots Itself in the Foot by Letting Microsoft Control Insecurity Departments

Posted in GNU/Linux, Microsoft, Security, UNIX, Windows at 6:06 am by Dr. Roy Schestowitz

Rooster

Summary: President Obama puts a fox in change of the hen house with yet another appointment of Microsoft for security; Microsoft helps malware writers

THE United States government is not engineered for security because it hires "security" people from the very same company that causes a lot of the problems. The DHS is already affected and Obama pondered making Scott Charney, head of Microsoft’s cybersecurity division, the US cybersecurity czar. Eventually he picked another person from Microsoft for this job (also in [1, 2, 3, 4]):

The White House is naming a former Microsoft and eBay executive as the government’s new cyber security coordinator. Former Bush administration official Howard Schmidt will lead the effort to shore up the country’s computer networks.

More here:

Obama names former Microsoft exec new U.S. cybersecurity czar

President Obama this morning named a new U.S. cybersecurity coordinator: Howard Schmidt, a longtime computer security specialist who has worked as an executive for companies including Microsoft and eBay, and as a security adviser to the administration of George W. Bush.

How shameful. We have already explained why this is a mistake and when poor decisions are made in the future it may be possible to blame them on bias. One reader of ours wrote in relation to this news: “If they already have the technical knowledge, then why haven’t they made a computer that can’t be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?

Also in yesterday’s news we now find:

Microsoft AV advice may aid attackers, researcher warns

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.

Microsoft shows malware writers where to hide

In a document published on its support site, Microsoft suggests that users do not need to scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. “These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking,” the Vole said.

Microsoft accused of helping virus writers [via]

Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC.

In an article published on Microsoft’s Support site the company claims it’s safe to exclude certain file types from virus scans because “they are not at risk of infection”. Microsoft claims ignoring these files will help improve scanning performance and avoid unnecessary conflicts.

Yes, Microsoft does not seem to have a clue about security.

Microsoft’s influence in the United States government is increasing and this is becoming a matter of national security. They spread that so-called “Microsoft religion” to areas that are mostly UNIX- and Linux-based. They ignore many decades of good practices.

“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

Jim Allchin, Microsoft

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. Needs Sunlight said,

    December 23, 2009 at 9:26 am

    Gravatar

    The US government is shooting more than its foot in this mistake. Schmidt, for his role as an insecurity specialist, and for his ongoing role in spreading Microsoft malware throughout the US economy should be sitting in jail awaiting arraignment. Or if the scope of and forethought behind the damage is taken into the equation, maybe Camp X-Ray is more appropriate.

  2. Yuhong Bao said,

    December 26, 2009 at 4:00 am

    Gravatar

    Well, looks like this is a case where MS advised specific areas to be excluded from scanning, and anytime you exclude areas from scanning from AV software, there always is a risk that viruses may hide in there. So you should always be careful when you do that.
    “If they already have the technical knowledge, then why haven’t they made a computer that can’t be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?”
    Well, non-admin would help a lot on both Windows and Linux. Admin users can compromise the entire computer, non-Admin users can only compromise only the user account itself.

DecorWhat Else is New

  1. IRC Proceedings: Thursday, March 30, 2023

    IRC logs for Thursday, March 30, 2023

  2. Links 31/03/2023: Ubuntu 23.04 Beta, Donald Trump Indicted, and Finland’s NATO Bid Progresses

    Links for the day

  3. Translating the Lies of António Campinos (EPO)

    António Campinos has read a lousy script full of holes and some of the more notorious EPO talking points; we respond below

  4. [Meme] Too Many Fake European Patents? So Start Fake European Courts for Patents.

    António Campinos, who sent EPO money to Belarus, insists that the EPO is doing well; nothing could be further from the truth and EPO corruption is actively threatening the EU (or its legitimacy)

  5. Thomas Magenheim-Hörmann in RedaktionsNetzwerk Deutschland About Declining Quality and Declining Validity of European Patents (for EPO and Illegal Kangaroo Courts)

    Companies are not celebrating the “production line” culture fostered by EPO management, which is neither qualified for the job nor wants to adhere to the law (it's intentionally inflating a bubble)

  6. Links 30/03/2023: HowTos and Political News

    Links for the day

  7. Links 30/03/2023: LibreOffice 7.5.2 and Linux 6.2.9

    Links for the day

  8. Links 30/03/2023: WordPress 6.2 “Dolphy” and OpenMandriva ROME 23.03

    Links for the day

  9. Sirius is Britain’s Most Respected and Best Established Open Source Business, According to Sirius Itself, So Why Defraud the Staff?

    Following today's part about the crimes of Sirius ‘Open Source’ another video seemed to be well overdue (those installments used to be daily); the video above explains to relevance to Techrights and how workers feel about being cheated by a company that presents itself as “Open Source” even to some of the highest and most prestigious public institutions in the UK

  10. IRC Proceedings: Wednesday, March 29, 2023

    IRC logs for Wednesday, March 29, 2023

  11. [Meme] Waiting for Standard Life to Deal With Pension Fraud

    The crimes of Sirius ‘Open Source’ were concealed with the authoritative name of Standard Life, combined with official papers from Standard Life itself; why does Standard Life drag its heels when questioned about this matter since the start of this year?

  12. Former Staff of Sirius Open Source Responds to Revelations About the Company's Crimes

    Crimes committed by the company that I left months ago are coming to light; today we share some reactions from other former staff (without naming anybody)

  13. Among Users in the World's Largest Population, Microsoft is the 1%

    A sobering look at India shows that Microsoft lost control of the country (Windows slipped to 16% market share while GNU/Linux grew a lot; Bing is minuscule; Edge fell to 1.01% and now approaches “decimal point” territories)

  14. In One City Alone Microsoft Fired Almost 3,000 Workers This Year (We're Still in March)

    You can tell a company isn’t doing well when amid mass layoffs it pays endless money to the media — not to actual workers — in order for this media to go crazy over buzzwords, chaffbots, and other vapourware (as if the company is a market leader and has a future for shareholders to look forward to, even if claims are exaggerated and there’s no business model)

  15. Links 29/03/2023: InfluxDB FDW 2.0.0 and Erosion of Human Rights

    Links for the day

  16. Links 29/03/2023: Parted 3.5.28 and Blender 3.5

    Links for the day

  17. Links 29/03/2023: New Finnix and EasyOS Kirkstone 5.2

    Links for the day

  18. IRC Proceedings: Tuesday, March 28, 2023

    IRC logs for Tuesday, March 28, 2023

  19. [Meme] Fraud Seems Standard to Standard Life

    Sirius ‘Open Source’ has embezzled and defrauded staff; now it is being protected (delaying and stonewalling tactics) by those who helped facilitate the robbery

  20. 3 Months to Progress Pension Fraud Investigations in the United Kingdom

    Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (we’ve been working as a group on this); all they want is the money and risk does not seem to bother them, even when there’s an actual crime associated with pension-related activities

  21. 36,000 Soon

    Techrights is still growing; in WordPress alone (not the entire site) we’re fast approaching 36,000 posts; in Gemini it’s almost 45,500 pages and our IRC community turns 15 soon

  22. Contrary to What Bribed (by Microsoft) Media Keeps Saying, Bing is in a Freefall and Bing Staff is Being Laid Off (No, Chatbots Are Not Search and Do Not Substitute Web Pages!)

    Chatbots/chaffbot media noise (chaff) needs to be disregarded; Microsoft has no solid search strategy, just lots and lots of layoffs that never end this year (Microsoft distracts shareholders with chaffbot hype/vapourware each time a wave of layoffs starts, giving financial incentives for publishers to not even mention these; right now it’s GitHub again, with NDAs signed to hide that it is happening)

  23. Full RMS Talk ('A Tour of Malicious Software') Uploaded 10 Hours Ago

    The talk is entitled "A tour of malicious software, with a typical cell phone as example." Richard Stallman is speaking about the free software movement and your freedom. His speech is nontechnical. The talk was given on March 17, 2023 in Somerville, MA.

  24. Links 28/03/2023: KPhotoAlbum 5.10.0 and QSoas 3.2

    Links for the day

  25. The Rumours Were Right: Many More Microsoft Layoffs This Week, Another Round of GitHub Layoffs

    Another round of GitHub layoffs (not the first [1, 2]; won’t be the last) and many more Microsoft layoffs; this isn’t related to the numbers disclosed by Microsoft back in January, but Microsoft uses or misuses NDAs to hide what’s truly going on

  26. All of Microsoft's Strategic Areas Have Layoffs This Year

    Microsoft’s supposedly strategic/future areas — gaming (trying to debt-load or offload debt to other companies), so-called ‘security’, “clown computing” (Azure), and “Hey Hi” (chaffbots etc.) — have all had layoffs this year; it’s clear that the company is having a serious existential crisis in spite of Trump’s and Biden’s bailouts (a wave of layoffs every month this year) and is just bluffing/stuffing the media with chaffbots cruft (puff pieces/misinformation) to keep shareholders distracted, asking them for patience and faking demand for the chaffbots (whilst laying off Bing staff, too)

  27. Links 28/03/2023: Pitivi 2023.03 is Out, Yet More Microsoft Layoffs (Now in Israel)

    Links for the day

  28. IRC Proceedings: Monday, March 27, 2023

    IRC logs for Monday, March 27, 2023

  29. Links 27/03/2023: GnuCash 5.0 and Ubuntu 20.04 LTS on Phones

    Links for the day

  30. Links 27/03/2023: Twitter Source Code Published (But Not Intentionally)

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts