As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission. As you can see in the Windows Update screenshot above, Microsoft does not indicate that the update will install anything for either browser. It's also not really clear what the installed extension actually does.
I’m getting numerous reports from readers claiming that Microsoft is back to pushing stealth updates to Windows users via Windows Update. This time, the update seems related to its browser toolbars.
Readers started reporting this issue to me yesterday, when Firefox users started noticing that Extensions window was opening up when launching the browser and showing something new - Search Helper Extension.
Who wrote those lines? Steve Jobs? Linux inventor Linus Torvalds? Ralph Nader? No, the author is former White House adviser Richard A. Clarke in his new book, Cyber War: The Next Threat to National Security and What to Do About It.
[...]
Money talks
Why has the national response to this problem been so slow? Lack of consensus on what to do and fear of the "R-word"—government regulation, Clarke contends. Then there's Reason Number Five on his list, which basically boils down to "Microsoft."
"Some people like things the way they are," Clarke obliquely observes. "Some of those people have bought access." Microsoft, he notes, is a prominent member of OpenSecrets.org's "Heavy Hitters" political donor list. Most of the list's stars are trade associations. "Microsoft is one of only seven companies that make the cut."
The software giant's largesse has shifted from Republicans back in the Clinton antitrust days to Obama, he continues, but the agenda is always clear: "Don't regulate security in the software industry, don't let the Pentagon stop using our software no matter how many security flaws it has, and don't say anything about software production overseas or deals with China."
Clarke tries to be fair. He notes that Microsoft didn't originally intend its software for critical networks. But even his efforts at fairness are unflattering. Microsoft's original goal "was to get the product out the door and at a low cost of production," he explains. "It did not originally see any point to investing in the kind of rigorous quality assurance and quality control process that NASA insisted on for the software used in human space-flight systems."
But people brought in Microsoft programs for critical systems anyway. "They were, after all, much cheaper than custom-built applications." And when the government launched its Commercial Off-the-Shelf program (COTS) to cut expenses, Microsoft software migrated to military networks. These kind of cost cutting reforms "brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer," Clarke writes. Floating i-brick
The former White House advisor cites the 1997 USS Yorktown incident as a consequence. The Ticonderoga-class ship's whole operational network was retrofitted with Windows NT. "When the Windows system crashed, as Windows often does, the cruiser became a floating i-brick, dead in the water."
In response to this "and a legion of other failures," the government began looking into the Linux operating system. The Pentagon could "slice and dice" this open source software, pick and choose the components it needed, and more easily eliminate bugs.
If I had a dollar for every time Microsoft was forced to defend the abysmal security of its Windows operating system, I would probably be lying on a beach in the Bahamas and sipping a cocktail right now, with my financial future secured.
The latest defence, from Windows communications manager Brandon LeBlanc, has as many holes as Windows does in its security armoury.
As my colleague Jake Widman reported earlier today, LeBlanc took issue with a story stating that Google was moving its internal workstations away from Windows to OSX and GNU/Linux due to Windows' poor security.
In his response, LeBlanc talks of security issues with the Mac and Google too. That isn't the point - no system or company is perfect.
We are talking here about the relative security of various operating systems - and Windows is, without any doubt, the worst. Put it up against OpenBSD, Solaris, NetBSD, FreeBSD, GNU/Linux, OpenSolaris, or any other, Windows comes out last when it comes to security.