01.20.10

Gemini version available ♊︎

“Emergency!” Says Microsoft as It’s Losing Market Share; All Versions of Windows Are Vulnerable

Posted in Free/Libre Software, FUD, GNU/Linux, Microsoft, Security, Windows at 5:48 pm by Dr. Roy Schestowitz

Summary: Microsoft responds very urgently to the gains Firefox and other Web browsers are making as more vulnerabilities start to surface; Microsoft also throws FUD at Firefox, just as it does against GNU/Linux

INTERNET EXPLORER is under attack [1, 2, 3, 4, 5, 6, 7]. Microsoft calls it an “emergency”, but the emergency is that Microsoft is losing market share, not that customers are at risk. Microsoft had publicly belittled this issue… until governments started to speak out and complain.

This is the real emergency:

German government IE warning leads to spike in Firefox downloads

Following a warning last Friday from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) concerning the security hole in Internet Explorer (IE), Mozilla has said that it has recorded a “huge increase” in the number of Firefox downloads in Germany. According to a post by Mozilla’s Ken Kovash on the Mozilla Blog of Metrics, more than 300,000 downloads of the open source browser took place during the recent Friday to Monday period. Similarly, Opera also reportedly saw downloads of its browser in Germany more than double.

“MS to issue emergency patch for potent IE vuln,” heralds The Register:

Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies.

Even the BBC wrote about it, having previously served as Microsoft’s mouthpiece amid these embarrassing incidents.

SJVN has just published “Who cares if IE is patched soon?”

Microsoft is now promising us that they’ll have a patch for the latest IE security hole … real soon now. So what? This problem, while it’s been exploited the most in IE 6, it exists in all modern versions of IE and it can be exploited in every version of Windows from Windows 2000 to Windows 7. And, I’m supposed to trust that Microsoft will ‘patch’ it right this time and that it won’t blow up on me again? I don’t think so.

SJVN is right. Governments complained due to a pattern of shoddy maintenance/stewardship from Microsoft, not because of this one incident. Enough it enough and taxpayers are paying the price while Microsoft and its ecosystem are profiteering from malware.

Microsoft is publicly defending the already-poor reputation of Internet Explorer. It does so right now “by spreading FUD against Firefox,” says Glyn Moody. He cites the following article:

With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in its browser. Easiest way to do it, apparently, is by saying that other browsers are even worse than IE.

The FUD against Firefox is made out of fabrications and secrets. It’s not even worth quoting.

Very recently we also caught Microsoft attacking Linux [1, 2] in order to defend Windows Mobile. So, Microsoft is finally just attacking rival operating systems and Web browsers when its own products come under scrutiny. Microsoft is miserable enough to descend to the final stage per Mahatma Gandhi, who said: “First They Ignore You, Then They Ridicule You, Then They Fight You.”

Linux is not taking Microsoft’s insults without rebutting. Jim Zemlin, the head of the Linux Foundation, has just shot back at Microsoft for its remarks. Here’s the background he provides:

Last week, David Coursey reported that Microsoft entertainment and devices boss Robbie Bach made the prediction in an analyst briefing that Linux on mobile will lose. Why? It’s choice is a bad thing for customers and that there is too much Linux in the mobile marketplace

But wait. There’s more. Since we’re discussing operating systems, check out this new article from The Register:

Windows plagued by 17-year-old privilege escalation bug

A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.

Well, is anyone surprised at all? Not the Slashdot crowd, that’s for sure. Microsoft never pretended to be a master of security until it became a huge threat to its survival. Microsoft must pretend now. Why? Because there’s potent competition.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. subsonica said,

    January 20, 2010 at 7:25 pm

    Gravatar

    If it were just Internet Explorer…

    http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

    there is something fundamentally wrong with Windows security design.
    Windows was never meant nor actually prepared to be multiuser or networked. Back in the days, Microsoft simply took MS-DOS + LAN MANAGER and glued to it a ripoff of the Digital VMS model of user security, copied the HPFS filesystem from OS2 (shafting IBM in the process) and called it NTFS, then added the Netware and BSD TCP/IP stack into the mix, called it “Windows NT” and they have just kept patching that model up to the current offerings, adding an E+E+E’ed version of LDAP called “Active Directory” on top of it from Windows 2000 on.
    Every day that passes, keeping relying on this windows model for your data, services and applications is becoming more and more an irresponsability.

  2. Dennis Murczak said,

    January 21, 2010 at 1:45 pm

    Gravatar

    That pretty much sums up Windows history. They also copied KDE and sudo and marketed both as groundbreaking new stuff.

    They should have stopped slapping new features onto a rotten legacy architecture years ago; now they are paying the bill. Not to mention that the only market in which they don’t have to compete is shrinking.

DecorWhat Else is New


  1. [Meme] António Campinos Wants to Be F***ing President Until 2028

    António Campinos insists he will be EPO President for 10 years, i.e. even longer than Benoît Battistelli (despite having appalling approval rates from staff)



  2. European Patent Office Staff Losing Hope

    The EPO’s management with its shallow campaign of obfuscation (pretending to protect children or some other nonsense) is not fooling patent examiners, who have grown tired and whose representatives say “the administration shows no intention of involving the staff representation in the drafting of the consultant’s mandate” (like in Sirius ‘Open Source’ where technical staff is ignored completely for misguided proposals to pass in the dark)



  3. IRC Proceedings: Thursday, January 26, 2023

    IRC logs for Thursday, January 26, 2023



  4. Sirius Relegated/Demoted/Destined Itself to Technical Hell by Refusing to Listen to the Technical Staff (Which Wanted to Stay With Asterisk/Free Software)

    In my final year at Sirius ‘Open Source’ communication systems had already become chaotic; there were too many dysfunctional tools, a lack of instructions, a lack of coordination and the proposed ‘solution’ (this past October) was just more complexity and red tape



  5. Geminispace Approaching Another Growth Milestone (2,300 Active Capsules)

    The expansion of Geminispace is worth noting again because another milestone is approached, flirted with, or will be surpassed this coming weekend



  6. [Meme] Cannot Get a Phone to Work... in 2022

    Sirius ‘Open Source’ wasted hours of workers’ time just testing the phone after it had moved to a defective system of Google (proprietary); instead of a rollback (back to Asterisk) the company doubled down on the faulty system and the phones still didn’t work properly, resulting in missing calls and angst (the company just blamed the workers who all along rejected this new system)



  7. [Meme] Modern Phones

    Sirius ‘Open Source’ is mistaking “modern” for better; insecurity and a lack of tech savvy typically leads to that



  8. The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

    Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)



  9. Links 26/01/2023: LibreOffice 7.4.5 and Ubuntu Pro Offers

    Links for the day



  10. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day



  11. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023



  12. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"



  13. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail



  14. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything



  15. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day



  16. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day



  17. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way



  18. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day



  19. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023



  20. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples



  21. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.



  22. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)



  23. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day



  24. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)



  25. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day



  26. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day



  27. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023



  28. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)



  29. [Meme] ISO Selling 'Reputation' to Small Businesses (for a Large Fee)

    As we’re hoping to demonstrate throughout the week, ISO certification is, in practice, worse than worthless (just a waste of small businesses’ resources, much like patents); call it the ‘ISO tax’, an artificial barrier to entry that boils down to money



  30. [Meme] ISO Certification for Paying for Certificates on Time

    ISO is a phony authority; it makes business by issuing mostly worthless paperwork that wastes people’s time and accomplishes nothing (except making ISO in rich Switzerland even richer)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts