09.28.10

Microsoft Claims Credit for Failing in Security

Posted in Microsoft, Security, Windows at 7:37 am by Dr. Roy Schestowitz

Servers rack - amateur

Summary: Latest security issues and systematic deception, mostly from Microsoft and its various boosters across the Web (giving credit to Microsoft after Microsoft messed up)

Gratis as in Lock-in

A FEW days ago we wrote about Microsoft's attempt at disconnecting the air supply from third-party AV vendors, at least in small businesses. This would only decrease security due to monoculture, decreased competition, and lack of incentive to improve. The funny thing here is that Microsoft sells a vulnerable operating system and then claims to be distributing “free of charge” (only to some people) what ought to have been a characteristic of the operating system, not an add-on. The spinners from Seattle call it a “free” anti-virus software and what’s meant by free is not freedom. It’s free as in gratis, with lock-in. It decreases one’s personal freedom and also impedes freedom of choice. A better headline than “Free Anti-Virus Protection Spurs More Robust Options” would be “Free-of-charge Anti-Virus Pseudo-protection Depresses More Robust Options”.

Watch the Indian press turning the whole thing into Vista 7 promotion: “IT major Microsoft has launched a campaign to help computer users identify threats to their systems and how their networks can be made secure using Original Windows 7 that now comes with the advantage of Microsoft Security Essentials.”

So Microsoft wants to dump Security Essentials on the market (as expected by many people all along) and already we learn that “Scareware Apes Microsoft Security Essentials”. Microsoft has always performed very poorly among the security products already available and well established. “Anti-virus systems get tested” says The Inquirer which gives the following details:

A NUMBER of the most common anti-virus security systems have had a beady eye passed over their effectiveness and fitness for purpose in an assessment.

The study, which was carried out by the Austrian AV Comparatives group, looked at twenty products from the main providers that volunteered to take part.

We do not know who if anyone refused, but AV Comparatives said that it had limited test subjects to no more than twenty and required that participants adhered to its undisclosed criteria.

“Over half of all apps have security holes,” claims Veracode (which we mentioned in [1, 2]).

More than half of all software applications failed to meet an acceptable level of security, according to a study based on real-world code audits by application security firm Veracode.

Around 57 per cent of applications failed to pass muster when first submitted to Veracode’s cloud-based testing service. A similar 56 per cent of finance-related applications failed first testing by Veracode’s security audit. The quality of the code used in many business-critical banking and insurance operations was simply not up to snuff.

ASP.NET Under Attack, Spin

In security news, the other major issue last week was the Microsoft ASP.NET vulnerability, which we wrote about in [1, 2, 3, 4].

“Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?”The ASP.NET problem alarmed Microsoft a great deal and the PR spin strives to make Microsoft be seen as responsive. An advisory was quickly issued [1, 2, 3] because of bad publicity and because it was already being exploited (a demo existed). There is only a temporary fix, not a permanent one. There are third-party fixes.

So, once again Microsoft pays attention to flaws a tad too late and then scrambles to limit damage it could probably prevent. Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?

Just like in the case of Russian spin [1, 2], Microsoft is trying to make itself look like the saviour rather than the problem. Lee Pender of the Microsoft boosters is trying to make Microsoft look good by painting it as responsive and responsible. To quote: “Well, late last week, we got an update from a Microsoft spokesperson who wanted to tell us that Microsoft hasn’t just buried its head in the sand on Stuxnet.”

We wrote about Stuxnet in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14].

Microsoft-Police

Over in Australia, Microsoft is involving the police right now (funded by taxpayers) [1, 2, 3, 5]. It’s about a computer scam that affects Microsoft.

Twitter and Fog Computing

The other day we wrote about the major problem Twitter.com was having. Half a million Twitter users are said to be affected by a Twitter worm and Slashdot discusses the matter before and after the patching. Here are “the names and faces behind the ‘onMouseOver’ Twitter worm attack”. It’s one of those risks of Fog Computing. Even a teenager turns out to have been smart enough to do it.

But later, some mischievous users of the site started using the exploit to make people “retweet” infected messages (when they hovered over a tweet with the code inserted) that they had not authorised.

The guy is Australian, so will the police get involved? Or does the Australian police get involved only to help Microsoft?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/09/28/credit-for-messing-up/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Hardly Shocking and Not At All Surprising That Thugs Who Run the EPO Hired External Thugs to Help Them Oppress Aggrieved Staff

    With the EPO's management flooding the bank accounts of aggressive law firms (at our expense) we need to ask serious questions about how such a "Mafia" (what EPO staff calls the management) managed to metastasise inside Europe's second-largest institution and how to remove this "Mafia" as soon as possible (some arrests too are well overdue)



  2. [Meme] There Are No Elections in Mafia-Type Regimes; It's About Family and Friends...

    With no real concept or notion of "elections" (the so-called 'mafia' members choose their successors and colleagues) the EPO's patent examiners clearly need outside intervention, e.g. inquest by the EU authorities (the EPC died and maybe the EPO too; it's unregulated and it grants false patents that harm Europe because the courts don't function, either)



  3. Today's Linux Standing for the Opposite of What Linux Users Stand for

    The so-called 'Linux' Foundation or the "Corporate Linux Foundation" is alienating many of the original users of GNU/Linux and it still insults their intelligence; it's rewriting history, it still distorts the objectives, and before we know Linux will perish and lose momentum because all the excitement associated with the brand will fizzle away



  4. Links 14/6/2021: Kdenlive 21.04.2 and Raspberry Pi 400 Support in Linux

    Links for the day



  5. [Meme] EPO 'Lawfulness' as Crude Budget Wars

    A war of attrition against EPO staff won’t ensure justice is done; it’ll only increase the number of casualties and accomplish nothing good



  6. A Parade of 'Yes Men': EPO's Budget and Finance Committee as Rubber-stamper of the Dictatorship That Pays the Salary

    The lack of oversight at the EPO has long been apparent and it is becoming ever more problematic now that huge sums of money are passed by the EPO's management to law firms whose sole role is to fight against aggrieved EPO staff



  7. Links 14/6/2021: Linux 5.13 RC6, Psychonauts 2 for GNU/Linux

    Links for the day



  8. Conveniently Conflating Vaccination With the Surveillance Business of IBM/Linux Foundation

    The way some media handles COVID-19 can be described as self-serving, especially Microsoft-connected sites looking to make “Linux” sound bad (or like property of Microsoft); the video above discusses this past weekend’s media coverage about “Linux”



  9. [Meme] Microsoft Stooping Down Low in Search of Vapourware With a Superficial Version Bump

    Instead of trying to actually fix its broken (and self-breaking) operating system Microsoft has decided to sell mythology and false promises, as usual



  10. [Meme] Illegal Location, Illegal Methods (Haar ViCo)

    EPC denial is more lethal than anything which the the EPO says may merit 'urgency' (as if having discussions about patents will save lives)



  11. The 'Fixer' of António Campinos Taints G1/21 (ViCo Hearing)

    The meeting which is set to resume at the start of next month includes the 'Fixer' of António Campinos; what sense of impartiality might one expect?



  12. IRC Proceedings: Sunday, June 13, 2021

    IRC logs for Sunday, June 13, 2021



  13. Virtual Injustice -- Part 6: Best Buddies With António

    Benoît Battistelli, António Campinos, and the Hungarian link of the EPO



  14. Classic: Old EPO Strike

    2008 EPO video, predating the Benoît Battistelli EPO regime



  15. Links 13/6/2021: Linux 5.14 Work, Lots of Patent News

    Links for the day



  16. Update on Gemini, IPFS, and IRC

    "The video which was supposed to be a few minutes long ended up taking a lot longer, but it does cover a broad range of topics that are relevant and very recent (based on recent developments)."



  17. IRC Proceedings: Saturday, June 12, 2021

    IRC logs for Saturday, June 12, 2021



  18. Virtual Injustice -- Part 5: Benoît's “Friends” in Budapest

    "Battistelli went to considerable lengths to secure the support of the Hungarian delegation."



  19. Links 13/6/2021: KDE Frameworks 5.83.0 and helloSystem 0.5

    Links for the day



  20. The Story of Techrights, in Banners...

    A look back at site banners from 2006-2021; they help illuminate or show our changing focus over the years



  21. With KDE Plasma 5.22 Having Just Been Released It's Time to Give KDE a Try (or Move to GNU/Linux, Leveraging the Best Features of Any Operating System Out There)

    A quick recommendation of KDE based on a reasonably recent (but not latest) build; there's this myth about KDE being difficult and flaky, but for a number of decades it has been the most advanced desktop (on any operating system) and its developers managed to hide the complexity while offering users all the power they may want/need



  22. Open Letter to the FSF About Taking Control of the FSF's (and GNU's) IRC Channels

    The FSF should have seized the opportunity, in light of self-harming IRC infighting (instability and unpredictability), to create its own IRC network and then help this new (or "GNU") network flourish



  23. EU Already Captured by -- and Lying for -- Corrupt EPO Officials, Team UPC, and Lobbyists of Multinational Corporations

    12 pages of lies; is the European Parliament reduced to a mere marionette of corrupt officials who run the EPO into the ground?



  24. [Meme] Virtual Code of Conduct (ViCoC)

    Cheapening of basic concepts and principles like "right to be heard" or "access to justice" is an international trend; we need to push back in the direction of justice, not fake 'innovation' or 'tech' (where it clearly does not belong)



  25. IRC Proceedings: Friday, June 11, 2021

    IRC logs for Friday, June 11, 2021



  26. Virtual Injustice -- Part 4: Mihály Ficsor, the EPO's Hungarian “Fixer”

    One key operative of António Campinos, who is fiercely in favour of software patents, has quite a colourful past and background



  27. Conversation With Richard Stallman in Brazil, May 31st 2021

    At the end of last month Richard Stallman had a 2-hour (and beyond, considering some of the afterthoughts) conversation, which is now available online



  28. Links 11/6/2021: Nginx Rising and SteamPal Rumours

    Links for the day



  29. New Introduction at Gemini

    As part of ongoing improvements to our capsule we have a new introductory text, reproduced below



  30. Links 11/6/2021: A Torvalds COVID Rant and RISC-V Risk of Takeover

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts